[German]Just a brief note: I became aware of a mysterious HP Inc. driver that has been delivered via Windows Update and installs in Windows 10. Here are a few details I know so far.

I has been informed about that driver from a German blog reader who uses a HP notebook. The reader observed suddenly that Windows Update installs a mysterious driver without further explanations. The blog reader wrote within a comment (I’ve translated the text below).

Today I got a driver called HP Inc. software component 4.1.4.2923 for my HP laptop via Windows Update, without any comment or changelog. The Microsoft Update Catalog does not know this version either.

The only Google hit is HP Analytics… which reminds me of the malwa***, uh, telemetry from a year or two ago. In the event display, an HP Analytics section appears directly. It’s a weird driver that’s spreading out in the event viewer.

The telemetry thing mentioned was a HP Touchpoint Analytics Client I discussed within the blog post HP installs secretly HP Touchpoint Analytics Client telemetry client. That’s brought me to a research, to find out more.

Microsoft offers HP Inc. – SoftwareComponent

Searching the Internet, I found an entry for HP Inc. – SoftwareComponent in Microsofts Update Catalog. Microsoft provides older versions of this driver, with the following details:

hardware id: swc\hpq6001&pid_61adbe
Manufacturer: HP Inc.
Driver manufacturer: HP Inc.
Driver class: Other Hardware
Driver model: HP Radio Manager Device

More details are not available – the link Microsoft provides is dead. But I found an entry in HP support forum for an older version of this driver:

HP SoftwareComponent Update locks CPU

‎03-27-2019 12:11 PM

Product: Pavilion 14-X360 14-Ba12ng

Operating System: Microsoft Windows 10 (64-Bit)

Hi there!

I just did a few updates on my convertible (Pavilion 14-x360, 14-ba12ng). I had to reinstall completely and then spent 3 month without wifi, so there were actually quite a few. Anyway, since it installed the “HP. Inc – SoftwareComponent” Version: 2.1.8.1. (release 10/30/2018) and/or Version: 2.1.9.1 (release 2/1/2019) the cpu always stays at 3.44 – 3.48 GHz when the power cord is plugged it. It doens´t clock down anymore, even when the cpu-load is only 4% over a longer period of time. It only clocks down when I unplug the power cord. This creates a lot of unnecessary heat and the fan is running constantly.

It´s incredibly infuriating. Can you help?

It was also a driver delivered via Windows Update, as you can read here. So the questions: Has some of you also received this HP Inc. driver on your HP machines? Are you facing issues with this driver? Does somebody know what this driver is for.

[German]We have January 2020, Windows 7 reaches the end of live and users shall upgrade to Windows 10 (according to Microsoft’s plans). People who jumps on Windows 10 with enthusiasm should keep the telemetry in mind. Just realizing that even applications like the Windows editor Notepad reports its activities to Redmond. Yesterday and today I stumbled upon two information regarding ‘Data protection in Windows 10’ – that sheds a not so bright light on Windows 10.

First of all: The topic I am going to pick up here is not really new. I have reported here in the blog several times about telemetry in Microsoft products. But occasionally, some pieces of a puzzle fall into a picture. Exactly this happened the last two days. 

A short review …

I had mentioned a few hours ago within the blog post Operating system/Windows Market Share (December 2019), that every fourth Windows user refuses to upgrade to Windows 10 (I also suspect the telemetry issue behind this). And I read yesterday an article in an old German engineering magazine about issues with ‘Windows 10 GDPR compliance’. 

German data protection conference about Windows 10 privacy issues

In November 2019 the German Data Protection Conference has published a review scheme ‘Privacy on Windows 10’ (Datenschutz bei Windows 10). The data protection conference is a meeting of the independent data protection authorities of the Federal Government of Germany and its countries (Bundesländer, DSK). The message of a resolution, created at the German Data Protection Conference, was:

The federal and state data protection commissioners see little scope for using Microsoft’s Windows 10 operating system in a legally compliant manner, according to General Data Protection Rules (DGPR).

The data protectionists watch guards write within the check list:

The question of whether “Windows 10” is compliant with data protection cannot be answered in a general way. Windows 10 is the term for a product family in which the actual operating system is only a part of the delivered functionality, which also changes continuously due to updates.

The range of functions and the data transmissions to Microsoft therefore depend on the specific edition, version and the configuration carried out. The determination of the exact test object is therefore the foundation for the data protection test.

This is logically, since a Windows 10 Pro is to be seen differently than an Enterprise or an Enterprise LTSC. However, the data protection watch guards wrote:

In addition, there must be data protection statements about the circumstances under which Windows 10 is used and which features (e.g. Cortana or Windows Defender) are used.

This means that a data protection statement must be available about which processing activities are carried out using Windows 10 and which personal data are processed there and to what extent. It also means that you need to know what personal information is transferred to Microsoft and for what purposes.

Since the telemetry data is transmitted to Microsoft in encrypted form, nobody knows what personal data is processed there and to what extent. So it’s not possible, to set up a data protection statement, if it’s not known, which data are transferred via telemetry. Since Windows 10 is also ‘as a service’, is constantly updated by apps and new features may simply flutter into the current builds via updates. The data protection watch guards wrote within their November 2019 paper:

The processing of the following check scheme is necessary because the transmission of data to Microsoft in no edition or version can be completely stopped by changing the configuration settings and the communication behaviour and configuration options of Windows 10 can change with new versions.

So this check, if Windows 10 fits the data protection statement have to be done with every (app and service) update. This is simply unmanageable for ‘the person responsible for data protection within an organization’. The conclusion: Windows 10 can’t be used within the European Community in accordance with GDPR. 

A look at the data protection records

Yesterday I was reminded via twitter to check within my Windows 10 privacy dash board the records collected from Windows 10 telemetry and associated with my Microsoft account. Tero Alhonen postet the following on twitter.

Notepad, really? pic.twitter.com/WTA5JoReS7

— Tero Alhonen (@teroalhonen) January 2, 2020

He once looked at the entries under Privacy within the Windows 10 privacy dash board and checked the entries for apps. He also found, that Windows Notepad records it’s user activities. Microsoft keeps the exact data that is stored secret. You can only find out under ‘Show details’ some (windy) explanation, why Microsoft collects the data.

I immediately opened the browser and viewed the entries under App Privacy on my Microsoft account. I found on a seldom used test machine entries from browsing history to the use of OneDrive to the start menu experience. Even third party applications like PhotoFiltre, which I have called up for testing purposes, can be found there. So we could state ‘Hello Microsoft, we have a problem’ – Windows 10 can’t be used in accordance with European GDPR.

[German]To test Windows Insider Preview build for Windows 10, Microsoft requires that users are joining the Windows Insider program. But there is a way to do that with a local account.

A German blog reader Al CiD has send me an e-mail mentions, that it’s possible to test Windows 10 Insider Preview builds with a local user account. A developer has posted on GitHub the article OfflineInsiderEnroll – A script to enable access to the Windows Insider Program on machines not signed in with Microsoft Account.

OfflineInsiderEnroll is a simple Windows Command Prompt script to enable access to the Windows Insider Program on machines not signed in with Microsoft Account. The script is compatible with Windows 10 RS5 and later and requires administrative priviliges to run.

According to the developer, the script takes advantage of undocumented TestFlags registry value. If this value is set to 0x20, all access to online Windows Insider services gets disabled. Because of this, it’s possible to set a own Windows Insider Preview configuration without being overriden by the contact to the service.

Since Windows Update does not check if machine is actually enrolled to the program, users applying this script will get offered Insider Preview builds by just setting correct values in the registry. Bleeping Computer has published this article with a few more details how to use the script.

[German]On January 14, 2020 Windows 7 SP1 reaches End of Life. Business customers can order Windows 7 SP1 Extended Security Updates (ESU). In this blog post, I’ll show in detail what customers from small and medium businesses (SMB) need to know to purchase and manage a Windows 7 SP1 Extended Security Updates (ESU) license.

On January 14, 2020, Windows 7 SP1 will reach the long announced end of support. After next January 2020 patchday, Windows 7 SP1 machines will no longer receive free security updates. Enterprise corporate customers have the option of purchasing an ESU license for Windows 7 SP1 to receive updates in 2020 (and, if mandatory, to renew it until January 2023).

How to buy an ESU license?

Microsoft has announced an Extended Security Updates support as a separate program for corporate customers (see Wow! Windows 7 get extended support until January 2023). But especially the group of small and medium sized businesses (SMB), which should be able to order these ESU licenses (see Microsoft offers Windows 7 Extended Update Support to SMBs) have to overcome some.

