Jump to content

Search the Community

Showing results for tags 'updates'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Microsoft releases Windows 10 builds 18363.1350, 17763.1728 - here's what's new After taking December off from releasing optional Windows 10 cumulative updates, Microsoft is back. Today, the team is releasing its preview updates for Windows 10 versions 1909 and 1809. There was also one released for version 20H2, but that's just for Windows Insiders right now. If you're on Windows 10 version 1909, you're going to get KB4598298, bringing the build number to 18363.1350. Normally, this update would be for version 1903 as well, but that version is unsupported. You can manually download it here, and these are the highlights: Updates an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working. Updates an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.” Updates an issue that displays a blank lock screen after a device wakes up from Hibernate. Corrects historical daylight savings time (DST) information for the Palestinian Authority. Adds a notification that tells you when your device is close to end of service (EOS). At EOS, your device will stop receiving important quality and security updates. Updates an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file. Here's the full list of fixes: Enables administrators to disable standalone Internet Explorer using a Group Policy while continuing to use Microsoft Edge's IE Mode. Enables you to configure certain policies that support Microsoft Edge IE Mode using mobile device management (MDM). Addresses an issue that displays a User Account Control (UAC) dialog box unexpectedly when you turn on speech recognition. Addresses an issue that fails to notify the target application when you select the Copy link command on the Share menu. Changes the way DirectX 12 runtime components load by splitting the d3d12.dll binary into two pieces: d3d12.dll and d3d12core.dll. This change improves versioning and updating for these components. Addresses an issue that prevents JumpList items from functioning. This occurs when you create them using the Windows Runtime (WinRT) Windows.UI.StartScreen API for desktop applications that are packaged in the MSIX format. Addresses an issue that occurs when the Mandatory Profile check box is selected when you copy a user profile. Addresses an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working. Addresses an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.” This issue occurs after changing the desktop location in the Location tab of the Desktop Properties dialog box (File Explorer > This PC > Desktop). Addresses an issue that displays a blank lock screen after a device wakes up from Hibernate. Corrects historical daylight savings time (DST) information for the Palestinian Authority. Addresses an issue with German translations of Central European Time. Adds support for serial number control using the registry. Addresses an issue that causes the upload of diagnostic logs to a management service, such as Microsoft Intune, to fail. The failure occurs because of a network time-out on a slow network. Displays a notification to a user when an administrator signs in to an MDM service, such as Microsoft Intune, to find the location of a managed device. Addresses an issue that causes the silent mode deployment of BitLocker to fail with the error 0x80310001. This issue occurs when deploying BitLocker encryption to Hybrid Azure Active Directory (Azure AD) joined devices. Addresses an issue that causes an unexpected system restart because of exception code 0xc0000005 (Access Violation) in LSASS.exe; the faulting module is webio.dll. Addresses an issue that might cause systems that use BitLocker to stop working with the error 0x120 (BITLOCKER_FATAL_ERROR). Addresses an issue that causes a device to stop working when deploying Microsoft Endpoint Configuration Manager if AppLocker is enabled on the device. Addresses an issue that might cause a black screen to appear or delay signing in to Hybrid Azure Active Directory joined machines. Additionally, there is no access to login.microsoftonline.com. Addresses an issue that cause the LSASS.exe process to leak memory on a server that is under a heavy authentication load when Kerberos Armoring (Flexible Authentication Secure Tunneling (FAST)) is enabled. Addresses a memory leak on Windows servers that are configured as Active Directory domain controllers. This issue occurs when the Key Distribution Center (KDC) attempts to fetch the Service for User (S4U) client name during certificate authentication. Addresses an issue that causes LSASS.exe to stop working because of a race condition that results in a double free error in Schannel. The exception code is c0000374, and the Event Log displays Schannel event 36888, fatal error code 20, and error state 960. This issue occurs after installing Windows updates from September 2020 and later. Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag. Addresses an issue with HTTP caching that interferes with kiosk mode that targets Azure AD groups. Addresses an issue with using Windows Defender Application Control (WDAC) and running a file while Managed Installer (MI) or Intelligent Security Graph (ISG) is enabled. You can now use fsutil to look for the $KERNEL.SMARTLOCKER.ORIGINCLAIM extended-attribute (EA) on a file. If this EA is present, then MI or ISG can run the file. You can use fsutil in conjunction with Enabling ISG and MI diagnostic events. Addresses an issue that allows an app that has been blocked from hydrating files to continue hydrating files in some cases. Addresses an issue that prevents access to a Volume Shadow Copy Service (VSS) snapshot of Resilient File System (ReFS) volumes for 30 minutes. This occurs when the ReFS volumes contain 100,000 or more concurrently open files. As a result, a time-out occurs, which causes backups of the first and third applications to fail. Adds a notification that tells you when your device is close to end of service (EOS). At EOS, your device will stop receiving important quality and security updates. Addresses an issue with Administrative Template settings you configure using a Group Policy Object (GPO). When you change the value of the policy settings to NOT CONFIGURED, the system fails to remove the previous settings. This issue is most noticeable with roaming user profiles. Addresses an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file. Updates the process for enrolling in online speech recognition. If you are already enrolled, you will see a message that asks you to review the new settings. If you choose not to contribute your speech data for human review, you can still use online speech recognition. The new settings contain one button to turn on online speech recognition and another button that turns on the collection of your voice clips. If you turn on the collection of your voice clips, you can turn it off at any time using the same button in the new settings page. There's also one known issue to be aware of: Symptom Workaround System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated. Note Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps. If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows using the instructions here. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. You will then need to update to the later version of Windows 10 after the issue is resolved in your environment. Note Within the uninstall window, you can increase the number of days you have to go back to your previous version of Windows 10 by using the DISM command /Set-OSUninstallWindow. You must make this change before the default uninstall window has lapsed. For more information, see DISM operating system uninstall command-line options. We are working on a resolution and will provide updated bundles and refreshed media in the coming weeks. If you're on Windows 10 version 1809, you'll get KB4598296, bringing the build number to 17763.1728. Naturally, this is only available for Windows 10 Education ansd Enterprise SKUs. You can manually download it here, and these are the highlights: Updates an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working. Updates an issue that displays a blank lock screen after a device wakes up from Hibernate. Updates an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.” Corrects historical daylight savings time (DST) information for the Palestinian Authority. Updates an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file. Here's the full list of fixes: Enables administrators to disable standalone Internet Explorer using a Group Policy while continuing to use Microsoft Edge's IE Mode. Addresses an issue that occurs when the Mandatory Profile check box is selected when you copy a user profile. Addresses an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working. Addresses an issue that displays a blank lock screen after a device wakes up from Hibernate. Addresses an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.” This issue occurs after changing the desktop location in the Location tab of the Desktop Properties dialog box (File Explorer > This PC > Desktop). Corrects historical daylight savings time (DST) information for the Palestinian Authority. Addresses an issue with German translations of Central European Time. Adds support for serial number control using the registry. Displays a notification to a user when an administrator signs in to an mobile device management (MDM) service, such as Microsoft Intune, to find the location of a managed device. Addresses an issue that causes an unexpected system restart because of exception code 0xc0000005 (Access Violation) in LSASS.exe; the faulting module is webio.dll. Addresses a memory leak on Windows servers that are configured as Active Directory domain controllers. This issue occurs when the Key Distribution Center (KDC) attempts to fetch the Service for User (S4U) client name during certificate authentication. Addresses an issue that might cause a black screen to appear or delay signing in to Hybrid Azure Active Directory joined machines. Additionally, there is no access to login.microsoftonline.com. Addresses an issue that cause the LSASS.exe process to leak memory on a server that is under a heavy authentication load when Kerberos Armoring (Flexible Authentication Secure Tunneling (FAST)) is enabled. Addresses an issue that causes a device to stop working when deploying Microsoft Endpoint Configuration Manager if AppLocker is enabled on the device. Addresses an issue that causes the silent mode deployment of BitLocker to fail with the error 0x80310001. This issue occurs when deploying BitLocker encryption to Hybrid Azure Active Directory (Azure AD) joined devices. Addresses an issue that causes LSASS.exe to stop working because of a race condition that results in a double free error in Schannel. The exception code is c0000374, and the Event Log displays Schannel event 36888, fatal error code 20, and error state 960. This issue occurs after installing Windows updates from September 2020 and later. Addresses an issue that might cause systems that use BitLocker to stop working with the error 0x120 (BITLOCKER_FATAL_ERROR). Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag. Addresses an issue with Task Manager that incorrectly indicates that twice the number of CPUs (socket count) are present in the system. Addresses an issue with HTTP caching that interferes with kiosk mode that targets Azure AD groups. Improves the ability of the WinHTTP Web Proxy Auto-Discovery Service to ignore invalid Web Proxy Auto-Discovery Protocol (WPAD) URLs that the Dynamic Host Configuration Protocol (DHCP) server returns. Addresses an issue with insertion rule flooding in the software-defined networking (SDN) service. Addresses an issue with using Windows Defender Application Control (WDAC) and running a file while Managed Installer (MI) or Intelligent Security Graph (ISG) is enabled. You can now use fsutil to look for the $KERNEL.SMARTLOCKER.ORIGINCLAIM extended-attribute (EA) on a file. If this EA is present, then MI or ISG can run the file. You can use fsutil in conjunction with Enabling ISG and MI diagnostic events. Addresses an issue that occurs when a Volume Shadow Copy Service (VSS) snapshot triggers on virtual machines (VM) that contain Resilient File System (ReFS) volumes. The triggered VSS snapshot fails with a time-out and prevents access to the ReFS volume for 30 minutes. Addresses an issue that allows an app that has been blocked from hydrating files to continue hydrating files in some cases. Addresses an issue with web applications that use cross-origin resource sharing (CORS) pre-flighting against Active Directory Federation Services (AD FS) token endpoints. These web applications might suddenly stop working when they call AD FS from external networks. Addresses an issue with Administrative Template settings you configure using a Group Policy Object (GPO). When you change the value of the policy settings to NOT CONFIGURED, the system fails to remove the previous settings. This issue is most noticeable with roaming user profiles. Addresses an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file. This one also has one known issue: Symptom Workaround After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release. As usual, you can grab this update through Windows Update. It's an optional update though, so you don't have to take it. If you don't, these fixes will be rolled into next month's Patch Tuesday update. Microsoft releases Windows 10 builds 18363.1350, 17763.1728 - here's what's new
  2. Tor Browser adds better HTML5 support, removes SHA-1 Tor browser 6.0 The Tor Project released today version 6.0 of its famous privacy-first Web browser, which is now based on the Firefox 45-ESR release, and features better HTML5 support and updated security features to safeguard encrypted traffic and its updates mechanism. There are a lot of people that hate the recent Australis-based Firefox versions, among which 45-ESR is one, mainly due to its revamped GUI that most users considered non-Firefoxey or too-Chromey. Nevertheless, the Web can get really lonely if the browser you're on doesn't fully support the modern technologies on which most websites are being built today. This update doesn't necessarily mean new features only, but throwing out the old as well, a picture perfect image of what the latest Tor Browser stable version is. Better HTML5 support means less Flash Being based on Firefox 45-ESR, Tor Browser 6.0 automatically brings in top-of-the-line HTML5 support, which should make it much easier now to leave your Flash plugin turned off on the majority of sites you're visiting. Since Flash can give away details like your IP, you should be staying away from Flash altogether if you value Tor more for its privacy features rather than for its ability to throw a different IP at you every time you boot it up. Secondly, Firefox 45-ESR also features support for the Push API for dynamic notifications, but also better support for the latest JavaScript standard, such as ES6 classes. The Tor team also brought in an important fix for Mac OS X, where the Tor Browser from now on will be using code-signing in order to avoid getting blocked by OS X's GateKeeper security app. Tor Browser 6.0 says good bye to SHA-1 The biggest changes, or at least in our eyes, are the modifications made to the browser's encryption layer. Since the Tor Browser works on top of an encryption-first protocol, support for modern cryptography must be up to par with such a reputation. As such, Tor Browser 6.0 has removed support for SHA-1 certificates, something that its bigger brothers such as Firefox, Chrome, and Edge have announced this past winter. These browsers are a little bit tardy, mainly due to their huge userbases and will be taking the first steps to remove SHA-1 at the end of June this year, and then a permanent step at the start of 2017. Furthermore, the latest Tor Browser version also comes with a better update mechanism, which now checks both the update package's signature and hash before running the update file. The team also fixed a simple yet serious DLL hijacking issue, and applied some quick fixes here and there to patch some urgent bugs, but the Project promised to deliver complete fixes for these issues in later versions. Tor partially fixes issues with its default search engine provider Last but not least, the Tor Project also clarified the situation of its default search engine, Disconnect, which is now displaying search results via DuckDuckGo's API, instead of Google. The Tor team explains that until Disconnect clarifies its situation with Google, the Tor Project has specifically asked the Disconnect team to supply them with DuckDuckGo search results instead of Bing, which they described as "basically unacceptable quality-wise." The Tor Browser 6.0 is available for download for the Linux, Mac, and Windows operating systems via Softpedia, but if you already have it installed, you should also be able to upgrade via its built-in updater. A full Tor Browser 6.0 changelog is also available. Article source
  3. Not sure if this goes here. Today 15th January 2014 I decided to run windows updates, a.k.a. patch Tuesday. I started it at 01:30. Downloaded, asked for a reboot. Windows rebooted. Then the pause, the update screen the ticker stating how much is done. Stuck at 32%. Then b.s.o.d. This happened twice. Finally it worked, so I thought. Darn updates interfered with my u.s.b. 3 2 t.b. h.d.d. configuration. Now one don't work. I fixed this before, by unplugging the u.s.b. 3 drive affected, rebooting and after display screen plugging in u.s.b. 3 drive. However go to desktop; notified that drivers were being installed, then crashed again. Anyone else having problems with windows updates released on January 14th 2014?
