[German]In June 2020, Microsoft released the KB4557957 cumulative update for Windows 10 version 2004. As a result, in June or July 2020, some users may have had tablet mode enabled. It’s been a few days, but I’ll take it up with you. Here is some information I received from German blog reader Markus.

Update KB4557957 for Windows 10 Version 2004

Cumulative Update KB4557957 raises the OS build to 19041.329. The update is available for Windows 10 version 2004 and for Windows Server version 1903 and Windows Server version 2004. The update includes quality improvements but does not include new operating system features. I reported about the update in the blog post Patchday: Windows 10-Updates (June 9, 2020). The update also makes some optimizations in the touch area, so that undocking a dock should work.

Users are annoyed about activated touch mode

German blog reader Markus already informed me at the beginning of July about an observation he made with his customers. He made the whole thing the subject of this post. There he wrote:

On some Windows 10 customer computers the tablet mode has been activated in June/July 2020. The annoying consequence for many users: The start menu covers parts or the whole desktop.

Markus suspects that the problem seems to be caused by the update KB4557957, which should improve the touch experience and make it easier to switch between tablet and desktop mode. He referenced this article from Windows Latest as a source, who noticed that, too. Markus notes that these issues all occurred on stand alone PCs or notebooks without touch display. Update KB4557957 was a real problem bear, as it was also responsible for several printer failures (see also Windows 10: Printer issues after June 2020 Updates). If you are affected by this problem and are looking for a remedy to switch off the tablet mode again, you can find it in this article.

[German]Users of Windows 10 can be annoyed by two errors in versions 1903 up to 2004. Both the Windows Sandbox and the Windows Defender Application Guard (WDAG) are affected by errrors 0xC0370400 and 0x80070003. Microsoft has confirmed these issues as of July 24, 2020 and plans to release a fix at some point.

First of all: Both errors only affect the commercial versions of Windows 10, because the Windows Sandbox (for virtualization) as well as the Windows Defender Application Guard (WDAG) are not available in Windows 10 Home.

The error codes 0x80070003 and 0xC0370400

The first error code 0x80070003 stands for E_PATHNOTFOUND and is an error indicating incorrect path information. The second error code 0xC0370400 stands for ERROR_VSMB_SAVED_STATE_FILE_NOT_FOUND and also describes a state where a required file with a stored state cannot be found. Both errors should not actually occur in a cleanly implemented operating system environment.

Windows Sandbox and WDAG affected

The two error codes 0x80070003 and 0xC0370400 can occur both with Windows Defender Application Guard (WDAG) and when opening the Windows Sandbox, as Microsoft states in the support document Receiving an error message when attempting to open Windows Defender Application Guard (WDAG) or Windows Sandbox. The issues affects the following Windows 10 versions::

• Windows 10 Pro Version 1903
• Windows 10 Enterprise Version 1903
• Windows 10 Pro Version 1909
• Windows 10 Enterprise Version 1909
• Windows 10 Pro Version 2004
• Windows 10 Enterprise Version 2004

The relevant features such as the Windows Sandbox or the Windows Defender Application Guard (WDAG) cannot then be used, after the error occurs. Microsoft suggests restarting the system as a workaround. The developers are currently working on eliminating the causes of the errors and plan to provide an update in a future version.

The developers in this area probably do not have such a lucky hand. I recall the sandbox error 0xc0370106, which made the sandbox, which was recently introduced in Windows 10 version 1903, simply unusable for many users for months. And also the Windows Defender Application Gurad (WDAG) always had bugs that annoyed the users (see links at the end of the article). Since WDAG is touted as a security feature, the bug is doubly bitter. In my eyes, this is a no-go in an enterprise environment. (via)

Similar articles
Windows 10 V1903: Update KB4497936 breaks Sandbox
Windows 10: Update KB4483214 breaks Sandbox mode
Windows 10 gets Sandbox for applications
Windows 10 V1903: Sandbox fails with error 0xc0370106
Wrong language in Windows Defender Application Guard
Windows 10 Insider Build 17713.1002 breaks Defender Application Guard

[German]It seems to me that Microsoft no longer really has its update process under control. Forced updates from Windows 10 systems to my builds – and also an installation of optional updates without further user request.