I had assumed that Microsoft would make it easy for small and medium business customers, i.e. individual users, freelancers or small companies, to book the so-called ESU program from December 1, 2019 onward and thus receive security updates for Windows 7 SP1 for 2020. My attempts to get the details proved to be extremely difficult, as Microsoft organizes the distribution through partners from the so-called Cloud Solution Provider Program (CSP). 

(A page to buy Windows 7 ESU)

But in November/December 2019 I failed first, to find a CSP partner who is able to sell an ESU license. Only after longer efforts I managed to establish an European source for the purchase of ESU licenses with the provider Software Express. I have blogged about the details in the blog post Windows 7 Extended Security Updates (ESU) program, price and source for SMEs.

Outside of Europe, customers need to find a CSP partner who is willing to sell ESU packages for 2020.

Management of ESU licenses only via the cloud

Another hurdle: In order to receive Extended Security Updates (ESU), an ESU license key must be activated on the Windows 7 SP1 machine. My naive idea was: ‘Just buy an ESU package for a machine for 2020 and get the required ESU key by mail’ was not correct. The activation and management of the keys must be done via the so-called Microsoft CSP-Tenant (an online account for the cloud, the Microsoft 365 Admin Center) of the respective end customer.

German CSP partner Software-Express has kindly provided such an ESU license for me, so that I can publish the following steps and experiences here.

Not all SMBs will have a user account to access the Microsoft CSP Tenant via the Microsoft 365 Admin Center. So the question is: How do you get access to something like that? After discussions with Software-Express they have not only set up the order page linked above. There is (since shortly before Christmas 2019) also the German language website Windows 7 ESU Schritt für Schritt (Windows 7 ESU step by step) with a recipe for the purchase of ESU keys online. Below I will outline the necessary steps in English. According to that article, customers may use the following Microsoft accounts for managing the ESU-Keys as a Microsoft Tenant.

• Office 365
• Microsoft 365
• Microsoft Azure

I have access to a Visual Studio subscription and are able, to set up Azure services (e.g. virtual machines) for test purposes. But it was not possible for vendor Software-Express to assign the ESU license to this account (why is still unclear). I then used the suggestion of Software-Express to set up a 30-day trial subscription for Microsoft Office 365. They wrote about this:

If you are not yet using [any] Microsoft Cloud product today, you will need to create an account first. The easiest way to create this account is with an Office 365 trial subscription. There are no costs involved, even after the trial period has expired. In the meantime, we have added the Windows 7 ESU to the account. So it remains.

The following screenshot shows the Microsoft Office 365 Business subscription ordering page. You will need to seach the ‘Try free for 1 month’ link of the page to order the test subscription.

(Book a free Office365 Test subscription)

Here I recommend to read the footnote in case Microsoft changes something there. I myself did not need a credit card for the test subscription.

When setting up this test account, a user ID in the form of an e-mail address of the type alias@name.onmicrosoft.com was then assigned, where alias and name are used as placeholders for the information selected by the user. The CSP needs this user ID to assign the ESU key to the CSP tenant. And the customer needs this user ID in order to log in later to his Microsoft 365 Admin Center and retrieve the ESU key.

(Obtain the ESU license in Microsoft 365 admin center)

I was then able to log in at admin.microsoft.com with this user ID. Then I navigated to the branch Billing and the category Products and Services (see left column in the screenshot above).

Note: The above screenshot is in German, because I was to stupid to switch the page to English. I managed to select English United States as an option. But in the New admin center layout I ended with a mixed GUI – some entries are in English, but the navigation path in the left pane was still in German. So you have to find out by yourself, if my navigation options are available within your Microsoft 365 admin center.

In the next step, select the Rubik Software in the right part and you should see the entry ‘Windows 7 Extended Security Updates 2020’. If you click on the entry, the ESU license keys will be displayed.

What a mess Microsoft is doing there with their customes. A small service provider wrote to me ‘everything is no problem, the CSP-tenant can be created in 5 minutes’. But without the support of the people from Software-Express I would have been lost in searching this options. It’s like Ed Bott stated: ‘They offer ESU, but they won’t your money’. 

For all SMB users who do not have an account for Microsoft 365/Azure or who are not familiar with or do not want to struggle with that mess, my recommendation is to let a CSP partner have to handle the administration and activation of ESU keys. German provider Software-Express offers this service on this page for 19.50 Euro (net). Only after the account for the Microsoft CSP tenant has been created, a customer may order Windows 7 ESU (for 61.53 euro (net) at German vendor Software Express). In the next part of this article series I will show how to prepare Windows 7 SP1 for ESU and how to activate the ESU key.  

Article series
Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and activating the license – Part 2

Similar articles
Wow! Windows 7 get extended support until January 2023
Windows 7 Extended Security Updates buyable from April 2019
Microsoft offers Windows 7 Extended Update Support to SMBs
Prices for Windows 7 Extended Security Updates till 2023
Windows 7: Free Extended Update Support and usage
Windows 7: Office 365 ProPlus Updates till 2023
Windows 7 Extended Security Updates (ESU) requirements
Windows 7 Extended Security Update (ESU) program available
Windows 7 Extended Security Updates (ESU) program, price and source for SMEs

[German]It looks like the Explorer in the Windows 10 November 2019 Update (Version 1909) is becoming a ‘problem child’ due to bugs. There are also more bugs and annoyances in Windows 10 version 1909. Here is a short summary of what I just noticed.

I had already mentioned in the blog post Windows 10 V1909: Explorer Bugs and a Wakeup Flaw at the end of December 2019 that users of this Windows 10 version don’t really enjoy Explorer. There are simply too many bugs in the shell or in the search, which are caused by the Explorer. 

Discussions about Explorer bugs on Twitter

When Rafael Rivera mentioned an issue with Explorer in Windows 10 version 1909 to Brandon LeBlank on Twitter, I had added a link to the English version of my blog post. So I get to see the discussion of people held around this tweet. Brandon LeBlanc gave me the feedback that the right people at Microsoft were aware of the issues. When asked, he could not give a date for a fix.

Cosmetic issues?

Actually, the story would have ended if Microsoft employee Larry Ostermann hadn’t interfered (see the following tweet).

Not in Windows, and no direct knowledge of this issue, but it’s important to remember that the bar for servicing is extremely high. Without quantifiable business impact, cosmetic stuff like this often has to wait for the next release.

— Larry Osterman (@osterman) January 6, 2020

This of course provoked counter-reactions and Rafael Rivera asked if a non-functioning Explorer search was a cosmetic issue. Then he was asked by Larry Ostermann (Microsoft) whether this only affected individual people or all users.

Weird, I use search all the time with no issues on 1909 and haven’t noticed. But my original comment still stands, thee bar for servicing is quite high.

— Larry Osterman (@osterman) January 6, 2020

More bugs reported by Rivera and others

Rafael Rivera and other users then immediately followed suit – I was not yet familiar with these subtleties. In the following tweet Rivera posts new error details: 

BUG: Narrator experience is poor, reads out “search complete” then “searching” and never says another peep.

BUG: Search box buttons cannot be focused via keyboard, do not have mouse hover states

BUG: Search box, after minimal use, becomes unfocusable, can turn completely gray pic.twitter.com/qrvZdFfLzr

— Rafael Rivera (@WithinRafael) January 6, 2020

Rafael Rivera reinstalled Windows 10 V1909 in a virtual machine. Within minutes the Windows 10 search was broken, as he writes in the above tweet.

In addition, there is still the problem I already mentioned in the blog post Windows 10 V1909: Explorer Bugs and a Wakeup Flaw, that the context menu does not work when right-clicking in the search box. This makes it impossible to paste search terms from the clipboard via the context menu. People are currently using the Ctrl+V shortcut.

Narrator issues and more Bugs

In an addiditional tweet Rafael Rivera points out additional issues in the Explorer search and in the narrator).

• The screen reader reads “search completed” and then “search” and doesn’t say a word. 
• Search box buttons cannot be focused via keyboard, have no mouse hover status.
• The search box becomes unfocusable after only minimal use and can become completely gray.

When Ostermann writes that he has no issues and that real bugs are fixed quickly, Rivera remarks that he can’t wait 6 to 24 months until Microsoft is comfortable that bugs in core features are fixed. 

pic.twitter.com/Y4lcKt3r3p

— Amir Dream (@fromamirr) January 6, 2020

User Amir Dream then posted the screenshot from the above tweet. There the reliability history shows that the Explorer crashes cyclically and does not work anymore. And in my German blog there is this comment in which a user complains that the chosen sorting of a folder is only preserved for a short time. 

