IIS Worker Role (WSUS) Causing HIGH CPU Utilization 100%

Problem Statment: Client failed to Scan for updates and WSUS server CPU utilization (w3wp.exe) process explode to 99%/100%. Some Clients pass through, few have failed the root cause is Windows 10 Client getting a cumulative update, or example, KB4022723, KB4022715, KB4025339, etc. See here for the list of Windows 10 1607 updates.

Microsoft is aware of the known issue with KB4034658 and currently investigating to provide the hotfix.

Symptoms :

  • High CPU on your WSUS server – 70-100% CPU in w3wp.exe hosting WsusPool.
  • WSUSPool worker process (w3wp.exe) high memory utilization.
  • Constant recycling of the W3wp.exe hosting the WsusPool
  • Clients failing to scan with 8024401c (timeout) errors in the WindowsUpdate.log
  • Mostly 500 errors for the /ClientWebService/Client.asmx requests in the IIS logs

Remediation :

1) Stop the WSUS service and go to IIS manager\application pools and then open the advanced settings on the WSUSPool.

2)Set CPU memory limits to 50% (You can move it up to 70\80 once your CPU usage has stopped hitting 100% for a couple days).

3) Private Memory Limit: Set to 10 GB, minimum of 8 GB recommended by Microsoft.
Set to 0 for unlimited, depends on your current environment.

4) Queue length is kept at 15000 but it depends on how many clients its supporting at your site, however increasing this can help.

5) Now if you are having connection errors when connecting to the WSUS console you need to get onto the SUS_DB.

6) Add Server memory and CPU’s for virtual environments. If you have hotplug enable for your VM’s you can do it directly else have change control to get it done.

7) Clean WSUS obsolete updates :
Run the store procedure “spGetObsoleteUpdatesToCleanup” to gather the amount of obsolete updates. If you haven’t cleaned by past 1 year you could have WSUS DB nearly to 1000+ updates.
Note: It’s highly recommended to clean WSUS on a timely basis, every year should be better in my opinion.

8) Now run the following script to delete them:

DECLARE @msg nvarchar(100)

CREATE TABLE #results (Col1 INT)
INSERT INTO #results(Col1) EXEC spGetObsoleteUpdatesToCleanup

SELECT Col1 FROM #results

INTO @var1
BEGIN SET @msg = ‘Deleting ‘ + CONVERT(varchar(10), @var1)
RAISERROR(@msg,0,1) WITH NOWAIT EXEC spDeleteUpdate @localUpdateID=@var1
DROP TABLE #results

9) Run WSUS Server Cleanup Wizard to remove “Superseded and Expired Updates ” as well.

10) After Cleanup is finished , we need to re-index WSUS database , run below script

Download here . For more details how to Cleanup WSUS click here.

Microsoft is working to provide hotfix ASAP for this open issue, till then follow above steps to keep your WSUS environment healthy.


Microsoft & Non-Microsoft Patch Tuesday – Aug 2017 and MS Patch Known Issues

Microsoft Patch Tuesday

Microsoft Patch Tuesday has released 48 CVE’s for the August 2017 which included 25 CVE’s rated “Critical”, 21 CVE’s rated “Important” and 2 CVE’s rated “Moderate”. These updates affect software Microsoft Edge Browser, Hyper-V, Internet Explorer, Microsoft Scripting Engine, Remote Desktop Protocol, SQL Server and Adobe Flash player. We have come across few known issues with Patch Tuesday related to Windows 10 1703, Windows 10 1607 & Windows 8.1 will discuss below.

Microsoft has also released the patch for Adobe Flash player ADV170010.

Critical CVE’s

CVE-2017-8620 Windows Search Remote Code Execution Vulnerability

CVE-2017-8620 Windows Search Remote Code Execution Vulnerability

CVE-2017-0250 Microsoft JET Database Engine Remote Code Execution Vulnerability

CVE-2017-8591 Windows IME Remote Code Execution Vulnerability

CVE-2017-8622 Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2017-8634 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8635 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8636 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8638 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8639 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8640 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8641 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8645 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8647 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8653 Microsoft Browser Memory Corruption Vulnerability

CVE-2017-8655 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8656 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8657 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8661 Microsoft Edge Memory Corruption Vulnerability

CVE-2017-8669 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8670 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8671 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8672 Scripting Engine Memory Corruption Vulnerability

