Changes to improve security for Windows devices scanning WSUS

Published Sep 08 2020 11:44 AM 80.1K Views
Microsoft

With the September 2020 cumulative update for Windows 10, we introduced changes that help improve the security of devices that scan Windows Server Update Services (WSUS) for their updates. This post will describe those changes, outline the actions you need to take to ensure your devices continue to scan for updates, and offer basic recommendations to help you better secure the devices in you organization.

Secure by default

First, beginning with the September 2020 cumulative update, HTTP-based intranet servers will be secure by default. To ensure that your devices remain inherently secure, we are no longer allowing HTTP-based intranet servers to leverage user proxy by default to detect updates. If you have a WSUS environment not secured with TLS protocol/HTTPS and a device requires a proxy in order to successfully connect to intranet WSUS Servers—and that proxy is only configured for users (not devices)—then your software update scans against WSUS will start to fail after your device successfully takes the September 2020 cumulative update.

Recommendations for greater security

To help ensure the security of your WSUS infrastructure, Microsoft recommends using the TLS/SSL protocol between your devices and your WSUS servers. The Microsoft Update system (including WSUS) relies on two types of content: update payloads and update metadata. Update payloads are the data files that contain the software update components that make up the update. Update metadata is all the information that the Microsoft Update system needs to know about the updates, including which updates are available, which devices each update can be applied to, and where to retrieve the payloads for each update. Both types of content are crucial and they both need to be protected to help keep your computers secure and up to date.

Update payloads are protected against modification by multiple means, including digital signature checks and cryptographic hash verifications. HTTPS provides a proper chain of custody which the client uses to prove the data is trusted.

When a device receives updates directly from Microsoft Update, that device receives update metadata directly from Microsoft servers. This metadata is always transmitted via HTTPS to prevent tampering. When you use WSUS or Configuration Manager to manage your organization's updates, the update metadata travels from Microsoft servers to your devices via a chain of connections. Each one of these connections needs to be protected against malicious attacks.

Your WSUS server connects with Windows Update servers and receives update metadata. This connection always uses HTTPS, and the HTTPS security features guard the metadata against tampering. If you have multiple WSUS servers arranged in a hierarchy, the downstream servers receive metadata from the upstream servers. Here, you have a choice: you can use HTTP or HTTPS for these metadata connections. Using HTTP; however, can be very dangerous as it breaks the chain of trust and can leave you vulnerable to attack. Using HTTPS enables the WSUS server to prove that it trusts the metadata it receives from the upstream WSUS server.

In order to maintain the chain of trust and prevent attacks on your client computers, you must ensure that all metadata connections within your organizations – the connections between upstream and downstream WSUS servers, and the connections between the WSUS servers and your client computers – are defended against attacks. To do so, we highly recommend that you configure your WSUS network to protect these connections using HTTPS. To learn more, see Michael Cureton’s post Security best practices for Windows Server Update Services (WSUS).

Even with HTTPS configured, it is still very important that you utilize a system-based proxy rather than a user-based proxy if a proxy is needed. When using a user-based proxy, a user, even one without elevated privileges, could intercept and manipulate the data being exchanged between the update client and the update server.

Recommendations for those who absolutely need user proxy

If you do need to leverage a user-based proxy to detect updates while using an HTTP-based intranet server, despite the vulnerabilities it presents, make sure to configure the proxy behavior to "Allow user proxy to be used as a fallback if detection using system proxy fails."

Group Policy path: Windows Components>Windows Update>Specify intranet Microsoft update service location

Configuration Service Provider path: Update/ SetProxyBehaviorForUpdateDetection

update-service-location.png

Next steps

If you are an IT administrator who currently manages an HTTP-configured WSUS environment and relies on user-based proxy for client scans, please consider taking one of the following actions as soon as possible. If none of these actions are taken your devices will stop successfully scanning for software updates after the September 2020 security update.

Options to ensure that devices in your environment can continue to successfully scan for updates:

  • Secure your WSUS environment with TLS/SSL protocol (configure servers with HTTPS).
  • Set up system-based proxy for detecting updates if needed.
  • Enable the “Allow user proxy to be used as a fallback if detection using system proxy fails” policy.

 

 