At askwoody.com there is an explanation from aboddi86 why the bugs appear: Basically, in 1909, the upper bar of File Explorer (address + seach box) no longer belong to Win32 platform, it’s hybride WinRT (UWP) feature divered from Settings app or Cortana.

More issues

German blog reader Karl has made me aware via Twitter of several issues with Windows 10 version 1909.

Apparently Storage Sense deletes data in the OneDrive instead of just locally. Probably nobody noticed because:

– Feature  deactivated by default
– if activated by default to only clean up if little disk space or onedrive is not used or the time to clean up is not configured

Ergo, the problem rarely occurs.

The problem with the network drives [can’t be mapped after Windows start] is back. I think it was fixed in Nov. 2018.

Karl also writes: Standby on PCs doesn’t seem to work in general, unless you do it manually. Therefore he sent me the following instructions on Twitter some time ago for testing:

If you have time, try the following in 1909 / 1903: Energy settings standby at, say, 1 minute.

Result for me and some other PCs (not laptops) Screen turns off but not the device.

If you select standby manually it works. Is it the same for you? MS Clean Boot, deactivating everything from the autostart does not help

According to him, this occurs on many PCs in the 1903 and 1909 versions. On laptops, it is not completely clean but it works.

Another list of bugs from blog reader Bolko can be found in this German comment.

[German]A small note in the margin for administrators of Windows Server 2008/R2 who may still be facing an upgrade: Thomas Maurer has updated his blog post at Microsoft, which explains the complex approach to in-place upgrading a Windows Server 2008/R2 to successor systems.

Background information

Extended Support for Windows Server 2008/R2 will expire on 14 January 2020. Customers will be able to switch to the Azure Cloud with the server in order to operate it there in a virtualised manner. Security updates are still available there until January 2023, and volume license customers also have the option of purchasing Extended Support. As far as I know, Microsoft will not offer individual ESU licenses such as those available for Windows 7 SP1.

In the summer of 2019, MVP Thomas Maurer published the Techcommunity article How to In-Place Upgrade Windows Server 2008 R2 to Windows Server 2019, which dealt with the upgrade to successor systems. I had written about this in the blog post Windows Server 2008/R2: Microsoft explains In-place upgrade.
(Windows Server In-Place Upgrade, Source: Microsoft)

Within the Techcommunity article, the above picture was also included, showing the upgrade paths. According to this diagram, there is no in-place upgrade from Windows Server 2008 R2 to Windows Server 2012 R2. After I’ve published my post, I got the feedback from blog reader Karl that Microsoft’s article was incorrect. Quote:

So the Techcommunity article still suggests upgrading to Windows Server 2012, but there is no further explanation. This is quite a shot in the arm for an administrator. I received a private message telling me that the above Techcommunity article on upgrading Windows Server 2008 R2 was simply wrong and that the topic page had been going downhill for months – nobody feels responsible.

The details can be found in my blog post Windows Server 2008/R2: Microsoft explains In-place upgrade.

The article was updated in January 2020

Karl pointed out to me that the Microsoft Techcommunity article has now been revised. Thomas Maurer, a former MVP from Switzerland, has been an employee of Microsoft since 2019. Here is the info from Karl from January 6, 2020:

Just today he [Thomas Maurer] was correcting an crucial wrong information in Microsoft Server Upgrade guidance theme page that did not correctly stated the path for 2008R2 towards 2016 or 2019

The problem is that the original wrong information was posted in July 2019 and I had several discussions on twitter about this with the corresponding relevant people at Microsoft.

At the time, and till today, the docs told a different story to former social media campaign and theme site.

As typical with social media it was picked up by bloggers and Windows news pages around the globe. Please always double check information :).
Now this is fixed nearly a half year later.

The following diagram shows the Windows Server in-place upgrade paths starting with Windows Server 2008. 

Compared to the original picture (see above), the upgrade path from Windows Server 2008 R2 to Windows Server 2012 R2 has been added. Maybe this will help some administrator working in this area. Thanks to Karl for the hint.

[German]In Part 1 of this series of articles, I outlined how customers can purchase and manage a Windows 7 SP1 Extended Security Updates (ESU) license. In part 2 I’ll show you how to prepare Windows 7 SP1 to activate the Extended Security Updates (ESU) license. Only if these steps are completed successfully will there be security updates beyond the announced support end date of January 14, 2010.

Preparations for ESU activation

Once you’ve booked an ESU package and received the required license key, you’ll need to update your Windows 7 SP1 system to the required level (see the blog post Windows 7 Extended Security Updates (ESU) requirements). To do this, make sure that the following updates are installed on the machine.

• KB4490628: Servicing Stack Update (SSU) for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019
• KB4474419: Update for SHA-2 code signing support for Windows Server 2008 R2, Windows 7 and Windows Server 2008: September 23, 2019
• KB4516655: Servicing Stack Update (SSU) for Windows 7 SP1 and Windows Server 2008 R2 SP1: September 10, 2019
• KB4519976: (monthly rollup) from October 8, 2019

The first three updates should be available on every machine that is fully patched. The Monthly Rollup Update KB4519976 from October 2019 might be more difficult. Some administrators have only installed the security-only updates to keep telemetry out of their machines. Here you will have to bite the bullet and install the rollup updates.

Before installing the Monthly Rollup Update KB4519976, it is recommended to create a backup to be able to read it back if problems occur. 

Check if the updates are installed

If you want to verify that the above updates are installed on your Windows 7 SP1 machine, you can follow these steps:

1. Type cmd into the Start menu’s search box, and then launch the command cmd.exe shown as a hit by using the Run as administrator context menu command. 

2. Confirm the User Account Control prompt, and then enter the following command in the administrative command prompt window.

wmic qfe list full /format:htable >C:\updates.htm

Then you can navigate within an explorer windows to drive C:\, where you should find the file updates.htm. A double click opens the HML file in the browser (see the following figure) and you can easily search the table for the above KB numbers for the required updates. 

(Installed Windows 7 Updates)

Installation and activation of the Windows 7 ESU license

Once the above steps are complete, you will need to install and activate the ESU license. Microsoft has described the required steps in the Techcommunity article How to get Extended Security Updates for eligible Windows devices. First, you will need the ESU key assigned to you by the CSP partner.

1. If necessary, type cmd in the search box on the Start menu and use the Run as administrator context menu command to start the cmd.exe command prompt and confirm the user account control prompt. 

2. Enter the following instructions into the administrative command prompt window.

To enter the ESU key in Windows 7 SP1, use the following command, where <ESU key> is the placeholder for the ESU license that you received from the CSP partner.

slmgr /ipk <ESU key>

If the ESU license key is successfully installed, this should be displayed in a dialog box. The following figure shows the command prompt window and the confirmation message.

This step worked here on a Windows 7 SP1 Ultimate without any problems. The key was successfully installed. In a further step the ESU license key need to be activated. To do this, enter the following instruction in the still open window of the administrative command prompt. 

slmgr /dlv

The command then uses the Windows Software Licensing Service to request the Activation ID (see the following figure). The Windows Script Host window specifies the year and versions of Windows for which the ESU license can be used.

You need the Activation ID that appears in the dialog box, as this is now to be entered within the following command instead of the placeholder <ESU Activation ID> in the command prompt. 

slmgr /ato <ESU Activation ID>

If everything goes smoothly and no error occurred while entering the ID, a corresponding message should appear (see following picture).

Windows 7 SP1 is now ready to receive the enhanced security updates in the appropriate SKU.

Note: In the screenshots above I have partially pixelated the <ESU Activation ID> in question, also because the whole thing here in the article is an example and the ID changes every year.

Tip: Typing in the corresponding <ESU Activation ID> from the dialog box is error-prone. But there are two approaches to save typing.

One is to press the key combination Ctrl+C while the dialog box is open and selected. Then open the Windows editor Notpad and insert the contents of the dialog box from the Windows clipboard into the editor window using key combination Ctrl+v. Then the <ESU Activation ID> can be selected in the editor window and copied with Ctrl+C  to the Windows clipboard.

But there is a second approach. Microsoft has specified the Activation IDs directly for Windows clients: 

Year 1: 77db037b-95c3-48d7-a3ab-a9c6d41093e0
Year 2: 0e00c25d-8795-4fb7-9572-3803d91b6880
Year 3: 4220f546-f522-46df-8202-4d07afd26454

So you can select the activation ID from the above text with the mouse and then copy it to the Windows clipboard with Ctrl + C.

Switch to the command prompt window, type slmgr /ato followed by a space. Then select Edit – Paste from the system menu of the Command Prompt window. Once the complete command is on the line, press Enter – and then you are done. 