Preview updates are forced to install

Actually, preview updates should be found as optional when searching for updates. Then the user has to initiate the download and installation of this update via a hyperlink. But exactly this mechanism fails with some Windows 10 clients and Windows Server 2019 machines. German blog reader Olaf (and ex-MVP colleague) contacted me last week and shared one of his observations. As a professional administrator he is in charge of the client’s systems – but in these cases probably in unmanaged environments.

He writes: “On several customer systems with Windows 10 1909 and a Windows Server 2019, the .NET Framework preview update was installed just like that after I checked for updates from Microsoft in the settings. It is particularly fatal that this also happens with Windows Server 2019. It is the update KB4567327 from July 21, 2020, which Microsoft only recommends to install here.

Forced feature upgrade for older Windows 10 versions

I already reported a few days ago that Microsoft opens all the floodgates for Windows 10 and forcibly updates machines with older operating system versions to the current Windows 10 version (see Windows 10: Forced update to 2004 for old versions?). Olaf told me about Facebook there as well:  :

I just wonder, why suddenly all clients in a small office got Windows 10 2004 installed automatically on their PCs without anyone clicking it. Previous installed version was 1909. I thought Microsoft will allow the users to select feature updates separately from the normally configured update policy??? Thanks for another broken evening…

There, in a small office, all Windows 10 clients had suddenly been forced to upgrade to Windows 10 May 2020 Update (Version 2004). Microsoft has simply degenerated into a ‘garage company’, where you get a lot of trash. The message of Microsoft manager Brad Anderson, blurted out a few years ago: ‘Leave the update installation to us, we know what’s good for you’ appears to be just aloof (see Anwender: Überlasst Microsoft die Verwaltung der Updates …).

#PatchLady has observations on the bifurcated mess that has become Windows Update. She sees DIFFERENT behavior in Win10 1903. So your Win 10 Update this month will look and behave differently, depending on whether you’re running Win10 2004, 1909 or 1903. https://t.co/o5plYeLXi8

— Woody Leonhard (@AskWoody) July 29, 2020

Addendum: Just read the tweet above. MVP colleague Susan Bradley addressed the same on askwoody.com.

[German]On July 29, 2020, Microsoft released the Windows 10 Insider Preview Build 20180 for insiders in the Developer Channel. It is the anniversary build, because Windows 10 was released exactly 5 years ago. The announcement with references to the new features was made in the Windows Blog. Microsoft has mainly unlocked features that were released in Build 20161 for the tiles of the Start menu. In addition there are some fixes and hints for developers, which can be read in the Windows Blog.

[German]Microsoft’s Defender integrated into Windows marks Piriform’s CCleaner software as a potentially unwanted program (PUP, Potential Unwanted Program or Potential Unwanted App, PUA).

In September 2019, I had mentioned in the German blog post Microsoft setzt CCleaner-Domain [im MS Answers-Forum] auf die Black-List that Microsoft had put Pirifom’s optimization and cleaning software CCleaner on the list of unwanted programs. Specifically, the entire domain of Piriform was put on the blacklist. A few days later there was the back rowing when Microsoft removed the entry again..

They did it again: Defender blocks CCleaner

Various media have noticed – Microsoft has once again pulled the rip cord and classified the cleaner as a potentially unwanted program (PUP) via Windows Defender.

Microsoft Flags CCleaner as Potentially Unwanted Application, Deletes Its Files https://t.co/8AdYBIxOkE #Microsoft #PUA #antivirus #CCleaner #Avast

— Bogdan Popa (@bgdftw) July 29, 2020

On this Microsoft page there is a note that Windows Defender now detects an unwanted program PUA:Win32/CCleaner. The reason for this is as follows:

Certain installers for free and 14-day trial versions of CCleaner come with bundled applications, including applications that are not required by CCleaner or produced by the same publisher Piriform. While the bundled applications themselves are legitimate, bundling of software, especially products from other providers, can result in unexpected software activity that can negatively impact user experiences. To protect Windows users, Microsoft Defender Antivirus detects CCleaner installers that exhibit this behavior as potentially unwanted applications (PUA).