46 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-1645547%22%20slang%3D%22en-US%22%3EChanges%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1645547%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EWith%20the%20September%202020%20cumulative%20update%20for%20Windows%2010%2C%20we%20introduced%20changes%20that%20help%20improve%20the%20security%20of%20devices%20that%20scan%20Windows%20Server%20Update%20Services%20(WSUS)%20for%20their%20updates.%20This%20post%20will%20describe%20those%20changes%2C%20outline%20the%20actions%20you%20need%20to%20take%20to%20ensure%20your%20devices%20continue%20to%20scan%20for%20updates%2C%20and%20offer%20basic%20recommendations%20to%20help%20you%20better%20secure%20the%20devices%20in%20you%20organization.%3C%2FP%3E%0A%3CH2%20style%3D%22margin-top%3A%2036px%3B%20margin-bottom%3A%2020px%3B%20font-family%3A%20'Segoe%20UI'%2C%20Segoe%2C%20Tahoma%2C%20Geneva%2C%20sans-serif%3B%20font-weight%3A%20600%3B%20font-size%3A%2020px%3B%20color%3A%20%23333333%3B%22%20id%3D%22toc-hId--1269472597%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%20id%3D%22toc-hId--1269472596%22%3ESecure%20by%20default%3C%2FH2%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EFirst%2C%20beginning%20with%20the%20September%202020%20cumulative%20update%2C%20HTTP-based%20intranet%20servers%20will%20be%20secure%20by%20default.%20To%20ensure%20that%20your%20devices%20remain%20inherently%20secure%2C%20we%20are%20no%20longer%20allowing%20HTTP-based%20intranet%20servers%20to%20leverage%20user%20proxy%20by%20default%20to%20detect%20updates.%20If%20you%20have%20a%20WSUS%20environment%20not%20secured%20with%20TLS%20protocol%2FHTTPS%20and%20a%20device%20requires%20a%20proxy%20in%20order%20to%20successfully%20connect%20to%20intranet%20WSUS%20Servers%E2%80%94and%20that%20proxy%20is%20only%20configured%20for%20users%20(not%20devices)%E2%80%94then%20your%20software%20update%20scans%20against%20WSUS%20will%20start%20to%20fail%20after%20your%20device%20successfully%20takes%20the%20September%202020%20cumulative%20update.%3C%2FP%3E%0A%3CH2%20style%3D%22margin-top%3A%2036px%3B%20margin-bottom%3A%2020px%3B%20font-family%3A%20'Segoe%20UI'%2C%20Segoe%2C%20Tahoma%2C%20Geneva%2C%20sans-serif%3B%20font-weight%3A%20600%3B%20font-size%3A%2020px%3B%20color%3A%20%23333333%3B%22%20id%3D%22toc-hId-1218040236%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%20id%3D%22toc-hId-1218040237%22%3ERecommendations%20for%20greater%20security%3C%2FH2%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3ETo%20help%20ensure%20the%20security%20of%20your%20WSUS%20infrastructure%2C%20Microsoft%20recommends%20using%20the%20TLS%2FSSL%20protocol%20between%20your%20devices%20and%20your%20WSUS%20servers.%20The%20Microsoft%20Update%20system%20(including%20WSUS)%20relies%20on%20two%20types%20of%20content%3A%20update%20payloads%20and%20update%20metadata.%20Update%20payloads%20are%20the%20data%20files%20that%20contain%20the%20software%20update%20components%20that%20make%20up%20the%20update.%20Update%20metadata%20is%20all%20the%20information%20that%20the%20Microsoft%20Update%20system%20needs%20to%20know%20%3CEM%3Eabout%3C%2FEM%3E%20the%20updates%2C%20including%20which%20updates%20are%20available%2C%20which%20devices%20each%20update%20can%20be%20applied%20to%2C%20and%20where%20to%20retrieve%20the%20payloads%20for%20each%20update.%20Both%20types%20of%20content%20are%20crucial%20and%20they%20both%20need%20to%20be%20protected%20to%20help%20keep%20your%20computers%20secure%20and%20up%20to%20date.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EUpdate%20payloads%20are%20protected%20against%20modification%20by%20multiple%20means%2C%20including%20digital%20signature%20checks%20and%20cryptographic%20hash%20verifications.%20HTTPS%20provides%20a%20proper%20chain%20of%20custody%20which%20the%20client%20uses%20to%20prove%20the%20data%20is%20trusted.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EWhen%20a%20device%20receives%20updates%20directly%20from%20Microsoft%20Update%2C%20that%20device%20receives%20update%20metadata%20directly%20from%20Microsoft%20servers.%20This%20metadata%20is%20always%20transmitted%20via%20HTTPS%20to%20prevent%20tampering.%20When%20you%20use%20WSUS%20or%20Configuration%20Manager%20to%20manage%20your%20organization's%20updates%2C%20the%20update%20metadata%20travels%20from%20Microsoft%20servers%20to%20your%20devices%20via%20a%20chain%20of%20connections.%20%3CSTRONG%3EEach%20one%20of%20these%20connections%20needs%20to%20be%20protected%20against%20malicious%20attacks.%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EYour%20WSUS%20server%20connects%20with%20Windows%20Update%20servers%20and%20receives%20update%20metadata.%20This%20connection%20always%20uses%20HTTPS%2C%20and%20the%20HTTPS%20security%20features%20guard%20the%20metadata%20against%20tampering.%20If%20you%20have%20multiple%20WSUS%20servers%20arranged%20in%20a%20hierarchy%2C%20the%20downstream%20servers%20receive%20metadata%20from%20the%20upstream%20servers.%20Here%2C%20you%20have%20a%20choice%3A%20you%20can%20use%20HTTP%20or%20HTTPS%20for%20these%20metadata%20connections.%20Using%20HTTP%3B%20however%2C%20can%20be%20very%20dangerous%20as%20it%20breaks%20the%20chain%20of%20trust%20and%20can%20leave%20you%20vulnerable%20to%20attack.%20Using%20HTTPS%20enables%20the%20WSUS%20server%20to%20prove%20that%20it%20trusts%20the%20metadata%20it%20receives%20from%20the%20upstream%20WSUS%20server.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EIn%20order%20to%20maintain%20the%20chain%20of%20trust%20and%20prevent%20attacks%20on%20your%20client%20computers%2C%20you%20must%20ensure%20that%20all%20metadata%20connections%20within%20your%20organizations%20%E2%80%93%20the%20connections%20between%20upstream%20and%20downstream%20WSUS%20servers%2C%20and%20the%20connections%20between%20the%20WSUS%20servers%20and%20your%20client%20computers%20%E2%80%93%20are%20defended%20against%20attacks.%20To%20do%20so%2C%20we%20highly%20recommend%20that%20you%20configure%20your%20WSUS%20network%20to%20protect%20these%20connections%20using%20HTTPS.%20To%20learn%20more%2C%20see%20Michael%20Cureton%E2%80%99s%20post%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fsecurity-best-practices-for-windows-server-update-services-wsus%2Fba-p%2F1587536%22%20target%3D%22_blank%22%3ESecurity%20best%20practices%20for%20Windows%20Server%20Update%20Services%20(WSUS)%3C%2FA%3E.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EEven%20with%20HTTPS%20configured%2C%20it%20is%20still%20very%20important%20that%20you%20utilize%20a%20system-based%20proxy%20rather%20than%20a%20user-based%20proxy%20if%20a%20proxy%20is%20needed.%20When%20using%20a%20user-based%20proxy%2C%20a%20user%2C%20even%20one%20without%20elevated%20privileges%2C%20could%20intercept%20and%20manipulate%20the%20data%20being%20exchanged%20between%20the%20update%20client%20and%20the%20update%20server.%3C%2FP%3E%0A%3CH2%20style%3D%22margin-top%3A%2036px%3B%20margin-bottom%3A%2020px%3B%20font-family%3A%20'Segoe%20UI'%2C%20Segoe%2C%20Tahoma%2C%20Geneva%2C%20sans-serif%3B%20font-weight%3A%20600%3B%20font-size%3A%2020px%3B%20color%3A%20%23333333%3B%22%20id%3D%22toc-hId--589414227%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%20id%3D%22toc-hId--589414226%22%3ERecommendations%20for%20those%20who%20absolutely%20need%20user%20proxy%3C%2FH2%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EIf%20you%20do%20need%20to%20leverage%20a%20user-based%20proxy%20to%20detect%20updates%20while%20using%20an%20HTTP-based%20intranet%20server%2C%20despite%20the%20vulnerabilities%20it%20presents%2C%20make%20sure%20to%20configure%20the%20proxy%20behavior%20to%20%22Allow%20user%20proxy%20to%20be%20used%20as%20a%20fallback%20if%20detection%20using%20system%20proxy%20fails.