XP Windows / Automatic Updates SVCHOST.exe 100% CPU .. MS did something.

[+Warwagon MVC]

And I'm not convinced by the need to constantly update the system, at least with a good antivirus & firewall.

 

:face palm:

[flynempire]

Regardless of EOL they still should fix it because there will still be companies holding on as long as they can as well as individuals and the least you can do is let them have whatever updates are available until there are no more.

 

After EOL they assume the risk and not MS..

[bigmehdi]

What I would do is slipstream a maximum of updates with nlite in XP, before installing it.

I think that's more convenient.

[francescob]

:face palm:

Why? Unless you use IE or Office (the MU CPU usage bug makes it impossible to keep Office updated on older machines) I don't think that much could happen if your XP has at least the latest service pack installed. Adobe Flash, Reader and third party browsers update themselves separately so the surface attack area is already quite reduced.

[Raa]

I've noticed this too for the last year or so. It appeared to co-incide with the last WU agent update.

 

I consider it normal behaviour, it's just re/building the WU database anyway.

[TAZMINATOR]

I didn't have any problem with mine. 

[Aergan]

Seen this in a recent XP SP3 VM that was not configured to use WSUS.

 

I installed the certificate revocation optional / recommended update and it seemed to sort itself out in my case.

 

I've seen Animalware service, Windows Security Essentials, McAfee Antivirus etc also cause this issue though during a botched definition update.

[francescob]

Seen this in a recent XP SP3 VM that was not configured to use WSUS.

 

I installed the certificate revocation optional / recommended update and it seemed to sort itself out in my case.

 

I've seen Animalware service, Windows Security Essentials, McAfee Antivirus etc also cause this issue though during a botched definition update.

 

This one? http://www.microsoft.com/en-us/download/details.aspx?id=39802

[Aergan]

Yes, that's the one

[flynempire]

Well slip streaming is a great way to handle this. I guess the best way to avoid this problem and continue to use XP will be to slipstream all updates after XP SP-3 including the very last ones MS makes up until the cut off date.

After April 2014 no more XP updates except paid hot fixes for companies. So at the point if the slip stream is done right then every fresh install will have SP-3 and all the updates after. There will be no need run Windows or Microsoft update at all and should be disabled.

Just make sure to have as much protection as possible to mitigate attacks. Disable unnecessary services and if possible perform any registry tweaks that are for security purposes, disable file and print sharing if stand alone machine.

Also some programs like Nlite let you remove certain Windows components not needed that could also reduce the attack surface.

[jdsmort]

I have struggled with this problem for a while. However, today, after trying almost every apparent solution suggested in various forums, and having given up and set Updates to OFF, and disabling the update service, I tried once more just to see what happened.

If anyone with this problem...  100% CPU on svchost.exe, (in my case, specifically relating to updates) uses Process Explorer, as I do, they should see the related process, Wuauclt.exe.

Instead of killing the svchost process, I decided to try killing the wuauclt process instead..   Aha....   it did not die, or should I say, it died only to be resurected immediately, and immediately the system started to download updates, with no more high CPU hogging..

I have no idea why this worked, but as nothing else has, I consider this may be a 'fix' of some sort...

[flynempire]

Hi. Typically Wuauclt.exe. is what I see also. I am telling you this problem goes back years but it was also hit or miss for me because some machines had this behavior and others did not.

I forget though if it had to do with Windows Update or Microsoft Update. There is a difference and I always choose Microsoft Update as it gives you more updates than the standard Windows Update.

In the end like I said once there are no more updates it is best to slip stream them all into a CD with SP-3 and remove unnecessary components and every fresh install will be up to date so to speak :)

Think  Micro XP where Nlite and others can strip out things. Also don't forget to disable Auto Update.

[[email protected]]

http://technet.microsoft.com/en-us/security/bulletin/ms13-069

For XP/IE8 -> http://www.microsoft.com/en-us/download/details.aspx?id=40119

[+Warwagon MVC]

Once again It's a recent thing. Which is why I thought I was using bad media at first. When I would do a clean install I would check for updates via windows update and the bar would go across for maybe 10 / 15 seconds and then go to the next step. Wonder my surprise when one day 10 / 15 seconds turned into minutes with 100% usage on every new install.