  4. Hi, my windows 8.1 didn't get any updates from weeks I wonder if I'm alone in this or what??
  5. Google today released an update to its reCAPTCHA system that creates different classes of CAPTCHAs for different kinds of users. In short, it makes your life easier if you’re a human, and your work much harder if you’re a bot. For those who have encountered CAPTCHAs and reCAPTCHA, but have no idea what they are, here’s a quick primer. CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”, and as its name implies, it is a quick test used in computing to determine whether or not the user is human. You’ve probably encountered hundreds of these if a site decides to verify whether you’re human or not. reCAPTCHA, which was acquired by Google in September 2009, is similar to the CAPTCHA interface, except that it asks users to enter words seen in distorted text images onscreen. It presents two words: one which it knows (used to test whether you are human), and one which it doesn’t (used to help digitize the text in books). Google notes that over the last few years, advances in artificial intelligence have reduced the gap between human and machine capabilities in deciphering distorted text, and the reCAPTCHA team has been making its system more adaptive via extensive research and steady improvements. Unsurprisingly, Google wouldn’t share too much detail as to how the new system works, aside from saying it uses advanced risk analysis techniques, actively considering the user’s entire engagement (before, during and after) with the CAPTCHA. In other words, the distorted letters are not the only test. Here’s what Google says it gains from the changes:"This multi-faceted approach allows us to determine whether a potential user is actually a human or not, and serve our legitimate users CAPTCHAs that most of them will find easy to solve. Bots, on the other hand, will see CAPTCHAs that are considerably more difficult and designed to stop them from getting through." Since humans find numeric CAPTCHAs (pictured above) significantly easier to solve than those containing arbitrary text, Google will be showing you more and more numbers. Bots, meanwhile, won’t even see them. That’s not all. Google says “significant advancements” to the reCAPTCHA technology are on their way “in the next few months.” source: tnw
  6. I use Universal Extractor pretty much every day. It's the best way to open almost any setup file to make apps portable or stand-alone. It opens things better than any other app I have used. Gora has made many updates to it, but AFAIK there are things that didn't get updated and besides, I won't use his because it freaks out AV programs reliably. For a while here R3CON was updating UE and his version was much better than Gora's (IMO), had more functions updated, and never, ever set off an AV program on my system. Trouble is, R3CON seems to have quit updating UE because his post about it has gone quiet ( http://www.nsaneforums.com/topic/158973-universal-extractor-161-updated-mar-2013-x86-x64-builds/ ) and I even tried asking him via PM about it and got no reply. My question is...: Does anyone know if there are other folks who keep UE updated, and where their work might be found ?? Thanks.
  7. Mozilla plans to change the updating logic of Firefox by removing the option to block updates from the browser's user interface and from about:config. Current stable versions of the Firefox web browser support three states when it comes to checking for and installing updates in the web browser. The default setting checks for updates automatically and installs them immediately when found. The second state checks for updates but requires user interaction to start the installation of the update, and the third state disables update checking entirely in the browser. Firefox users can open about:preferences#general in the browser and scroll down to the Firefox Updates section to manage update settings in the Firefox browser. Firefox users could also set the preference app.update.enabled on about:config to false to disable update checks in the browser. Mozilla plans to change the updating logic of Firefox by removing the third option from the browser's user interface and from about:config. The organization does not mention explicitly how it plans to deal with Firefox installations that are set to never check for updates. It seems likely that the setting will be switched to "check but don't install" automatically, but that is not mentioned explicitly anywhere. Firefox users who have set the browser to never check for updates should verify which setting is enabled after upgrading to version 63. Firefox 63 is scheduled to release in October 2018. Why is Mozilla making the change? The bug listing on [email protected] highlights that the option is "easy to enable and forget about", and that it "contributes to orphaned users" and "exposes users to severe security issues". The new method The feature won't be removed entirely, however. The recently introduced policy engine provides an option to block updates in Firefox entirely. Firefox users and system administrators have two options to use policies. They can create a policies.json file manually and fill it with appropriate policies, or use the excellent Enterprise Policy Generator instead. Just install the extension in the Firefox web browser and open its settings with a click on the icon. Locate Updates & Data Collection and check the policy "Prevent Firefox from updating". The policy requires Firefox ESR 60 or higher, or Firefox 62 or higher. The add-on creates a policy file that you need to place in the distribution folder of the Firefox installation. Additional information about policy support is available here. Closing Words While it is generally not recommended to disable the installation of updates, it should be up to the user to make that decision in my opinion. Yes, it would be great if all users would run the latest version of Firefox but users have multiple reasons for not wanting to update. While it is more difficult to block update checking entirely in Firefox, an option to do so still exists even in Firefox 63 and future versions released after Firefox 63. Now You: How do you handle updates in Firefox? (via Deskmodder / Sören Hentzschel) Source PS-2: The current Mozilla devs should understand that if the browser updates are good without ruining the features/non-buggy, most users would update even if check for updates are set to never check. PS-1: It is very sad about Mozilla & Firefox development in the recent months - Very Worse and Worrying Changes! "Real Mozilla Firefox" Fans should improvise Waterfox/Palemoon/push to continue Cyberfox developments or should try to create a better Gecko browser instead of Chromium/Qt engine.
  8. Note: x64 guide in link near the bottom of the article.. Microsoft's official support for the Windows XP operating system ended more than a month ago. While some companies and organizations are still receiving updates for the operating system, end users do not. These companies pay Microsoft for that, usually because they were not able or willed to migrate computer's running Windows XP to another operating system before the extended support phase for the system ended. There is another exception to the end of support rule: Windows Embedded Industry, formerly known as Windows Embedded POSReady, operating systems continue to receive updates. What makes this interesting is the fact that Windows Embedded POSReady 2009 is based on Windows XP Service Pack 3, and that the security updates released for that system are identical with the ones that Microsoft would have released for XP systems. The extended support for Windows Embedded POSReady 2009 systems ends on April 9th, 2019 which means that you can use the trick to get another five years of security patches for XP. What you cannot do is go ahead and install those updates as you will get a version mismatch error when you try to do so. There is however a trick that you can use to bypass those checks so that you can install those updates on your version of Windows XP. Note: The trick works only for 32-bit versions of Windows XP SP3 and not 64-bit versions. While POSReady systems are very similar to Windows XP systems, it is recommended to back up the system before you make any changes as differences between the systems may result in issues after installing updates designed for it. All you need to do is add the following to the Windows XP Registry: Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 I have uploaded a Registry file for you that you can use for that purpose. You can download it here: xp-security-updates.zip (112 downloads) If you prefer to create one on your own do the following: Create a new plain text document. Paste the contents displayed above into it. Save the new document as xp.reg. Double-click the Registry file afterwards to add the contents to the Registry. Alternatively, open the Registry Editor manually: tap on Windows-r, type regedit and hit enter. Navigate to the key listed above and create a new Dword with the value listed there as well. (via Desk Modder and Sebijk) Both source sites are in German. If you open the Sebijk site, you will also find instructions on how to get this to work on 64-bit Windows XP systems. It involves running a batch file that replaces original update files with temporary ones that bypass the restrictions set in place. Closing Words If you are running Windows XP and do not want to switch to a new system or cannot, then you may want to try this trick to install security patches designed for the POSReady 2009 operating system on your PC. I recommend highly that you create a backup before you update the system as there is no guarantee that all updates will work properly on XP PCs. While POSReady 2009 uses the same core, some things are different after all. Nevertheless, this is better than not installing any security updates. Source
  9. Apple releases iOS 14.0.1 with default app setting fix If this was a normal year, we'd all have been downloading iOS 14 yesterday, and waiting to pick up our iPhone 12 devices tomorrow. But it's not a normal year, the iPhone 12 is delayed from its normal timeframe, and Apple didn't have to tie iOS 14 to its release, so it actually released the OS last week. Now, the first bug fix updates are rolling out in the form of iOS 14.0.1, iPadOS 14.0.1, watchOS 7.0.1, tvOS 14.0.1, and macOS 10.15.7 Catalina. The iOS and iPadOS updates do fix a key issue. iOS 14, for the first time, offered the ability to choose a default browser or a default email client. There was an issue though, as users quickly found that that setting was reset upon rebooting their device. This update fixes that. There are plenty of other fixes as well. There are fixes for widgets, such as a fix for an issue that prevented images from appearing in News. There are also camera fixes if you're still using an iPhone 7 or 7 Plus, and there's a fix for connecting to Wi-Fi networks. Finally, Apple listed a fix for an issue with sending emails with some mail providers. The updates are rolling out now, although there are already minor updates in beta. Apple releases iOS 14.0.1 with default app setting fix
  10. Configure updates and reboot options for Windows 10 using group policies With Windows 10 1903, Microsoft introduced a new Group Policy setting to speed up the distribution of updates. It overrides a number of older options. In addition, they will soon deprecate several Windows Update settings, giving admins less control. Microsoft has repeatedly introduced new concepts to determine when to download and install updates and when to restart the computer. These concepts are reflected in a long list of settings, some of which are mutually exclusive or no longer have any effect in Windows 10. The aim of all methods is to get security-critical updates to computers as quickly as possible and to set the reboots in such a way that they will not interrupt users' work or even cause them to lose data. Countdown starting with the release of an update ^ The primary goal of the new setting Specify deadlines for automatic updates and restarts is to ensure update distribution as quickly as possible. Therefore, the configured deadlines relate to the patch release dates. A new setting for Windows Update allows you to force the installation of patches within a certain period All previous options for controlling reboots only began counting from the point at which the update was installed and a restart was pending. This applies, for example, to Specify the deadline before a pending restart will automatically be executed outside of active hours. Microsoft only introduced this setting with Windows 10, and it is the predecessor of the new option. Both options let you set your own deadlines for quality and feature updates, up to a maximum of 30 days (the default is 7 days). After the deadlines expire, users can no longer postpone restarting their computers, and updates will take effect immediately afterward. However, the new setting offers two additional options. First, you can set an additional "grace period" so that users do not have to restart their computers immediately after a long absence, for example, after returning to work from a holiday. Interaction with active hours Furthermore, the option Do not restart automatically until end of grace means that computers will only be updated after a manual reboot within the set period. If you do not check this box, Windows will try to find a convenient time for a reboot outside of the "active hours." After the grace period expires, Windows Update will force users to reboot even during working hours. This option has the same effect as the setting Turn off auto-restart for updates during active hours. However, this requires a static definition of the active hours. To prevent restarts during active hours, specify the start and end times Since version 1903, Windows 10 determines the active hours automatically based on user activity. If you want to use this feature, you should therefore avoid defining fixed start and end times. Converting from notifications to reminders During the defined period, the update client changes the way it interacts with the user. In the first few days, it uses toast notifications to alert the user to a pending update. After that, it automatically switches to the Engaged restart reminder, where the user can initiate a reboot immediately, schedule it for a specific time, or simply postpone it. After a few days, Windows 10 switches to the insistent reminder You can explicitly configure the switch from the toast notification to the more urgent version using the setting Specify Engaged restart transition and notification schedule for updates. Here you set the time for the notification change yourself. Up till now, you