If you have a Windows 7 machine that does not have Internet access, Microsoft provides instructions in this article for activating the ESU key. In (planned) part 3 I will go into further questions and follow-ups on the topic of ESU. 

Article series
Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2
Windows 7: ESU questions and more answers – Part 3

Similar articles
Wow! Windows 7 get extended support until January 2023
Windows 7 Extended Security Updates buyable from April 2019
Microsoft offers Windows 7 Extended Update Support to SMBs
Prices for Windows 7 Extended Security Updates till 2023
Windows 7: Free Extended Update Support and usage
Windows 7: Office 365 ProPlus Updates till 2023
Windows 7 Extended Security Updates (ESU) requirements
Windows 7 Extended Security Update (ESU) program available
Windows 7 Extended Security Updates (ESU) program, price and source for SMEs

[German]On January 8, 2020, Microsoft released the next Windows 10 Insider Preview Build 19541 (should be for the 20H2 development branch) for insiders in the Fast Ring. Here is some information about it.

I had mentioned it in the blog postWindows Insider: Fast Ring has no fixed releases anymore. There are actually no more fixed releases. Therefore, the statement that this build refers to the 20H2 development branch is not quite correct anymore. It is an Insider build in the ‘active development branch’. But no matter what you call it, it is an inside preview. In the Windows Blog Microsoft lists the changes and new features of this build. 

(Taskleiste mit Symbol für GPS-Positionserfassung, Source: Microsoft)

For example, the icon in the notification area of the taskbar, which indicates when the GPS position of the device is used by Windows, has been revised (see image above).

(Architecture in Taskmanager, Source: Microsoft)

The task manager shows the architecture (e.g. x86) in a separate column. This is probably useful because of the upcoming ARM variants. There are also some new features in the Cortana app, which are described in the Microsoft article. For example, a timer can be set in an English language version.

Otherwise there are a number of improvements. For example, the reliability of the system settings was improved by a bugfix. The persistent reboot prompt that occurred in earlier Insider Builds has been fixed. In addition, a problem was fixed that could cause the update speed in the Task Manager to unexpectedly pause. Other fixes relate to the screen reader (narrator) and the acrylic effect on the Find window. Details and also the list of known issues can be found here.

Similar articles:
Windows Insider: Fast Ring has no fixed releases anymore
Windows 10: Use Insider Program with a Local Account

[German]In Windows 10 November 2019 Update (Version 1909), there appears to be an issue with Group Policies, because they cannot be enabled reliably. I already mentioned this a few days ago. Now I have received new information from an affected blog reader. Possibly the Windows Defender, which is distributed via the ISO installation media for Windows 10 version 1909, is involved in the problems.

Some background

German blog reader Markus K. informed me at the end of 2019 about a strange observation in Windows 10 November 2019 Update (Version 1909). On freshly installed Windows 10 November 2019 Update (Version 1909) test systems Group Policy settings does not work in a reliable way.

Markus K. wrote in a mail to me that on computers running Windows 10 version 1909 it is simply a matter of chance whether a group policy takes effect or not. Neither the event log nor the GPSVC log are very useful, he said. I mentioned this on December 30, 2019 in the blog post Windows 10 V1909 and a possible GPO Issue. After publishing, I got feedback from readers also observing the behavior. 

New details about the problem

Within the last hours blog reader Markus K. informed me about his further findings. Tips given in comments to the previous blog post (like caching or setting policy Configure security policy processing) seem to be useless. Markus wrote: I followed all hints given in the blog, unfortunately without result. By the way, the log looks like this:

GPSVC(4dc.62c) 08:47:18:084 ProcessGPOs(Machine): Processing extension Registrierung
GPSVC(4dc.62c) 08:47:18:084 ReadStatus: Read Extension’s Previous status successfully.
GPSVC(4dc.62c) 08:47:18:084 ReadGPOList:++
GPSVC(4dc.62c) 08:47:18:084 CheckGPOs: ReadGPOList count = 0
GPSVC(4dc.62c) 08:47:18:085 CompareGPOLists:  One list is empty
GPSVC(4dc.62c) 08:47:18:085 GPLockPolicySection: Sid = (null), dwTimeout = 30000, dwFlags = 0x40
GPSVC(4dc.62c) 08:47:18:085 bMachine = 1
GPSVC(4dc.62c) 08:47:18:085 Global Sync Lock Called
GPSVC(4dc.62c) 08:47:18:086 Writer Lock got immediately.
GPSVC(4dc.62c) 08:47:18:086 Global Lock taken successfully
GPSVC(4dc.62c) 08:47:18:086 ProcessGPOList:++ Entering for extension Registrierung
GPSVC(4dc.62c) 08:47:18:086 MachinePolicyCallback: Setting status UI to Richtlinie “Registrierung” wird übernommen…
GPSVC(4dc.62c) 08:47:18:090 LogExtSessionStatus: Successfully logged Extension Session data
GPSVC(4dc.62c) 08:47:18:091 GPLockPolicySection: Sid = (null), dwTimeout = 60000, dwFlags = 0x42
GPSVC(4dc.62c) 08:47:18:091 Registry Sync Lock Called
GPSVC(4dc.62c) 08:47:18:091 Writer Lock got immediately.
GPSVC(4dc.62c) 08:47:18:091 Registry Lock taken successfully
GPSVC(4dc.62c) 08:47:18:094 ResetPolicies: Entering.
GPSVC(4dc.62c) 08:47:18:094 SetPolicyOwnerOnKey: Setting owner on reg key on <Software\Policies>.
GPSVC(4ec.66c) 08:58:41:299 SetPolicyOwnerOnKey: Setting owner on reg key on <Software\Policies>.
GPSVC(4ec.66c) 08:58:41:299 SetPolicyOwnerOnKey: Setting owner on reg key on <Software\Microsoft\Windows\CurrentVersion\Policies>.
GPSVC(4ec.66c) 08:58:41:299 SetPolicyOwnerOnKey: Setting owner on reg key on <System\CurrentControlSet\Policies>.
GPSVC(4ec.66c) 08:58:41:300 ParseRegistryFile: Entering with <C:\ProgramData\ntuser.pol>.
GPSVC(4ec.66c) 08:58:41:300 DeleteRegistryValue: Deleted Software\Policies\Microsoft\SystemCertificates\EFS\EFSBlob
GPSVC(4ec.66c) 08:58:41:301 DeleteRegistryValue: Deleted Software\Policies\Microsoft\SystemCertificates\EFS\Certificates\
13A2741223481A329363D0BDCEAA9995FED85A70\Blob
GPSVC(4ec.66c) 08:58:41:301 DeleteRegistryValue: Deleted Software\Policies\Microsoft\SystemCertificates\EFS\CRLs\
….
GPSVC(4dc.62c) 08:47:18:098 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows\System\EnableSmartScreen
GPSVC(4dc.62c) 08:47:18:099 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel
GPSVC(4dc.62c) 08:47:18:099 RegCleanUpKey:  Failed to delete value <DisableAntiSpyware> with 5.
GPSVC(4dc.62c) 08:47:18:099 DeleteRegistryValue: Failed to delete Software\Policies\Microsoft\Windows Defender\DisableAntiSpyware
GPSVC(4dc.62c) 08:47:18:099 ParseRegistryFile: Callback function returned false.
…
GPSVC(4dc.62c) 08:47:18:238 ProcessGPOs(Machine): Extension Registrierung ProcessGroupPolicy failed, status 0x80004005.

At the end of the log there is suddenly an access error 0x80004005. Could this be a trace to the root cause?

Blame the Windows Defender

In further tests Markus digged into the matter and found a possible root cause. He wrote in a follow-up mail:

The Windows Defender (we use it as AV solution) is to blame!

We have a GPO with security filtering with a computer group, where you can put a computer to turn off the Defender. If you install the computer with Windows Defender disabled, all GPOs will be applied! If you install the same device again with activated Defender, GPOs will fail.

