What is Device Metadata?
The Device Metadata Retrieval Client (DMRC) is the operating system component that matches devices to device metadata packages. When the user opens the gallery view window of the Devices and Printers user interface, the DMRC tries to obtain device metadata for the devices that Devices and Printers will display. First, it checks the local computer's device metadata cache and device metadata store. If the device is newly installed, or if the device is scheduled for a periodic metadata update, DMRC queries the Windows Metadata and Internet Services (WMIS) website to determine whether a device metadata package is available for the device. If a device metadata package is available, DMRC automatically downloads the package from WMIS, extracts the package's device metadata components, and saves them within the device metadata cache.
What is Affected?
If printer was recently added to the Windows 10 system (example below network printer), will list as Device Setup in progress and will not complete the installation.
Affected Operating System:-
Windows 10 all versions (1709, 1803, 1809, 1903.1909), Windows 7 (unknown).
What we found?
As per our investigation, In windows 10 if you install any device driver (example network printer) its seems Microsoft Device metadata service redirect url (http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409) is frequently being modified by the Microsoft (which is suspicious)
we found it was earlier pointing to the Azure.com Device metadata service, but now pointing to either. (https://devicemetadataservice.trafficmanager.net/dms/metadata.svc) or (http://dmd.metaservices.microsoft.com/metadata.svc).
Which is in a different domain and what more suspicious is these URLs are not resolving to the Local location Azure site rather it is resolving to the Japan or Chinese location sites.
*If in case it was malicious, white listing those URL can result in more damage since it can trick the Windows 10 systems to install a malicious program along with the Drivers install.
Below metadata URL not opening or redirected to Japan or Chinese site:
Workaround:-
Right now, since the URL is pointing to some random URLs and frequently changing and routing to China or Japan location, please don’t add the URLs below to your Whitelist.
We suggest using the 2 workarounds below for a little while until we get confirmation on this issue why the URL is being to point to different addresses frequently.(MS confirmed the issue and they are working to resolve the same)
GPO:-
Please enable the GPO below:-
Computer Configuration -> Policies -> Administrative Templates -> System -> Device Installation -> Prevent device metadata retrieval from the internet.
Registry:
Please change the following DWORD from 0 to 1.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata\PreventDeviceMetadataFromNetwork
Thanks & Regards
Solution Teams
Email: [email protected], [email protected]
Facebook https://www.facebook.com/Hiraniconfigmgr-20189361980772/
Follow me: https://www.linkedin.com/in/hiraniconfigmgr
X
0 Comments
No Comments