Worklet: Windows 10 Hotfix - Patches a bug that kills internet connections on Windows 10 devices

  • 1 April 2020
  • 1 reply
  • 97 views
AdamW-Automox
Userlevel 5
Badge

Microsoft has released an update for a bug which disrupted Internet connections on certain Windows 10 devices.


This bug prevents many Microsoft products, such as Office365, Internet Explorer/Edge, and Outlook from being able to communicate out to the internet when using a VPN. Coming at the absolute wrong time for remote users to lose connectivity to enterprise applications, Microsoft has reacted quickly with this patch.


You can find more information about this bug by clicking here.


The patch is currently only available as an out-of-band update on the Microsoft Update Catalog and not within Windows Update itself. With that said, this will not be supported by traditional patching methods.


I have created a Worklet that will check to see if the hotfix is installed for all of your Windows devices. If the hotfix is not installed, it will download and install it. This will ensure all of your Windows devices have this patch applied no matter what OS version, or architecture your device is running. See below for instructions on how to use the Worklet to remediate your environment.


The Worklet is designed to do the following in the evaluation and remediation code blocks respectively.


Evaluation:



  1. Determine if KB that includes hotfix is installed for each Windows OS - evaluation

  2. If evaluation determines that a device does not have the KB installed it exit with a 1 and mark in for remediation - evaluation


Remediation:




  1. For each OS version that does not have the appropriate KB installed will download it’s respective .msu file to the c:\programdata\amagent directory.




  2. After installation of .msu is completed, the Worklet will perform the install of the .msu files to the device




  3. Once installation is completed you have the option to reboot now, reboot with a 15 minute delay, or perform no reboot. You need to choose which option you want by removing the # in front of the reboot command you want. By default, the Worklet will not reboot the device after the installation on the .msu file. This goes as follows:




  4. Removing the “#” in front of #Restart-Computer: reboots immediately after install




  5. Removing the “#” in front of #Restart-Computer -Delay 15: reboots 15 minutes after install




  6. No removal of the “#”: will not reboot the device after install completes. Reboot will need to be done manually.




You need to paste both the evaluation, and remediation code into their respective code blocks when creating the Worklet in the Automox console.The only thing that needs to be edited is your reboot preference at the bottom of the remediation code.


Evaluation:


#Define KB Number and check for presence

#64-bit AND 32-bit KBs



$kbID1909 = 'KB4554364'

$kbID1903 = 'KB4554364'

$kbID1809 = 'KB4554354'

$kbID1803 = 'KB4554349'

$kbID1709 = 'KB4554342'







#command to check if the KB exists on the device

$installed6 = Get-Hotfix -Id $kbID1909 -ErrorAction SilentlyContinue

$installed1 = Get-Hotfix -Id $kbID1903 -ErrorAction SilentlyContinue

$installed2 = Get-Hotfix -Id $kbID1809 -ErrorAction SilentlyContinue

$installed3 = Get-Hotfix -Id $kbID1803 -ErrorAction SilentlyContinue

$installed4 = Get-Hotfix -Id $kbID1709 -ErrorAction SilentlyContinue





#if KB is not installed exit 1

if ( $installed1 -Or $installed2 -Or $installed3 -Or $installed4 -Or $installed5 -Or $installed6 ) {

    exit 0

} else {

    exit 1

}

Remediation:


#OS version and architecture evaluation to determine which command to run 

$osversion = (get-itemproperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId

$osarch = (Get-WmiObject Win32_OperatingSystem).OSArchitecture



$proxy = [System.Net.WebRequest]::GetSystemWebProxy()

$proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials

$web = New-Object Net.WebClient

$web.proxy = $proxy





#determine wusa.exe location to install properly on both 32-bit or 64-bit systems

if ((Test-Path $env:systemroot\SysWOW64\wusa.exe)){

  $Wus = "$env:systemroot\SysWOW64\wusa.exe"

}

else {

  $Wus = "$env:systemroot\System32\wusa.exe"

  }



#64-bit .msu files

$url1909 = "http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/03/windows10.0-kb4554364-x64_0037f0861430f0d9a5cea807b46735c697a82d0c.msu"

$url1903 = "http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/03/windows10.0-kb4554364-x64_0037f0861430f0d9a5cea807b46735c697a82d0c.msu"

$url1809 = "http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/03/windows10.0-kb4554354-x64_656e139a25ad6577ddabc2213268e7ceb82af165.msu"

$url1803 = "http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/03/windows10.0-kb4554349-x64_89372825ff21171505368ed44962c7454e02b271.msu"

$url1709 = "http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/03/windows10.0-kb4554342-x64_3a74f78cba7d042240764acf92d26a264512b6c8.msu"





#32-bit .msu files

$url190932 = "http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/03/windows10.0-kb4554364-x86_f863a4d7845e249f3b0d087839b62da60262af62.msu"