could configure the changeover of upcoming update notifications exactly, but the new option disallows this However, if you use the new setting to plan the restart, it will override the configuration for this transition. The new option is therefore much more robust than the previous one, which always deactivated itself in case of conflicts. New setting deactivates four old ones The goal is largely to determine the behavior of the update installation and the reboot with a single setting. This is also demonstrated by the fact that it eliminates another important option. Until now, it was possible for users to prevent reboots as long as they were logged in. However, this no longer applies with the new setting. In summary, the new setting overrides four previous ones if they are enabled. These are: Specify the deadline before a pending restart will automatically be executed outside of active hours Specify Engaged restart transition and notification schedule for updates Always automatically restart at the scheduled time No auto-restart with logged-on users for scheduled automatic update installations Various update settings outdated ^ A recent Microsoft white paper contains a table with Group Policy Object (GPO) and mobile device management (MDM) settings for Windows Update that the vendor recommends you should disable. They are either obsolete or will be phased out in the near future. GPO and MDM settings for Windows Update that Microsoft recommends you no longer use Interestingly, this also includes the configuration of automatic updates. As is well known, this setting is required for clients who get their updates from WSUS. Thus, group policies in this respect only catch up with the settings app where automatic update configuration has already disappeared with previous versions of Windows 10. The GUI no longer provides configuration of automatic updates The Microsoft document does not detail the impact of this decision, but in another section, it says that in case of delayed updates, you should check whether Dual Scan was intentionally deactivated, and hence, clients switched back to WSUS. Outlook This means Microsoft apparently considers Dual Scan to be the preferred configuration. Thus, the big picture for the new update management becomes visible. Users should generally obtain OS updates via Windows Update and restrict WSUS to other products such as Office. WSUS support for the Unified Update Platform has not been available to date and may never come, which further confirms this. Client configuration will boil down to a single setting described above, which sets deadlines for installing the updates. It completely defines the system behavior during this phase. It's possible to adjust the power options via GPO to increase the maintenance window for patch management as a complementary action. The goal of these changes is to speed up update distribution by disallowing admins from explicitly approving patches as in WSUS. And users can only delay rebooting their computers up to a maximum of 30 days after an update's release. The same timeframe is available to admins in Windows Update for Business (WUfB) to postpone quality updates. However, the recommendation in Microsoft's white paper is two to three days. Overall, there's no additional deferral gained by this because with the new setting, the clock is ticking from the time Microsoft releases an update. WUfB also only grants a 30 day delay from the release of a quality update The new setting's importance is also clear because Microsoft has updated the servicing stack of older Windows 10 versions (1709 and later) to support it there also. But to configure it, you need the .admx templates for 1903 or 1909. Source: Configure updates and reboot options for Windows 10 using group policies (4sysops)
  11. Microsoft will bundle updates to streamline patching Microsoft plans to change how it delivers updates to some parts of Windows 10, saying the new bundling tactic will end confusion and streamline the OS's regular refreshes. Stadtratte / Getty Images Microsoft this week changed how it will deliver updates to the parts of Windows 10 that receive and install files from Windows Update, claiming that a new bundling approach will eliminate confusion and streamline the OS's regular refreshes. Up to now, Microsoft has distributed each servicing stack update (SSU) separately from any cumulative update (CU). The new practice will combine the two – SSU and CU – into one package for download and deployment by IT administrators. Most Windows end users would be hard pressed to define SSU, even though their PCs have received numerous examples. Not an update to the Windows Update service itself, an SSU is instead a refresh of the components of Windows 10 needed to receive, verify and install files from that service. SSUs are a necessary part of the Windows servicing and maintenance ecosystem, as Microsoft makes plain. "Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates," Microsoft said in a support document. "If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes." But because SSUs have been issued separately from CUs – and the fact that a given CU may require a specific SSU to already be in place before that CU can be installed – loopholes to confusion existed. "First, it doesn't occur every month," said Aria Carley, a Microsoft program manager, in a post to a company blog, referring to appearances of SSU. "Second, the error message that the [CU installation] failure can produce, 'update isn't applicable,' doesn't make the root cause immediately apparent." This separate distribution of SSUs and CUs will stop, at least for some Windows 10 users. Customers running Windows 10 2004, the feature upgrade Microsoft released in late May, who have installed the September SSU will (in the future) see "a single cumulative monthly update ... that includes the month's cumulative fixes and the appropriate servicing stack updates for that month, if applicable," according to Carley. At some point – Microsoft didn't make it clear when this would kick in – IT administrators using WSUS (Windows Server Update Services) or Microsoft Catalog will be able to retrieve a combined update package. Likewise, the accompanying support document will include information on both the SSU and CU. "The SSU and CU will be packaged together, and the client will orchestrate the installation," Carley wrote. "Select the monthly cumulative update you want to deploy, and we will take care of the rest!" For now, only Windows 10 2004 will be eligible to receive these combined SSU+CU packages. But Microsoft implied that it would extend the functionality to more versions down the road; almost certainly, those versions will include Windows 10 20H2, the minor upgrade slated to ship this fall. Microsoft will bundle updates to streamline patching
  12. Microsoft releases Windows 10 builds 18363.1110, 17763.1490 - here's what's new Patch Tuesday was only last week, but that can only mean one thing: it's time for more patches. Indeed, it's time for what Microsoft calls C week updates, since Microsoft uses letters to indicate the week of the month. C and D week updates are always optional, so you have to explicitly opt into taking them. The updates arriving today are for Windows 10 versions 1909, 1903, and 1809, which are three of the four supported versions of the OS for consumers. If you're on version 1909 or 1903, you'll get KB4577062, bringing the build number to 18363.1110 or 18362.1110, respectively. You can manually download it here, and these are the highlights: Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051. Updates an issue that causes certain apps to go into an unwanted repair cycle. As a result, a user cannot use that app during that time. Updates an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming. Updates an issue to reduce the likelihood of missing fonts. Updates an issue that causes a device to stop responding after you have been using a pen for several hours. Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD). Here's the full list of fixes: Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051. Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge. Addresses an issue that causes certain apps to go into an unwanted repair cycle. As a result, a user cannot use that app during that time. Addresses an issue that, in certain scenarios, causes applications to stop working if they are created using Visual Basic for Applications (VBA). The error is, “Class not registered” error. Addresses an issue that might display an empty black screen when a device is connecting to a Windows Virtual Desktop (WVD) machine. Addresses an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming. Addresses an issue that causes a stop error when the initialization of the graphics adapter fails. Addresses an issue to reduce the likelihood of missing fonts. Addresses an issue that causes a device to stop responding after you have been using a pen for several hours. Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid. Addresses an issue in which selecting I forgot my Pin from Settings>Accounts>Sign-in options fails in a Windows Hello for Business On-Premise deployment. Addresses an issue that causes File Explorer to close unexpectedly when you use a Ribbon shell extension under specific circumstances. Addresses an issue that affects default application associations during certain upgrade scenarios. This might cause numerous toast notifications to appear when you first sign in after the upgrade. Addresses an issue that generates a "No features to install" message when you add a feature, even if you provide administrative credentials. Addresses an issue that causes a stop error when using Microsoft Surface Slim Pen on certain editions of Microsoft Surface Pro X or Microsoft Surface Laptop 3. Updates 2021 time zone information for Fiji. Addresses stop error 0xC2 in usbccgp.sys. Addresses an issue that causes random line breaks when you redirect PowerShell console error output. Addresses an issue with creating HTML reports using tracerpt. Allows the DeviceHealthMonitoring Cloud Service Plan (CSP) to run on Windows 10 Business and Windows 10 Pro editions. Addresses an issue that prevents the content under HKLM\Software\Cryptography from being carried over during Windows feature updates. Addresses an issue that displays an error that states that a smart card PIN change was not successful even though the PIN change was successful. Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag. Addresses an issue that prevents you from enabling BitLocker after installing the Server Core App Compatibility Feature on Demand (FOD). Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances. Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only. Addresses an issue, which occurs after an update, that causes devices that have the Dynamic Root of Trust for Measurement (DRTM) enabled to unexpectedly reset when hibernating. Updates the configuration of Windows Hello Face recognition to work well with 940nm wavelength cameras. Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD). Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate. Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer System Interface (SCSI) command. Addresses an issue that prevents Always On VPN (AOVPN) from automatically reconnecting when resuming from Sleep or Hibernate. Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID. Addresses an issue that fails to log events 5136 for group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control. Addresses an issue with the Microsoft Cluster Shared Volumes File Systems (CSVFS) driver that prevents Win32 API access to SQL Server Filestream data. This occurs when the data is stored on a Cluster Shared Volume in a SQL Server failover cluster instance, which is on an Azure VM. Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks. Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents(). Addresses an issue that causes applications stop working when they use Microsoft’s Remote Desktop sharing APIs. The breakpoint exception code is 0x80000003. Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway. Adds support for certain new Windows Mixed Reality motion controllers. Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the RDP client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard". If you're still on Windows 10 version 1809, you'll get KB4577069, bringing the build number to 17763.1490. You can manually download it here, and these are the highlights: Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051. Updates an issue to reduce the likelihood of missing fonts. Updates an issue that causes applications to close unexpectedly when a user inputs East Asian characters after changing the keyboard layout. Updates an issue that causes Microsoft Office applications to close unexpectedly when using a Korean Input Method Editor (IME). Here's the full list of fixes: Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051. Addresses an issue with using Group Policy Preferences to configure the homepage in Internet Explorer. Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge. Addresses an issue that might generate the error ”0x80704006. Hmmmm…can’t reach this page” when using Microsoft Edge Legacy. This issue occurs when you attempt to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue. Addresses an issue that displays nothing on the screen for 5 minutes or more during the Remote Desktop Protocol (RDP) session. Addresses an issue that, in certain scenarios, causes applications to stop working if they are created using Visual Basic for Applications (VBA). The error is, “Class not registered” error. Addresses an issue that might display an empty black screen when a device is connecting to a Windows Virtual Desktop (WVD) machine. Addresses an issue that causes Cortana to stop working on multiuser devices when you install, uninstall, and reinstall the same update. Addresses an issue that causes a stop error when the initialization of the graphics adapter fails. Addresses an issue to reduce the likelihood of missing fonts. Addresses an issue that displays a black screen momentarily when an application calls the Desktop Window Manager (DWM) Thumbnail API. Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid. Addresses an issue that causes File Explorer to close unexpectedly when you use a Ribbon shell extension under specific circumstances. Addresses an issue that generates a "No features to install" message when you add a feature, even if you provide administrative credentials. Provides the ability to set a Group Policy that displays only the domain and username when you sign in. Addresses an issue that affects default application associations during certain upgrade scenarios. This might cause numerous toast notifications to appear when you first sign in after the upgrade. Addresses an issue that causes applications to close unexpectedly when a user inputs East Asian characters after changing the keyboard layout. Updates 2021 time zone information for Fiji. Addresses an issue that affects the Microsoft’s System Centre Operations Manager’s (SCOM) ability to monitor a customer's workload. Addresses a performance issue that occurs when PowerShell reads the registry to check if the ScriptBlockLogging registry key is in the registry. Addresses an issue with creating HTML reports using tracerpt. Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances. Addresses an issue that prevents the content under HKLM\Software\Cryptography from being carried over during Windows feature updates. Addresses an issue that prevents you from enabling BitLocker after installing the Server Core App Compatibility Feature on Demand (FOD). Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag. Addresses an issue that prevents a call to NCryptGetProperty() from returning the correct pbOutput value when pszProperty is set to "Algorithm Group" and you are using a Trusted Platform Module (TPM) 1.2 device. Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only. Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically. Addresses an issue that might redirect Software Load Balancing (SLB) traffic to a different host when that traffic goes through a multiplexer. This causes the connection to an application to fail. Adds new functionality to the robocopy command. Adds Secure Sockets Layer (SSL) certificate authentication over HTTP/2. Addresses an issue that prevents Always On VPN (AOVPN) from automatically reconnecting when resuming from Sleep or Hibernate. Addresses an issue that causes Microsoft Office applications to close unexpectedly when using a Korean Input Method Editor (IME). Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID. Addresses an issue that fails to log events 5136 for group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control. Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks. Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents(). Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway. Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the RDP client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard". This one also has one known issue to be aware of: Symptom Workaround After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release. As mentioned above, these updates are optional, so you can get them via Windows Update, but you have to opt in. If you don't take them, the fixes will be bundled into next month's Patch Tuesday updates. Microsoft releases Windows 10 builds 18363.1110, 17763.1490 - here's what's new
  13. Microsoft releases Windows 10 build 19041.508, 18363.1082 - here's what's new Today is the second Tuesday of the month, making it Patch Tuesday. And that means that all supported versions of Windows are getting updates. For Windows 10, that still means all versions except for one, version 1511. For those that are on the latest version of Windows 10, version 2004, and also for Insiders on 20H2, you'll get KB4571756, bringing the build number to 19041.508 and 19042.508, respectively. You can manually download it here, and these are the highlights: Updates to improve security when using input devices (such as a mouse, keyboard, or pen). Updates to improve security when Windows performs basic operations. Updates for storing and managing files. Updates to improve security when using Microsoft Office products. Here's the full list of fixes: Addresses an issue with a possible elevation of privilege in windowmanagement.dll. Addresses a security vulnerability issue with user proxies and HTTP-based intranet servers. After installing this update, HTTP-based intranet servers cannot leverage a user proxy by default to detect updates. Scans using these servers will fail if the clients do not have a configured system proxy. If you must leverage a user proxy, you must configure the behavior using the Windows Update policy “Allow user proxy to be used as a fallback if detection using system proxy fails.” This change does not affect customers who secure their Windows Server Update Services (WSUS) servers with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. For more information, see Ensuring clients stay secure, changes to scans against Windows Server Update Service (WSUS) servers. Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Fundamentals, Windows Management, Windows Kernel, Windows Virtualization, Windows Storage and Filesystems, the Microsoft Scripting Engine, and the Microsoft JET Database Engine. There's also one known issue to be aware of: Symptom Workaround Users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text. For more information about the issues, workaround steps, and the currently resolved issues, please see KB4564002 Those on Windows 10 versions 1909 and 1903 will get KB4574727, bringing the build number to 18363.1082 and 18362.1082, respectively. You can manually download it here, and these are the highlights: Updates to improve security when Windows performs basic operations. Updates to improve security when using input devices (such as a mouse, keyboard, or pen). Updates to improve security when using Microsoft Office products. Here's the full list of fixes: Addresses a security vulnerability issue with user proxies and HTTP-based intranet servers. After installing this update, HTTP-based intranet servers cannot leverage a user proxy by default to detect updates. Scans using these servers will fail if the clients do not have a configured system proxy. If you must leverage a user proxy, you must configure the behavior using the Windows Update policy “Allow user proxy to be used as a fallback if detection using system proxy fails.” This change does not affect customers who secure their Windows Server Update Services (WSUS) servers with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. For more information, see Ensuring clients stay secure, changes to scans against Windows Server Update Service (WSUS) servers. Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Fundamentals, Windows Management, Windows Kernel, Windows Virtualization, the Microsoft Scripting Engine, and the Microsoft JET Database Engine. For those that are on Windows 10 version 1809, you'll get KB4570333, bringing the build number to 17763.1457. You can manually download it here, and these are the highlights: Updates to improve security when using Microsoft Office products. Updates to improve security when using input devices such as a mouse, keyboard, or pen. Updates to improve security when Windows performs basic operations. Updates for storing and managing files. Here's the full list of fixes: Addresses a security vulnerability issue with user proxies and HTTP-based intranet servers. After installing this update, HTTP-based intranet servers cannot leverage a user proxy by default to detect updates. Scans using these servers will fail if the clients do not have a configured system proxy. If you must leverage a user proxy, you must configure the behavior using the Windows Update policy “Allow user proxy to be used as a fallback if detection using system proxy fails.” This change does not affect customers who secure their Windows Server Update Services (WSUS) servers with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. For more information, see Ensuring clients stay secure, changes to scans against Windows Server Update Service (WSUS) servers. Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Fundamentals, Windows Management, Windows Kernel, Windows Virtualization, Windows Storage and Filesystems, the Microsoft Scripting Engine, and the Microsoft JET Database Engine. There are two known issues in this update: Symptom Workaround After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release. After installing KB4550969 or later, when using Microsoft Edge Legacy, you might receive the error,”0x80704006. Hmmmm…can’t reach this page” when attempting to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue. To mitigate this issue, you can do one of the following: Update to the new, Chromium-based Microsoft Edge and configure it to allow the port used for the affected site. See the note below. Use Internet Explorer 11 to access the website. Update Windows 10 to a newer version. Configure the website to use a standard port on the server side. Don’t use a port that is listed in the Fetch Standard specification under bad ports or port blocking. Note The new, Chromium-based Microsoft Edge will also fail to connect to websites on non-standard ports by default. This is an expected behavior. However, you can allow sites on the affected non-standard port by using the parameter --explicitly-allowed-ports=####, where #### is the port you require. For example, when you need to access a website on port 6667, type c:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe--explicitly-allowed-ports=6667 We are working on a resolution and will provide an update in an upcoming release. While versions 1809 and above are still supported for all SKUs, older versions are only supported for certain SKUs. Version KB Build Download Support 1803 KB4577032 17134.1726 Update Catalog Enterprise and Education SKUs 1709 KB4577041 16299.2107 Update Catalog 1703 KB4577021 15063.2500 Update Catalog Surface Hub only 1607 KB4577015 14393.3930 Update Catalog Long-Term Servicing Branch 1507 KB4577049 10240.18696 Update Catalog As usual, you can grab the update that corresponds to your version of Windows 10 manually, you can push it to install through Windows Update, or you can wait for it to be installed automatically. Microsoft releases Windows 10 build 19041.508, 18363.1082 - here's what's new
  14. Microsoft releases new Intel microcode updates for all supported Windows 10 versions Microsoft has released new Intel microcode updates for all supported Windows 10 versions that revise mitigation for four Microarchitectural Data Sampling (MDS) threats. The updates are being made available via the Update Catalog for all users. However, users running certain versions of Intel’s processors will receive the updates through Windows Update. Microcode updates are aimed at patching hardware vulnerabilities that require not only a software fix, but also firmware level changes. The best examples of such updates are the Spectre and Meltdown vulnerabilities that required multiple software and microcode updates. The recent updates target multiple processor generations – across desktops and laptops. The following KB articles for the respective Windows 10 versions provide more information on the list of processors being patched: Version KB Article Windows 10 (version 1507) KB4494454 Windows 10 version 1607 KB4494175 Windows 10 version 1703 KB4494453 Windows 10 version 1709 KB4494452 Windows 10 version 1803 KB4494451 Windows 10 version 1809 KB4494174 Windows 10 version 1903 and version 1909 KB4497165 Windows 10 version 2004 KB4558130 The updates also apply to the corresponding Windows Server versions, such as Windows Server 2016 and 2019. Users can head to the Update Catalog here and search for the relevant KB articles to download the updates manually. You can also head to the pages to search for the processor generations for which the updates are being served through Windows Update. Source: Microsoft via BleepingComputer Microsoft releases new Intel microcode updates for all supported Windows 10 versions
  15. Microsoft Patch Alert: September 2020 The September patches kicked up a bit of dust, but things look pretty stable now. I’m still skeptical of Windows 10 version 2004, but it’s getting closer to stable. Give it another month. Thinkstock/Microsoft What September’s patching frenzy lacked in fireworks, it more than compensated for in volume – and belligerence. Server 2016 hiccups on Security Options. Win10 version 2004 surprises – Lenovo still hasn’t fixed its Blue Screen-inducing Biometric Security setting; the TRIM function still tries to trim spinning hard disks; for some, Start goes wonky, Action Center disappears, and there’s the usual litany of odd, one-off bug reports. As of early today, we’re still waiting for the Win10 version 2004 “optional, non-security, C/D/E Week” patch, but all of the other expected September patches are in. Defrag woes in Win10 version 2004 largely fixed, but TRIM still nips As I’ve mentioned many times, Windows 10 version 2004 shipped with a bug that causes the Windows Optimizer Drives defrag tool to skip updating the completion date on defrag runs. As a result, defrags occur much more frequently than necessary. Microsoft has known about the bug since January – months before 2004 shipped -- but didn’t bother to acknowledge it until a fix appeared this month. This month’s fix, in the September cumulative update for Win10 version 2004, doesn’t fix another defrag bug. The still-outstanding bug has Windows run the TRIM function on hard disks. (TRIM should only be run on SSDs.) Again, Microsoft has known about the bug for many months. Again, it hasn’t been officially acknowledged. Windows Server 2016 throws an MMC error After you install the September cumulative update on Server 2016, KB 4577015, navigating the Group Policy Editor to Computer Configuration > Windows Setting > Security Settings > Local Policy > Security Options throws the wsecedit.dll error shown in the screenshot below. Microsoft Microsoft lists the bug in its Windows Release Information Status page as “Mitigated,” but the only fix I’ve seen (other than coming in through a remote back door) is on Günter Born’s Tech and Windows World page. Lenovo ThinkPads get the Biometric Security blues Microsoft still hasn’t fixed the bug that triggers a blue screen on Win10 version 2004 Lenovo computers (and possibly some other brands) that have Enhanced Windows Biometric Security enabled in the UEFI. That bug appeared in the July “optional, non-security, C/D/E Week update” and continued in both the August and September cumulative updates. As Microsoft explains it: The device experiences a Stop error (also known as a bugcheck or blue screen error). The codes that are associated with the error are “SYSTEM_THREAD_EXCEPTION_NOT_HANDLED” (in the Stop error message screen) and “0xc0000005 Access Denied” (in memory dumps files and other logs). The associated process is ldiagio.sys. Lenovo has published a workaround – instructions for disabling Windows Biometric Security. Once again, Microsoft hasn’t written about the bug in the Windows Release Information Status page, nor has it mentioned the problem in the associated Knowledge Base articles. It’s clear that the Lenovo firmware is at fault, but there’s been no fix in almost three months. Windows