More info here:
I hope COMODO can face the potential threats through its Default Deny Protection scheme and protect
corporations using its certificate services 
Perhaps the error is not exactly that but how firewalls are generally configured.
Across the very supplier updates, if the microsoft. Every update, the IPs to which the machines are connected change.
Allow the process responsible for the updates are made without doors and ips are specific, continue vulnerareis. Example: The windows firewall is configured to allow ports 80 and 443, the problem is that in this case, any application can access the internet through the process (the same applies to third-party firewalls).
The Microsoft and many large companies, share your network with other service providers other than the windows update itself in the case of Microsoft, social networks … Set this to common User would be tiring.
The windows firewall allows you to configure connections for specific services, but does not work well. If studying security suites, you’ll see that there is a dependency of application blocking modules (based on HIPS) and not connections (firewalls).
Meanwhile we have to wait.