10 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms15-MAR
March 10, 2015 - "This bulletin summary lists security bulletins released for March 2015...
(Total of -14-)

Microsoft Security Bulletin MS15-018 - Critical
Cumulative Security Update for Internet Explorer (3032359)
- https://technet.micr...curity/MS15-018
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-019 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)
- https://technet.micr...curity/MS15-019
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-020 - Critical
Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
- https://technet.micr...curity/MS15-020
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-022 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)
- https://technet.micr...curity/MS15-022
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS15-023 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)
- https://technet.micr...curity/MS15-023
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-024 - Important
Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)
- https://technet.micr...curity/MS15-024
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-025 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)
- https://technet.micr...curity/MS15-025
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-026 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)
- https://technet.micr...curity/MS15-026
Important - Elevation of Privilege - Does not require restart - Microsoft Exchange

Microsoft Security Bulletin MS15-027 - Important
Vulnerability in NETLOGON Could Allow Spoofing (3002657)
- https://technet.micr...curity/MS15-027
Important - Spoofing - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-028 - Important
Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
- https://technet.micr...curity/MS15-028
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-029 - Important
Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)
- https://technet.micr...curity/MS15-029
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-030 - Important
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)
- https://technet.micr...curity/MS15-030
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-031 - Important
Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
- https://technet.micr...curity/MS15-031
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

- http://blogs.technet...15-updates.aspx
10 Mar 2015 - "... we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer... We released one new Security Advisory:
• Availability of SHA-2 code signing support for Windows 7 and Windows Server 2008 R2 (3033929)
Two Security Advisories were revised:
• Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)
• Vulnerability in Schannel Could Allow Security Feature Bypass (3046015)..."

Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.micr...ecurity/3046015
Published: March 5, 2015 | Updated: March 10, 2015
Version: 2.0 - "Microsoft has completed the investigation into a public report of a vulnerability. We have issued Microsoft Security Bulletin MS15-031[1] to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin. The vulnerability addressed is the Schannel Security Feature Bypass Vulnerability
- https://web.nvd.nist...d=CVE-2015-1637 "

1] https://technet.micr...curity/MS15-031

Microsoft Security Advisory 3033929
Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2
- https://technet.micr...ecurity/3033929
March 10, 2015 - "Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. This update supersedes the 2949927 update that was rescinded on October 17, 2014 to address issues that some customers experienced after installation. As with the original release, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1 do not require this update because SHA-2 signing and verification functionality is already included in these operating systems. This update is not available for Windows Server 2003, Windows Vista, or Windows Server 2008.
[1]The 3033929 update has affected binaries in common with the 3035131 update being released simultaneously via MS15-025. Customers who download and install updates manually and who are planning to install -both- updates should install the 3035131* update before installing the 3033929** update. See the Advisory FAQ for more information."
* https://support.micr....com/kb/3035131

** https://support.micr....com/kb/3033929

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
Updated: March 10, 2015 - Version: 38.0
___

March 2015 Office Update Release
- http://blogs.technet...te-release.aspx
10 Mar 2015 - "... There are 35 security updates (1 bulletin) and 39 non-security updates..."
> http://technet.micro...curity/ms15-022
__

- http://www.securityt....com/id/1031888- MS15-018
- http://www.securityt....com/id/1031887- MS15-019
- http://www.securityt....com/id/1031890- MS15-020
- http://www.securityt....com/id/1031889- MS15-021
- http://www.securityt....com/id/1031895- MS15-022
- http://www.securityt....com/id/1031896- MS15-022
- http://www.securityt....com/id/1031897- MS15-023
- http://www.securityt....com/id/1031898- MS15-024
- http://www.securityt....com/id/1031899- MS15-025
- http://www.securityt....com/id/1031900- MS15-026
- http://www.securityt....com/id/1031891- MS15-027
- http://www.securityt....com/id/1031893- MS15-028
- http://www.securityt....com/id/1031894- MS15-029
- http://www.securityt....com/id/1031892- MS15-030
___

ISC Analysis
- https://isc.sans.edu...l?storyid=19445
2015-03-10

.

Edited by AplusWebMaster, 10 March 2015 - 10:17 PM.

[AplusWebMaster]

FYI...