Subsystem for Linux 2 in Win10 version 2004 broke For all two of you who actually use Linux under Win10, there’s a hard bug that throws an “Element not found” error. I talked about it shortly after the September cumulative update appeared. Microsoft fixed the problem in the latest non-security patch for Win10 version 20H2 – that’s the next version of Windows, due to be released any day now. But it hasn’t been fixed for version 2004. I expect we’ll see a fix in the anticipated “optional, non-security, C/D/E Week” patch for version 2004, which could arrive in the next week. Or two. Blue screens, Start funnies, Action Center woes in Win10 version 2004 I don’t want you to think that I’m picking on version 2004, but there are even more reports of odd behavior in 2004 after installing the September cumulative update, KB 4571756. Mayank Parmar at Windows Latest gives the details: Performance issues, Start Menu crashes, sign-in issues, temporary user profile bug, Blue Screen of Death, and a raft of other minor bugs. In summary, Win10 version 2004 continues to receive an enormous number of bug fixes every month. Very few – almost none – of the bugs are listed on the official Release Information Status page. Even bugs that have been reported extensively on Microsoft’s Answers Forum, and in the Feedback Forum – even bugs that have been around for months – don’t seem to warrant inclusion on Microsoft’s official bug list. If you think Win10 version 2004 is ready for prime time, I have some serious study material for you. But 2004 is rolling out, even where it’s not wanted Every time we get a new version of Windows, I hear complaints from people who get their machines pushed onto the new version, even though they don’t want it – even though they actively block the upgrade, and swear they didn’t click anything to allow the new bits onto their machine. Most of the time, there’s enough shadow-of-a-doubt to dismiss the unwanted upgrades as user error. This time, though, Patch Lady Susan Bradley has a machine that got bit – pushed from version 1909 to version 2004 without permission – and she knows Windows Update better than anybody. “I didn’t click to approve to install this.” Did you get pushed? Under what circumstances? Join the discussion. This month also saw an Outlook 365 bug, introduced with the latest updates: Changing a contact threw a “Your changes cannot be saved” error. Microsoft fixed that one a few days after it appeared. Patching problems? Hit us on AskWoody.com. Microsoft Patch Alert: September 2020
  16. Windows 10 KB4565351 & KB4566782 updates plagued with issues Windows as a Service is updated frequently with fixes and improvements. On August 11, Microsoft published the latest batch of monthly security updates for Windows 10 version 1909, version 1903, and version 2004. Users are now reporting that the Windows 10’s August 2020 cumulative updates fail with an uninformative error message of some variety. Windows 10 KB4565351 and KB4566782 are causing installation problems for users whose machines run the November 2019 Update (1909) and May 2020 Update (version 2004). When installing Windows 10 KB4565351 (v1909) and KB4566782 (v2004), users are saying that they are being greeted with unhelpful error messages, including 0x800f0988, 0x800f081f, and 0x800f08a. “There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x800f081f),” one of the error messages reads. Windows 10 KB4566782 installation issues The installation issue appears to be hitting both Windows 10 KB4566782 (version 2004) and KB4565351 (version 1909/1903). The most-reported error code is 0x800f081f and it could be related to missing files in the WinSXS folder that stores different copies of DLL and system files. “Can not install KB4566782 on two completely separate computers, one at work, one at the office. It restarts, keeps rotating on a black screen and eventually unable to be installed when you reboot,” one user noted on Twitter. The issue has also been reported by users on Microsoft’s community forum, Reddit, and Feedback Hub. While there’s no official workaround, you can try manually downloading and installing the cumulative update from the Microsoft Update Catalog. This could allow you to install the updates when the automatic installation is failing. To fix Windows Update error code 0x800f081f, manually install the patch by following these steps: Open the Microsoft Update Catalog website. Enter the update package number into the search bar. Highlight the correct version that’s compatible with your PC. Click ‘Download’ next to the update package. Click on .msu link to download it. Double-click on .msu file to apply the update. Reboot. Alternatively, you can pause the update that caused the installation in the first place. This can be found by going to Settings -> Update and Security -> Windows Update -> Pause updates. Apparently, this doesn’t seem to have worked for everyone and people are still failing to install Windows 10 August 2020 cumulative updates. If nothing works for you, it might be better to wait until Microsoft refreshes the update package on Windows Update. Other problems It’s worth noting that Windows 10 KB4565351 is also breaking audio for some users and there are reports of Blue Screen of Death with “SYSTEM THREAD UNHANDLED EXCEPTION” error on Feedback Hub. In a Reddit post, one user noted that KB4565351 trashed the audio drivers with “no audio output is enabled” error. Likewise, another user observed that the sound stops coming from their USB headphones when the update is applied. Windows 10 KB4565351 & KB4566782 updates plagued with issues
  17. Windows 10 microcode updates to fix new Intel CPU security issues Microsoft has released a number of new Intel microcode updates for the company's Windows 10 operating system that address recently discovered security flaws in Intel processors. Microcode updates are released by Intel to provide Microsoft with patches that either fix security flaws outright or at least mitigate them if fixing is not possible. The latest vulnerability in Intel processors was discovered by researchers from the University of Graz and the University of Birmingham. The researchers named the vulnerability PLATYPUS, an acronym for Power Leakage Attacks: Targeting Your Protected User Secrets. The attack uses Intel's RAPL interface -- Running Average Power Limit -- to monitor energy consumption on a device. The researchers managed to "reconstruct entire cryptographic keys" by exploiting the vulnerability. We demonstrate this by recovering AES keys from the side-channel resilient AES-NI implementation, as well as RSA keys from an Intel SGX enclave. In addition, we distinguish different Hamming weights of operands or memory loads, threatening constant-time implementations of cryptographic algorithms. Microsoft released the updates for Windows 10 version 1507 and newer, and Windows Server 2016 and newer. The updates are available on Windows Updates and also as direct downloads from the Microsoft Update Catalog website. The new microcode updates add support for the following processors: Avoton, Sandy Bridge E, EN, EP, EP4S, Sandy Bridge E, EP, Valley View / Baytrail. Here are the support page links: KB4589212 -- Windows 10 version 2004 and 20H2, Windows Server version 2004 and 20H2 KB4589211 -- Windows 10 version 1903 and 1909, Windows Server version 1903 and 1909 KB4589208 -- Windows 10 version 1809, Windows Server 2019 KB4589206 -- Windows 10 version 1803 KB4589210 -- Windows 10 version 1607, Windows Server 2016 KB4589198 -- Windows 10 version 1507 The following links point to the Microsoft Update Catalog website: KB4589212 -- Windows 10 version 2004 and 20H2, Windows Server version 2004 and 20H2 KB4589211 -- Windows 10 version 1903 and 1909, Windows Server version 1903 and 1909 KB4589208 -- Windows 10 version 1809, Windows Server 2019 KB4589206 -- Windows 10 version 1803 KB4589210 -- Windows 10 version 1607, Windows Server 2016 KB4589198 -- Windows 10 version 1507 Note: it is recommended that you verify that the processor that is installed on a device is compatible with the updates. You can check the support pages to find out if the installed processor is listed on the site as compatible. Do the following if you don't know the exact processor model: Use the keyboard shortcut Windows-Pause to open the System Control Panel applet / Settings page. There you find listed the processor, e.g. Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz 4.01 GHz Copy the information, in this case i7-6700K, and search on Microsoft's support page for the term. If you get a hit, the processor is supported. Windows 10 microcode updates to fix new Intel CPU security issues
  18. Microsoft releases Windows 10 builds 19042.610, 19041.610 - here's what's new It's not uncommon for Microsoft to release optional cumulative updates for various versions of Windows 10 throughout the month, and one of them is being released today. If you're on one of the latest versions of Windows 10, you've got an update waiting for you. Specifically, the update is KB4580364, and it's available for Windows 10 versions 20H2 and 2004, bringing the build number to 19042.610 and 19041.610, respectively. You can manually download it here, and these are the highlights: Introducing Meet Now in the Windows 10 Taskbar Earlier this year we introduced Meet Now in Skype. Meet Now makes it easy to connect with anyone in as little as two clicks for free and each call can last up to 24 hours. Today, we’re excited to share that we will be extending this capability in Windows 10 by bringing Meet Now right to the taskbar. In the coming weeks, you will be able to easily set up a video call and reach friends and family in an instant by clicking the Meet Now icon in the taskbar notification area. No sign ups or downloads needed. Updates an issue that causes a device to stop responding after you have been using a pen for several hours. Here's the full list of fixes: Addresses an issue with using Group Policy Preferences to configure the homepage in Internet Explorer. Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode. Addresses an issue with untrusted URL navigations from Internet Explorer 11 by opening them in Microsoft Defender Application Guard using Microsoft Edge. Addresses an issue that occurs when using the full suite of developer tools in Microsoft Edge for remote debugging on a Windows 10 device. Addresses an issue that displays nothing on the screen for five minutes or more during the Remote Desktop Protocol (RDP) session. Addresses an issue that prevents certain Windows Virtual Desktop (WVD) users from searching for files using File Explorer. Addresses an issue that causes a device to stop responding after you have been using a pen for several hours. Addresses an issue that causes an application to stop responding temporarily, which causes extra z-order operations that affect the Window.Topmost property of a window. Addresses an issue that might cause Dynamic Data Exchange (DDE) apps to stop working. Addresses an issue that occurs when you first sign in to an account or unlock an existing user session using Remote Desktop Services (RDS). If you enter an incorrect password, the current keyboard layout changes unexpectedly to the system default keyboard layout. This keyboard layout change might cause additional attempts to sign in to fail or lead to account lockouts in domains with low account lockout thresholds. Addresses an issue that displays the incorrect CPU frequency for certain processors. Addresses a performance issue that occurs when PowerShell reads the registry to check if the ScriptBlockLogging registry key is in the registry. Addresses an issue that randomly changes the time offset of the time format returned by the command WMIC.exe OS Get localdatetime/ value. Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) from assigning the Microsoft Outlook Signatures. Addresses an issue that prevents Hybrid Azure Active Directory joined devices from updating portal information when a device name or Windows version changes. Addresses an issue that might prevent the Smart Cards for Windows service from starting. Adds a new Microsoft Event Tracing for Windows (ETW) provider named "Microsoft-Antimalware-UacScan". This ETW provider reports the details of the context for each User Account Control (UAC) request in the ETW provider manifest. Addresses an issue with virtual private network (VPN) connections that use Secured Password (EAP-MSCHAP v2) for authentication and have enabled the “Automatically use my Windows logon user name and password” property. When you connect to this type of VPN, an authentication dialog box incorrectly prompts for your credentials. Displays Recovery Partitions in the diskpart utility. Addresses an issue that causes stop error 0xd1 in msiscsi.sys. This issue occurs when moving certain arrays from one cluster node to another. Addresses an issue that causes the IAutomaticUpdatesResults::get_LastInstallationSuccessDate method to return 1601/01/01 when there are no active updates. Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Windows Defender Application Control (WDAC). Addresses an issue with SQL Server that might cause performance issues if you configure a Linked Server provider to load out-of-process. Addresses an issue that might degrade Windows performance and prevent the LanmanServer service from starting when third-party software uses LanmanServer custom file system controls (FSCTL). Addresses an issue with deduplication that causes long wait times on Resilient File System (ReFS) Cluster Shared Volumes (CSV). Addresses an issue that might prevent some applications from behaving correctly. This occurs when you publish them as Remote Application Integrated Locally (RAIL) applications using RDS and change the docking for an AppBar window. Addresses an issue with a deadlock in the Transmission Control Protocol/Internet Protocol (TCPIP) driver that causes the operating system to stop working or stop responding. Addresses an issue that causes the Routing and Remote Access Service (RRAS) to stop responding for new connections. However, RRAS continues working for existing connections. Addresses an issue that causes the RRAS administrator Microsoft Management Console (MMC) to stop responding randomly when you are performing administrative tasks or at startup. Addresses an issue with starting Windows Subsystem for Linux 2 (WSL2) on ARM64 devices that occurs after installing KB4579311. Finally, there's one known issue: Symptom Workaround Users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text. For more information about the issues, workaround steps, and the currently resolved issues, please see KB4564002 As always, you can grab the update through Windows Update. Being optional, you do have to opt into taking it if you want it. If you don't, these fixes will be bundled in with November's Patch Tuesday update. Microsoft releases Windows 10 builds 19042.610, 19041.610 - here's what's new
