MS-DEFCON 4: Mixed bag for March

MS-DEFCON 4: Mixed bag for March

By Susan Bradley

Although CISA has given businesses who follow its guidance until early April to install updates released in March, I’m urging you to do so now.

Accordingly, I’m lowering the MS-DEFCON level to 4. You can find CISA’s deadlines in its Known Exploited Vulnerabilities Catalog.

Note that my recommendations for businesses include some possible exceptions.

If you are running Windows 10, take a moment to learn the exact version installed (Start | Settings | System | About). If it doesn’t say 22H2, take action. The first step is to check whether you have used some method to block version updates, such as Registry settings or the use of InControl. Remove such blocks.

Then use Windows Update in Settings to check for updates and see whether 22H2 is offered. If not, go to the Windows download page. Beneath the Windows 10 2022 Update | Version 22H2 heading, click on Update now. This will download the installation file, which you can then run. You will also see the option to download an ISO, but don’t do that.

This will easily bring you up to 22H2.

Why am I recommending that? Microsoft ended 21H2 servicing in June 2023. Also, Microsoft’s planned Extended Support Update applies only to 22H2.

Windows 10 users should expect a significant rise in the number of emails and notifications received from Microsoft about the end of support for Windows 10. The company is becoming quite pushy. I guess I shouldn’t be surprised at this point. I have a PC on an insider build of Windows 10 (19045.5674) with persistent messages about updating or upgrading your PC. I hope that this annoying push does not survive the insider’s build and thus does not show up in the stable builds delivered to consumers.

Here are a few examples of new behaviors in Windows Settings as Windows 10 nears its end of life.

Figure 1. After an update, Windows 10 displays a full-screen warning (aka scare tactic) encouraging you to purchase a new Windows 11 PC.

This full-screen display seemingly comes out of nowhere. If you have taken your eye off the screen and look back to find this, it can be a bit disorienting. The Remind me later and Learn more options seem like the only available next steps, but the Escape key will close this display.

Figure 2. The “Get ready” message in Windows Update has become more prominent.

There have been upgrade messages in Settings for some time, but they had moved further down the screen and were smaller. They have returned with a vengeance to the top of the Windows Update panel.

Figure 3. The Device Specifications section of the About screen in Settings now includes an FAQ.

More pushiness! While these questions seem reasonable on the surface, the answers are clearly marketing — just more encouragement about getting new hardware.

Figure 4. Incredible sloppiness

After running updates that installed build 19045.5608, the About Windows dialog (run the command winver from a command line) correctly shows 22H2. However, Settings | About shows 2009. This is very shoddy work, very disappointing.

You may see preview updates released for both Windows 10 and Windows 11 this week. I do not recommend installing preview updates. I review them to see the highlights of things to come in April. However, install the March updates now.

If you are experiencing Edge or Chrome freezing or even fluttering on your display on a Windows 11 PC, consider turning off multi-plane overlay. NVIDIA has a registry key you can download and run if you are impacted.

If your device has updated the Microsoft Snipping Tool app from the Microsoft store to version 11.2501.7.0 (released in February 2025), you might observe that the tool stops responding with an exception while trying to capture screenshots. Microsoft is working on fixing the issue. This impacts Windows 10 and Windows 11.

Windows 11 24H2 still feels very much like a work in progress. Soon after the March updates were released, several folks reported that they were having issues with the Remote Desktop Protocol. Soon after joining a remote session to a desktop, the session would crash. I tested a Win11 24H2 PC remotely accessing a Win11 23H2 PC and it worked without error. I’m not sure whether something else is going on.

For example, I found that once the March updates were installed on my Windows 10 22H2 PC, my RDP connection would stall, freeze up, and not allow me to connect if the machine had been sitting for a day. Rebooting the PC cleared the problem and the connection could be made. Upon examination, I found an older application that provided USB over an RDP connection. I could see evidence in the event logs that this app was not happy. I uninstalled the app, and RDP was back to normal.

The message in the event log was:

Activation context generation failed for “C:\Program Files\USB over Network\usbserver.exe”. Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are: Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16.manifest.

This pointed me in the direction of an old installation of Fabulatech’s USB over Network. Event logs can be confusing and messy, but there are times it really does work to point you in the right direction.

If you are impacted by this Windows 11 24H2 bug, the following steps will fix it.

You can also use Group Policy by navigating to Computer Configuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Connection Client, clicking Turn Off UDP On Client, selecting Enable, and then clicking OK.

Recently, Microsoft performed a relocation of OneDrive data within its data centers. This resulted in shared folder shortcuts showing up as Internet shortcuts while the relocation was in progress, and it was briefly confusing to many users. As I write this, it appears that the relocation work is complete and the problem is thus resolved.

This is not related to a Windows or OneDrive update, but rather isolated in Microsoft’s own backend. Let me hear from you in the forum if your were affected by this problem and whether it has cleared.

Resources

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of February): 874

RIP Matrix | Farewell my friend