Martin Brinkhaus of ghacks.net put it in a nutshell in his tweet with the image of the installer: Piriform, which belong to Avast, also deliver the Avast antivirus software in a bundle with the test program.

CCleaner lagged as potentially unwanted by Windows Defender #ccleaner #windows #securityhttps://t.co/hec6TqtlQc pic.twitter.com/edijcBk6aD

— ghacksnews (@ghacks) July 30, 2020

Avast’s attempt to bring its free antivirus solution with the Ccleaner to the user community has backfired. Microsoft then also writes:

PUA include CCleaner installers that have been found bundling the following applications. Note that these are normal applications that are not detected by Microsoft Defender Antivirus. 

• Google Chrome
• Google Toolbar
• Avast Free Antivirus
• AVG Antivirus Free

While the CCleaner installers do provide an option to opt out, some users can easily inadvertently install these bundled applications.

So the Google Toolbar and the Chrome browser are also installed with the CCleaner. Bleeping Computer has probably covered the story for the first time in this article. There are statements from Microsoft and Piriform. Piriform writes that the free version and Recuva are affected, but not the paid version. Let’s see how long this ban lasts.

Background to the CCleaner

Cleaner is a free tool for cleaning up Windows – Wikipedia writes here about ‘optimization’. Some hints on what is ‘cleaned and optimized’ can be found under Askvg. I don’t like this part (I’ve met too many people in forums who have used it to clean their systems to the breaking point) and see CCleaner more as a kind of snake oil (not really necessary, but the tool is very popular among users). 

(Source: Talos)

In my blog posts about the CCleaner (see link list at the end of the article), I advise you to keep your hands off this tool. But every user makes his own decision.

Similar articles
Chromium edge can prevent PUP downloads
Update to CCleaner 5.59.7230 installs CCleaner Browser PUP
CCleaner comes with AVAST PUP
PUP: AVIRA adds Aviara Launcher to paid versionCCleaner v5.64.7613 released

CCleaner has been infected with malware
CCleaner comes mit AVAST PUP
CCleaner forces update from v5.38 to v5.46
AVAST CCleaner 5.45 and the telemetry thing
CCleaner 5.45 pulled and other peculiarities
CCleaner V 5.46 with improved data settings
CCleaner forces update from v5.38 to v5.46
CCleaner v5.52.6967 released
Update to CCleaner 5.59.7230 installs CCleaner Browser PUP
CCleaner v5.60.7307 released
CCleaner v5.64.7613 released

[German]Several vulnerabilities have been discovered in the GRUB2 boot loader, which could compromise both the Linux system and the Secure Boot available in Windows during boot process. Invisible malware may be planced on systems.

GRBU2 allows invisible malware

Security researchers from Eclypsium, a security company specializing in firmware and hardware vulnerabilities, have discovered a buffer overflow (CVE-2020-10713) in the GRUB2 boot loader. This is related to the way GRUB2 parses content from its configuration file grub.cfg, which is located externally in the EFI system partition. Attackers could modify “grub.cfg” because it is a simple text file. Any software could be loaded by the boot loader. By modifying GRUB’s configuration file, the attacker could gain control over the boot process. Bleeping Computer has written this article on the subject and ZDNet is preparing it in the following tweet.  

Here’s a list of vendors/orgs that Eclypsium expects to release patches or security alerts about BootHole today or in the coming days or weeks. A list with a who’s who names on it.

Full BootHole technical write-up is here: https://t.co/og7Cm2FMwW pic.twitter.com/wmQ4m8rS3v

— Catalin Cimpanu (@campuscodi) July 29, 2020

The devices concerned are also discussed there. The Linux distributors are now working on patches that introduce a digital signature for the files. But that will probably be a long way off.

Microsoft also warns

On Twitter I came across the following information that the vulnerability in GRUB2 could also affect the secure boot of Windows systems.

Microsoft is aware of a GRUB 2 vulnerability that could impact Secure Boot. See link for guidance and more details: https://t.co/usqyBGatiS

— Security Response (@msftsecresponse) July 29, 2020

Microsoft has published this article, in which they give hints and instructions on how to use BootHole. Microsoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB), which is commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow a secure bypass of the boot process.