  19. 0Patch promises to provide security updates for out-of-support Office 2010 Support for Microsoft Office 2010 ended in October 2020. Microsoft released a last batch of security updates for Office 2010 on the October 13, 2020 Patch Day before it changed the status of the application to unsupported. Not all Office 2010 customers will stop using the software program, and it is possible that Office 2010 vulnerabilities will be detected in the future that could leave the systems open to attacks targeting unpatched vulnerabilities. Microsoft does not offer an Extended Security Updates (ESU) for Office 2010 that extends support for Enterprise and business customers. Windows 7 customers could extend support by up to three years after support ended on January 14, 2020. via oPatch 0Patch, a security company that has created a micro-patching solution, has pledged to deliver security updates for Microsoft Office 2010 after support end similarly to it releasing security updates for Windows 7 and Server 2008 R2 systems after support ended. The company plans to offer the service to paying customers only; this is different from the Windows 7 micropatches that it pledged to create as some of these were published without charge to free users. The FAQ reveals that specific patches may be released for free, e.g. to "help slow down a global worm outbreak". The requirements for receiving post End of Service updates for Office 2010 are: A fully patched Office 2010 installation. Installation of 0Patch Agent on devices running Office 2010 and registration of the Agent with the 0Patch account. 0Patch Pro or 0Patch Enterprise licenses. (a Pro license starts at €22.95 + tax per computer and year, and it is available to Home users as well). Allow the Office 2010 device to connect to the 0Patch server. 0Patch plans to support Office 2010 until October 2021 in the beginning, but it may extend support if there is enough customer interest. The company uses several sources to determine whether Office 2010 is affected by a vulnerability. From checking if newly discovered vulnerabilities for in-support versions of Office affect Office 2010 to collecting vulnerability information from the security community, public sources, and its partners. Not all security issues will be patched, as vulnerabilities need to have a high risk associated with them in the company's assessment to warrant the creation of micropatches. Closing Words Home users may use the service but it is certainly of more interest to companies and Enterprise customers who still have Office 2010 installations on company hardware. Extension of security updates may help extend the migration period to a new version of Office or another Office solution. 0Patch promises to provide security updates for out-of-support Office 2010
  20. Microsoft rolls out updates for Surface Book 3, Laptop 3, and Pro 7 A handful of Microsoft's Surface devices are getting a slew of driver and firmware updates this week, including the Surface Laptop 3, Book 3, and Pro 7. All of the devices getting updates are powered by Intel Ice Lake processors, and a few of the updates appear to be the same across the different devices. Starting with the Surface Book 3, which launched earlier this year, the updates address a few different areas, including wireless communications, audio, and the display. Here's the full list: Windows Update History Name Device Manager Name Version and Update Realtek Semiconductor Corp. - Media - 6.0.8936.1 Realtek High Definition Audio (SST) - Sound, video, and game controllers 6.0.8936.1 Improves audio performance and resolves the associated system bugcheck. Surface – System – 22.27.139.0 Surface Integration – System devices 22.27.139.0 Improves integration between system services Surface - Monitor - 3.101.139.0 Surface Panel - Monitor 3.101.139.0 Resolves low brightness issues and improves the device color profile performance. Surface – System – 2.29.137.0 Surface System Telemetry Driver 2.29.137.0 Facilitates power and thermal related data analysis. Intel - net - 21.110.3.2 Intel(R) WiFi 6 AX201 160MHz - Network adapters 21.110.3.2 Improves Wi-Fi stability. Intel Corporation - Bluetooth - 21.110.0.3 Intel(R) Wireless Bluetooth - Bluetooth 21.110.0.3 Improves Bluetooth stability. Moving on to the Surface Laptop 3, the new updates are only for the Intel-based models, as the AMD-powered variants were updated a few days ago. For the sake of keeping the list more manageable, the Wi-Fi and Bluetooth updates are exactly the same ones listed above. Additionally, you should see the following: Windows Update History Name Device Manager Name Version and Update Surface - Monitor - 4.28.139.0 Surface Panel - Monitor 4.28.139.0 Resolves low brightness issues and improves the device color profile performance. Realtek Semiconductor Corp. - SoftwareComponent - 11.0.6000.92 Realtek Hardware Support Application - Software components 11.0.6000.92 Resolves the application crash during audio scenario. Realtek Semiconductor Corp. - Media - 6.0.8936.1 Realtek High Definition Audio (SST) - Sound, video, and game controllers 6.0.8936.1 Improves audio performance and battery life. Realtek Semiconductor Corp. - Extension - 6.1.0.6 Realtek High Definition Audio (SST) Extension - no Device Manager notes 6.1.0.6 Improves integration between system services. Finally, the Surface Pro 7 shares the same Wi-Fi, Bluetooth, and monitor-related updates as the Surface Laptop 3. Additionally, it has the following updates: Windows Update History Name Device Manager Name Version and Update Surface – Firmware – 14.310.139.0 Surface System Aggregator – Firmware 14.310.139.0 Improves system stability and system telemetry reporting. Realtek Semiconductor Corp. - SoftwareComponent - 11.0.6000.92 Realtek Hardware Support Application - Software components 11.0.6000.92 Improves audio performance while streaming content. Realtek Semiconductor Corp. - Media - 6.0.8936.1 Realtek High Definition Audio (SST) - Sound, video, and game controllers 6.0.8936.1 Improves audio performance and resolves the associated system bugcheck. Realtek Semiconductor Corp. - Extension - 6.1.0.6 Realtek High Definition Audio (SST) Extension - no Device Manager notes 6.1.0.6 Improves integration between system services. As usual, the updates require Windows 10 version 1903 or newer to be installed, which should be the case for everyone, as these devices were all launched after that update was released. It's possible that you won't see the updates right away, since they tend to roll out gradually to all devices. You can wait for them to install automatically or check for updates in Windows Update to see if they show up for you. Microsoft rolls out updates for Surface Book 3, Laptop 3, and Pro 7
  21. In a first, researchers extract secret key used to encrypt Intel CPU code Hackers can now reverse engineer updates or write their own custom firmware. Enlarge Intel 78 with 60 posters participating Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they’re secured. The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot. “At the moment, it is quite difficult to assess the security impact,” independent researcher Maxim Goryachy said in a direct message. “But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates.” Goryachy and two other researchers—Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies—worked jointly on the project. The key can be extracted for any chip—be it a Celeron, Pentium, or Atom—that’s based on Intel’s Goldmont architecture. Tumbling down the rabbit hole The genesis for the discovery came three years ago when Goryachy and Ermolov found a critical vulnerability, indexed as Intel SA-00086, that allowed them to execute code of their choice inside the independent core of chips that included a subsystem known as the Intel Management Engine. Intel fixed the bug and released a patch, but because chips can always be rolled back to an earlier firmware version and then exploited, there’s no way to effectively eliminate the vulnerability. The Chip Red Pill logo. Sklyarov et al. Five months ago, the trio was able to use the vulnerability to access “Red Unlock,” a service mode (see page 6 here) embedded into Intel chips. Company engineers use this mode to debug microcode before chips are publicly released. In a nod to The Matrix movie, the researchers named their tool for accessing this previously undocumented debugger Chip Red Pill, because it allows researchers to experience a chip’s inner workings that are usually off-limits. The technique works using a USB cable or special Intel adapter that pipes data to a vulnerable CPU. Accessing a Goldmont-based CPU in Red Unlock mode allowed the researchers to extract a special ROM area known as the MSROM, short for microcode sequencer ROM. From there, they embarked on the painstaking process of reverse engineering the microcode. After months of analysis, it revealed the update process and the RC4 key it uses. The analysis, however, didn’t reveal the signing key Intel uses to cryptographically prove the authenticity of an update. In a statement, Intel officials wrote: The issue described does not represent security exposure to customers, and we do not rely on obfuscation of information behind red unlock as a security measure. In addition to the INTEL-SA-00086 mitigation, OEMs following Intel’s manufacturing guidance have mitigated the OEM specific unlock capabilities required for this research. The private key used to authenticate microcode does not reside in the silicon, and an attacker cannot load an unauthenticated patch on a remote system. Impossible until now What this means is that attackers can’t use Chip Red Pill and the decryption key it exposes to remotely hack vulnerable CPUs, at least not without chaining it to other vulnerabilities that are currently unknown. Similarly, attackers can’t use these techniques to infect the supply chain of Goldmont-based devices. But the technique does open possibilities for hackers who have physical access to a computer running one of these CPUs. “There’s a common misconception that modern CPUs are mostly fixed in place from the factory, and occasionally they will get narrowly scoped microcode updates for especially egregious bugs,” Kenn White, product security principal at MongoDB, told me. “But to the extent that’s true (and it largely isn’t), there are very few practical limits on what an engineer could do with the keys to the kingdom for that silicon.” One possibility might be hobbyists who want to root their CPU in much the way people have jailbroken or rooted iPhones and Android devices or hacked Sony’s PlayStation 3 console. In theory, it might also be possible to use Chip Red Pill in an evil maid attack, in which someone with fleeting access to a device hacks it. But in either of these cases, the hack would be tethered, meaning it would last only as long as the device was turned on. Once restarted, the chip would return to its normal state. In some cases, the ability to execute arbitrary microcode inside the CPU may also be useful for attacks on cryptography keys, such as those used in trusted platform modules. “For now, there's only one but very important consequence: independent analysis of a microcode patch that was impossible until now,” Positive Technologies researcher Mark Ermolov said. “Now, researchers can see how Intel fixes one or another bug/vulnerability. And this is great. The encryption of microcode patches is a kind of security through obscurity.” In a first, researchers extract secret key used to encrypt Intel CPU code
  22. Microsoft releases Windows 10 build 18363.1237, 17763.1613 with more fixes Just after releasing out-of-band optional updates for supported Windows 10 versions, Microsoft has released additional preview updates for Windows 10 versions 1809, 1903, and 1909. However, unlike the earlier updates that fixed issues with Kerberos authentication – which could only be manually downloaded –, these updates will be offered through Windows Update as optional updates. There are a bunch of bug fixes, with highlights including fixes for an issue with USB 3.0 hubs malfunctioning after a restart. There are also fixes for a bug that causes the Edge browser to launch in the background when users are in tablet mode. Users on Windows 10 version 1909 and 1903 should receive KB4586819, bringing builds 18362.1237 and 18363.1237, respectively. The update will be made available through Windows Update as an optional update and can be downloaded manually from here. Here are the highlights from this update: Updates an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode. Updates an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device. Updates an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device. Updates an issue that might cause games that use spatial audio to stop working. Updates the visual quality of Windows Mixed Reality headsets that run in lower resolution mode. And here is the complete list of fixes: Updates Internet Explorer’s About dialog to use the standard modern dialog. Addresses an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode. Addresses an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device. Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in. Addresses an issue with using Microsoft Changjie that causes apps to stop working because of a stack overflow. Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device. Addresses an issue that might cause Windows to inadvertently modify settings for certain IP cameras that are on the same network as the Windows device. Addresses an issue that might cause games that use spatial audio to stop working. Addresses an issue with leaking Graphics Device Interface (GDI) Font Handles that result in unexpected behaviors in certain applications. Addresses an issue with missing enforced groups in the Start menu layout, which occurs when using mobile device management (MDM) to set the tile groups. Addresses an issue that fails to set the desktop wallpaper as configured by a Group Policy object (GPO) when you specify the local background as a solid color. Addresses an issue with excessive network traffic that occurs when you use the Open File dialog box in File Explorer and browse to a shared folder that has the Previous Version feature available. Addresses an issue with the Search bar in Shell namespace extension products, which causes File Explorer to stop working unexpectedly. Addresses an issue that prevents you from signing in on certain servers. This occurs when you enable a Group Policy that forces the start of a computer session to be interactive. Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfaceenrollment URI. Addresses an issue that generates a 0x57 error when the wecutil ss /c: command is used to update an Event Forwarding subscription. Addresses an issue that might prevent user settings from syncing across devices. Addresses an issue that causes the “I forgot my Pin" functionality on the lock screen to fail. This failure occurs if the user has signed in using a username and password and the DontDisplayLastUserName or HideFastUserSwitching policy settings are enabled. Addresses an issue that causes applications to fail when they call the LookupAccountSid() API. This occurs after migrating accounts to a new domain whose name is shorter than the name of the previous domain. Addresses an issue in which loading a Code Integrity Policy causes PowerShell to leak a large amount of memory. Addresses an issue that causes a system to stop working during startup. This occurs when the CrashOnAuditFail policy is set to 1 and command-line argument auditing is turned on. Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, “MMC cannot initialize the snap-in.” Addresses an issue that fails to free a system’s non-paged pool and requires a restart of the system. This occurs when running 32-bit applications with the Federal Information Processing Standard (FIPS) mode enabled. Addresses an issue that prevents access to Azure Active Directory (AD) using the Google Chrome browser because of a Conditional Access policy error. Improves the visual quality of Windows Mixed Reality headsets that run in lower resolution mode. Extends Microsoft Defender for Endpoint support to new regions. Addresses an issue in the Microsoft Remote Procedure Call (RPC) runtime that causes the Distributed File System Replication (DFSR) service to stop responding. This issue generates log events for DFS Replication (5014), RPC (1726), and no reconnection (5004) for a default timeout of 24 hours with no replication. Addresses an issue that causes a wireless receiver to disconnect during a wireless projection session. Addresses an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files. Addresses an issue that might cause a non-paged pool memory leak in some scenarios. Addresses an issue that might cause a memory leak in bindflt.sys when copying files in a container scenario. Addresses an issue with Active Directory Certificate Services (AD CS) that might prevent Certificate Transparency (CT) logs from being submitted, if enabled. Addresses an issue in which cluster validation tests internal switches that are not for cluster use and re-communication. Users on Windows 10 version 1809 (October 2018 Update) will receive KB4586839, bumping up the build number to 17763.1613. It must be noted, however, that this version of the OS is no longer supported for Windows 10 Home and Pro SKUs. The update can be manually downloaded from the Update Catalog here. The highlights of the fixes include: Updates an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode. Updates an issue that causes the hard drive to fill up in certain error situations. Updates an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device. Here is the complete list of fixes: Updates Internet Explorer’s About dialog to use the standard modern dialog. Addresses an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode. Addresses an issue that causes the hard drive to fill up in certain error situations. Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device. Addresses an issue that generates a 0x57 error when the wecutil ss /c: command is used to update an Event Forwarding subscription. Addresses an issue that causes applications to fail when they call the LookupAccountSid() API. This occurs after migrating accounts to a new domain whose name is shorter than the name of the previous domain. Addresses an issue that causes Windows Defender Application Control to generate too many events related to dynamic code generation. Addresses an issue that causes the “I forgot my Pin" functionality on the lock screen to fail. This failure occurs if the user has signed in using a username and password and the DontDisplayLastUserName or HideFastUserSwitching policy settings are enabled. Addresses an issue that causes a system to stop working during startup. This occurs when the CrashOnAuditFail policy is set to 1 and command-line argument auditing is turned on. Addresses an issue that prevents access to Azure Active Directory (AD) using the Google Chrome browser because of a Conditional Access policy error. Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, “MMC cannot initialize the snap-in.” Addresses an issue that fails to free a system’s non-paged pool and requires a restart of the system. This occurs when running 32-bit applications with the Federal Information Processing Standard (FIPS) mode enabled. Extends Microsoft Defender for Endpoint support to new regions. Addresses high memory and CPU utilization in Microsoft Defender for Endpoint. Addresses an issue in the Microsoft Remote Procedure Call (RPC) runtime that causes the Distributed File System Replication (DFSR) service to stop responding. This issue generates log events for DFS Replication (5014), RPC (1726), and no reconnection (5004) for a default timeout of 24 hours with no replication. Addresses an issue that might cause Dynamic Host Configuration Protocol (DHCP) servers to ignore Link Selection information (DHCP Option 82, sub-option 5) in DHCP Request packets from clients. Addresses an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files. Addresses an issue that might cause a non-paged pool memory leak in a Remote Desktop Protocol (RDP) over virtual private network (VPN) scenario. Addresses an issue that might cause a memory leak in bindflt.sys when copying files in a container scenario. Addresses an issue with Active Directory Certificate Services (AD CS) that might prevent Certificate Transparency (CT) logs from being submitted, if enabled. Addresses an issue that fails to implement the terminal services (termsrv.dll) idle timeout settings. Addresses an issue with the User Datagram Protocol (UDP) rate controller feature that causes Remote Desktop Services (Terminal Services) to intermittently stop working. As a result, all RDP connections are lost. Addresses an issue with incorrect Canonical Display Driver (CDD) buffer flushing, which degrades performance in Remote Desktop Protocol (RDP) Windows 2000 Display Driver Model (XDDM) scenarios. This issue affects applications that use graphics processing units (GPU) to operate, such as Microsoft Teams, Microsoft Office, and web browsers. Both cumulative updates retain the known issues documented with this month’s Patch Tuesday update, and Microsoft says that a fix is in the works for the problems. There are no new issues added to both the OS versions. Microsoft has also noted that it will not be releasing any optional updates in December due to the holiday season. The company will, however, serve the usual Patch Tuesday updates as is the case every month. Microsoft releases Windows 10 build 18363.1237, 17763.1613 with more fixes
  23. Microsoft releases firmware and driver updates for Surface Laptop and Pro devices As part of the regular updates for its Surface devices, Microsoft is rolling out a bunch of firmware updates to the Surface Laptop 1, Laptop 2, Pro 5, and Pro 6 devices. The updates are rolling out to devices running the Windows 10 May 2019 Update (version 1903) or newer and bring a bunch of audio, reliability, and other improvements. The first-gen Surface Laptop updates mostly bring audio performance and playback improvements, in addition to the general system updates to enhance stability. Here is the complete changelog for the update: Windows Update History Name Device Manager Name Version and Update Realtek Semiconductor Corp. - SoftwareComponent - 11.0.6000.92 Realtek Hardware Support Application - Software components 11.0.6000.92 Improves application stability during audio playback. Realtek Semiconductor Corp. - Media - 6.0.8936.1 Realtek High Definition Audio (SST) - Sound, video, and game controllers 6.0.8936.1 Improves audio performance and battery life. Realtek Semiconductor Corp. - Extension - 6.1.0.6 Realtek High Definition Audio (SST) Extension - no Device Manager notes 6.1.0.6 Improves integration between system services. Surface – System – 6.105.139.0 Surface Integration Driver Service – System devices 6.105.139.0 Improves integration between system services. The updates for the Surface Laptop 2 are mostly identical, including the same audio performance improvements. However, the second general clamshell laptop is receiving an additional fix for the Serial Hub Driver that fixes issues with the system experiencing bugchecks. Here is the changelog for the additional driver update: Windows Update History Name Device Manager Name Version and Update Surface - System – 9.49.139.0 Surface Serial Hub Driver – System devices 9.49.139.0 Addresses system bugcheck. Next up are the Surface Pro devices. The update changelogs for the fifth-gen and sixth-gen Surface Pro devices are identical to that of the first-gen Surface Laptop, bringing similar audio and stability fixes to the devices. The company has not listed any known issues with these updates, which is always a good thing. As usual, these firmware releases will be rolled out in a staggered manner, meaning that not all devices will receive the update right away. Again, users of these PCs should be running Windows 10 version 1903 or newer. With this version of the OS soon reaching the end of support next week, Microsoft has already begun force-upgrading users to Windows 10 version 1909, so it shouldn’t be a problem for most users. You can head to Windows Update to check if your device has been offered the updates yet. Microsoft releases firmware and driver updates for Surface Laptop and Pro devices
  24. Microsoft's Windows 10 servicing calendar: a showcase for contradictions The latest calendar concept details when different parts of the Windows 10 upgrade process take place, how each successive refresh syncs with other versions, and how disparate parts of the product line like Windows and Office/Microsoft 365 are scheduled. NiroDesign / Getty Images Windows 10 may be half a decade old, but some things never change. Or if they do, that change comes slowly, in fits, starts, stops and bursts. Witness the recent "Transform Windows feature updates with a servicing calendar" — a piece by James Bell, a senior product marketing manager in the Microsoft 365 deployment group, posted June 18 on the company's Tech Community website. Bell used the space to introduce what he called a "Windows servicing calendar" designed to, as he put it, "shift your Windows 10 servicing cadence from a project-based effort to a more fluid process that aligns across the release cycles of Windows, Office and endpoint management tools, such as Configuration Manager." Essentially, the calendar concept is simply a graphical way to illustrate when different parts of the Windows 10 upgrade process take place, how each successive refresh syncs — or doesn't — with those it follows and precedes, and how disparate parts of Microsoft's product line, notably Windows and Office/Microsoft 365, are also scheduled. Microsoft Microsoft's "Rapid Cadence" servicing calendar illustrates the original upgrade pace for Windows 10, the model that urged (or required) customers to deploy a refresh every six months. The graphical approach is not new. Computerworld has been using it for years to clarify Microsoft's oft-bewildering and ever-changing upgrade scheduling. And Computerworld cribbed it from Gartner Research, whose analysts Stephen Kleynhans and Michael Silver applied it to reports early in Windows 10's history. It isn't the calendars and their occupying arrows designating support cycles, per se, that drew our eyes. Instead, it's what Bell exposed as he touted the scheme, particularly where he seems to contradict current Microsoft practice, if not strictly policy. Because Microsoft often obfuscates, reading between lines is a mandatory skill for customers who want to know what's really going on — or at the very least, have a better shot at understanding where the Redmond, Wash. company is headed. We plucked two elements from Bell's piece that we think are particularly incompatible with Microsoft's public stance to parse. That horse is long gone Even after customer resistance to the concept of a greatly accelerated development-and-release tempo, Microsoft still urged users to consider a deploy-every-upgrade strategy. If that was impossible or undesirable for every endpoint in an organization, at minimum, the faster cadence should apply to some of the systems, Microsoft recommended. "While we encourage organizations to strive towards deploying every release to at least some portion of their estate, we also recognize that organizations with very high device counts, and the need for no/low disruption environments will choose to update less frequently," wrote Bell (emphasis added). Claiming that a "rapid cadence is within reach for enterprises of any size," Bell also implied that a slower annual rhythm — where a feature upgrade is deployed just once each year — was the starting point for enterprises and thus might even be only temporary. "They are starting their journey with the Windows 10 servicing process," Bell said when listing common characteristics of companies doing annual upgrades. "For those unfamiliar with new processes that support Windows 10 servicing, moving from a once every 3-5 year project to a twice-per-year feature update process can be daunting." In contrast, Bell touted an every-six-month pace by minimizing the effort involved and portraying it as the better goal for customers. "Once enterprises are familiar with deploying feature updates on an annual cadence, shifting to a rapid cadence is often possible with minor increases in effort, as plan and prepare motions are well established," he said. "Enterprises that benefit from the rapid servicing process ... continuously update supporting infrastructure to unlock new working scenarios." But this continued encouragement to deploy multiple upgrades each year was irreconcilable with Microsoft's long-running efforts to reduce the number of refreshes. In the five years since Windows 10's launch and the introduction of its radical servicing model, Microsoft has trimmed the number of updates from three to two per year (and last year and this, arguably to just one), and extended support from 12 months to 18 months for all SKUs (stock-keeping units), then later yet from 18 to 30 for Enterprise and Education. The effect of each of those moves individually and the whole collectively, was to prompt users to reduce their participation in the rapid-release model. Fewer