%22%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3E%3CSTRONG%3EGroup%20Policy%20path%3A%3C%2FSTRONG%3E%20Windows%20Components%26gt%3BWindows%20Update%26gt%3BSpecify%20intranet%20Microsoft%20update%20service%20location%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3E%3CSTRONG%3EConfiguration%20Service%20Provider%20path%3A%3C%2FSTRONG%3E%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-update%23update-allowupdateservice%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUpdate%2F%20SetProxyBehaviorForUpdateDetection%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22update-service-location.png%22%20style%3D%22width%3A%20602px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F217065iC84D3B6FD368A121%2Fimage-dimensions%2F602x537%3Fv%3D1.0%22%20width%3D%22602%22%20height%3D%22537%22%20title%3D%22update-service-location.png%22%20alt%3D%22update-service-location.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20style%3D%22margin-top%3A%2036px%3B%20margin-bottom%3A%2020px%3B%20font-family%3A%20'Segoe%20UI'%2C%20Segoe%2C%20Tahoma%2C%20Geneva%2C%20sans-serif%3B%20font-weight%3A%20600%3B%20font-size%3A%2020px%3B%20color%3A%20%23333333%3B%22%20id%3D%22toc-hId-1898098606%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%20id%3D%22toc-hId-1898098607%22%3ENext%20steps%3C%2FH2%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EIf%20you%20are%20an%20IT%20administrator%20who%20currently%20manages%20an%20HTTP-configured%20WSUS%20environment%20and%20relies%20on%20user-based%20proxy%20for%20client%20scans%2C%20please%20consider%20taking%20one%20of%20the%20following%20actions%20as%20soon%20as%20possible.%20If%20none%20of%20these%20actions%20are%20taken%20your%20devices%20will%20stop%20successfully%20scanning%20for%20software%20updates%20after%20the%20September%202020%20security%20update.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EOptions%20to%20ensure%20that%20devices%20in%20your%20environment%20can%20continue%20to%20successfully%20scan%20for%20updates%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20style%3D%22margin-bottom%3A%208px%3B%20margin-top%3A%2020px%3B%22%3ESecure%20your%20WSUS%20environment%20with%20TLS%2FSSL%20protocol%20(configure%20servers%20with%20HTTPS).%3C%2FLI%3E%0A%3CLI%20style%3D%22margin-bottom%3A%208px%3B%22%3ESet%20up%20system-based%20proxy%20for%20detecting%20updates%20if%20needed.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1645547%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20September%202020%20security%20update%20improves%20security%20for%20devices%20scanning%20WSUS%20for%20updates%2C%20but%20may%20require%20you%20to%20take%20action.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1645547%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EServicing%20and%20updates%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1646747%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1646747%22%20slang%3D%22en-US%22%3E%3CP%3EThe%26nbsp%3B%3CSPAN%3E%E2%80%9CAllow%20user%20proxy%20to%20be%20used%20as%20a%20fallback%20if%20detection%20using%20system%20proxy%20fails%E2%80%9D%20policy%20does%20not%20exist%20in%201909%20or%202004%20ADMX's%20or%20am%20i%20wrong%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EHow%20can%20this%20be%20configured%20as%20a%20Registry%20key%20only%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1647030%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1647030%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Aria%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20provide%20some%20more%20details%20regarding%20the%20policy-setting%3F%20As%20stated%20by%20Richard%2C%20this%20doesn't%20seem%20to%20be%20included%20within%20the%20ADMX's.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdditionally%2C%20the%20GPO%20being%20referred%20to%20is%20one%20also%20being%20managed%20through%20Configuration%2FEndPoint%20Manager..%20Setting%20the%20GPO%20'll%20cause%202%20management%20systems%20in%20trying%20to%20define%20the%20setting%20on%20the%20managed%20workstation%2Fdevice.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELast%20but%20not%20least%3A%20The%20link%20provided%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-update%23update-allowupdateservice%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-update%23update-allowupdateservice%3C%2FA%3E)%20does%20not%20refer%20to%20any%20sub-section%20%22%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-update%23update-allowupdateservice%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUpdate%2F%20SetProxyBehaviorForUpdateDetection%3C%2FA%3E%22%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20provide%20an%20updated%20location%2C%20that%20includes%20the%20%22SetProxyBehaviourForUpdateDetection%22%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGrtz%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1648400%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1648400%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3BThere%20seems%20to%20be%20some%20confusion%20about%20exact%20what%20a%20user%20proxy%20is%20versus%20a%20system%2Fdevice%20proxy.%26nbsp%3B%20Which%20is%20to%20say%3A%20people%20don't%20clearly%20know%20if%20they%20are%20impacted%20by%20this%20or%20not.%26nbsp%3B%20I%20read%20'user%20proxy'%20as%20one%20defined%20in%20'Internet%20Options'%20either%20by%20the%20user%20themselves%20or%20via%20Group%20Policy%20and%20'system'%20proxy%20as%20one%20configured%20using%20'netsh%20winhttp'%20commands.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20an%20organization%20legitimately%20needs%20a%20proxy%20to%20reach%20their%20WSUS%20server%20how%20do%20they%20configure%20(or%20verify%20that%20they%20are%20using)%20a%20system%20proxy%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1649945%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1649945%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20not%20sure%20if%20this%20affects%20me%20as%20we%20have%20SCCM%20server%20(wsus%20incorporated)%20and%20our%20clients%20use%20proxy%20app%20to%20allow%20internet%20out%3F%3C%2FP%3E%3CP%3Eis%20there%20a%20better%20way%20to%20make%20sure%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1650921%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1650921%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286572%22%20target%3D%22_blank%22%3E%40RichardSheath%3C%2FA%3E%26nbsp%3Bthis%20policy%20should%20appear%20in%20the%20group%20policy%20ADMX%20file%20once%20the%20September%20security%20update%20is%20taken.%20It%20is%20typically%20not%20recommended%20to%20set%20the%20registry%20key%20directly%2C%20given%20that%20it%20could%20then%20be%20easily%20overwritten%20if%20the%20policy%20is%20set%20(either%20locally%20or%20by%20a%20management%20tool).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1650928%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1650928%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F630730%22%20target%3D%22_blank%22%3E%40Dolinhas%3C%2FA%3E%26nbsp%3Bthat%20would%20depend%20on%20what%20your%20proxy%20app%20is%20doing.%20That%20said%2C%20you%20can%20determine%20if%20there%20is%20a%20system%20proxy%20already%20in%20place%20by%20using%20the%20netsh%20command-line%20utility%20as%20an%20administrator%20and%20running%20netsh%20winhttp%20show%20proxy.%20I%20hope%20this%20helps!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1651348%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1651348%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20clarification%20although%20it%20sort%20of%20confirms%20the%20confusion.%26nbsp%3B%20I've%20been%20told%20the%20opposite%20by%20a%20MS%20PFE%20whom%20I%20know%20and%20have%20reason%20to%20trust%3A%20that%20this%20is%20about%20how%20the%20proxy%20authenticates%2C%20not%20the%20mechanism%20by%20which%20it%20is%20configured.%26nbsp%3B%20And%20yet%20your%20description%20is%20the%20one%20that%20makes%20sense%20to%20me.%26nbsp%3B%20The%20exploit%20is%20that%20a%20user-space%20proxy%20can%20be%20altered%20by%20a%20non-privileged%20user%20and%20thus%20spoofed%20...%20how%20that%20proxy%20authenticates%20is%20irrelevant.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EI%20looked%20for%20official%20docs%20on%20system%20vs%20user%20proxies%20and%20didn't%20come%20up%20with%20anything%20other%20than%20'how%20to%20configure%20a%20proxy%20with%20GPO'%20and%20the%20like.%26nbsp%3B%20So%20if%20you%20have%20docs%20handy%20to%20help%20clarify%20that'd%20be%20great.