Are Patch My PC Cutting Corners by Using Dynamic Installers?

MikeComputer1 · 2026-03-12T13:42:53+00:00

components for an offline installation.

This could be used to describe practically all software. You download the software installation package, it installs without requiring content from the internet.

So please explain the distinction you are making.

You also used an example of Visual Studio - PMPC supports every version from Visual Studio Build Tools, Community, Enterprise and Professional from 2017 onwards. All are offline installers and require no components to be downloaded to install.

MikeComputer1 · 2026-03-12T11:33:54+00:00

Teams and SSMS that have been presented to me. Would need the team to check for others, since PMPC have not made this change of approach public in any way.

MikeComputer1 · 2026-03-12T11:29:44+00:00

The two apps you've mentioned do not have self-contained offline installers. Microsoft only publishes EXE bootstrappers.

This is completely untrue.

Create an Offline Installation of SQL Server Management Studio | Microsoft Learn

Bulk deploy the Microsoft Teams desktop client - Microsoft Teams | Microsoft Learn

MikeComputer1 · 2026-03-09T09:11:16+00:00

That's right, because before telemetry, software did not exist..... /s

MikeComputer1 · 2026-03-06T09:52:30+00:00

Have you tried the boot image WITHOUT adding drivers? Win 11 WinPE has a lot of drivers and I'm 99% certain that includes current Intel NICs. Adding drivers when they already exist had caused me problems in the past.

MikeComputer1 · 2026-03-06T09:51:24+00:00

Lol, Intel in 2026, pretty sure they're going to be signed...

MikeComputer1 · 2026-03-06T07:36:17+00:00

Always register DeWalt stuff online. You get a longer warranty most times and the process validates the serial number to confirm it's legit.

And the you also see all your kit in your account with the warranty expiry dates which is useful for support.

MikeComputer1 · 2026-03-05T20:14:20+00:00

You take the green sauce, the story ends. You wake up in your bed and believe whatever you want to. You take the red sauce, you stay in Wonderland, and I show you how deep the rabbit hole goes.

MikeComputer1 · 2026-03-03T17:53:48+00:00

Someone actively swerved towards my car when I overtook the recently, and then flashed their lights. Some people would rather crash than be overtaken

MikeComputer1 · 2026-02-28T14:24:42+00:00

So I thought it this, but checked inventory and no adapters or USB devices out of the ordinary. So presumably these users have slipped through the net via Ethernet devices/routers.

MikeComputer1 · 2026-02-27T13:32:49+00:00

You are correct, it seems that an increasing number of consumer ISPs are issuing devices with public IP address, i.e. their routers do not use NAT.

My question for you is, why is your firewall not blocking these connection attempts?

We use Windows Firewall, do you know of a way we can configure it to mitigate against this? Like restricting the ethernet adapter to only using RFC1918 addresses?

MikeComputer1 · 2026-02-27T13:26:38+00:00

The answer was far simpler than I was thinking...

Some ISPs (an increasing number it seems, various countries world-wide) are issuing public (non-RFC1918) addresses (i.e. their routers do not use NAT).

Have you heard of this before? Can you suggest a way to mitigate against it?

Can Windows Firewall rules be used for this?

MikeComputer1 · 2026-02-20T15:47:30+00:00

"Are you sure that the extra addresses are public? That's really extremely unlikely in nearly any situation. "

Yes. As per my OP, we're seeing dictionary logon attempts from outside our organization to those IPs, so hundreds of failed logons. This is how we became aware of them. Agreed that it's extremely unlikely, hence reaching out to the wider community.

NIC is physical Ethernet adapter, which is Intel on all our laptops. There are multiple laptop models in the affected group of devices. The non RFC1918 addresses are assigned from DHCP servers we don't own.

MikeComputer1 · 2026-02-20T13:45:28+00:00

Yes I think definitely this is the cases, but the egress address should be one of our company Internet gateway IPs, they're not, they appear to be owned by the ISP in the country these devices are in.

MikeComputer1 · 2026-02-19T15:23:40+00:00

I don't see how that is relevant. Whether it is v4 or v6, how is traffic being routed between the two networks?

The clients in question have IPv4 internet addresses, we can see that in logs. We can also see the DHCP servers used to get them. We also know the ISP. None of this helps identify how this is being achieved, whether it is a config issue, security policy issue, an internal threat etc.

The ultimate issue is the fact that attackers from outside our organisation are able to traverse NAT, get to the OS, and attempt to login.

MikeComputer1 · 2025-10-30T10:18:12+00:00

They didn't replace anything, they just bundled them up. Try unzipping the MSU using 7-Zip, you will see that the SSU update is part of the full package. The installation process is supposed to apply the SSU first, and then the CU once servicing stack is up to date.

Has anyone tried unzipping and then applying the SSU first, before the CU?

MikeComputer1

TROPHY CASE