Markus joined the test system with Windows 10 version 1909 [and Defender turned off] back into the computer group and rebooted the client twice. Here is a new log extract:

GPSVC(4ec.66c) 08:58:41:281 ProcessGPOs(Machine): —————
GPSVC(4ec.66c) 08:58:41:281 ProcessGPOs(Machine): Processing extension Registrierung
GPSVC(4ec.66c) 08:58:41:282 ReadStatus: Read Extension’s Previous status successfully.
GPSVC(4ec.66c) 08:58:41:282 ReadGPOList:++
GPSVC(4ec.66c) 08:58:41:282 CheckGPOs: ReadGPOList count = 0
GPSVC(4ec.66c) 08:58:41:282 CompareGPOLists:  One list is empty
GPSVC(4ec.66c) 08:58:41:283 GPLockPolicySection: Sid = (null), dwTimeout = 30000, dwFlags = 0x40
GPSVC(4ec.66c) 08:58:41:283 bMachine = 1
GPSVC(4ec.66c) 08:58:41:283 Global Sync Lock Called
GPSVC(4ec.66c) 08:58:41:283 Writer Lock got immediately.
GPSVC(4ec.66c) 08:58:41:283 Global Lock taken successfully
GPSVC(4ec.66c) 08:58:41:283 ProcessGPOList:++ Entering for extension Registrierung
GPSVC(4ec.66c) 08:58:41:283 MachinePolicyCallback: Setting status UI to Richtlinie “Registrierung” wird übernommen…
GPSVC(4ec.66c) 08:58:41:284 GetWbemServices: CoCreateInstance succeeded
GPSVC(4ec.66c) 08:58:41:288 ConnectToNameSpace: ConnectServer returned 0x0
GPSVC(4ec.66c) 08:58:41:297 LogExtSessionStatus: Successfully logged Extension Session data
GPSVC(4ec.66c) 08:58:41:297 GPLockPolicySection: Sid = (null), dwTimeout = 60000, dwFlags = 0x42
GPSVC(4ec.66c) 08:58:41:297 Registry Sync Lock Called
GPSVC(4ec.66c) 08:58:41:297 Writer Lock got immediately.
GPSVC(4ec.66c) 08:58:41:297 Registry Lock taken successfully
GPSVC(4ec.66c) 08:58:41:299 ResetPolicies: Entering.
GPSVC(4ec.66c) 08:58:41:299 SetPolicyOwnerOnKey: Setting owner on reg key on <Software\Policies>.
GPSVC(4ec.66c) 08:58:41:299 SetPolicyOwnerOnKey: Setting owner on reg key on <Software\Microsoft\Windows\CurrentVersion\Policies>.
GPSVC(4ec.66c) 08:58:41:299 SetPolicyOwnerOnKey: Setting owner on reg key on <System\CurrentControlSet\Policies>.
GPSVC(4ec.66c) 08:58:41:300 ParseRegistryFile: Entering with <C:\ProgramData\ntuser.pol>.
GPSVC(4ec.66c) 08:58:41:300 DeleteRegistryValue: Deleted Software\Policies\Microsoft\SystemCertificates\EFS\EFSBlob
GPSVC(4ec.66c) 08:58:41:301 DeleteRegistryValue: Deleted Software\Policies\Microsoft\SystemCertificates\EFS\Certificates\
13A2741223481A329363D0BDCEAA9995FED85A70\Blob
GPSVC(4ec.66c) 08:58:41:301 DeleteRegistryValue: Deleted Software\Policies\Microsoft\SystemCertificates\EFS\CRLs\
GPSVC(4ec.66c) 08:58:41:301 DeleteRegistryValue: Deleted Software\Policies\Microsoft\SystemCertificates\EFS\CTLs\
GPSVC(4ec.66c) 08:58:41:302 DeleteRegistryValue: Deleted Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\EnabledV9
GPSVC(4ec.66c) 08:58:41:302 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows\System\EnableSmartScreen
GPSVC(4ec.66c) 08:58:41:303 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel
GPSVC(4ec.66c) 08:58:41:308 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\DisableAntiSpyware
GPSVC(4ec.66c) 08:58:41:308 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\AllowFastServiceStartup
GPSVC(4ec.66c) 08:58:41:309 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\ServiceKeepAlive
GPSVC(4ec.66c) 08:58:41:309 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\RandomizeScheduleTaskTimes
GPSVC(4ec.66c) 08:58:41:310 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\Exclusions\Exclusions_Paths
GPSVC(4ec.66c) 08:58:41:310 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\Exclusions\Paths\c:\empirumagent
GPSVC(4ec.66c) 08:58:41:311 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\Quarantine\PurgeItemsAfterDelay
GPSVC(4ec.66c) 08:58:41:311 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
GPSVC(4ec.66c) 08:58:41:311 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection
GPSVC(4ec.66c) 08:58:41:311 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
GPSVC(4ec.66c) 08:58:41:312 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
GPSVC(4ec.66c) 08:58:41:312 DeleteRegistryValue: Deleted Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRawWriteNotification
.
GPSVC(4ec.66c) 08:58:42:062 ProcessGPOList: Extension Registrierung was able to log data. RsopStatus = 0x0, dwRet = 0, Clearing the dirty bit

The error code 0x80004005 no longer appears in the log. Markus wrote that he can reproduce this behavior. His first speculation was that it could be due to the Defender settings. But during tests within the last days with different scenarios there was a crude error pattern.

• Directly after installing a Windows 10 V1909 client and Defender active, the GPOs do not work.
• If, after setting up a Windows 10 V1909 client, he re-enables Windows Defender via the security filtering policy for the machine, everything seems to work normally.

At some point, he came up with the idea of updating Windows Defender on a client manually by having it check for updates. The result: The GPOs are applied again (as expected)!

A buggy signature/engine?

Markus concludes that the signature files distributed in the ISO installation file for Windows 10 version 1909 and/or the Defender engine are simply broken. This would explain the problems with freshly installed test systems with active Defender – and the observation, that the GPOs are suddenly working at a later time. However, he does not understand why the Defender update does not happen immediately after a client is installed. His concluding comment:

I’ll quickly script an update via PowerShell into our deployment and see if the problem can be solved.

Let’s see if the cmdlet Update-MpSignature can help.

In addition, Markus pointed out, that he didn’t found problems in the Defender eventlog. He concluded: Too bad about the weeks of wasted time and damaged nerves!

The question to the affected people would be now, can these findings be confirmed? If it is due to the ISO installation medium, I could give Microsoft a hint. Thanks to Markus for providing the previous findings for publication in the blog – so third parties can benefit from it.

Similar articles:
Windows 10 V1909 and a possible GPO Issue

[German]In a few days Windows 7 SP1 receives security updates for the last time (at least for the broad mass of users). Then the support for this operating system will end. But in January 2020, support for a number of other Microsoft products will end.

A complete overview of all products that reach the end of support in 2020 can be found on this Microsoft website. Here is some selected information what to know about products that reach the support end in January 2020.

January 14, 2020: Windows 7 SP1

On January 14, 2020, Windows 7 SP1 and Windows Server 2008 and Windows Server 2008 R2 will reach the end of support, which means that security updates will be the last time.

For Windows 7 SP1 (except Basic and Home Premium versions), you can purchase Extended Security Update Support (ESU) for a fee. These Extended Security Updates are also available as single licenses for the respective clients, an option for small businesses or freelancers without a software maintenance contract. Then there are security updates for January 2023. I have published some information on this topic in the following blog posts.

Wow! Windows 7 get extended support until January 2023
Windows 7 Extended Security Updates buyable from April 2019
Microsoft offers Windows 7 Extended Update Support to SMBs
Prices for Windows 7 Extended Security Updates till 2023
Windows 7: Free Extended Update Support and usage
Windows 7: Office 365 ProPlus Updates till 2023
Windows 7 Extended Security Updates (ESU) requirements
Windows 7 Extended Security Update (ESU) program available
Windows 7 Extended Security Updates (ESU) program, price and source for SMEs
Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2

For organizations that virtualize it all, Microsoft Windows Virtual Desktop (available on Azure) offers the ability to provide free advanced security updates to a Windows 7 installation through January 2023.

January 14, 2020: Windows Server 2008 / R2

The two server variants will also be discontinued from support on January 14, 2020 and will no longer receive regular updates. There is also an Extended Security Updates program for these server operating systems. However, it will be difficult for Windows Server 2008 / R2 when it is a single system and there is no volume license contract including software assurance. From what I know, Microsoft will not offer ESU single licenses for Server 2008/R2 through CSP partners.

Microsoft advises companies that still need to stay on Windows Server 2008 / R2 to migrate to Azure. By running Windows Server 2008 and 2008 R2 in the cloud, organizations will continue to receive free security updates for Windows Server 2008 / 2008 R2 for at least three more years after January 14, 2020. If you want to upgrade from Windows Server 2008 / R2 to a successor version, you will find information about migration paths in the article Windows Server 2008/R2: In-place upgrade description updated (01/06/2020). Information on migrating from Windows Server 2008 to Azure is available here.

Also Hyper-V Server 2008 and Hyper-V Server 2008 R2 are reaching end of life on January 14, 2020.