$url190332 = "http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/03/windows10.0-kb4554364-x86_f863a4d7845e249f3b0d087839b62da60262af62.msu"

$url180932 = "http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/03/windows10.0-kb4554354-x86_2777d98ded121ce72a2e0c95ce274f60a7ad15e9.msu"

$url180332 = "http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/03/windows10.0-kb4554349-x86_25ccd0ebaa321ba46692ba4c97eca202c24ef741.msu" 

$url170932 = "http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/03/windows10.0-kb4554342-x86_e4924f74ccb0eb095841ee69db98049aacb9757b.msu"



 

#installation of .msu files OS specific

if (($osversion -eq '1909') -and $osarch -eq '64-bit')

    {$web.DownloadFile($url1909, "windows10.0-kb4554364-x64_0037f0861430f0d9a5cea807b46735c697a82d0c.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554364-x64_0037f0861430f0d9a5cea807b46735c697a82d0c.msu /quiet /norestart" -Wait -PassThru

    }

elseif 

    (($osversion -eq '1903') -and $osarch -eq '64-bit')

    {$web.DownloadFile($url1903, "windows10.0-kb4554364-x64_0037f0861430f0d9a5cea807b46735c697a82d0c.msu") 

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554364-x64_0037f0861430f0d9a5cea807b46735c697a82d0c.msu /quiet /norestart" -Wait -PassThru

    }

elseif 

    (($osversion -eq '1809') -and $osarch -eq '64-bit')

    {$web.DownloadFile($url1809, "windows10.0-kb4554354-x64_656e139a25ad6577ddabc2213268e7ceb82af165.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554354-x64_656e139a25ad6577ddabc2213268e7ceb82af165.msu /quiet /norestart" -Wait -PassThru

    }    

elseif 

    (($osversion -eq '1803') -and $osarch -eq '64-bit')

    {$web.DownloadFile($url1803, "windows10.0-kb4554349-x64_89372825ff21171505368ed44962c7454e02b271.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554349-x64_89372825ff21171505368ed44962c7454e02b271.msu /quiet /norestart" -Wait -PassThru

    }

elseif 

    (($osversion -eq '1709') -and $osarch -eq '64-bit')

    {$web.DownloadFile($url1709, "windows10.0-kb4554342-x64_3a74f78cba7d042240764acf92d26a264512b6c8.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554342-x64_3a74f78cba7d042240764acf92d26a264512b6c8.msu /quiet /norestart" -Wait -PassThru

    }

elseif

    (($osversion -eq '1909') -and $osarch -eq '32-bit')

    {$web.DownloadFile($url190932, "windows10.0-kb4554364-x86_f863a4d7845e249f3b0d087839b62da60262af62.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554364-x86_f863a4d7845e249f3b0d087839b62da60262af62.msu /quiet /norestart" -Wait -PassThru

    }

elseif

    (($osversion -eq '1903') -and $osarch -eq '32-bit')

    {$web.DownloadFile($url190332, "windows10.0-kb4554364-x86_f863a4d7845e249f3b0d087839b62da60262af62.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554364-x86_f863a4d7845e249f3b0d087839b62da60262af62.msu /quiet /norestart" -Wait -PassThru

    }

elseif

    (($osversion -eq '1809') -and $osarch -eq '32-bit')

    {$web.DownloadFile($url180932, "windows10.0-kb4554354-x86_2777d98ded121ce72a2e0c95ce274f60a7ad15e9.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554354-x86_2777d98ded121ce72a2e0c95ce274f60a7ad15e9.msu /quiet /norestart" -Wait -PassThru

    }

elseif

    (($osversion -eq '1803') -and $osarch -eq '32-bit')

    {$web.DownloadFile($url180332, "windows10.0-kb4554349-x86_25ccd0ebaa321ba46692ba4c97eca202c24ef741.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554349-x86_25ccd0ebaa321ba46692ba4c97eca202c24ef741.msu /quiet /norestart" -Wait -PassThru

    }

elseif

    (($osversion -eq '1709') -and $osarch -eq '32-bit')

    {$web.DownloadFile($url170932, "windows10.0-kb4554342-x86_e4924f74ccb0eb095841ee69db98049aacb9757b.msu")

        Start-Process -FilePath $Wus -ArgumentList "windows10.0-kb4554342-x86_e4924f74ccb0eb095841ee69db98049aacb9757b.msu /quiet /norestart" -Wait -PassThru

    }

else 

	{Write-Output "no OS version found needing hotfix"}





#remove "#' from Restart-Computer below to reboot immediately after hotfix install

    #Restart-Computer



#remove "#' from Restart-Computer below to reboot with a 15 minute delay after hotfix install

    #Restart-Computer -Delay 15

Once you have the Worklet saved you can start assigning to your groups and remediating your Windows devices.


Let me know if you have any questions!

1 reply

T

Thanks for this, why we were seeing this!

Reply


Terms & ConditionsCookie settings