To exploit this vulnerability, an attacker would have to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and execute arbitrary boot code on the target device. After successful exploitation of this vulnerability, the attacker could disable further code integrity checks, allowing the loading of arbitrary executables and drivers onto the target device.

Microsoft is working to complete validation and compatibility testing for a required Windows update that addresses this vulnerability. If you are an IT professional and want to fix this vulnerability immediately, you can implement the mitigation measures provided by Microsoft in the Mitigation section when you install an untested update. In this support document, Microsoft provides specific details about securing the Secure Boot.

This vulnerability is detectable via the TPM confirmation and Defender ATP. CVEs assigned for this problem are: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707.

[German]Owners of a Microsoft Surface ProX are facing trouble upgrading their devices to the Windows 10 May 2020 Update. This only works if the Internet connection is disconnected as a workaround.

Upgrade to Windows 10 version 2004 fails

The Surface Pro X is the ARM version of the Microsoft Tablet PCs and was launched in late 2019. Martin Geuß introduced the device in this article, for example.  Owners of these devices have also received firmware updates time and again, which should optimize things like the dock etc. And the ARM base already provides the ‘exotic status’. MVP colleague and surface freak Barb Bowman has now posted a problem case from the Microsoft Answers forum on Twitter.

.@windowsinsider @WindowsUpdate Surface ProX customers are unable to update to 2004 unless they disable Internet connection after downloading it. Don’t know if this was issue during testing. Can someone pls investigate and advise? See https://t.co/rkoVfvgN72

— Barb Bowman (@barbbowman) July 30, 2020

There is a very long thread in the Microsoft Answers Forum that started on May 28, 2020 and is now very long. It deals with the bug when upgrading Surface Pro X to the Windows 10 May 2020 Update.

Cannot upgrade Surface Pro X to Windows 10 version 2004

Hello, I’ve tried to upgrade my Surface Pro X to Windows 10 version 2004 and I got an error message saying ‘This PC can’t be upgraded to Windows 10’

Any idea why? and what can be done ?

MPV colleague Barb Bowman, who is an active community moderator (now called a Volunteer Moderator), wrote about this on June 30 , 2020 :

I’ve been advised by Microsoft that Windows May 2004 Feature Update for Pro-X should not be offered via Windows Update and is blocked for installation and that they are working on unblocking it. They are not sure why the update is being offered and will investigate from Feedback Hub reports. They recommend not installing using the work around.

The developers are investigating the latest bug and have set an upgrade stopper for the devices in relation to Windows 10 version 2004.

Workaround, but not recommended

Somebody posted a workaround within the forum thread.

1.  Go to this link and click on the blue update now button, it will download the update assistant tool.  

2.  Let it go through the setup, system check etc.

3.  It will start to download the update, keep an eye on it as it will get to 100%.

4.  It will then VERIFY the download, keep watching for it to get to 100%.

5.  As soon as it starts installing the update, turn off wifi.  If you turn it off too quickly, it will just hang this happened to me the first time and I had to reboot.  When I saw it move from 1-3%, that’s when I turned wifi off.

6.  It will fully install, and reboot.  Caution:  The install took about 20-30 mins on my Surface Pro X with 16GB of RAM.

7.  After reboot and in the Windows environment, turn wifi back on and check for system updates.  There will be several updates and a 7/24/2020 Surface Pro X firmware update as well.

But this workaround isn’t recommended, although it seems to work.

[German]Microsoft has again made changes in the Windows 10 May Update (Version 2004) and removed the Internet driver search from the Device Manager. Here is some information on the subject.

Driver update via Device Manager (old)

In Windows you can call up the Device Manager (e.g. via the Start menu) and then select a device entry in the device list. In the properties of the device (e.g. accessible via context menu or double click) the button for driver update on the Driver tab can be selected in administrator mode. Or directly select the context menu entry Update driver – see also.

Then Windows opens the Driver Installation Wizard dialog box, which offers several options for searching for driver software.

