We were not able to download some recent updates, namely MS15-111
PROXY settings were analyzed, since we had suspicion that source address or protocol might be blocked in our enterprise.
We have capured network traffic by WireShark and analyzed collected data .
When we looked in to the installed certificates we found that the “Baltimore CyberTrust Root” is missing which is crucial for HTTPs services.
Here is explanation:
“Microsoft is changing from the GTE CyberTrust Global Root to the Baltimore CyberTrust Root for all public-facing HTTPs services.
We are making this change to stay current with industry-wide security best practices for trusted root certificates. The new root certificate uses a stronger key length and hashing algorithm.”
https://support.microsoft.com/en-us/kb/2842146
I hope that HINT would help to others, who might be sufferting from the same download problem.