MS Update 3033929 causing Reboot loop
- http://krebsonsecuri...ng-reboot-loop/
12 Mar 2015 - "One of the operating system updates Microsoft released on Tuesday of this week — KB3033929 — is causing a reboot loop for a fair number of Windows 7 users, according to postings on multiple help forums. The update in question does not appear to address a pressing security vulnerability, so users who have not  yet installed it should probably delay doing so until Microsoft straightens things out. Various tech help forums ares starting to fill up with requests from Windows 7 users who are experiencing a reboot loop after applying the glitchy patch*, which is a “code signing” update that improves the ability of Windows 7 and Windows Server 2008 R2 systems to validate the integrity and authenticity of programs running on top of the operating system. At this time, none of the tech help forums seem to have a solution for the problem..."
* https://support.micr....com/kb/3033929
Last Review: Mar 10, 2015 - Rev: 1.0
___

Netlogon patch KB 3002657, SHA-2 signing patch KB 3033929 - Woes mount ...
- http://www.infoworld...-confirmed.html
Mar 12, 2015 - "... Complaints are mounting among admins that the Netlogon spoofing patch, MS15-027/KB 3002657* is causing more problems... In addition to log-on failures with EMC Isilon clusters, there are also problems with Outlook, SharePoint, and NAS drives... Spiceworks also has a lengthy thread on this topic. No idea when/if Microsoft will pull the patch, but clearly it's causing lots of problems... Posters on the Patchmanagement List are complaining about a detection problem with the kernel patch MS15-025/KB 3033395** installing on Windows 2003 R2 servers. Apparently the update mechanism fails to identify the patch once it's installed, and offers it up repeatedly... confirmation on yesterday's report that the RDP patch MS15-030/KB 3036493*** requires multiple reboots - at least in some situations. It has been added to the official list of multiple-reboot renegades maintained in KB 2894518****. Admins take note: Your patching sequences may get clobbered... seeing a lot of complaints about the size of this month's bundle of patches. Those of you with Office, for example, may see as many as 50 or 60 individual patches in a swollen download package of 400MB or more..."
* https://support.micr....com/kb/3002657
Last Review: Mar 10, 2015 - Rev: 1.0
** https://support.micr....com/kb/3033395
Last Review: Mar 10, 2015 - Rev: 1.0
*** https://support.micr....com/kb/3036493
Last Review: Mar 10, 2015 - Rev: 1.0
**** https://support.micr....com/kb/2894518
Last Review: Mar 12, 2015 - Rev: 15.0
___

KB 3033929 install fails, with multiple errors
- http://www.infoworld...2-80070005.html
Mar 12, 2015
____

- http://windowssecret...in-like-a-lion/
Mar 11, 2015 - "... Along with a slug of Windows security fixes, Office gets an astounding 35 security updates — plus the usual load of nonsecurity fixes.
MS15-018 (3032359), MS15-019 (3030403, 3030398)
Patching the usual browser suspects: ... browser security starts with keeping Internet Explorer fully patched — even if you rarely use it. IE is deeply tied into Windows.
KB 3032359 (MS15-018) is rated -critical- for client versions of Windows. It fixes -eight- privately reported vulnerabilities and one publicly disclosed vulnerability, and it applies to all supported versions of the browser, including IE in Windows 10 Technical Preview. There are no reports of active exploits at this time. Among other things, the update makes changes to the VBScript engine and ensures proper enforcement of cross-domain policies. This should help prevent attackers from taking control of a PC when a user clicks-a-malicious-webpage.
Those of you still running IE 7 or an earlier version of the browser (or systems lacking IE, such as Windows 2008 Server Core editions) also need KB 3030398 or KB 3030403 (MS15-019), a related fix for the Windows VBScript engine. These updates should show up on Vista, Server 2003, Server 2008, and some Server Core machines. PCs running Windows 8 or higher will see an Adobe Flash Player update a bit sooner than those running Win7. As noted in MS Security Advisory 2755801, Microsoft released KB 3044132 for embedded Flash on March 10. Adobe’s Flash update will be released two days later..."
 

Edited by AplusWebMaster, 12 March 2015 - 03:52 PM.