CVE-2017-8674 Scripting Engine Memory Corruption Vulnerability

Important CVE’s

CVE-2017-8627 Windows Subsystem for Linux Denial of Service Vulnerability

CVE-2017-8627 Windows Subsystem for Linux Denial of Service Vulnerability

CVE-2017-8633 Windows Error Reporting Elevation of Privilege Vulnerability

CVE-2017-0174 Windows NetBIOS Denial of Service Vulnerability

CVE-2017-8503 Microsoft Edge Elevation of Privilege Vulnerability

CVE-2017-8516 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability

CVE-2017-8593 Win32k Elevation of Privilege Vulnerability

CVE-2017-8623 Windows Hyper-V Denial of Service Vulnerability

CVE-2017-8624 Windows CLFS Elevation of Privilege Vulnerability

CVE-2017-8625 Internet Explorer Security Feature Bypass Vulnerability

CVE-2017-8637 Scripting Engine Security Feature Bypass Vulnerability

CVE-2017-8642 Microsoft Edge Elevation of Privilege Vulnerability

CVE-2017-8644 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8652 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8654 Microsoft Office SharePoint XSS Vulnerability

CVE-2017-8659 Scripting Engine Information Disclosure Vulnerability

CVE-2017-8662 Microsoft Edge Information Disclosure Vulnerability

CVE-2017-8664 Windows Hyper-V Remote Code Execution Vulnerability

CVE-2017-8666 Win32k Information Disclosure Vulnerability

CVE-2017-8668 Volume Manager Extension Driver Information Disclosure Vulnerability

CVE-2017-8673 Windows Remote Desktop Protocol Denial of Service Vulnerability

CVE-2017-8691 Express Compressed Fonts Remote Code Execution Vulnerability

Moderate CVE’s

CVE-2017-8650 Microsoft Edge Security Feature Bypass Vulnerability

CVE-2017-8651 Internet Explorer Memory Corruption Vulnerability

Known Issues Patch Tuesday – Aug 2017 

1) 2017-08 Cumulative Update for Windows 10 Version 1703 (KB4034674)

Installing this KB (4034674) may change Czech and Arabic languages to English for Microsoft Edge and other applications. Microsoft is working on the resolution of this open issue.

2) 2017-08 Security Monthly Quality Rollup for Windows 8.1 (KB4034681)

NPS authentication may break, and wireless clients may fail to connect.

On the server, set the following DWORD registry key’s value to = 0: SYSTEM\CurrentControl Set\Services\RasMan\PPP\EAP\13\DisableEndEntityClientCertCheck

3) 2017-08 Delta Update for Windows 10 Version 1607(KB4034658)

a) Update History” does not list previously installed updates – As an alternative, to see which quality updates have been applied, navigate to the inventory by going to Control Panel -> Programs -> “View Installed Updates”

b) Updates that were previously hidden may be offered after installing this update. Updates that were previously hidden can be hidden again.

c) WSUS servers will exhibit increased CPU, memory, and network utilization when Windows Update clients perform their first scan after installing KB4034658.

Microsoft is investigating the issue and provide updates ASAP.

Reference link:


Adobe Patches:

Adobe released two critical rated update and security bulletins for Adobe Flash Player APSB17-23, Adobe Experience Manager APSB17-26, Adobe Digital Edition APSB17-27, Adobe Acrobat Reader APSB17-24.

The vulnerability impact Windows, Linux, Mac, and ChromeOS run flash version 26.0.x. APSB17-23 has been listed as priority 1 and under active attack, Adobe recommends users update their product installations to the latest versions using the instructions or solution referenced in the relevant bulletin. Affected Version for specific products and version info for each product.

Abode will be ending Flash support by 2020.

For more updates and known issues with MS Patch Tuesday – August 2017 please tune to my blog, feel free to update known issues in the comment section below 🙂

Download Excel sheet: Security Update – AUG – 2017





Non-Security Office Update – August 2017

Microsoft has released it’s Auguster 2017 non-security updates for office products. By past few months, Microsoft publishes non-security updates for Office by First Tuesday of every month and they continue to release security and other updates for all MS products by Second Tuesday of every month i.e. Patch Tuesday. We have found many bugs on June 2017 and few on July 2017 Patch Tuesday release. Let’s see how it goes for this month.

If anyone address issue with their Office update do let us know in the comments section. Stay tuned to this blog for all updates and if any issue will be addressed.