January 14, 2020: WSUS 3.0

Windows Server Update Services (WSUS) 3.0 SP2 will also be dropped from support on January 14, 2020. Actually, the end of support would have been on July 11, 2017. But this end date for extended support for Windows Server Update Services (WSUS) 3.0 SP2 has been moved from July 11, 2017, to January 14, 2020, bringing it into line with the support expiration dates for Windows Server 2008 SP2 and Windows Server 2008 R2.

Microsoft WSUS 4.0 will be available for subsequent Windows Server versions (Windows Server 2012/ R2 and later). Instructions for migrating from WSUS 3.0 to WSUS 4.0 can be found in this Microsoft article.  

January 14, 2020: Watch the Office365-Support

Via the patch management list I became aware of an information from blog reader Karl about the support of Microsoft Office 365. Microsoft Office 365 Pro Plus will be dropped from support as of January 14, 2020 for the following operating systems:

• Alle Windows 10 LTSC/LTSB Versions
• Windows Server 2012 and Windows Server 2012 R2

However, Microsoft will continue to support Office 365 ProPlus on Windows 8.1 until the end of the support date in January 2023 and on Windows Server 2016 until October 2025. This can be read in this Microsoft document.  

Several System Center products will expire on January 24, 2020 (see). And on January 31, 2020, updates for Internet Explorer 10 will end. 

[German]At the end of the week a small blog post with some unconfirmed speculations. It is about the Windows 10 Fall 2020 Update (20H2) and the deprecation of the Microsoft Stores for Business and Education.

Windows 10: A tiny Fall 2020 Update?

It’s a speculation, but exciting: Does Microsoft is planning only a ‘small’ stability Fall 2020 Update (20H2) for Windows 10 Spring 2020 Update (20H1)? In 2019, Redmond had introduced a new model: A Major feature update will be released in spring, while in autumn only a kind of stability update will be shipped.

For Windows 10 version 1903 and 1909 both versions got the same updates and Windows 10 version 1903 could be updated to Windows 10 version 1909 with a tiny enablement update. I had some details about this available in the blog post Windows 10 V1909 released, how to get this update?.

In November 2019 there was a mixer session with the Windows Insider team from Microsoft. According to Brandon LeBlanc, however, it was not clear at that time whether Microsoft would continue to use the approach chosen for Windows 10 version 190x in 2020. I had prepared some information from this mixer cast in the blog post Insides: Windows 10 19H2 development/deployment (V1909).

The spring update for Windows 10 2004 (20H1) has been completed in the meantime, should be available in April 2020 and will be a ‘major feature update’. But what about the autumn update (20H2) for 2020? We won’t know exactly until October or November 2020. But Windows Latest reports here, citing Microsoft’s own sources, that the fall version of Windows 10 for 2020 will be a minor update again. Windows Latest says, they have heard from internal Microsoft sources that the concept from 2019 will be maintained in 2020. The 20H2 development branch would then again be delivered as a cumulative update for systems with Windows 10 version 2004 and as a feature update for older Windows 10 builds. Let’s wait and see – it wouldn’t surprise me if it came to that.

Are the Store for Business and Education fading away?

Beside to the Microsoft Store for Windows 10 consumers, there is also the Store for Business for corporate customers and the Store for Education for educational institutions. These stores are designed to provide Windows 10 users with Microsoft apps for their operating system. It’s an open secret, however, that sales through these stores are not the real big seller.

Mary Foley speculates on ZDNet in this article that Microsoft may declare the Store for Business and the Store for Education as deprecated. She refers to contacts at Microsoft. According to them, Microsoft is still trying to clean up the mess in the digital App Store. Hence the attempt, according to Foley’s contacts, to get rid of the Microsoft Store for Business and the Microsoft Store for Education.

Microsoft has refused any official comment on this, but it seems that both stores are dead since 2018. So the idea has something impressive – let’s wait and see how Microsoft decides.

Similar articles
Windows 10 19H2: What could change
Windows 10 V1909 is called November 2019 Update
Windows 10 V1909 released, how to get this update?
Insides: Windows 10 19H2 development/deployment (V1909)
Windows 10 V2004: Release on December 17, 2019?
Windows 10 Insider Preview Build 19033 (20H1) in Slow and Fast Ring – will be Windows 10 Version 2004

[German]Microsoft is introducing some changes in 2020 regarding Windows 10 drivers. Manufacturers will be able to request a feature update blocking for incompatible drivers. And around the patchday and during the rollout of feature updates, driver updates via Windows Update will be suspended.

Windows 10 and its driver issues

In the past, Windows 10 has often been plagued by problems with function updates because drivers from various vendors did not work with the new build of the operating system. Here in the blog I have had more frequent posts about this. Furthermore, the entries of the ‘Show-Stopper for Windows 10 Functional Updates’ are legendary due to driver problems on the Windows 10 status page.

In addition, there is always the annoyance that Windows updates and driver updates are delivered on patchday and then conflicting. It’s often unclear if it is due to driver or security updates. Therefore, Microsoft is introducing changes in 2020 to avoid these problems in advance.

Martin Geuß (Dr. Windows) and Bleeping Computer report on a document that was distributed to Microsoft partners. The document was originally marked as confidential (for Hardware Dev Center users), but was probably distributed more widely after an update (and is available on the net, according to ZDnet it was also available at Microsoft).

Feature update blocking due to driver incompatibility

In the document, Microsoft informs its partners about some changes in 2020. Here is the text excerpt of the relevant passage from the six-page document:

Feature Update Windows Update (WU) Offer Block Mitigation Request

In order to ensure that end users have a good post-update experience, when a driver has a known incompatibility with a feature update, Partners can request a temporary WU offer block (~30-60 days) so that Windows Update will not offer the feature update to devices running a driver version with a known incompatibility. The offer block will be removed once a partner has posted an updated driver (as Automatic and/or Dynamic) via Hardware Dev Center portal.

The following screenshot shows a larger part of the relevant page from this document.

To ensure that Windows 10 feature updates do not cause issues with an incompatible driver, a Microsoft partner (usually a device manufacturer) can request an upgrade block. Then, on Windows 10 machines that have the incompatible driver, the upgrade is deferred for 30 to 60 days and the feature update is not offered. The feature update block ends when the partner makes an updated driver available for distribution through the Hardware Dev Center portal.

Blocking driver updates during upgrades/Patchday

The document titled Driver Shiproom Release Cadence Windows 2020 contains additional information in the version of January 8, 2020.

Microsoft determines when drivers submitted by partners that require approval for release through Windows Update may be submitted, or when distribution is suspended. At

• monthly patchday (2nd Tuesday of the month) will be one day before and after, 
• and for feature updates to a new Windows 10 build, two days before and after

no driver updates are delivered via Windows Updates. This is to prevent driver updates from colliding with security updates and function updates and causing problems. In addition, this timing equalization should also make it easier to diagnose problems that approach incompatible drivers – after all, the user doesn’t get a buzz from security and driver updates.

[German]Some users are facing an upgrade error 0xA0000400 during an attempt, to upgrade a Windows 10 machine to a newer build. I first came over this error 0xA0000400 in Windows 10 Anniversary Update (see the linked German blog post). The installation then stalls. Here is some information about the problem.

Error code 0xA0000400 is reported by the upgrade wizard (see screenshot below) and indicates that something went wrong with the Windows 10 upgrade installation.

(Source: MS Answers)

Unfortunately there is no further explanation – it seems that there is no single root cause. It is noticeable that the error mainly affected users in 2016 in the area of Windows 10 Education Version 1607. In this MS Answers forum thread it becomes clear that something is wrong with the upgrade eligibility.

I also found the error in this Technet forum thread. But there is no solution. The error also occurs in later Windows 10 builds (see below and in this technet forum thread).

Why is the upgrade eligibility missing?

Some versions of Windows do not qualify for an upgrade (see also the upgrade paths here). For example, a Windows Enterprise version cannot be upgraded to Windows 10. Probably nobody will really try to do so.

The error occurs (in my opinion) mainly when an incorrect Windows installation file was loaded, or when using Windows 10 Education version 1607 (see). Regarding Windows 10 Education the error is known and it was known in 2016, that Microsoft is working on a solution. I haven’t found a hint, that this has been solved finally.

Try a Disk Cleanup

To ensure that no full system partition or temporary files prevent the upgrade, you should try a disk cleanup as a precaution. Depending on the Windows 10 version, this can be done via the properties of the Windows 10 system drive (right click, context menu command Properties and the Cleanup button on the General tab) or via the Settings page. After the Disk Cleanup, you should reboot and check if there is enough free space on the system drive. The approach is also described here.