%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20short%2C%20I%20don't%20think%20the%20terms%20'system%20proxy'%20or%20'user%20proxy'%20have%20any%20universally%20agreed%20upon%20definition%20and%20it%20would%20be%20wise%20to%20further%20clarify%20how%20you%20are%20using%20those%20terms%20in%20the%20post.%20I'm%20seeing%20wide%20amounts%20of%20confusion%20surrounding%20how%20to%20know%20if%20your%20org%20is%20going%20to%20be%20impacted%20or%20not.%26nbsp%3B%20There's%20both%20an%20incredible%20amount%20of%20organizations%20using%20non-HTTPS%20WSUS%20(it's%20always%20been%20the%20default)%20and%20using%20proxies%20(almost%20universal%20in%20large%20orgs).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1651351%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1651351%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20response%20but%20I'm%20not%20sure%20you%20are%20correct%20with%20regards%20to%20the%20policy%20info.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20you%20are%20correct%20in%20that%20the%20setting%20only%20appears%20after%20the%20update%20is%20applied%20%2C%20but%20it%20is%20a%20local%20policy%20and%20not%20controlled%20by%20GPO%20so%20how%20can%20an%20ADMX%20file%20be%20modified%20by%20a%20client%20side%20patch%20being%20installed%20when%20these%20files%20reside%20on%20a%20Domain%20Controller%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESurely%20to%20take%20advantage%20of%20this%20setting%20we'd%20need%20an%20updated%20ADMX%20pack%20with%20the%20modified%20Windows%20Update.admx%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1651771%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1651771%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20ADMX%20for%202004%20have%20been%20updated%20again%20on%20the%20downloads%20page%20check%20if%20is%20is%20contained%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286572%22%20target%3D%22_blank%22%3E%40RichardSheath%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1653881%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1653881%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286572%22%20target%3D%22_blank%22%3E%40RichardSheath%3C%2FA%3E%26nbsp%3BSorry%2C%20to%20clarify%3A%20the%20local%20group%20policy%20files%20will%20be%20updated%20once%20you%20take%20the%20September%20patch.%20From%20there%20you%20can%20copy%20the%20updated%20ADMX%2FL%20files%20to%20your%20central%20store%20and%20use%20them%20to%20set%20the%20policy%20on%20your%20organization's%20devices.%20You%20are%20correct%20that%20the%20online%20files%20will%20not%20be%20automatically%20updated.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1654709%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1654709%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F786690%22%20target%3D%22_blank%22%3E%40N3rdy77%3C%2FA%3E%26nbsp%3B%26nbsp%3BThe%20local%20ADMX%20will%20update%20with%20the%20new%20policy%20once%20the%20September%20patch%20is%20taken.%20You%20should%20then%20be%20able%20to%20grab%20the%20ADMX%2FL%20files%20from%20such%20a%20device.%20As%20for%20your%20second%20point%2C%20I%20fully%20understand%20your%20concern.%20ConfigMgr%20is%20currently%20unable%20to%20manage%20the%20new%20proxy%20behavior%20setting.%20So%20in%20the%20case%20of%20managed%20environments%20where%20user%20proxy%20is%20needed%2C%20for%20the%20short%20term%2C%20you%20will%20need%20to%20set%20the%20desired%20proxy%20behavior%20via%20the%20registry%20directly.%20We%20hope%20to%20make%20this%20a%20more%20seamless%20process%20in%20future.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EComputer%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMicrosoft%5CWindows%5CWindowsUpdate%5CSetProxyBehaviorForUpdateDetection%3CBR%20%2F%3E-%20Value%200%20%E2%80%93%20Only%20use%20system%20proxy%3CBR%20%2F%3E-%20Value%201%20%E2%80%93%20Allow%20user%20proxy%20as%20fallback%E2%80%A6%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%5E%26nbsp%3B%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286572%22%20target%3D%22_blank%22%3E%40RichardSheath%3C%2FA%3E%26nbsp%3Bas%20you%20asked%20for%20the%20Regkey%20as%20well.%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1660154%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1660154%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3BTnx%20for%20the%20info%20%3B)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20worries%20are%20a%20bit%20smaller%20now.%20Now%20let's%20see%20whether%20the%20%22fail-fast%22-principle%20is%20needed%20or%20not%20%3AD%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1660896%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1660896%22%20slang%3D%22en-US%22%3E%3CP%3ESigning%20binaries%20only%20is%20not%20enough%20is%20halfway%20protection.%20Update%20metadata%20should%20be%20signed%20by%20Microsoft%20as%20well.%20SSL%2FTLS%20protection%20can%20be%20easily%20bypassed%20by%20any%20intermediate%20rogue%20WSU%20that%20uses%20legitimate%20SSL%2FTLS%20certificates%20(e.g.%20from%20StartSSL).%20As%20it%20is%20now%2C%20any%20Windows%20client%20can%20be%20fooled%20to%20run%20legitimate%20MS-signed%20binaries%20with%20rogue%20command%20line%20parameters.%20As%20it%20is%20now%20WSUS%20seems%20like%20a%20trojan%20horse%2C%20and%20can%20be%20used%20to%20hijack%20in%20a%20massive%20way%20all%20of%20its%20clients%20through%20their%20update%20channel.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1661263%22%20slang%3D%22en-US%22%3ERE%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1661263%22%20slang%3D%22en-US%22%3EJUST%20IM%20HAVE%20PROBLEM%20THIS%20WINDOWS%2010%20UPDATE%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1661937%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1661937%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%E7%B4%A0%E6%99%B4%E3%82%89%E3%81%97%E3%81%84%E8%AA%AC%E6%98%8E%E3%82%92%E3%81%82%E3%82%8A%E3%81%8C%E3%81%A8%E3%81%86%E3%80%82%3C%2FP%3E%3CP%3E%E3%83%AC%E3%82%B8%E3%82%B9%E3%83%88%E3%83%AA%E8%A8%AD%E5%AE%9A%E3%82%84GPO%E3%81%8C%E6%8F%90%E4%BE%9B%E3%81%95%E3%82%8C%E3%81%AA%E3%81%84%E3%81%93%E3%81%A8%E3%81%AF%E6%9C%AC%E6%96%87%E3%81%AB%E8%BF%BD%E8%A8%98%E3%81%97%E3%81%A6%E3%81%BB%E3%81%97%E3%81%84%E3%81%A7%E3%81%99%E3%80%82%3C%2FP%3E%3CP%3E%E4%BB%A5%E4%B8%8B%E3%81%AE%E3%82%B5%E3%82%A4%E3%83%88%E3%81%A0%E3%81%91%E3%81%A7%E3%81%AFadmx%E3%82%92%E6%BA%96%E5%82%99%E3%81%97%E3%81%8D%E3%82%8C%E3%81%AA%E3%81%84%E3%80%82%E3%81%A8%E3%81%84%E3%81%86%E3%81%93%E3%81%A8%E3%81%A7%E3%81%99%E3%82%88%E3%81%AD%EF%BC%9F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Ftroubleshoot%2Fwindows-client%2Fgroup-policy%2Fcreate-and-manage-central-store%3FWT.mc_id%3DWDIT-MVP-5002496%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Ftroubleshoot%2Fwindows-client%2Fgroup-policy%2Fcreate-and-manage-central-store%3FWT.mc_id%3DWDIT-MVP-5002496%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1650311%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1650311%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22lia-message-author-with-avatar%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F289393%22%20target%3D%22_blank%22%3E%40K_Wester-Ebbinghaus%3C%2FA%3E%26nbsp%3Bthis%20policy%20will%20be%20available%20on%20Windows%207%2B%20(including%20Vista%20and%20all%20versions%20of%20Windows%2010)%20once%20devices%20take%20the%20September%20security%20update.%20Note%2C%20without%20taking%20the%20security%20update%20released%20on%20the%208th%20of%20September%2C%20you%20will%20not%20be%20able%20to%20leverage%20this%20policy.%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1646381%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1646381%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3Bgreat%20write%20up.%3C%2FP%3E%3CP%3EWhat's%20the%20minimum%20ADMX%20%2F%20OS%20build%20level%20needed%20for%20this%20setting%20to%20exist%20%2F%20work%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1720908%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1720908%22%20slang%3D%22en-US%22%3E%3CP%3EFYI%2C%20%3CEM%3E%3CSTRONG%3Ethe%20change%20affects%20not%20only%20Windows%2010%2C%20but%20also%20Windows%208.1%2C%20Windows%208%2F8.1%20Embedded%2C%20Windows%20Server%202012%2C%20and%20Windows%20Server%202012%20R2%3C%2FSTRONG%3E%3C%2FEM%3E.