[AplusWebMaster]

FYI... MS KB revision updates:

MS15-018: Cumulative security update for Internet Explorer...
- http://support.micro...n-us/kb/3032359
Last Review: Mar 16, 2015 - Rev: 3.0
Applies to:
•Internet Explorer 10
•Internet Explorer 11
•Microsoft Internet Explorer 6.0
•Windows Internet Explorer 7
•Windows Internet Explorer 8
•Windows Internet Explorer 9
___

MS15-020 - Critical
Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
- https://technet.micr...curity/MS15-020
V1.1 (March 10, 2015): Bulletin revised to better explain the attack vector for the DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096).
Updated: March 10, 2015 - "... For more information about this update, see Microsoft Knowledge Base Article 3041836*..."

MS15-020 ... remote code execution
* - https://support.micr...n-us/kb/3041836
"Known issues and additional information about this security update:
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link...":
Last Review: Mar 12, 2015 - Rev: 2.0

Related:

MS15-020 ... Windows text svcs
- https://support.micr...n-us/kb/3033889
Last Review: Mar 14, 2015 - Rev: 2.0

MS15-020 ... Windows shell
- https://support.micr...n-us/kb/3039066
Last Review: Mar 14, 2015 - Rev: 3.0
 

Edited by AplusWebMaster, 17 March 2015 - 02:59 PM.

[AplusWebMaster]

FYI...

Netlogon patch KB 3002657 re-issued
If you're running Win Svr 2003, Microsoft advises you install KB 3002657-v2 on top of the first patch
- http://www.infoworld...kb-3002657.html
Mar 17, 2015 - "... Microsoft finally acknowledged the problem and posted a fix - for Windows Server 2003 -only- although I've seen unverified reports of similar problems on other versions of Windows Server... The KB article references problems with EMC Isilon OneFS in the "Known Issues" section...
Updated Security Bulletin MS15-027:
- https://technet.micr...curity/MS15-027 "
Updated: March 16, 2015 - Ver: 2.0
V2.0 (March 16, 2015): To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update -also- apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this re-release and do not need to take any action. See Microsoft Knowledge Base Article 3002657* for more information."
* https://support.micr...n-us/kb/3002657
Last Review: Mar 17, 2015 - Rev: 2.0
 

[AplusWebMaster]

FYI...

MS Security Advisory 3046310
Improperly Issued Digital Certificates Could Allow Spoofing
- https://isc.sans.edu...l?storyid=19475
Mar 16, 2015 - "Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. To help protect customers from potentially fraudulent use of this digital certificate, it has been revoked by the issuing CA and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue... For customers running Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates, Microsoft recommends that the 3046310 update* be applied immediately using update management software, by checking for updates using the Microsoft Update service, or by downloading and applying the update manually..."
* https://support.micr...n-us/kb/3046310
Last Review: Mar 16, 2015 - Rev: 1.0

(See 'Applies to...')

___

Support for urgent Trusted Root updates for Windows Root Certificate Program in Windows
- https://support2.mic...b;en-us;3004394
Last Review: Mar 16, 2015 - Rev: 4.0
(See 'Applies to...')
___

Update Rollup 16 for Exchange Server 2007 SP3
- https://support.micr...n-us/kb/3030086
Last Review: Mar 17, 2015 - Rev: 1.0
Applies to:
    Microsoft Exchange Server 2007 Service Pack 3, when used with:
        Microsoft Exchange Server 2007 Enterprise Edition
        Microsoft Exchange Server 2007 Standard Edition
 

Edited by AplusWebMaster, 18 March 2015 - 08:46 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 3046310
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.micr...ty/3046310.aspx
Published: March 16, 2015 | Updated: March 19, 2015
V2.0 (March 19, 2015): Advisory re-released to announce that the update for supported editions of Windows Server 2003 is now available. See Knowledge Base Article 3046310* for more information and download links.
* https://support.micr...n-us/kb/3046310
Last Review: Mar 19, 2015 - Rev: 3.0
(See "Applies to...")
 

[AplusWebMaster]

FYI...