##

Previously, the category Search automatically for updated driver informed you that this search was performed on your computer and on the Internet (see also) .

Changes from Windows 10 May 2020 Update onwards

However, starting with Windows 10 May 2020 Update (version 2004), Microsoft will begin to revise this feature again. If you call up the dialog box for driver search, it looks like the one shown below (I just have a German edition).

The dialog box now only says that it is searching for drivers on the computer (see screenshot). The colleagues from German site deskmodder.de have taken a closer look and analyzed this. They write to it: 

During a test I could find out that until Windows 10 2004 / 2009 19041.388 or 19042.388 a search query is still started online. Although in the text the word Internet was already removed.

Therefore they looked at the network traffic during the local search. But then the preview update KB4568831 was installed – and afterwards there were no internet queries when using the driver search. The driver search in the internet via Device Manager seems to become history – only those who search in Windows Update may be offered drivers there (see also Windows 10: News about driver updates from March 2020).

Similar articles:
Windows 10: Microsoft allows feature and driver update blocks
Windows 10: News about driver updates from March 2020
Fix: Windows 10 driver blocked by core isolation
Windows 10: News about driver updates from March 2020
Windows 10: Microsoft allows feature and driver update blocks

[German]On July 31, 2020, Microsoft released the cumulative (preview) update KB4568831 for the Windows 10 May 2020 Update (version 2004) and its Windows Server counterparts. The update is intended to fix some bugs.  Here is an overview of the affected packages.

Preliminary remarks about Windows 10 updates

The information can be found on the Windows 10 Update History page. Please note that support for older Windows 10 versions has expired. Windows 10 Home and Windows 10 Pro will no longer receive an update. Since July 2020, Microsoft has resumed the non-security versions for Windows 10 and Windows Server, version 1809 and later.

Important: From July 2020, all Windows updates disable RemoteFX vGPU functionality due to the CVE-2020-1036 vulnerability (see also KB4570006). After installing this update, attempts to start virtual machines (VM) with RemoteFX vGPU enabled will fail.

Update KB4568831 for Windows 10 V2004

Cumulative Update KB4568831 for Windows 10 Version 2004 (May 2020 Update) and the Windows Server 2019 counterparts raises the build to 19041,423. It is an optional preview update, it includes quality improvements but no new operating system features. Here is the list of changes called highlights:

• Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
• Updates an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
• Updates an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming.
• Updates an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
• Updates an issue that prevents some applications from printing to network printers.
• Updates an issue that might prevent internet connectivity on some cellular modems after upgrading to Windows 10, version 2004.
• Updates an issue that prevents family safety features, such as time limits and activity reporting, from working on ARM64 devices.

Here is the list of all changes that do not contain security fixes, but only fix bugs