%20The%20following%20are%20links%20to%20related%20Sept%202020%20update%20articles%2C%20and%20an%20excerpt%20from%20them%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3ESeptember%208%2C%202020%E2%80%94KB4577038%20(Monthly%20Rollup)%20--%20Windows%20Server%202012%20%26amp%3B%20Windows%20Embedded%208%20Standard%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4577038%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4577038%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3ESeptember%208%2C%202020%E2%80%94KB4577066%20(Monthly%20Rollup)%20--%20Windows%208.1%2C%20Windows%20Server%202012%20R2%20%26amp%3B%20Windows%20Embedded%208.1%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4577066%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4577066%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CEM%3EAddresses%20a%20security%20vulnerability%20issue%20with%20user%20proxies%20and%20HTTP-based%20intranet%20servers.%20After%20you%20install%20this%20update%2C%20HTTP-based%20intranet%20servers%20cannot%20leverage%20a%20user%20proxy%20to%20detect%20updates%20by%20default.%20Scans%20that%20use%20these%20servers%20will%20fail%20if%20the%20clients%20do%20not%20have%20a%20configured%20system%20proxy.%20If%20you%20must%20leverage%20a%20user%20proxy%2C%20you%20must%20configure%20the%20behavior%20by%20using%20the%20Windows%20Update%20policy%20%E2%80%9CAllow%20user%20proxy%20to%20be%20used%20as%20a%20fallback%20if%20detection%20using%20system%20proxy%20fails.%E2%80%9D%20This%20change%20does%20not%20affect%20customers%20who%20secure%20their%20Windows%20Server%20Update%20Services%20(WSUS)%20servers%20that%20use%20the%20Transport%20Layer%20Security%20(TLS)%20or%20Secure%20Sockets%20Layer%20(SSL)%20protocols.%20For%20more%20information%2C%20see%20Improving%20security%20for%20devices%20receiving%20updates%20via%20WSUS.%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1721407%22%20slang%3D%22es-ES%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1721407%22%20slang%3D%22es-ES%22%3E%3CP%3EAt%20the%20moment%20I%20have%20no%20problems%2C%20just%20a%20little%20slow%20on%20startup%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1722249%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1722249%22%20slang%3D%22en-US%22%3E%3CP%3Ealkou%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1741409%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1741409%22%20slang%3D%22en-US%22%3E%3CP%3EPost%20installing%20September%20patches%20%2C%20SUP%20component%20in%20SCCM%20Stopped%20working.%20i%20am%20getting%20below%20error%20continue%20in%26nbsp%3B%20WSUScontrol.log%20is%20this%20something%20related%20to%20this%2C%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3Ei%20am%20not%20using%20ssl%20in%20WSUS%20its%20HTTP%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ESystem.InvalidOperationException%3A%20Client%20found%20response%20content%20type%20of%20'text%2Fhtml%3B%20charset%3Dutf-8'%2C%20but%20expected%20'text%2Fxml'.~~The%20request%20failed%20with%20the%20error%20message%3A~~--~~~~~~%20~~%20%3CTITLE%3ECompilation%20Error%3C%2FTITLE%3E~~%20%26lt%3Bmeta%20name%3D%22%22viewport%22%22%20content%3D%22%22width%3Ddevice-width%22%22%20%2F%26gt%3B~~%20%3CSTYLE%3E~~%20body%20%7Bfont-family%3A%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3BVerdana%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3B%3Bfont-weight%3Anormal%3Bfont-size%3A%20.7em%3Bcolor%3Ablack%3B%7D%20~~%20p%20%7Bfont-family%3A%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3BVerdana%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3B%3Bfont-weight%3Anormal%3Bcolor%3Ablack%3Bmargin-top%3A%20-5px%7D~~%20b%20%7Bfont-family%3A%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3BVerdana%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3B%3Bfont-weight%3Abold%3Bcolor%3Ablack%3Bmargin-top%3A%20-5px%7D~~%20H1%20%7B%20font-family%3A%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3BVerdana%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3B%3Bfont-weight%3Anormal%3Bfont-size%3A18pt%3Bcolor%3Ared%20%7D~~%20H2%20%7B%20font-family%3A%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3BVerdana%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3B%3Bfont-weight%3Anormal%3Bfont-size%3A14pt%3Bcolor%3Amaroon%20%7D~~%20pre%20%7Bfont-family%3A%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3BConsolas%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3B%2C%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3BLucida%20Console%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bquot%3B%2CMonospace%3Bfont-size%3A11pt%3Bmargin%3A0%3Bpadding%3A0.5em%3Bline-height%3A14pt%7D~~%20.marker%20%7Bfont-weight%3A%20bold%3B%20color%3A%20black%3Btext-decoration%3A%20none%3B%7D~~%20.version%20%7Bcolor%3A%20gray%3B%7D~~%20.error%20%7Bmargin-bottom%3A%2010px%3B%7D~~%20.expandable%20%7B%20text-decoration%3Aunderline%3B%20font-weight%3Abold%3B%20color%3Anavy%3B%20cursor%3Apointer%3B%20%7D~~%20%40media%20screen%20and%20(max-width%3A%20639px)%20%7B~~%20pre%20%7B%20width%3A%20440px%3B%20overflow%3A%20auto%3B%20white-space%3A%20pre-wrap%3B%20word-wrap%3A%20break-word%3B%20%7D~~%20%7D~~%20%40media%20screen%20and%20(max-width%3A%20479px)%20%7B~~%20pre%20%7B%20width%3A%20280px%3B%20%7D~~%20%7D~~%20%3C%2FSTYLE%3E~~%20~~~~%20~~~~%20%3CSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CH1%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%20id%3D%22toc-hId-1887595503%22%3EServer%20Error%20in%20'%2FApiRemoting30'%20Application.%3CHR%20width%3D%22100%25%22%20size%3D%221%22%20color%3D%22silver%22%20%2F%3E%3C%2FH1%3E~~~~%20%3CH2%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%20id%3D%22toc-hId--1716810319%22%3E%20%3CI%3ECompilation%20Error%3C%2FI%3E%20%3C%2FH2%3E~~~~%20%3CFONT%20face%3D%22%26quot%3BArial%2C%22%20helvetica%3D%22%22%3E~~~~%20%3CB%3E%20Description%3A%20%3C%2FB%3EAn%20error%20occurred%20during%20the%20compilation%20of%20a%20resource%20required%20to%20service%20this%20request.%20Please%20review%20the%20following%20specific%20error%20details%20and%20modify%20your%20source%20code%20appropriately.~~%20%3CBR%20%2F%3E%3CBR%20%2F%3E~~~~%20%3CB%3E%20Compiler%20Error%20Message%3A%20%3C%2FB%3ECS0016%3A%20Could%20not%20write%20to%20output%20file%20'c%3A%5CWindows%5CMicrosoft.NET%5CFramework64%5Cv4.0.30319%5CTemporary%20ASP.NET%20Files%5Capiremoting30%5C5e299e68%5C3118677a%5CApp_global.asax.vcv9wuo1.dll'%20--%20'Access%20is%20denied.%20'%3CBR%20%2F%3E%3CBR%20%2F%3E~~%3CB%3ESource%20Error%3A%3C%2FB%3E%3CBR%20%2F%3E%3CBR%20%2F%3E~~%20%3CTABLE%20width%3D%22100%25%22%20bgcolor%3D%22%26quot%3B%23ffffcc%26quot%3B%22%3E~~%20%3CTBODY%3E%3CTR%3E%3CTD%3E~~%20%3C%2FTD%3E%3C%2FTR%3E~~%20%3CTR%3E~~%20%3CTD%3E~~%20%3CCODE%3E%3C%2FCODE%3E%3CPRE%3E%3CCODE%3E~~~~%5BNo%20relevant%20source%20lines%5D%3C%2FCODE%3E%3C%2FPRE%3E~~~~%20%3C%2FTD%3E~~%20%3C%2FTR%3E~~%20%3C%2FTBODY%3E%3C%2FTABLE%3E~~~~%20%3CBR%20%2F%3E~~~~%20%3CB%3ESource%20File%3A%3C%2FB%3E%20~~%20%26nbsp%3B%26nbsp%3B%20%3CB%3ELine%3A%3C%2FB%3E%200~~%20%3CBR%20%2F%3E%3CBR%20%2F%3E~~%3CBR%20%2F%3E%3CDIV%20class%3D%22%26quot%3Bexpandable%26quot%3B%22%20onclick%3D%22%26quot%3BOnToggleTOCLevel1('compilerOutputDiv')%26quot%3B%22%3EShow%20Detailed%20Compiler%20Output%3A%3C%2FDIV%3E~~%3CDIV%20id%3D%22%26quot%3BcompilerOutputDiv%26quot%3B%22%20style%3D%22%26quot%3Bdisplay%3A%22%20none%3D%22%22%3E~~%20%3CBR%20%2F%3E%20%3CTABLE%20width%3D%22100%25%22%20bgcolor%3D%22%26quot%3B%23ffffcc%26quot%3B%22%3E~~%20%3CTBODY%3E%3CTR%3E~~%20%3CTD%3E~~%20%3CCODE%3E%3C%2FCODE%3E%3CPRE%3E%3CCODE%3Ec%3A%5Cwindows%5Csystem32%5Cinetsrv%26gt%3B%20%22C%3A%5CWindows%5CMicrosoft.NET%5CFramework64%5Cv4.0.30319%5Ccsc.exe%22%20%2Ft%3Alibrary%20%2Futf8output%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_MSIL%5CSystem.Web.DynamicData%5Cv4.0_4.0.0.0__31bf3856ad364e35%5CSystem.Web.DynamicData.dll%22%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_MSIL%5CSystem.ServiceModel.Activities%5Cv4.0_4.0.0.0__31bf3856ad364e35%5CSystem.ServiceModel.Activities.dll%22%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_MSIL%5CSystem%5Cv4.0_4.0.0.0__b77a5c561934e089%5CSystem.dll%22%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_MSIL%5CSystem.ServiceModel.Web%5Cv4.0_4.0.0.0__31bf3856ad364e35%5CSystem.ServiceModel.Web.dll%22%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_MSIL%5CSystem.Drawing%5Cv4.0_4.0.0.0__b03f5f7f11d50a3a%5CSystem.Drawing.dll%22%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_MSIL%5CSystem.IdentityModel%5Cv4.0_4.0.0.0__b77a5c561934e089%5CSystem.IdentityModel.dll%22%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_64%5CSystem.Web%5Cv4.0_4.0.0.0__b03f5f7f11d50a3a%5CSystem.Web.dll%22%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_MSIL%5CSystem.Activities%5Cv4.0_4.0.0.0__31bf3856ad364e35%5CSystem.Activities.dll%22%20%2FR%3A%22C%3A%5CWindows%5CMicrosoft.Net%5Cassembly%5CGAC_MSIL%5CSystem.Web.Services%5Cv4.0_4.0%20SMS_WSUS_CONTROL_MANAGER%2010%2F3%2F2020%2010%3A14%3A59%20AM%206500%20(0x1964)%3CBR%20%2F%3EFailed%20to%20set%20WSUS%20Local%20Configuration.