Skip to Content

FAQ for Windows Update errors in response to WannaCry

Purpose

This page will act as a repository answering issues encountered by customers attempting to update their Windows machines in response to the WannaCry vulnerability.

More information on the WannaCry exploit can be found here.

Known Issues / Workarounds

Windows Update Fails with Error 80243004

Symptoms

When attempting to run Windows Update or Microsoft Update, it fails with error 0x80243004 or 80243004

Remedy

Click here for the support page from Microsoft

Running GPUpdate.exe from Run dialog

Symptoms

When running Windows Update or Microsoft Update, the program is stuck on a loading icon or updates are not starting

Remedy

The update program can be reset to check for updates again by going to the Run… feature and typing in:

GPUpdate.exe /force

A Run dialog window will flash onto the screen and run a brief script. When the window closes, attempt to run the update program again.

Note: This will only work on machines connected to the Active Directory domain (e.g., requiring Duck ID and password login) and within the CAS Organizational Unit.

Disabling SMBv1

Context

In the alert notification sent out by Information Services, they recommended to “Disable SMBv1 on clients and servers that do not have a business need for it.”

The Server Message Block protocol, version 1 (SMBv1) was originally developed for Windows in 1992 and was primarily used for providing shared access to files, printers, and serial ports between nodes on a network. Version 2 was introduced with Windows Vista in 2006 and the current iteration of the protocol is SMBv3 introduced in 2012 with Windows 8 and Windows Server 2012 and has been updated several times since then.

Remedy

In most cases, SMBv1 is still active in all versions of Windows in order to ensure interoperability across all Windows machines. SMBv1 can be disabled but the WannaCry patch update by Microsoft will fix that vulnerability.

However, if Windows XP–and earlier versions–are enabled (which need the protocol) on machines, they will be disabled from using the University network due to additional vulnerabilities.

FAQs

Do I need to update my Windows machine?

Yes. This vulnerability affects all actively supported versions of Microsoft Windows. This vulnerability has been labeled as critical to the function of the operating system and needs to be updated.

Do I need to update since I am running a machine on Windows XP?

Yes you do. If Windows XP is running on a machine connected to the University’s network, it will be taken off the network.

There is an available patch for Windows XP users who are upgraded to Service Pack 3 (or Service Pack 2 for x64-based systems). However, since Windows XP–as a whole–falls outside Microsoft’s Support Lifecycle, there are other potential vulnerabilities (known or unknown) that could be discovered.

There are few special use-cases for Windows XP and CASIT will work with those cases to upgrade them to at least Windows 7 at a future date.

Are there other versions of Windows that are potentially vulnerable?

Yes. Please contact CASIT for more information as this is likely a very specific use-case requiring special attention.