feature upgrades meant fewer of them forced upon Windows 10 Home and unmanaged Windows 10 Pro. (Until a year ago, Microsoft decided when a device running Home or Pro downloaded and installed each feature upgrade.) Extending support lifecycles allowed customers, particularly commercial customers running Enterprise or Education to avoid more of the upgrades without risking running systems lacking released patches. It's been clear to Computerworld that Microsoft has, as it's claimed, changed its release and support practices because of customer feedback. (What's unclear is how demanding or widespread that feedback has been; it's fair to assume that it took much to move Microsoft from a cornerstone of the Windows 10 philosophy.) What's odd, however, is that it continues to argue for a fast, six-month cadence when its own actions have attested to the benefits of a slower tempo. Take Microsoft's 2019 announcement that henceforth, all users, including those with Windows Home and unmanaged Windows Pro, control upgrade timing through the Download and install now (DaIN) option. But by reserving for itself the right to forcibly upgrade a device as the current edition neared support retirement — a reasonable demand in light of many users' lethargy in updating — Microsoft also established annual refreshes for those machines (see this Computerworld piece). Whether Microsoft anticipated that DaIN would result in a majority of users moving from twice-a-year to annual was immaterial: it was the result. That Microsoft continues to tout the faster cadence is the preverbal shutting of the barn door after the horse is out. From major-major to major-minor It was also apparent from Bell's explanations that the original intent of Windows 10 servicing — to deliver two more-or-less equally-equipped feature upgrades each year — has not yet died, contrary to the pattern the company set in 2019 and intends to repeat in 2020. A quick summary is necessary. During 2017 and 2018, Microsoft delivered two upgrades annually, each fleshed out with new features and functionality. (Microsoft set that cadence as official policy in April 2017, after distributing just one upgrade in each of the two preceding years.) Call that a major-major tempo, with the refreshes roughly equal. However, Microsoft dispensed with that practice in 2019. The firm released a feature-rich upgrade in the spring, followed by a Service Pack-like update in the fall that was little more than a bugs-now-fixed retread of its immediate predecessor. Last week, Microsoft confirmed what Computerworld had long forecast, that the company would play the same major-minor beat in 2020. The reasons differed each year, and for current purposes, those hardly matter. What does is that Microsoft, through Bell's advice, continues to assume that major-major is the true Windows 10 practice. Bell showed that was the case by how he outlined customers' progression through H2, the update released in a year's second half, in the calendar he dubbed "Rapid Cadence." (He put that label on the grab-all-updates option.) There were no differences in the recommended handling of H1 and H2, even though the latter last year and this were but a shadow of their precursors. Under Bell's scheme, each refresh would receive the same four-month process of Plan, Prepare and Deploy. In a major-minor cadence, customers should not have to go through as rigorous a process for a year's minor update as they did for the preceding major release, simply because so little is changed. Deployment should also be a shorter stage, again because there should be nothing new, or not enough to make IT admins re-run a lengthy roll-out with multiple pools of users. It's unclear if Bell's calendar was portraying a major-major tempo because that's what Microsoft plans to do in, say, 2021, or because he thought differences in H1 and H2 were unnecessary or potentially confusing to readers. Does Microsoft — after two consecutive years of major-minor — believe it can go back to the more aggressive, less-customer-friendly major-major? Who knows? Computerworld has praised the major-minor practice, predicted it would repeat in 2020 and has urged Microsoft to continue that cadence as the next best move to abolishing the year's second update entirely. Those stances haven't changed. Microsoft would be well served to install major-minor as the permanent tempo for Windows 10. It would allow for extended testing (not that that results in a bug-free release), allow enterprises and large organizations to reduce their upgrade frequency to once every two years and put Windows on the same reasonable-for-a-reason pace as every other major OS, from macOS to Android. Here's hoping that Bell's calendar example was short of detail for some reason other than that it's a prediction of 2021. Microsoft's Windows 10 servicing calendar: a showcase for contradictions
  25. With the buggy Win10 version 1803 cumulative update officially yanked, two bad Office patches pulled, and the Win10 1809 forced upgrade momentarily defanged, the coast is clear to install November’s patches. Here’s what you need to know about the latest game of whack-a-mole. Thinkstock/Microsoft November’s patches initially appeared relatively innocuous, with a few catastrophic problems in 64-bit Office 2010, which is a bit of a standing joke anyway. As the month melted on, we saw a Win10 version 1803 second cumulative update, KB 4467682, that caused havoc, including blue screens on Surface Book 2 PCs, and customized Start Menu bugs (thx, Günter Born). Microsoft yanked it on Dec. 6 — no small consolation to those of you who install everything as soon as it’s offered. Or even a week later. We also saw a reappearance of the Windows 10 September-October-November-December 2018 Update, version 1809. This time, nine weeks after the original release, the new cumulative update seems pretty stable, although I’m seeing some reports of jiggered sleep states. More Flash maladies Meanwhile, we have an emergency Flash Player update (thank you, Adobe), KB 4471331, released a couple of days ago, that addresses a currently active exploit in the wild. Yes, it’s a December patch. Yes, you should install it now. Think of it this way. The worst it’ll do is mess up Flash — and that’s doing you a favor. Like so many other Flash updates, it screams for you to disable and abandon Flash entirely — something I’ve been harping about for years. The Win10 version 1809 upgrade isn’t being forced yet As best I can tell, Microsoft’s re-re-release of Win10 version 1809, via KB 4469342, hasn’t yet triggered forced upgrades. You can run Windows Update on Win10 version 1803, at the moment, and be reasonably sure that you won’t get bumped to version 1809. That’ll change soon. If you actually want Win10 version 1809, check your pulse and your IQ, and make sure you install the new December 2018 Servicing Stack Update, KB 4070788, first. That compensates for the fact that the Windows updater isn’t smart enough to update itself first. No, I won’t point you to the instructions for installing 1809. More .Net fun 'n' games I’m seeing more and more reports about problems with this month’s .Net patches. Fuhgeddaboutit. This month’s .Net patches are all non-security patches, and aren’t worth your time, or the headaches. Win7/Server 2008R2 Network Card bugs continue Microsoft has a bug in its Win7 Monthly Rollup that’s been, uh, bugging us since March. If you installed any Win7/Server 2008R2 patches after March and your network connections didn’t go kablooey, you’re almost undoubtedly OK to proceed with this month’s patches. On the other hand, if you’ve been waiting to install patches on your Win7 or Server 2008R2 machine, you need to be aware of a bug that Microsoft has acknowledged. Symptom: There is an issue with Windows and third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working. Workaround: 1.To locate the network device, launch devmgmt.msc; it may appear under Other Devices. 2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu. Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software. That’s a bizarre, convoluted series of steps. Microsoft still hasn’t confirmed which third-party software is at fault, but reports have it that it’s largely a VMware problem. Eight months later, the bug’s still there, still acknowledged, still unfixed. If you’re worried that installing this month’s updates will clobber your network interface card, make sure you take a full backup before installing the updates. You can also take @GoneToPlaid’s advice and edit certain registry entries in advance. Seek Bar problems Many of November’s updates include a warning like this: After installing this update, users may not be able to use the Seek Bar in Windows Media Player when playing specific files. This issue does not affect normal playback. Microsoft is working on a resolution and estimates a solution will be available mid-December 2018. If you use the Seek Bar in Windows Media Player, perhaps it’s time you look at something much more capable, such as VLC or Plex. But if you absolutely must have the Seek Bar, in WMP, don’t update until next Patch Tuesday. The returning bad penny, KB 4023057 Yesterday Microsoft released yet another version of KB 4023057, the Update to Windows 10, versions 1507, 1511, 1607, 1703, 1709, and 1803 for update reliability. This is the 20th or 30th version of the patch. As I said on Nov 19, the last time it was updated: @ch100 has offered the only explanation that makes sense to me: KB4023057 was and still is one of the most weird and unexplained updates in the recent times. This update has never been offered to WSUS, but only to Windows Update. This would indicate that it meant for unmanaged end-users and unmanaged small business users. … This patch may be harmless, but why it was released and where it actually applies, it is still a mystery. It’s most likely associated with the 1809 rollout, although why it didn’t appear in early October when 1809 first raised its ugly head leaves me baffled. You don’t need it, don’t want it, and if you find it installed, uninstall it. Unless you want to be pushed to 1809 at the earlier opportunity, anyway. Update All of this makes right now a very good time to apply Windows and Office patches. Here’s how to proceed: Step 1. Make a full system image backup before you install the November patches. There’s a non-zero chance that the patches — even the latest, greatest patches of patches of patches — will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This, in addition to the usual need for System Restore points. There are plenty of full-image backup products, including at least two good free ones: Macrium Reflect Free and EaseUS Todo Backup. For Win 7 users, If you aren’t making backups regularly, take a look at this thread started by Cybertooth for details. You have good options, both free and not-so-free. Step 2. For Win7 and 8.1 Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s 18 months old or less, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied. If you’ve already installed any March or later updates, your Network Interface Card should be immune to the latest slings and arrows. But if you haven’t been keeping up on patches, see the discussion in the Network Card bugs section above to protect yourself. If you’re very concerned about Microsoft’s snooping on you and want to install just security patches, realize that the privacy path’s getting more difficult. The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers. If you insist on manually installing security patches only, follow the instructions in @PKCano’s AKB 2000003 and be aware of @MrBrian’s recommendations for hiding any unwanted patches. For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Realize that some or all of the expected patches for November may not show up or, if they do show up, may not be checked. DON'T CHECK any unchecked patches. Unless you're very sure of yourself, DON'T GO LOOKING for additional patches. In particular, if you install the November Monthly Rollups, you won’t need (and probably won’t see) the concomitant patches for October. Don't mess with Mother Microsoft. Watch out for driver updates — you’re far better off getting them from a manufacturer’s website. After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. If you want to thoroughly cut out the telemetry, see @abbodi86’s detailed instructions in AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model. Realize that we don’t know what information Microsoft collects on Window 7 and 8.1 machines. But I’m starting to believe that information pushed to Microsoft’s servers for Win7 owners is nearing equality to that pushed in Win10. Step 3. For Windows 10 If you’re running Win10 version 1709, or version 1803 (my current preference), you definitely want to block the forced upgrade to Win10 1809. Don’t get caught flat-footed: Although it looks like we're clear right now, Microsoft may decide to push 1809 again with little or no notice. Follow the advice in How to block the Windows 10 October 2018 Update, version 1809, from installing. Of course, all bets are off if Microsoft, uh, forgets to honor its own settings. Those of you who run Win10 Pro and followed my “new tactic” advice last month — to set “quality update” (cumulative update) deferrals to 15 days — don’t need to do anything. Your machine got updated last week, and should be working fine. Don’t touch a thing. For the rest of you, including those of you stuck with Win10 Home, go through the steps in "8 steps to install Windows 10 patches like a pro." Note that clicking “Check for updates” in Step 6 won’t cause undue heartache at this point: the “seeker” Win10 1709 cumulative update is working fine; the second Win10 1803 cumulative update has been pulled; the second cumulative update for Win10 1809 (released in December) may actually help; and Microsoft isn’t yet forcing an upgrade to 1809 on Win10 1709 or 1803 seekers. Surely a temporary calm before the usual patching storm. You can use the wushowhide procedure in the “8 steps” explanation to block KB 4023057 — a patch you definitely don’t want. For those of you running Win10 Pro, I suggest you follow the instructions in Step 7, but leave your advanced setup settings like the ones shown in the screenshot. Woody Leonhard That’ll ensure Microsoft has 15 days to pull its bad initial patches Windows patching has turned into a game of whack-a-mole. Make sure you’re the one with the mallet. Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano, @abbodi86, @gborn, @GoneToPlaid, @Cybertooth and @MrBrian. We’ve moved to MS-DEFCON 4 on the AskWoody Lounge. Source: Patching waters finally look calm; now is a good time to install the November Windows and Office patches (Computerworld - Woody Leonhard)
×
×
  • Create New...