%20Will%20retry%20configuration%20in%201%20minutes%20SMS_WSUS_CONTROL_MANAGER%2010%2F3%2F2020%2010%3A14%3A59%20AM%206500%20(0x1964)%3CBR%20%2F%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FDIV%3E%3C%2FFONT%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1755489%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1755489%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20we%20started%20patching%20by%20September%202020%20patches%20some%20servers%20with%20Windows%202016%20%22autodiscovered%22%20(obsolete)%20Proxy%20by%20DNS%20entry%20wpad.domain.com%20and%20attempt%20connect%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ffe2.update.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Ffe2.update.microsoft.com%3C%2FA%3E%26nbsp%3Binstead%20of%20internal%20WSUS%20over%20http.%3C%2FP%3E%3CP%3EAs%20workaround%20(looks%20like%20working)%20restart%20on%20client%20wuauserv%20few%20times%20until%20connection%20to%20Proxy%20is%20not%20opened.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1771300%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1771300%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Aria%2C%3C%2FP%3E%3CP%3ESince%202020-09%20update%20KB4570333%20is%20deploy%2C%20we%20have%20many%20W10%20devices%20in%20SCCM%20Software%20Updates%20report%20with%26nbsp%3B%22Scan%20failed%20with%20error%20%3D%200x80244019%22%20in%20file%20log%20SCCM%26nbsp%3B%20wuahandler.log%20...%20and%20with%20%22*FAILED*%20%5B80244019%5D%20Web%20service%20call%22%26nbsp%3Bin%20windowsupdate.log%20local%20file.%3C%2FP%3E%3CP%3EAll%20devices%20have%20a%20proxy%20.pac%20file%20configured%20in%20IE%20settings%20and%20some%20devices%20also%20have%20o%20proxy%20system%20level%20with%20a%20%22netsh%20winhttp%20set%20...%22%20command%20(with%20no%20bypass%20list).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20moment%20we%20want%20to%20keep%20using%20HTTP%20with%20WSUS%20server%20(installed%20on%20SCCM%20primary%20site).%3C%2FP%3E%3CP%3ESetting%20manually%20on%20a%20W10%20device%20the%20option%20to%20use%20%22Allow%20Proxy%20user...%22%20with%20GPETID.msc%20or%20setting%20the%20key%20%22%3CSPAN%3ESetProxyBehaviorForUpdateDetection%22%20to%20%221%22%3C%2FSPAN%3E%26nbsp%3Bdont't%20resolve%20the%20error.%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idea%20please%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1776894%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1776894%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F406339%22%20target%3D%22_blank%22%3E%40NagayyaP%3C%2FA%3E%26nbsp%3B%20and%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F828995%22%20target%3D%22_blank%22%3E%40LuisO78%3C%2FA%3E%26nbsp%3B%20please%20file%20a%20bug%20with%20logs%20in%20Feedback%20Hub%2C%20contact%20your%20support%20%2F%20account%20manager%2C%20or%20if%20not%20possible%20directly%20message%20me.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1818589%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1818589%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewith%20up-to-date%20ADMX%20on%20central%20store%2C%20still%20cant%20find%20the%20new%20(important!!)%20options%20under%20the%20policy%20of%20%22Specify%20intranet%20Microsoft%20update%20service%20location%22%3C%2FP%3E%3CP%3Eits%20just%20not%20there%20...%3C%2FP%3E%3CP%3Elooks%20like%20a%20real%20scandal!%3C%2FP%3E%3CP%3EThe%20updates%20were%20released%20in%20the%20ninth%20month!%20we%20are%20nearing%20the%20end%20of%20the%20tenth.%3C%2FP%3E%3CP%3Eand%20the%20latest%20ADMX%20package%20does%20not%20include%20the%20all-important%20add-on%20presented%20in%20this%20article.%3C%2FP%3E%3CP%3E(Administrative%20Templates%20(.admx)%20for%20Windows%2010%20May%202020%20Update.%20MSI)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewhat%20the%20hell%3F%3C%2FP%3E%3CP%3Eor%20what%20am%20I%20missing%20here%20%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1819086%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1819086%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F845986%22%20target%3D%22_blank%22%3E%40jobab2455%3C%2FA%3E%2C%26nbsp%3Bare%20you%20using%20the%20latest%2020H2%20GP%20ADMX%20file%20(%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D102157%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D102157%3C%2FA%3E)%3F%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorAria%20Carley_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorAria%20Carley_1%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1819817%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1819817%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F845986%22%20target%3D%22_blank%22%3E%40jobab2455%3C%2FA%3E%26nbsp%3Bglad%20to%20help!%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3EPAC%20file%20is%20just%20a%20configuration%2C%20so%20if%20the%20WinInet%20(user)%20proxy%20config%20is%20using%20PAC%20files%20then%20the%20same%20rules%20apply.%20We%20do%20not%20use%20PAC%20file%20from%20user%20proxy%20by-default%20for%20HTTP%20scans%20against%20WSUS.%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1822142%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1822142%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20able%20to%20deploy%20all%20October%20patches%20without%20any%20SSL%20configured.%20How%20is%20that%20possible%3F%20Is%20something%20has%20changed%20later%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1819481%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1819481%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Emany%20thanks.%2020H2%20Package%20include%20this!%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20have%20to%20ask%2C%20this%20limit%20will%20effect%20my%20endpoints%20if%20im%20using%20proxy%20based%20on%20PAC%20File%2C%20but%20only%20for%20WAN%20traffic%20%3F%3C%2FP%3E%3CP%3Eintranet%20traffic%20is%20bypassed%20proxy.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1650923%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1650923%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F265903%22%20target%3D%22_blank%22%3E%40bdam55%3C%2FA%3E%26nbsp%3BThe%20key%20difference%20when%20we%20are%20taking%20about%20user%2C%20system%20proxy%20is%20that%20a%20user%20proxy%20can%20be%20configured%20per%20logged%20on%20user%20(and%20hence%20modified%20by%20a%20non-admin)%2C%20whereas%20a%20system%20proxy%20is%20configured%20for%20the%20entire%20machine%20(can%E2%80%99t%20be%20modified%20by%20a%20low%20privileged%20user).%20The%20online%20Microsoft%20docs%2C%20as%20well%20as%20external%20sources%2C%20can%20provide%20more%20information%20on%20both%20types%20of%20proxies%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20can%20configure%20system%20proxy%20using%20netsh%20command-line%20utility%20from%20an%20elevated%20cmd.%3CBR%20%2F%3E-%20Check%20if%20system%20proxy%20is%20already%20set%3A%20netsh%20winhttp%20show%20proxy%3CBR%20%2F%3E-%20Set%20a%20new%20system%20proxy%3A%20netsh%20winhttp%20set%20proxy%20%3CPORT%3E%3C%2FPORT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1646437%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1646437%22%20slang%3D%22en-US%22%3E%3CP%3EOh%2C%20another%20lovely%20post%20about%20about%20securing%20WSUS%20traffic%20with%20TLS.