[francescob]

http://technet.microsoft.com/en-us/security/bulletin/ms13-069

For XP/IE8 -> http://www.microsoft.com/en-us/download/details.aspx?id=40119

What do those links have to do with the issue?

[+DKAngel Subscriber²]

doesnt just happen on xp, also happens on vista and windows 7 had it happen several times

[+therealDamien Subscriber¹]

I had the same problem.

 

end of last I install reinstall xp with service pack 3 in a dualboot system and it refused to even check for update saying could not find the page.

 

had to manually download windows updater and install and it just stayed at scanning for updates.

 

only way I got around it was install xp with service pack 2 and windows update worked. and installed service pack 3 and still worked and fully updated the system.

[Astra.Xtreme]

Could is possibly be something with the Microsoft Update website and/or whatever applet they force people to install before running the update scan?  Or I guess since the WU service phones home, and it might be getting a command to bust ass while doing the update scan.

 

My thought is that if this is something recent, then obviously it isn't a specific update to the core OS since the PCs we're talking about aren't up-to-date.

 

Regardless, this is something Microsoft really needs to fix.  It can't be that difficult and may not even require an software update or anything.

[Nicholas Burnell]

Hi to all. This problem is now very common. Absolutly every fix fails on multiple machines.

The only common demominator I can see is that its always lowly single core CPU's

Any fresh XP install, SP3 just immediatly goes 100% on the WU site.

I had success a couple of months ago with a Core2Duo, but since then have had many P4 and 1.6 Celeon boxes that fail.

I know it probably isn't CPU specific, but from an engineering point of view it's like the engine just cannot cope?

MSEssentials also causing this 100cpu in its updates on many PC's I'm seeing (low spec) as well.

Whats going on?

[Praetor]

Use sysinternals procexp to check which service inside of service host is actually using the CPU, and then use procmon or windbg to figure out why its hogging CPU.

 

+1

[Anibal P]

It's so obvious to me what's going on, and someone else also mentioned it

 

It's a combination of scanning through a few hundred updates and refreshing the WU database at the same time

 

I bet that given enough time to complete it would go away on it's own since it's the first run of it, there's no need for a full rescan and DB update after that and should run normally

[Nicholas Burnell]

I'm not buying this.

Here is my real world experiment yesterday and today.

Dell Optiplex 320 lowly 1.6 Celeron, 1gb RAM

XP Pro SP3, 100%cpu on fresh build as soon as WU site visited

Left all night, still just scanning.

Tried all fixes, same.

Suspicious of my media maybe?

So, tried XP Home SP3, SAME fault.

As I type I am now looking at an installation of 7 Pro, it's at the WU site, CPU spiked for a mo, now its all perect, nicely doing the updates with a healthy CPU rate.

This is IMHO 100% MS Update site with XP.

Nick

[cork1958]

Just did a brand new, fresh install of XP yesterday on an ancient E-Machine. One of the first things I ALWAYS do on a fresh install is disable auto update under both sections. In services and the automatic update icon in control panel.

 

No such issue on that machine yesterday, other than taking 6 hours, it felt like, to get them all.

 

Of course,

I ALWAYS disable automatic updates on EVERY computer of mine anyway. The ONLY thing I EVER allow to do anything automatically is my AV updates, when I actually use an AV, that is!!

 

Auto updates are WAY more trouble than they're worth, especially when 16 different things are starting up trying to do that at same time, IMO.

[francescob]

Knowing how they left the same issue with Microsoft Update unfixed I doubt they'd ever do something about this one. What a shame. Not that it would matter for much more time though, since updates are ending next year.

[+Ryster Subscriber²]

Why? Unless you use IE or Office (the MU CPU usage bug makes it impossible to keep Office updated on older machines) I don't think that much could happen if your XP has at least the latest service pack installed. Adobe Flash, Reader and third party browsers update themselves separately so the surface attack area is already quite reduced.

 

Sorry, but that's just a "stick my head in the sand and pretend it doesn't exists" approach to safety.

 

What happens when the next Blaster or Nachi comes along that makes use of a vulnerability in Windows to infect your machine without user intervention.  The Windows firewall is not infallible you know, especially the antiquated one in XP. I've seen malware able to disable it in the past. It can take AV vendors several days, if not weeks to push out definition updates for new viruses as quite often it depends on sample submissions.