A workaround: Upgrade via ISO file

A workaround to install Windows 10 Anniversary Update (or a later Windows 10 build) if the system is eligible for an upgrade would be to create an installation disc with the Media Creation Tool. The Media Creation Tool for Windows 10 may be downloaded at: Media Creation Tool. After creating an Install DVD or an USB install media from that ISO file – or after you have mounted the ISO file in Windows 10 (via context menu in explorer), an update/upgrade can be initiated by running the setup.exe. And if that doesn’t work, a Clean Install is required (see also here and here).

The error occurs in Windows 10 V1903

In Mai 2019 users are also confronted with this error when upgrading from Windows 10 version 1903 (May 2029 update). There is a thread about this bug in the Technet forum. There you can find also the hint that no clear cause has been found so far. A disk cleanup is suggested (so that no missing free space prevents the upgrade). Also removing all usb media may help. If this does not help, an upgrade via Windows 10 version 1903 ISO installation file is also suggested.

Similar articles:
Tip: Windows 10 ISO direct download from MS via Chrome
Windows 10 V1909: ISOs in VS subscription available

[German]Google has announced recently to support the Google Chrome browser also over the end of support for Windows 7 SP1 until mid 2021. Here is some information on the topic.

End of support for Windows 7

On 14.1.2020 there will be security updates for Windows 7 for the last time in the context of Extended Support. Microsoft is thus ending its 10-year support for the operating system. Only corporate customers have the possibility to obtain security updates until January 2023 via the paid ESU program (see links at the end of this article).

This end of support also means that software vendors will gradually phase out support for Windows 7 beginning January 14, 2020. Many programs will continue to run on Windows 7, but browsers and e-mail clients might eventually become risky to use when there are no more updates. At the latest when a browser that is no longer updated no longer provides support for required web standards, the software can’t be used anymore.

Chrome continues to support Windows 7

German blog reader Ralf already mentioned the topic in this comment a few days ago (thank you for that) – and I had noticed. Google pointed out in this blog post that they still support Windows 7.

While Google expects companies to migrate to Windows 10 sooner or later, it writes that this could be a tricky process and take longer. Google has therefore announced that it will continue to fully support Chrome on Windows 7 for at least 18 months from Microsoft’s end-of-life date (January 14, 2019) until at least July 15, 2021. On this date, the market share of Windows 7 will be reviewed and a decision will be made on whether to continue support for even longer.

Companies that have not yet begun the transition to Windows 10 or are in the middle of the migration phase can continue to benefit from Chrome’s enterprise features, the manufacturer said. In the blog post, Google highlights the browser’s advanced security features such as Safe Browsing, Site Isolation and the new Password and Phishing protection.

Similar articles
Wow! Windows 7 get extended support until January 2023
Windows 7 Extended Security Updates buyable from April 2019
Microsoft offers Windows 7 Extended Update Support to SMBs
Prices for Windows 7 Extended Security Updates till 2023
Windows 7: Free Extended Update Support and usage
Windows 7: Office 365 ProPlus Updates till 2023
Windows 7 Extended Security Updates (ESU) requirements
Windows 7 Extended Security Update (ESU) program available
Windows 7 Extended Security Updates (ESU) program, price and source for SMEs
Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2

Tip: Troubleshooting TLS/SSL issues
Microsoft’s TLS issues

[German]If the rumors are true, today comes a critical patch for the CryptoAPI of all versions of Windows. The vulnerability is putting all kind of encryption at risk. The US military is said to have received the fix in advance.

First patchday in 2020

January 14, 2020 is the first regular patchday from Microsoft this year. Windows 7 will then get its last planned security updates. But also other Windows versions and other Microsoft products will probably be patched. So far so normal.

Security expert rumor

I had already heard it mentioned that night in the askwoody.com newsletter as a nebulous hint. Woody Leonhard refers to a tweet from Will Dormann (security analyst at CERT/CC):

I get the impression that people should perhaps pay very close attention to installing tomorrow’s Microsoft Patch Tuesday updates in a timely manner. Even more so than others.
I don’t know… just call it a hunch?
¯\_(ツ)_/¯

— Will Dormann (@wdormann) January 13, 2020

But then I came across a little more detail with Brian Krebs. Sources tell KrebsOnSecurity that Microsoft will release a critical security update today, Tuesday. This is to fix an extremely serious security hole in a central cryptographic component that is present in all versions of Windows.

The sources quoted by Krebs say that Microsoft has tacitly provided a patch for the bug to the US military and other high-value customers/targets that manage critical Internet infrastructure. However, these organizations were asked to sign a Non Disclosure Agreement (NDA). This prevents them from publishing details of the bug before January 14, 2020.

Vulnerability in crypt32.dll

According to the sources of Krebs, the vulnerability is located in the Windows library crypt32.dll. According to Microsoft, this library is responsible for handling the “certificate and cryptographic message functions in the CryptoAPI”. The Microsoft CryptoAPI enables developers to cryptographically secure Windows applications. For this purpose there are functions for encrypting and decrypting data with the help of digital certificates.

A critical vulnerability in this Windows component could have far-reaching effects on the security of a number of important Windows functions. These range from authentication on Windows desktops and servers to the protection of sensitive data encrypted by browsers or applications using the API.

Krebs speculates that a flaw in crypt32.dll could also be used to bypass or forge the digital signature for software packages. Such a vulnerability could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company. The DLL for the CryptoAPI was introduced more than 20 years ago, meaning the old stuff is also in the ultramodern Windows as a service. Let’s see what’s coming within a few hours.

[German]On January 14, 2020, Microsoft released security updates for Windows clients and servers, for Office, etc. Here is a compact overview of these updates.

A list of the updates can be found on this Microsoft page. Details about the update packages for Windows, Office etc. are available in separate blog posts.

Servicing Stack Updates

Microsoft now publishes an overview of all current Servicing Stack Updates (SSUs). The list of SSUs can be found at ADV990001  (but is not always up to date).

Notes on updates

All Windows 10 updates are cumulative. The monthly patchday update includes all security fixes for Windows 10 and all non-security related fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates contain defense-in-depth updates to improve security.

The updates can also be downloaded from the Microsoft Update Catalog. The updates for Windows RT 8.1 and Microsoft Office RT are only available via Windows Update.

Information on the support period for Windows 10 can be found in the Windows Lifecycle Facts Sheet. Internet Explorer 11 is available on Windows Server 2012 since May 2019. This configuration is only available through the Cumulative Update for IE.

For Windows 7 SP1 and Windows Server 2008/R2, an updated SHA-2 code signing update KB4474419 was released on October 8, 2019 (see this comment at askwoody.com). Extended Support for these operating systems will end on 01/14/2020 – and further updates will only be available for ESU program participants.

The January 2020 security updates cover 49 CVE vulnerabilities in Microsoft Windows, Internet Explorer (IE), Office and Office Services and Web applications, ASP.NET, .NET Core, .NET Framework, Modern Apps, and Microsoft Dynamics. From these vulnerabilities are listed eight listed with severity as Critical and 41 listed as Important. According to Microsoft, none of these vulnerabilities are publicly known or under active attack at the time of release. However, there have been some reports of an IE bug that is actively exploited but not yet fixed by an update. A list can be found in the blog of the Zero-Day-Initiative – Talos has also published a summary here (details will be covered separately in blog posts). 

Critical Security Updates

Internet Explorer 11
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803  (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
.NET Core 3.0
.NET Core 3.1
ASP.NET Core 2.1
ASP.NET Core 3.0
ASP.NET Core 3.1
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8

Important Security Updates

Dynamics 365 Field Service (on-premises) v7 series
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
Office Online Server
OneDrive for Android

Low Security Updates

Internet Explorer 9
Internet Explorer 10

Similar articles:
Microsoft Office Patchday (January 7, 2020)
Microsoft Security Update Summary (January 14, 2020)

[German]On January 14, 2020, Microsoft released the first cumulative update (KB453555) for the Windows 10 Insider Preview Build 19041.21 (should be for the 20H1 development branch) for insiders in the slow ring. Here is some information about it.

The information about this cumulative update (KB453555) can be found in the Windows Blog. Microsoft indicates the following changes:

Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Graphics, Microsoft Scripting Engine, .NET Framework, Windows Cryptography, Windows Subsystem for Linux, Windows Peripherals, Windows Storage and Filesystems, and Windows Server.

The colleagues at deskmodder.de have listed some more details here and point out that the vulnerabilities in the CryptoAPI mentioned in the article Windows: Is a critical cryptography patch coming today? has been fixed.

[German]On 14 January 2020, Microsoft released various (security) updates for Windows 7 SP1 and further updates for Windows 8.1 and the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

A rollup and a security-only update have been released for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support for successful installation of the security updates. 