MS15-018: Cumulative security update for Internet Explorer...
- https://support.micr...n-us/kb/3032359
Last Review: Mar 16, 2015 - Rev: 3.0
"... Known issues with this security update:
    After you install this security update, applications may crash when they render table-based content in Internet Explorer 11, Internet Explorer 10, Internet Explorer 9, and Internet Explorer 8.
    Status: Microsoft is working on a fix for this issue..."
___

MS15-020: Description of the security update for Windows text services ...
- https://support2.mic...b;en-us;3033889
Last Review: Mar 18, 2015 - Rev: 3.0

- https://support.micr...n-us/kb/3048778
Last Review: Mar 20, 2015 - Rev: 4.0
(See "Applies to...")
___

MS15-027: Vulnerability in NETLOGON could allow spoofing...
- https://support.micr...n-us/kb/3002657
Last Review: Mar 20, 2015 - Rev: 5.0
(See "Applies to...")
___

Enterprise Site Discovery on IE8, IE9, IE10, and IE11
- http://blogs.msdn.co...hancements.aspx
March 20, 2015 - "... The March 2015 update expands Enterprise Site Discovery beyond Internet Explorer 11 to include Internet Explorer 8, 9, & 10. By default, data collection is turned off. When collection is enabled, data will be collected from all sites visited by users with Internet Explorer unless otherwise configured. Data is collected during each browsing event and is associated to the browsed URL..."
(More detail at the URL above.)
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory 3050995
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.micr...ror=-2147217396
March 24, 2015 - "Microsoft is aware of digital certificates that were improperly issued from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. To help protect customers from the potentially fraudulent use of these improperly issued certificates, Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA. Microsoft is working on an update for Windows Server 2003 customers and will release it once fully tested..."
- https://support.micr...n-us/kb/3050995
Last Review: Mar 24, 2015 - Rev: 1.0
(See "Applies to...")
___

Microsoft Security Bulletin MS15-031 - Important
Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
- https://technet.micr...curity/MS15-031
V1.1 (March 24, 2015): Revised bulletin to add an FAQ directing customers to Microsoft Knowledge Base Article 3050509* for instructions on how to disable EXPORT ciphers after installing the update on Windows Server 2003 systems.
* https://support.micr...n-us/kb/3050509
Last Review: Mar 24, 2015 - Rev: 1.0
Applies to:
    Microsoft Windows Server 2003 SP2
___

Compatibility update for upgrading Windows 7
- https://support.micr...n-us/kb/2952664
Last Review: Mar 24, 2015 - Rev: 6.0
Applies to:
    Windows 7 SP1, when used with:
        Windows 7 Enterprise
        Windows 7 Home Basic
        Windows 7 Home Premium
        Windows 7 Professional
        Windows 7 Starter
        Windows 7 Ultimate
___

Compatibility update for Windows 7 RTM
- https://support.micr...n-us/kb/2977759
Last Review: Mar 24, 2015 - Rev: 6.0
Applies to:
    Windows 7 Enterprise
    Windows 7 Home Premium
    Windows 7 Home Basic
    Windows 7 Professional
    Windows 7 Starter
    Windows 7 Ultimate
___

Compatibility update for Windows 8.1 and Windows 8
- https://support.micr...n-us/kb/2976978
Last Review: Mar 24, 2015 - Rev: 7.0
Applies to:
    Windows 8.1 Enterprise
    Windows 8.1
    Windows 8.1 Pro
    Windows 8 Enterprise
    Windows 8
    Windows 8 Pro
___

An update to enable an automatic update from Windows 8 to Windows 8.1
- https://support.micr...n-us/kb/3008273
Last Review: Mar 24, 2015 - Rev: 5.0
Applies to:
    Windows 8 Pro
    Windows 8 Pro N
    Windows 8
    Windows RT
 

Edited by AplusWebMaster, 25 March 2015 - 08:45 AM.

[AplusWebMaster]

FYI...

