jborean93

This is to document some issues with trying to install KB2267602 on Windows Server 2016 using the Windows Updates API (WUA). The ansible.windows.win_updates.log shows the installation of KB2267602 and it's first failure when installed by the Ansible module, the manual MpCmdRun.exe workaround on this failure, then subsequent update runs that show the update no longer being required. The MpSigStub.log file shows the contents of that log file for the first failed install using WUA and then the subsequent working entries when using MpCmdRun.exe.

The update KB is the security intelligence updates for Microsoft Defender Antivirus and can be updated many times in one day. From what I can see it typically installs just fine but there is a chance where Windows Updates pulls down a new version before it is ready to be installed. For example the logs during a failed run indicates that the following update tried to be installed and resulted in the following error:

4ee7ce61-491b-4e2d-bfd9-a9decbb3ae1a:

jborean93

using System;
using System.Collections.Concurrent;
using System.Management.Automation;
using System.Threading;
using System.Threading.Tasks;

public abstract class AsyncPSCmdlet : PSCmdlet, IDisposable
{
    private enum PipelineType
    {

jborean93

# Copyright: (c) 2023, Jordan Borean (@jborean93) <[email protected]>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

Function Get-SqlServerTlsCertificate {
    <#
    .SYNOPSIS
    Gets the MS SQL X509 Certificate.

    .DESCRIPTION
    Gets the X509 Certificate that is being used by a remote MS SQL Server.

jborean93

#Requires -Module Ctypes
#Requires -Module PSPrivilege

Function Get-FileSDDL {
    [CmdletBinding()]
    param ($Path)

    $a32 = New-CtypesLib Advapi32.dll
    $allSecurityInformation = 0xF00000FF

jborean93

#Requires -Module Ctypes

$advapi32 = New-CtypesLib Advapi32.dll
$kernel32 = New-CtypesLib Kernel32.dll

$advapi32.Returns([bool]).ImpersonateLoggedOnUser = @([IntPtr])
$advapi32.Returns([bool]).RevertToSelf = @()
$kernel32.Returns([void]).CloseHandle = @([IntPtr])

# This is a quick and dirty way to impersonate SYSTEM

jborean93

Add-Type -TypeDefinition @'
using System;
using System.ComponentModel;
using System.Runtime.InteropServices;

namespace SMBIOS
{
    public enum FirmwareProvider : uint
    {
        ACPI = 0x41435049,

jborean93

Add-Type -CompilerOptions '/unsafe' -TypeDefinition @'
using System;
using System.Runtime.InteropServices;
using System.Text;

namespace macOS
{
    public static class Native
    {
        [DllImport("libc", SetLastError = true)]

jborean93

# Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

Function Copy-ToFtp {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [System.String]
        $Path,

jborean93

Function Get-TlsCipherSuite {
    <#
    .DESCRIPTION
    Get a list of enabled TLS cipher suites for the server.
    This is like the Get-TlsCipherSuite cmdlet but works on older Windows
    versions.
    #>
    [OutputType([string])]
    param ()

jborean93

Add-Type -TypeDefinition @'
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.IO;
using System.Runtime.InteropServices;

namespace Kernel32
{
    public enum FileInfoLevel