Update 4/16/2014: Please refer to the following updates posted in the blog posts below released on April 16th, 2014:
Also be advised there following KB articles have been updated:
Windows Update Client does not scan against WSUS 3.0 SP2 if HTTPS is configured and TLS 1.2 is not enabled
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update: April 2014
Microsoft has been listening to customer feedback. Much of this feedback has been received and some of the results are being given back to our users of Windows 8.1 in the form of updates. Recently, a very big update for Windows 8.1 was released. Read all about it here:
Since Microsoft wants to ensure that customers benefit from the best support and servicing experience and to coordinate and simplify servicing across both Windows Server 2012 R2, Windows 8.1 RT and Windows 8.1, this update will be considered a new servicing/support baseline. What this means is those users who have elected to install updates manually will have 30 days to install Windows 8.1 Update on Windows 8.1 devices; after this 30-day window – and beginning with the May Patch Tuesday, Windows 8.1 user's devices without the update installed will no longer receive security updates.
This means that Windows 8.1 users – starting patch Tuesday in May 2014 and beyond – will require this update to be installed. If the Windows 8.1 Update is not installed, those newer updates will be considered “not applicable.”
More detailed information can be found in the following links:
KB2919355 (Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update April, 2014)
A servicing stack update is available for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2: March 2014
What's New in the Windows 8.1 Update
Windows 8.1 Update: The IT Pro Perspective
Windows Server 2012 R2 Update is now available to subscribers
For those users who are still using Windows 8 and Windows 2012 (and not Windows 8.1 and Windows 2012 R2) you are unaffected and will continue to receive updates as normal.
The new baseline only exists for Windows 8.1 and Windows Server 2012 R2.
Another important item for our enterprise users and IT pros out there: There is also an issue regarding Windows 8.1 Update preventing interaction with WSUS 3.2 over SSL connections. This has been outlined in the following blog post:
Windows 8.1 Update (KB 2919355) prevents interaction with WSUS 3.2 over SSL
Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.
You may still obtain the Windows 8.1 Update (KB 2919355) from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue.
You may also find the workarounds discussed in this article to be useful for testing this Windows 8.1 Update for your organization. Thank you for your patience during this time.
In addition, some training and readiness docs have been recently published along with updated toolkits:
Windows 8.1 Update User Readiness Toolkit
Windows 8.1 Update Power User Guide for Business
Windows 8.1 Update how-to videos for business users
Windows Driver Kit 8.1 Update 1
Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 Update
For the past couple of years, Microsoft has been advising customers of the planned end of extended support date for Windows XP. We’ve even been using a countdown clock on the Windows XP page (http://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx ) In fact, you’ve probably also been made aware of or have seen first-hand the end of notifications that are now popping up on Windows XP machines. You may have also recently read this as well:
The update KB 2934207 (Information Here – http://support.microsoft.com/kb/2934207) also adds in a notification prompt (which some in the press have affectionately referred to it as the “Death Notice.”)
If you are not seeing this update, it is likely because your Windows XP machine is being managed by WSUS, or Configuration Manager, or through the cloud with Windows Intune. Only Windows XP machines (Windows XP Home and Professional editions) who receive updates via WindowsMicrosoft Update will see these notifications.
If for some reason you are receiving these notices and you would like to disable them, you can do so in the registry under the one of the following keys:
Set the value of DisableEOSNotification (DWORD) to 1 to disable notifications. ) enables it.
Regardless of this change, the fact remains that end of all support except for custom support agreements is still April 8, 2014. If you are still running Windows XP in *ANY* form (physical desktops, VDI, MED-V, etc.) this affects you. Without a CSA, you will receive no further security updates and you run a risk of being vulnerable after that date. Also bear in mind that if you are virtualizing Internet Explorer 6, 7, or 8 with any non-Microsoft application virtualization solution, you will be indirectly affected as well.