%20And%2C%20as%20always%2C%20we%20have%20this%3A%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EWhen%20you%20use%20WSUS%20or%20Configuration%20Manager%20to%20manage%20your%20organization's%20updates%2C%20the%20update%20metadata%20travels%20from%20Microsoft%20servers%20to%20your%20devices%20via%20a%20chain%20of%20connections.%20%3CSTRONG%3EEach%20one%20of%20these%20connections%20needs%20to%20be%20protected%20against%20malicious%20attacks.%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EAnd%20as%20always%2C%20here%20I%20am%2C%20asking%20you%20these%20question%3A%20What%20malicious%20attacks%3F%20From%20where%20do%20they%20originate%3F%20What%20is%20their%20attack%20vector%3F%20What's%20your%20threat%20model%3F%20And%20%E2%80%93%20to%20quote%20Microsoft's%20engineer%20Raymond%20Chen%20%E2%80%93%20does%20it%20not%20involve%20being%20on%20the%20other%20side%20of%20the%20airtight%20hatchway%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2116548%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2116548%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3BI%20hope%20this%20is%20ok%20to%20be%20posted%20here.%20There%20are%20at%20least%202%20uservoices%20stating%20that%20it%20is%20becoming%20a%20big%20issue%20for%20users%20that%201903%20%2F%201909%20%2F%202004%20%2F%202004%20(and%20soon%2020H1)%20so%20basically%20all%20that%20allow%20a%20enablement%20package%20show%20the%20same%20version%20in%20WSUS%3C%2FP%3E%3CP%3Ethis%20is%20not%20helpful%20for%20reporting%20it%20is%20not%20like%20this%20cannot%20be%20fixed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwindowsserver.uservoice.com%2Fforums%2F295047-general-feedback%2Fsuggestions%2F41743090-wsus-server-windows-20h2-detect-and-report%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwindowsserver.uservoice.com%2Fforums%2F295047-general-feedback%2Fsuggestions%2F41743090-wsus-server-windows-20h2-detect-and-report%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwindowsserver.uservoice.com%2Fforums%2F295047-general-feedback%2Fsuggestions%2F41770114-add-build-number-to-wsus%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdd%20build%20number%20to%20WSUS%20%E2%80%93%20Windows%20Server%20(uservoice.com)%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20I%20know%20this%20and%20this%20is%20not%20a%20%22by%20design%22%20issue%3A%20AJtek%20WAM%20script%20from%20AdamJ%20does%20fix%20this%20by%20altering%20the%20database%20string%20based%20on%20the%20OS%20build.%3C%2FP%3E%3CP%3EI%20really%20hope%2C%20that%20you%20can%20convince%20the%20team%20to%20update%20WSUS%20database.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2116549%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2116549%22%20slang%3D%22en-US%22%3E%3CP%3Eanother%20one%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwindowsserver.uservoice.com%2Fforums%2F295047-general-feedback%2Fsuggestions%2F39694303-please-fix-the-bug-of-wsus-not-correctly-reporting%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPlease%20fix%20the%20bug%20of%20WSUS%20not%20correctly%20reporting%201909%20clients.%20%E2%80%93%20Windows%20Server%20(uservoice.com)%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2116994%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2116994%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F289393%22%20target%3D%22_blank%22%3E%40K_Wester-Ebbinghaus%3C%2FA%3E%26nbsp%3BThanks%20for%20reporting!%20Looking%20into%20it%20now.%20Would%20recommend%20for%20faster%20attention%20that%20people%20leverage%20support%20or%20their%20account%20teams%20rather%20than%20just%20submitting%20to%20user%20voice%20in%20the%20case%20of%20a%20bug%2Fissue%20that%20would%20block%20a%20deployment%20for%20them.%20That%20said%2C%20we%20will%20look%20into%20this.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2119102%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2119102%22%20slang%3D%22en-US%22%3E%3CP%3EWSUS%20needs%20to%20able%20to%20import%20patches%20without%20having%20to%20go%20and%20enable%20TLS%201.0.%20Pretty%20big%20oversight%20in%20my%20opinion.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2119266%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2119266%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F347668%22%20target%3D%22_blank%22%3E%40SAPacker%3C%2FA%3E%26nbsp%3BI%20am%20not%20sure%20if%20this%20is%20still%20the%20case%2C%20has%20been%20a%20while%20since%20I%20have%20tested%20it.%20But%20next%20Patchday%20for%20customers%20will%20come%20and%20there%20are%20new%20updates%20to%20import%20(of%20Importance)%20e.g.%20Intel%20Microcode.%20While%20one%20can%20import%20Updates%20while%20using%20a%20WSUS%20MMC%20on%20a%20remote%20computer%2C%20it%20still%20demands%20to%20set%20the%20default%20browser%20to%20IE%20(temporarily%20please).%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20try%20this.%20Set%20your%20default%20browser%20to%20IE%2C%20WSUS%20MMC%20%26gt%3B%20Import%20Updates%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20please%20check%20if%20the%20TLS%20settings%20in%20IE%20(internet%20options%20are%20set%20to%20disable%20TLS%201.0%20%2F%20TLS%201.1%2C%20not%20yet%20the%20default%20and%20only%20enable%20TLS%201.2)%20thanks%20for%20reporting%20back%20if%20this%20works%20for%20you.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20like%2C%20you%20can%20also%20use%20PowerShell.%20here%20is%20a%20german%20blogpost%20from%20Wolfgang%20Sommergut%2C%20a%20very%20good%20expert.%20The%20new%20Edge%20Browser%20should%20help%20you%20to%20translate%20this%20live%20from%20german%20into%20your%20language.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.windowspro.de%2Fwolfgang-sommergut%2Fupdates-manuell-wsus-importieren-ie-powershell%3Futm_source%3Dfeedburner%26amp%3Butm_medium%3Demail%26amp%3Butm_campaign%3DFeed%253A%2Bwindowspro%2B%2528WindowsPro%2529%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fwww.windowspro.de%2Fwolfgang-sommergut%2Fupdates-manuell-wsus-importieren-ie-powershell%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2121959%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2121959%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F347668%22%20target%3D%22_blank%22%3E%40SAPacker%3C%2FA%3E%22Big%20oversight%22%20is%20an%20apt%20designation.%20Why%20would%20WSUS%20need%20HTTPS%20in%20the%20first%20place%20when%20its%20updates%20are%20exposed%20over%20SMB%20anyway%3F%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fchanges-to-improve-security-for-windows-devices-scanning-wsus%2Fbc-p%2F1646437%2Fhighlight%2Ftrue%23M2005%22%20target%3D%22_self%22%3EI've%20asked%20several%20questions%20about%20the%20use%20cases%20of%20HTTPS%20for%20which%20I%20am%20yet%20to%20receive%20an%20answer%3C%2FA%3E.%20(See%20above.)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2122203%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2122203%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F713862%22%20target%3D%22_blank%22%3E%40The_Smart_One%3C%2FA%3E%3A%20True%20but%20that's%20because%20WUA%20doesn't%20trust%20the%20update%20binaries%20it%20downloads%20over%20SMB.%26nbsp%3B%20It%20verifies%20their%20digital%20signature%20and%20their%20hash%20using%20the%20info%20from%20the%20metadata.%26nbsp%3B%20Which%20is%20why%20you%20want%20HTTPS%3A%20to%20make%20sure%20the%20metadata%20that%20you%20verify%20the%20content%20with%20isn't%20itself%20tampered%20with.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2122363%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2122363%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F88201%22%20target%3D%22_blank%22%3E%40Vandrey%20Trindade%3C%2FA%3E%26nbsp%3Bare%20you%20sure%20to%20have%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20installed%20the%20latest%20Service%20Stack%20updates%20on%20the%20old%20servers%3F%3C%2FP%3E%3CP%3E%3CSPAN%3E-%20have%20year%201%20and%20year%202%20ESU%20keys%20installed%20and%20activated%2C%20best%20effort%20with%20VAMT%203.