KB 2876229 can hijack your browser
Microsoft's patch installs Skype, which by default makes MSN your home page and Bing your search engine
- http://www.infoworld...ur-browser.html
March 25, 2015 - "If you were somehow possessed to install the "optional" KB 2876229 patch, make sure you -uncheck- the correct installer boxes, or your Internet Explorer home page will be hijacked and the default search engine changed. That's the default behavior of this boorish Microsoft KB-numbered installer, pushed through the Windows Update chute.
Yesterday's fourth-Tuesday patch round included a rather special patch. Identified as "Skype for Windows desktop 7.0 (KB2876229)," it's an -unchecked- patch offered up for systems that don't already have Skype installed:
> http://core0.staticw...medium.idge.jpg
While you might expect Windows Update to include, uh, Windows updates, this is a patch of a different color. If you check the box and install KB 2876229, Microsoft runs the Windows-based Skype installer. It's the plain vanilla Skype installer, not an update or a patch. Which might not be too bad, but the Skype installer asks if you want to make MSN your home page and if you want to make Bing your default search engine. Unless you uncheck the requisite boxes in the installer, your browser gets taken over.
Welcome to the kind of garbage you would expect to see from Oracle, which still rigs the Java installer to add the Ask toolbar and reset your search engine to Ask."
 

[AplusWebMaster]

FYI...

Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1
- https://support.micr...n-us/kb/3035583
Last Review: Mar 27, 2015 - Rev: 1.0 - "This update enables additional capabilities for Windows Update notifications when new updates are available to the user. It applies to a computer that is running Windows 8.1 or Windows 7 Service Pack 1 (SP1)...
Prerequisites: To install this update, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1. Or, install Windows 7 SP1...
Applies to:
    Windows 8.1 Pro
    Windows 8.1
    Windows 7 Service Pack 1, when used with:
        Windows 7 Ultimate
        Windows 7 Professional
        Windows 7 Home Premium
        Windows 7 Home Basic
        Windows 7 Starter

Mystery patch ...
- http://www.infoworld...kb-3035583.html
Mar 30, 2015
___

March 26, 2015 update for Outlook 2010
- https://support.micr...n-us/kb/2965290
Last Review: Mar 26, 2015 - Rev: 1.0 - "This update fixes the following issues:
    After you migrate from Microsoft Exchange Server 2010 or Microsoft Exchange Server 2007 to Microsoft Exchange Server 2013, a user's Offline Address Book does not download.
    When a user opens an .eml file in cached mode, a Reply, Reply All, or Forward operation results in an empty header block in the body instead of correctly propagating the To and Cc fields.
    Mail Tips cannot be retrieved when an item is opened by using an add-in before a connection to the server that is running Exchange Server is established.
    Accessibility in the Recover Deleted Items dialog box is poor.
    In configurations in which many people use shared folders, members are removed from a large, shared personal distribution when you modify the contents of the distribution...
Applies to:
    Microsoft Office 2010 Service Pack 2, when used with:
        Microsoft Outlook 2010
 

Edited by AplusWebMaster, 30 March 2015 - 10:01 AM.

[AplusWebMaster]

FYI...

KB3035583 is a Win10 prompter/downloader that nags users about upgrading to Win 10 ...
- http://www.infoworld...downloader.html
 Apr 6, 2015 - "...  KB 3035583 is a shill for Windows 10. As poster rugk on the eset Security Forum says, it's "an adware/PUA/PUS/PUP for Windows 10 upgrade." Aldershoff goes into detail:
    'Once the update is downloaded it adds a folder to System32 called "GWX" which contains 9 files and a folder called "Download". One of the four .EXE files reveals what the update really is, the description of GWXUXWorker.EXE states, "Download Windows 10?. This explains the X in the name, the X is the Romanian [sic] number 10.'
    The folder also contains "config.xml" which contains some URLs that at the moment of writing didn't work.  The config  file mentions "OnlineAdURL" that points to https://go.microsoft.com/fwlink/?LinkID=526874 and Telemetry BaseURL pointing to http://g.bing.com/GWX/ .
Dudau adds:
    'In the same system folder, users can find a config XML file that goes through the program's behavior depending on what "phase" Windows 10 is in. For example, currently the program doesn't display any notifications or act in any way because we're currently in the "None" phase. But as we get to the "RTM" phase of Windows 10, users will likely see a new Live Tile show up on their Start Screen, pointing to the upcoming OS. Similarly, taskbar notifications will also be displayed when Windows 10 launches, prompting users to update.'
Is the patch an -unwanted- intrusion or just a convenient way to let Windows 7, 8, and 8.1 users upgrade to the (free) Windows 10?"

- http://www.infoworld...e-win7-pcs.html
Apr 8, 2015
 

Edited by AplusWebMaster, 10 April 2015 - 06:12 AM.