Office 2013

Update for Microsoft Excel 2013 (KB4011080)

Update for Microsoft Office 2013 (KB3172443)

Update for Microsoft Office 2013 (KB4011070)

Update for Microsoft Office 2013 (KB4011077)

Update for Microsoft Project 2013 (KB4011084)

Update for Microsoft SharePoint Server 2013 Client Components SDK (KB3213571)

Update for Microsoft Word 2013 (KB4011045)

Update for Skype for Business 2015 (KB4011046)

Office 2016

Update for Microsoft Office 2016 (KB3203472)

Update for Microsoft Office 2016 (KB3213650)

Update for Microsoft Office 2016 (KB4011037)

Update for Microsoft Office 2016 (KB4011051)

Update for Microsoft Office 2016 Language Interface Pack (KB3191930)

Update for Microsoft OneDrive for Business (KB3178707)

Update for Microsoft OneNote 2016 (KB4011030)

Update for Microsoft Project 2016 (KB4011034)

Update for Microsoft Publisher 2016 (KB3178696)

Update for Microsoft Visio 2016 (KB4011033)

Reference : August 2017 Non-Security Office Update Release

GoodBye Flash – Support End by 2020

FlashEndAdobe has finally declared they are going to kill flash by 2020. Adobe stated they will stop development, support or any improvement to Flash until then they will continue to support any security patches.

Adobe Flash has long faced criticism for its buggy behavior and vulnerable to hacking, but the other side of the coin it has also leveraged the internet a better back when I recall in the year 2005 where it helps to better user experience in graphics, online gaming, animation, online video and other application.

Adobe said they will collaborate with their technology partner for a smooth transition to prepare for death.

“Given this progress, and in collaboration with several of our technology partners – including Apple, Facebook, Google, Microsoft, and Mozilla – Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats.”

Adobe said in a statement they choose to end Flash because they believe open standards like HTML5, WebGL and WebAssembly have matured over the past several years.

In 2010, former Apple CEO Steve Jobs killed Flash Support, continuing with Flash highly compromises the risk to Apple devices and as well Flash security holes(bugs) are the primary reason for Mac machines crash. Google Chrome (63 or above version) likely to remove flash as default to load and run the web content. As per Google blog, it states HTML is faster, safer and efficient than Flash. In the past 3 years, there has been an 80 % decline of Chrome users visit sites and content over flash. Only 17% users use Flash and the decline continues further.


Most of the technology partner has come out with official stated they will align with Adobe to kill the Flash, we need to wait and watch how early and sooner. Are they killing support before 2020? Google and Mozilla, mostly expected to end the support for Flash by before or end of 2018. Where Microsoft says it will plan to end support for Microsoft Edge by mid or late 2019.

HTML5 standards will be implemented across all the browser and hopefully, this will improve security and battery life of devices (as flash assumed the culprit to consume more memory especially with Google Chrome and other browsers).

“Adobe will also remain at the forefront of leading the development of new web standards and actively participate in their advancement. This includes continuing to contribute to the HTML5 standard and participating in the WebAssembly Community Group. And we’ll continue to provide best in class animation and video tools such as Animate CC, the premier web animation tool for developing HTML5 content, and Premiere Pro CC.”

How to fix VSphere Client could not connect to VCenter Server ?

Problem Statement:Icon

I have a VMware environment running ESXi 5.x running few VMs when I am trying to connect to Vpshere Client it was working fine yesterday, this morning I saw an error connection to VCenter Server. I can not able to connect to VMs from VMware Sphere Client and VSphere Web URL as well.

I am going to discuss probably most of the use-cases in depth what all possible scenarios for the cause of these issues with possible error and troubleshooting steps. Let’s Get Started.

How to fix and what all could be the possible scenario lets discuss in detail?

Error Messages:

  • VMware Console has disconnected …attempting to reconnect.
  • The console has been disconnected. Close this window and relaunch the console to reconnect.
  • The type initializer for threw an exception for ‘VirtualInfrastructure. Utils. ClientsXml’ threw an exception.
  • Cannot connect to vCenter Server 5.x using the vSphere Client – unknown error.

Possible Causes:

1)  Make sure you are running the same version of VMWare ESXi Server & Client. VMware vCenter Server Verison &VSphere Client Version should be same.

2) The latest version of Microsoft .Net Framework Version required or .Net              Framework version causing the issue

3) Check for proxy settings (if set), have reset causes issues in connection.

4)  VMware services are stopped or need the restart to work as expected.

5)  Microsoft .Net latest Patch Tuesday could break and throw exception Virtual   Infrastructure.Utils.ClientsXml or Virtualinfrastructure.Utils.HttpWeb RequestProxy.