%20You%20will%20get%20the%20latest%20VAMT%20in%20the%20ADK%202004%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fget-started%2Fextended-security-updates%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fget-started%2Fextended-security-updates%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fobtaining-extended-security-updates-for-eligible-windows-devices%2Fba-p%2F1167091%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fobtaining-extended-security-updates-for-eligible-windows-devices%2Fba-p%2F1167091%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fobtaining-extended-security-updates-for-eligible-windows-devices%2Fba-p%2F1167091%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fobtaining-extended-security-updates-for-eligible-windows-devices%2Fba-p%2F1167091%3C%2FA%3E%3C%2FP%3E%3CP%3E%3Adedo_indicador_apontando_para_cima%3A%3C%2FP%3E%3CP%3EPlease%20read%20the%20comments%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fdeployment%2Fvolume-activation%2Finstall-vamt%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fdeployment%2Fvolume-activation%2Finstall-vamt%3C%2FA%3E%3C%2FP%3E%3CP%3EDespite%20my%20PR%20on%20this%20doc%20it%20is%20not%20yet%20public.%20Replace%201903%20with%202004%20ADK%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2125302%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2125302%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F265903%22%20target%3D%22_blank%22%3E%40bdam55%3C%2FA%3E%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EWUA%20doesn't%20trust%20the%20update%20binaries%20it%20downloads%20over%20SMB%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EWUA%20doesn't%20use%20SMB%20at%20all.%20(I%20wonder%20why.)%20And%20not%20trusting%20SMB%20is%20extremely%20foolish%20to%20begin%20with%2C%20since%20its%20version%203%20is%20more%20secure%20than%20HTTPS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EWhich%20is%20why%20you%20want%20HTTPS%3A%20to%20make%20sure%20the%20metadata%20that%20you%20verify%20the%20content%20with%20isn't%20itself%20tampered%20with.%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3ETampered%20in%20my%20intranet%3F%20By%20whom%3F%20And%20how%3F%20How%20comes%20the%20transport-layer%20security%20didn't%20stop%20them%20but%20HTTPS%20can%3F%20What's%20your%20threat%20model%3F%20And%20%E2%80%93%20to%20quote%20Microsoft's%20engineer%20Raymond%20Chen%20%E2%80%93%20does%20it%20not%20involve%20being%20on%20the%20other%20side%20of%20the%20airtight%20hatchway%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20please%20cite%20your%20sources%20if%20you%20decide%20to%20answer.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2127940%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2127940%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F289393%22%20target%3D%22_blank%22%3E%40K_Wester-Ebbinghaus%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20thanks%20for%20replying!%3C%2FP%3E%3CP%3EIt%20was%20a%20problem%20that%20affected%20a%20lot%20of%20people%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F262172%2Fwsus-sync-failure.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWSUS%20Sync%20failure%20-%20Microsoft%20Q%26amp%3BA%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20it%20seems%20that%20Microsoft%20fixed%20it%2C%20because%20it%20is%20working%20now.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F158630%22%20target%3D%22_blank%22%3E%40Aria%20Carley%3C%2FA%3E%26nbsp%3Bno%20need%20to%20check%20anymore!%3C%2FP%3E%3CP%3EThanks%20once%20again%20to%20everyone!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2130482%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2130482%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F347668%22%20target%3D%22_blank%22%3E%40SAPacker%3C%2FA%3E%26nbsp%3B%20Sorry%20for%20the%20delayed%20response.%26nbsp%3BOur%20services%20using%20TLS%201.0%20is%20no%20longer%20permitted%20per%20Microsoft%20policy%20(nothing%20to%20do%20with%20the%20above).%20Anything%20below%20TLS%201.2%20poses%20a%20security%20risk%20to%20client%20machines%2C%20which%20is%20why%20it%20is%20no%20longer%20permitted.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThat%20said%2C%20a%20client%20machine%20or%20WSUS%20server%20connecting%20to%20server%20sync%2C%20may%20be%20configured%20to%20use%20TLS%201.0%20but%20our%20(Microsoft's)%20services%20should%20be%20requiring%20TLS1.2.%20If%20the%20client%20machine%20does%20not%20support%20TLS1.2%20then%20the%20connection%20should%20fail.%20In%20no%20way%20should%20a%20client%20machine%20be%20required%20to%20use%20TLS%201.2.%20Note%2C%20if%20you%20are%20referring%20to%20clients%20talking%20to%20your%20WSUS%20server%2C%20it%20is%20totally%20up%20to%20the%20admin%20to%20decide%20if%20the%20server%20supports%201.2%2C%201.1%2C%201.0%20or%20whatever.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20have%20found%20this%20to%20not%20be%20the%20case%20it%20is%20likely%20a%20service%20config%20problem%20and%20I%20ask%20you%20to%20report%20it.%26nbsp%3B%20%3A)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2231853%22%20slang%3D%22fr-FR%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2231853%22%20slang%3D%22fr-FR%22%3E%3CP%3ERecent%20One%20Drive%20troubleshooting%20by%20assistance%20obtained%20fortuitously%20after%20unsuccessful%20attempts%20to%20solve%20this%20specific%20problem%20yet%20planned%20apparently%20originating%20from%20browser%20compatibility%20(whose%20change%20had%20brought%20nothing)%20and%20whose%20relationship%20with%20Java%20Script%20remained%20unexplained%20for%20a%20few%20years%20while%20the%20restored%20data%20is%20now%20accessible%20thanks%20to%20the%20perseverance%20of%20listening%20to%20Microsoft%20patient%20assistants.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2233306%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2233306%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%20looks%20the%20issue%20is%20still..%20the%20powershell%20method%20works%20good%2C%20but%20not%20sure%20everyone%20PowerShell%20no%20how%20out%20there.%20Here%20are%20some%20references%20of%20what%20I%20was%20referring%20to%20and%20have%20experienced%20myself.%20I%20have%20since%20upgraded%20to%20a%20newer%20version%20Windows%20sever.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblog.jonsdocs.org.uk%2F2019%2F05%2F28%2Fmanaging-wsus-tlsv1-0-needed-to-import-from-the-windows-update-catalogue%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EManaging%20WSUS%3A%20TLSv1.0%20needed%20to%20import%20from%20the%20Windows%20Update%20Catalogue%20(jonsdocs.org.uk)%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fazure%2Fen-US%2Fca4883b2-baa0-42fe-8520-5246e7022089%2Fdoes-wsus-on-windows-server-2012-r2-requires-tls-10-enabled%3Fforum%3DConfigMgrCompliance%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDoes%20WSUS%20on%20Windows%20Server%202012%20R2%20requires%20TLS%201.0%20enabled%20(microsoft.com)%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAgain%20is%20just%20importing%20patches.%20Case%20in%20point%20this%20months%20printer%20issues%20required%20importing%20in%20WSUS%20for%20mass%20patching.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGuess%20at%20the%20end%20of%20day%202012%20R2%20is%20sunsetting%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1823121%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20improve%20security%20for%20Windows%20devices%20scanning%20WSUS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1823121%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F847207%22%20target%3D%22_blank%22%3E%40RSA111%3C%2FA%3E%26nbsp%3BYou%20are%20certainly%20able%20to%20still%20deploy%20patches%20without%20any%20SSL%20configured.%20The%20only%20devices%20we%20are%20blocking%20are%20devices%20who%20have%20not%20configured%20an%20SSL%2C%20are%20leveraging%20user%20proxy%2C%20and%20have%20not%20utilized%20the%20policy%20to%20allow%20user%20proxy.%20Assuming%20your%20devices%20leverage%20no%20proxy%20or%20system%20proxy%20then%20you%20can%20continue%20scanning%20without%20SSL%20configured%20with%20no%20problems.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Sep 08 2020 04:16 PM
Updated by: