Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.
Category published:  WSUS   Click on the Category button to get more articles regarding that product.

WSUS, W10/11 how to Install a KB patchfrom WSUScontent with DISM

Posted by admin on 16.11.2021

WSUS, W10/11 how to install a WSUS Update (KB patch) Manual with DISM from WSUScontent source Directory

This blog entry is about two things.

  1. How to install a Windows Update from WSUS Source content folder manual by hand with DISM
  2. Mcafee ENS 10.X, IPS Exploit Rule 6133 may block tiworker.exe with some updates (Mitre T1562)

Here is how to get the info which file is for what KB from WSUS-Server:

Search the file in your WSUSCONTENT folder

UN-7ZIP the cab file

For most Monthly patch day packages you also often need SSU (Servicing Stack Update). In most patches this is included. So you have several CAB files as seen above. Install the SSU first.

Servicing Stack Updates (SSU): Frequently Asked Questions (

Install 1 the SSU.

dism /Online /Add-Package /PackagePath:”c:\drivers\”

Install 2 patch itself:

dism /Online /Add-Package /PackagePath:”c:\drivers\”

Keep an EYE on complex Antivirus with IPS Modules that do more than pattern scanning.

We have seen some Exploit IPS rules from Mcafee ENS 10.X which are ON by default but should be on to protect from Ransomware. It is good to keep an eye on those rules. Please carefully read the FULL alert in your ENS. Most of the times it says “WOULD BLOCK” if the EPO Admin did activate some rules in monitor mode (To Test new rules).

Exploit Rule 6133, change EPO side in ENS Policy




 Category published:  WSUS   Click on the Category button to get more articles regarding that product.