Beginning January 15, 2020, Windows 7 will display a full-screen end-of-support notification in Starter, Home Basic, Home Premium, Professional (without ESU license), and Ultimate. This must then be closed by the user.

As of January 14, 2020, Windows 7 SP1 and Windows Server 2008 R2 SP1 will reach the end of support and will only receive paid security updates under the ESU program.

KB4534310 (Monthly Rollup) foür Windows 7/Windows Server 2008 R2

Update KB4534310 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1)contains (besides the security fixes of October 2019) improvements and bug fixes and addresses the following:

Security updates to the Microsoft Scripting Engine, Windows Input and Composition, Windows Storage and Filesystems, and Windows Server.

Windows 7 does not appear to be affected by the CryptoAPI vulnerability reported for Windows.

This update is automatically downloaded and installed via Windows Update. The package is also available from the Microsoft Update Catalog and is distributed via WSUS. The installation requires that the SSU (KB4490628 dated March 2019 and the SHA-2 update KB4474419 dated September 10, 2019) is already installed. If installed via Windows Update, this will be installed automatically. After the update installation Microsoft recommends to install the SSU KB4536952 ((if not already installed). This SSU was released on January 14, 2020 and brings improvements to the service stack.

Since August 2019, the SHA-2 update (KB4474419) must be installed before installing this security update. This is because newer updates are only delivered via SHA-2 Code Signing for Windows Update and WSUS. Microsoft has made an update on October 8, 2019. The update should be updated automatically.

Microsoft does not list any known issues for this update.

KB4534314 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4534314 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues. 

Security updates to Windows Input and Composition, Windows Storage and Filesystems, and Windows Server.

The update is available via WSUS or in the Microsoft Update Catalog.

To install the update, the prerequisites listed in the KB article and above for the rollup update must be met.

When deploying WSUS, please make sure that the above mentioned SSU and SHA-2 updates are installed – the automatic installation is not done via Windows Update. After installation, Windows must be restarted before the security-only update is installed. You should also install the security update KB4534251 for IE. Microsoft does not list any known issues for this update.

Updates f0r Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.  

KB4534297 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4534297 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following.

• Addresses an issue to support new SameSite cookie policies by default for release 80 of Google Chrome.
• Security updates to the Microsoft Scripting Engine, Windows Input and Composition, Windows Media, Windows Storage and Filesystems, and Windows Server.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. In case of a manual installation, the latest Servicing Stack Update (SSU KB4524445) must be installed before.

The update has a known issue: Certain actions, such as renaming, that you perform on files or folders that are located on a cluster shared volume (CSV) may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.

KB4534309 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4534309 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.

Security updates to Windows Virtualization, Windows Kernel, Windows Peripherals, and Windows  Server.

The update is available via WSUS or in the Microsoft Update Catalog. The update has the same known issues as the rollup update, these are described in the KB article. In case of a manual installation the latest Servicing Stack Update (SSU) must be installed before. You should also install the security update KB4534251  for IE. For this update, Microsoft lists the same known issues as for rollup update.

Similar articles:
Microsoft Office Patchday (January 7, 2020)
Microsoft Security Update Summary (January 14, 2020)
Patchday: Updates for Windows 7/8.1/Server (Jan. 14, 2020)

[German]On January 14, 2020 (second Tuesday of the month, Patchday at Microsoft) several cumulative updates for the supported Windows 10 builds were released. Here are some details about the respective updates.

A list of the updates can be found on this Microsoft website. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001 (if it is not up to date, please check the Microsoft Update Catalog for Servicing Stack Updates).

Updates for Windows 10 Version 190x

Microsoft provides the same update packages for the Windows 10 builds 1903 and 1909 that were released in 2019. The following updates are available for the Windows 10 May 2019 Update (Version 1903) and the Windows 10 November 2019 Update (Version 1909).

Update KB4528760 for Windows 10 Version 190x

Cumulative Update KB4528760 raises the OS build to 18362.592 (Windows 10 V1903) or 18363.592 (Windows 10 V1909). The update is available for Windows 10 version 1903, for Windows 10 version 1909, and for Windows Server version 1903 and Windows Server version 1909. It contains quality improvements but no new operating system features. Here is the list of improvements, referred to by Microsoft as highlights:

• Updates to improve security when storing and managing files.
• Updates to improve security when using input devices such as a mouse, keyboard, or stylus.

The following fixes and improvements to Windows 10 version 1909, which are identical to version 1903 (update is also available for the Hololens), have been added:

Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cryptography, Windows Storage and Filesystems, the Microsoft Scripting Engine, and Windows Server.

Thus, a number of unspecified errors are fixed (this included also the bug in the CryptoAPI). 

Microsoft has also released an update directly for the Windows Update Client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update and is also available in the Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system before you install the latest cumulative update (LCU). Microsoft does not report any known issues with this update.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (Version 1809) and Windows Server 2019.

Update KB4534273 for Windows 10 Version 1809

Cumulative Update KB4534273 raises the OS build (according to MS) to 17763.973 and includes quality improvements but no new operating system features. Here is the list of improvements, called highlights by Microsoft:

• Updates support for Google Chrome’s new cookie policies.
• Updates to improve security when using input devices such as a mouse, keyboard, or stylus.

There have been the following fixes and improvements addded to the Windows version: :

• Addresses an issue to support new SameSite cookie policies by default for release 80 of Google Chrome.
• Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cryptography, Windows Virtualization, the Microsoft Scripting Engine, and Windows Server.

Microsoft has also released an update directly for the Windows Update Client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system before you install the latest cumulative update (LCU). Microsoft lists several known issues that this update causes. For details, see the KB article. 

Updates for Windows 10 Version 1507 till 1803

For Windows 10 RTM up to version 1803, various updates are available for the LTSC versions and, if necessary, the Enterprise versions. The Home and Pro versions, however, have been dropped from support. Here is a short overview.

• Windows 10 Version 1803: Update KB4534293 is only available for Enterprise and Education. The update raises the OS build to 17134.1246. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article. 
• Windows 10 Version 1709: Update KB4534276 is only available for Enterprise and Education. The update raises the OS build to 16299.1625. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4534271 is now available only to Enterprise LTSC. The update raises the OS build to 14393.3443. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article. 
• Windows 10 Version 1507: Update KB4534306  is available for the RTM version (LTSC). The update raises the OS build to 10240.18453. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download in the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article. Details can be found in the KB article.

Windows 10 version 1703 has reached the end of support in November 2019. Update KB4534296 is only available for Surface Hub devices. There was no update for Windows 10 V1511, because this version has dropped out of support. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Microsoft Office Patchday (January 7, 2020)
Microsoft Security Update Summary (January 14, 2020)
Patchday: Updates for Windows 7/8.1/Server (Jan. 14, 2020)

[German]A small security note for administrators running Windows (Essentials) Server 2012 and Windows Server 2016/2019 with the Remote Desktop Gateway role enabled If you want users to be able to access the RCE vulnerability CVE-2020-0609 on ports 443 and 3389, read the following notes on the RCE vulnerability CVE-2020-0609.

CVE-2020-0609 at Windows Server

I already became aware of the topic during a tweet from Woody Leonhard. Susan Bradley, who is working as an admin, immediately recognized the significance of the CVE-2020-0609 vulnerability.

If you’re an admin with an Essentials 2012 (or later) server, or you use RD Gateway over port 443, you really need to install the latest patches. CVE-2020-0609 #PatchLady https://t.co/Mmmvl6hCdP

— Woody Leonhard (@AskWoody) January 15, 2020

Susan Bradley writes about Essentials 2012 Server and higher – but according to Microsoft it concerns Windows Server 2012 and higher. Microsoft has issued security advisory CVE-2020-0609 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability.

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.

The update addresses the vulnerability by correcting how RD Gateway handles connection requests.

Microsoft has released security updates for the affected server versions to close the vulnerability.

• Windows Server 2012: KB4534283 (Monthly Rollup), KB4534288 (Security-only)
• Windows Server 2012 R2: KB4534297 (Monthly Rollup), KB4534309 (Security-only)
• Windows Server 2016: KB4534271 (cumulative Update)
• Windows Server 2019: KB4534273 (cumulative Update)

With these updates the vulnerability could be patched – but read the instructions in the Known Issues sections of the KB articles first. Windows Server 2008/R2, which reached the end of support on Jan 14, 2020 (and also Small Business Server 2011) are not affected by this vulnerability.

Similar articles:
Microsoft Office Patchday (January 7, 2020)
Microsoft Security Update Summary (January 14, 2020)
Patchday: Updates for Windows 7/8.1/Server (Jan. 14, 2020)