Troubleshooting Steps:

1)  The computer hosting vCenter Server has an active network connection.
2)  vCenter Server is actually running and vCenter Server is reachable.


3) You can resolve the hostname of the vCenter Server from your VMware View Connection Server.

4) Check if you have updated VMWare server from 5.x to 6.x, if yes? We need to reinstall the vsphere client to the latest version to fix it.

5) Restart the machine where Vsphere Client installed.

6) Run .NET Framework Setup Verification Tool to find .net release, causing issue run SFC /scannow to fix issues if any?

7) Login to VCenter Server and look for errors in log file vpxd-.log located at C:\Program Data\VMware\VMware VirtualCenter\Logs if any.

8) Login to the server and look for errors in log file viclient-*.log file located at %App Data%\Vmware\vpx\

Example:  From the log file we found the Access to the registry key ‘HKEY_CLASSES _ROOT \VpxClient’ is denied.



9)  Make sure you have proper rights [probably admins 😉 ] to access VMware Host or check with VMWare Admin if you don’t.

Launch Vmware Vsphere Client “Run As” Administrator to fix the issue.


10)   Check for disk space and/or file permission of your temp directory on VMWare Server. VMWare may be unable to create the necessary files in your %temp% directory which ‘will’ cause the exact error you are experiencing.

11) Check for VMware Services and make sure below services are working fine 🙂

VMWare Services

12) Now try to connect VMware Vsphere Client and Vsphere web URL both will work with charm!!

Thanks for reading 🙂 Do like, share & comment if you find useful.


Microsoft Patch Tuesday – July 2017

Microsoft Patch Tuesday

Microsoft Patch Tuesday has released 54 CVE’s for July 2017 which includes 19 CVE’s rated “Critical”, 32 CVE’s rated “Important” and 3 CVE’s rated “Moderate” with an important fix for Windows NTLM. These updates impact products include Edge,.NET Framework, IE , Office, Exchange. Adobe’s got a new version of Adobe Flash Player that address three vulnerabilities.

Across all of these vulnerabilities, security updates for software and services include:

Adobe Flash Player
Microsoft Windows
Microsoft Scripting Engine
Microsoft Edge Browser
Internet Explorer
Microsoft Office
.NET Framework

Microsoft Office CVE’s listed in July Patch and rated as “Important” including multiple remote code execution vulnerabilities. Windows Powershell and WordPad also expose to Remote Execution vulnerabilities. It is highly recommended to apply all the patches ASAP to avoid any vulnerability attack.

According to Qualys Guard latest blog post:

” Top priority for patching should go to CVE-2017-8589, which is a vulnerability in the Windows Search service. This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.

Aside from CVE-2017-8589, patching for workstations and multi-user systems should focus on CVE-2017-8463, which is a vulnerability in Windows Explorer, as well as multiple browser vulnerabilities in Internet Explorer and Edge. Exploitation of these vulnerabilities require user interaction, but can easily become targets for Exploit Kits. “

Critical CVEs

July Flash Security Update
Remote Code Execution

Windows Explorer Remote Code Execution Vulnerability
Remote Code Execution

HoloLens Remote Code Execution Vulnerability
Remote Code Execution

Windows Search Remote Code Execution Vulnerability
Remote Code Execution

Internet Explorer Memory Corruption Vulnerability
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution

Microsoft Edge Remote Code Execution Vulnerability
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2017-8598, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8609, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619
Remote Code Execution

Important CVEs

Microsoft Office Remote Code Execution Vulnerability
Remote Code Execution

Win32k Elevation of Privilege Vulnerability
Elevation of Privilege

Win32k Information Disclosure Vulnerability
Information Disclosure

Kerberos SNAME Security Feature Bypass Vulnerability
Security Feature Bypass

Microsoft Office Memory Corruption Vulnerability
CVE-2017-8501, CVE-2017-8502
Remote Code Execution

Microsoft Graphics Component Elevation of Privilege Vulnerability
Elevation of Privilege

Windows System Information Console Information Disclosure Vulnerability
Information Disclosure

Microsoft Exchange Cross-Site Scripting Vulnerability
CVE-2017-8559, CVE-2017-8560
Elevation of Privilege

Windows Kernel Elevation of Privilege Vulnerability
Elevation of Privilege

Windows ALPC Elevation of Privilege Vulnerability
Elevation of Privilege

Windows Elevation of Privilege Vulnerability
Elevation of Privilege

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Windows PowerShell Remote Code Execution Vulnerability
Remote Code Execution