• Addresses an issue that prevents you from using sharing functionality in Microsoft Office. This occurs when Conditional Access is enabled.
• Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
• Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.
• Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.
• Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
• Addresses an issue that might cause Microsoft browsers to incorrectly bypass proxy servers.
• Addresses an issue in the Windows Push Notification (WNS) service that prevents you from selecting a virtual private network (VPN) interface to make outbound connections. As a result, you lose connectivity with the WNS service when forced tunneling is used.
• Addresses an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
• Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.
• Addresses an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming.
• Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
• Addresses an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
• Addresses an issue that causes all open Universal Windows Platform (UWP) apps to close unexpectedly. This occurs when their installer calls the Restart Manager to restart File Explorer (explorer.exe).
• Addresses an issue that prevents Windows 8.1 apps from projecting to a secondary display when those apps use the StartProjectingAsync API.
• Addresses an issue that prevents family safety features, such as time limits and activity reporting, from working on ARM64 devices.
• Addresses an issue with File Explorer’s preview of .msg files when Microsoft Outlook 64-bit is installed.
• Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
• Addresses an issue that might prevent certain display driver reset utilities from properly reinstalling the same driver on the system.
• Addresses a reliability issue in WDF01000.sys.
• Addresses an issue that causes memory leaks when an application calls the CryptCATAdminCalcHashFromFileHandle() function. The leaked memory is reclaimed when the application closes.
• Improves support for non-ASCII file paths for Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
• Addresses an issue that prevents some machines from automatically going into Sleep mode under certain circumstances because of Microsoft Defender ATP Auto IR.
• Addresses an issue that prevents some machines from running Microsoft Defender ATP Threat & Vulnerability Management successfully.
• Addresses an issue that prevents Microsoft Defender ATP from applying file exclusions in some cases, which leads to application compatibility issues.
• Addresses an issue in Microsoft Defender ATP that prevents some machines from reporting the installed applications to Threat & Vulnerability Management.
• Addresses an issue that causes automatic investigations to fail in Microsoft Defender ATP.
• Improves Microsoft Defender ATP’s ability to identify malicious code injection activities.
• Addresses an issue that prevents some applications from printing to network printers.
• Addresses an issue that might cause a printer to be a hidden device in Device Manager after a restart.
• Addresses an issue that might cause the Print Management console to display script errors when you enable the Extended View option.
• Addresses an issue that causes printing to fail in certain scenarios.
• Addresses an issue that might prevent a Windows 10 device from reaching the internet when using a wireless wide area network (WWAN) LTE modem. However, the Network Connectivity Status Indicator (NCSI) in the notification area might still indicate that you are connected to the internet.
• Addresses an issue that might prevent internet connectivity on some cellular modems after upgrading to Windows 10, version 2004.
• Addresses an issue that causes telephony applications to lose the first four digits.
• Addresses an issue with in-memory parity bitmaps that can cause data integrity issues on Parity Storage Spaces.
• Addresses an issue that prevents the creation of a storage pool using Manage Storage Spaces in Control panel.
• Addresses an issue that might cause the Microsoft Remote Assistance process (msra.exe) to stop working when a user is receiving assistance during a computer session. The error is 0xc0000005 or 0xc0000409.

The update is optional and will only be offered if the user explicitly lets the settings page search for updates. The update should only be installed if the download is explicitly initiated by the user (here I would be interested to know if people install the update automatically). If you don’t install the preview update now, you’ll get the patches for August 2020. Some of the known issues from Windows 10 2004 have been fixed.

The update can also be downloaded and installed from the Microsoft Update Catalog. It is not offered in WSUS. However, make sure that the latest Servicing Stack Update (SSU) is installed. Microsoft lists a known issue with this update: When you use some applications, such as Microsoft Excel, users of the Microsoft Input Method Editor (IME) for Chinese and Japanese may receive an error, or the application may stop responding or close when they try to drag the mouse. For more information and workaround steps, see KB4564002.

In addition, Microsoft has made direct improvements to the Update Client for Windows 10 to improve its reliability.

Similar articles:
Microsoft Office Patchday (July 7, 2020)
Microsoft Security Update Summary (14. Juli 2020)
Patchday: Windows 10-Updates (14. Juli 2020)
Patchday: Windows 8.1/Server 2012-Updates (July 14, 2020)
Patchday: Windows 7/Server 2008 R2 Updates (07/14/2020)
Windows 10 Updates KB4559004, KB4559003 (July 21, 2020)

[German]Microsoft has released a further preparation update KB4575903 for Windows systems with ESU license on July 31, 2020. These are Windows 7 SP1 and Windows Server 2008 R2 systems that have ordered the paid ESU support extension.

What is the ESU update KB4575903 for?

Update KB4575903 is for enterprise users of Windows 7 SP1 and Windows Server 2008 R2 who want to continue to receive security updates as part of the Extended Security Update Program after the support period ends on January 14, 2020.

I had reported here in the blog in more detail about this Extended Security Update Program, which is subject to a fee and only available for corporate customers (see links at the end of the article).

Details about ESU Update KB4575903

Update KB4575903 (Update for the Extended Security Updates (ESU) Licensing Preparation Package for Windows 7 SP1 and Windows Server 2008 R2 SP1) is available for the mentioned operating systems. Microsoft writes about it:

This update provides an additional set of licensing changes to enable installation of the ESU add-on key. This is one of the steps to prepare for installation of Extended Security Updates. For the full set of steps, please see KB4522133.