Consumers, and Small-to-Midsize customers looking to update, can receive special offers and discounts via out Get2Modern page here: http://www.microsoft.com/en-us/windows/business/retiring-xp.aspx
A Custom Support Agreement (CSA) requires a Premier Services Agreement with Microsoft. If you are current an enterprise customer with a Premier contract, we have been making some changes to the Windows XP Custom Support Standard Program, which provides critical security updates, technical assistance and continued support for the product after April 8th. Please contact your Technical Account Manager (TAM) for more information.
Please note. This applies to Windows XP and NOT Windows XP Embedded. Windows XP Embedded is a different operating system designed for specialized OEM embedded devices and it has always ran on a different support lifecycle ending in 2016, which has been in place for a while in spite of what you may have read in articles out there on the Internet.
Microsoft Application Virtualization 4.6 Service Pack 2 is now available via Microsoft Update. This also means that you can leverage WSUS as well as the software updates feature of Configuration Manager to deliver this update to your RDS and desktop clients. This is the third service pack that App-V has delivered via
Microsoft Update. You can view all the Microsoft Application Virtualization updates available via Microsoft Update from the following link: http://catalog.update.microsoft.com/v7/site/search.aspx?q=application%20virtualization
Official information about this update is available here:
This update to WSUS 3.0 SP2 is very significant in that it adds operating system patching support for Windows 8 and Windows Server 2012 WSUS clients. In addition, it also fixes minor issues with KB2720211 (which is included in this update). For stand-alone WSUS environments this update also includes the updated version of the Windows Update Agent (WUA): 7.6.7600.256 which addresses security vulnerabilities of the Windows Update client component.
When KB2734608 is installed and you are leveraging the WSUS server engine as a Software Update Point in Configuration Manager, you may notice that when the new catalog is downloaded, the changes in that catalog structure may trigger some unexpected changes in the existing patch management database. Some existing patches may show as Invalid and may require to be re-download and re-distributed throughout the Configuration Manager hierarchy. It is highly likely that some enterprise administrators may not desire this.
A Hotfix to the Rescue!
To prevent these actions from occurring, Microsoft released the hotfix (KB2783466.) This hotfix has to be applied to all Configuration Manager SUP/WSUS systems if the KB2734608 was applied and preferably before the next Patch Tuesday cycle (December 11th, 2012). If you have not applied the hotfix KB2734608, then applying this hotfix prevents the unnecessary re-downloading and re-distribution of existing patches. Official information about the hotfix can be found here:
Information Regarding the Updated Windows Update Agent
As described above, the KB2734608 update includes a new version of the Windows Update Agent. On standard WSUS systems, they will push out the new updated Windows Update Agent automatically to clients once the KB2734608 is installed. However, for Configuration Manager 2007 systems, the Windows Update Agent is not leveraged in the same way as standalone WSUS systems; therefore the update does not occur automatically. The security issue addressed by the Windows Update Agent update does not impact Configuration Manager, as Configuration Manager does not download their content through the Windows Update Agent. It only leverages the WU APIs for scanning and installation. The update binaries delivered through the Configuration Manager Software Update component are delivered directly from the distribution point, not through a WUA call to WU/MU or WSUS for content. There is no vulnerability exposure here for Configuration Manager Software Update Management clients, thus no need to update the Windows Update Agent to this version.
However if customers would like to upgrade WUA to the latest revision it is recommended to create software distribution command line only package from Configuration Manager using the following command to initiate update process:
This package will have to be applied to all managed systems.
The latest version of the VMST has been released! The Virtual Machine Servicing Tool (VMST) 2012 coincides with System Center 2012 –Virtual Machine Manager (VMM), System Center 2012 Configuration Manager and Windows Server Update Services (WSUS) 3.0 SP2.
VMST 2012 is designed to help you reduce IT costs by providing a means to service your virtual machines, templates, and virtual hard disks offline with the latest operating system and application patches—without introducing vulnerabilities into your IT infrastructure.This has been a very popular solution accelerator from Microsoft and can be downloaded at the following URL:
You use different features in the Virtual Machine Servicing Tool to update offline virtual machines in a VMM library, a stopped virtual machine on a host, virtual machine templates, and to make updates directly to virtual hard disks (VHDs).