Windows IME Elevation of Privilege Vulnerability
Elevation of Privilege

SharePoint Server XSS Vulnerability
Elevation of Privilege

Office Remote Code Execution Vulnerability
Remote Code Execution

Microsoft Graphics Component Elevation of Privilege Vulnerability
CVE-2017-8573, CVE-2017-8574
Elevation of Privilege

Win32k Elevation of Privilege Vulnerability
CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581
Elevation of Privilege

Https.sys Information Disclosure Vulnerability
Information Disclosure

.NET Denial of Service Vulnerability
Denial of Service

Windows Explorer Denial of Service Vulnerability
Denial of Service

WordPad Remote Code Execution Vulnerability
Remote Code Execution

Windows CLFS Elevation of Privilege Vulnerability
Elevation of Privilege

Microsoft Browser Security Feature Bypass
Security Feature Bypass

Microsoft Edge Security Feature Bypass Vulnerability
Security Feature Bypass

Microsoft Browser Spoofing Vulnerability

Moderate CVEs

Windows Performance Monitor Information Disclosure Vulnerability
Information Disclosure

Microsoft Edge Spoofing Vulnerability

Microsoft Exchange Open Redirect Vulnerability

For Complete List of software impacted by July 2017 Patch Tuesday, download the excel sheet:  Security Update – JULY-2017

Known Issues:  As we all are aware Microsoft Patch Tuesday – June 2017 has addressed many issues with respect to Internet Explorer and Office Outlook.

Currently, we have not addressed with major issues but we have one open issue with Internet Explorer for Windows 7 x32 OS Version, after installing KB4025252 the issue addressed was IE not able to start 😦


For more updates and known issues with MS Patch Tuesday – July 2017 please tune to my blog, feel free to update known issues in the comment section.

Thanks for reading 🙂

How to keep Personal Computer Secure from malware attack using Secunia Personal Software Inspector 3.0

secunai.pngIt has been very important to keep our Personal computer applications and software up-to-date unless it will be more prone to vulnerabilities and other malware attacks. Recently we have been hearing a lot about Ransomware “Wanna Cry” attack and its impact globally. If we have Personal computer users may be wondering how we can make our computer less prone to these attacks. Because we simply cannot rely on a firewall and antivirus to make our system guarded against all these vulnerabilities.

Application and OS vendors are constantly discovering security holes and releasing patches to fix them, but it’s not very easy for the user to install and update them.  That’s why we need some tool to make the task easy.

How PC users maintain their application with security updates that protect them from exploitation by hackers? Through Automation or tool right 🙂

I have come across tool  “Secunia Personal Computer Inspector (PSI)” from Flexera which is free security tool and the quite decent solution to identifies vulnerabilities in application and program installed on your personal computer where your antivirus solution could not be effective. It identifies programs and application in need of security updates to safeguard your PC against cybercriminals and it will analyze your computer and suggest necessary security updates and latest stable version as well.

Personal Software Inspector is a security scanner which identifies the program that is insecure and needs updates. It helps to automate and update the program and applications make a lot easier to make your system secure. It automatically detects insecure application and program, downloads the required patches and installs them accordingly without user interaction. If in case few updates require user interaction PSI also detects and notify the user about the program and show a notification when programs update are available.We just need to do few clicks with an appropriate icon in result windows to install the latest patches.

Personal Software Inspector (PSI) Features: 

  • Automatic updates of program 

The solution provides auto updates mechanisms to patch approximately 75 programs and application.


  • Available in 8 languages.

English, French, German,  Spanish, Arabic, Danish, Norwegian and Dutch.


  • Covers programs from thousands of vendors.

Includes 20000+ programs and applications – more non-Microsoftt programs than anyone else vendor in the market.

List of few basic and standard application installed.


  • Integration for development.
  • Comprehensive Management Features

Automatically detect insecure program, download the require patches and install them without user interaction. Average personal computer with around 75 program and applications are covered.


  • Reports Security Status for Each Program

Notifies about program and applications that can be automatically updated with the latest patch, notify appropriate icons in result windows when user interaction is required.

Results- filter.png

  • Detects End-of-life Programs

Detects and report End-of-Life programs and plug-ins. End-of- Life (EOL) programs are no longer supported by the vendor. The programs and applications with EOL will no longer receive security updates and treated as insecure, we should immediately remove them to make our PC secure.


Download and install the latest version of PSI 3.0!