This means that the update will enable Windows 7 SP1 and Windows Server 2008 R2 SP1 to activate purchased ESU MAK keys so that you can continue to obtain and install Extended Security Updates by using Windows Update, WSUS, or the Microsoft Update Catalog. If you previously successfully installed and activated your ESU key on your Windows 7 SP1 device, you do not need to reinstall or reactivate it after you apply this update. A restart is required after you apply this update. (via)

Similar articles:
Wow! Windows 7 get extended support until January 2023
Windows 7: Free Extended Update Support and usage
Windows 7 Extended Security Updates (ESU) requirements
Windows 7 Extended Security Update (ESU) program available
Windows 7 Extended Security Updates (ESU) program, price and source for SMEs

Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2
Windows 7: ESU Activation inEnterprise Environment – Part 3
Windows 7: ESU questions and more answers – Part 4

Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
Windows 7: Forcing February 2020 Security Updates – Part
Windows 7 ESU-Update KB4538483 (May 2020)

[German]Microsoft released version 0.20 of PowerToys for Windows 10 users on July 31, 2020. Included is a color picker tool (color selector). These tools are free and offer additional features for Windows 10.

The PowerToys yesterday and today

PowerToys were free programs under Windows 95/98, with which certain Windows features could be optimized or adapted. Inspired by the PowerToys project under Windows 95, some developers dared to restart. The intended was to give power users the ability to get more efficiency out of the Windows 10 shell and customize it for individual workflows. The announcement tool place at the beginning of May 2019 (Windows 10: PowerToys will come as Open Source). More information can be found in the articles linked at the end of this blog.

(PowerToys Settings)

The PowerToys known from Windows 9x are also available in the version for Windows 10 Open Source and free of charge.

Version 0.20 released

The announcement of PowerToys version 0.30 was made a few days ago, the release was on June 31, 2020 by developer Clint Rutkas – here is his tweet

Just released 0.20 for #powerToys. Quality improvements plus 3 new features. Shortcut to key/key to shortcut for KBM remapping, a system wide Color picker, and SVG File explorer icon rendering :) https://t.co/PIzuVSXOpp

— Clint Rutkas (@ClintRutkas) July 31, 2020

Goals for the 0.20 release cycle were to add some new features and also to put a strong focus on stability / quality corrections. From this approach, Martin has brought Chrzan to contribute a new utility, the Color Picker – which was originally scheduled for 2021. Chris Davis also helped contribute SVG icon support for the File Explorer. Between versions 0.19 and 0.20, the developers also discovered performance and memory issues in PowerToys Run. The most important of these were fixed in versions 0.19.1 and 0.19.2. Here is the change-log:

• Martin Chrzan’s Color Picker was added in! With a quick Win+Shift+C, get the color from your screen
• File Explorer – Can now render SVG icons thanks to Chris Davis
• FancyZones – you can now snap to any number of zones in FancyZones holding Shift+Ctrl while dragging a window
• PT Run – keyboard interaction improvements
• PT Run – freshly installed apps are now being detected
• PT Run – Lots of perf and bug fixes
• Keyboard manager – app level shortcuts
  • Example: For Outlook, Remap Ctrl+F to F4 and now Ctrl+F will put up the find window :)
• Keyboard manager – Now can remap key to shortcut and shortcut to key.
• Settings – Now has improved OOBE based on the work the Microsoft Garage Interns did during their hackathon
• PowerRename improvements

The Color Picker does not work if the PowerToys are running with elevated privileges. The installer and description can be found on this GitHub page.  

Similar articles:
Windows 10: First Open Source PowerToys released
PowerToys v0.12 Beta released
PowerToys v0.13 released
PowerToys 0.14.0 released
PowerToys 0.14.1 released
Windows 10: PowerToys get QuickLauncher
PowerToys 0.15.0 released
Windows 10: PowerToys Version 0.16 released
Windows PowerToys 0.16.1 released
PowerToys 0.17 with Auto Update released
PowerToys 0.18 with Run launcher released
PowerToys 0.18.2 released
PowerToys 0.19 released
PowerToys 0.19.1 with bug fixes (change log)
PowerToys 0.19.2 released

[German]The known bugs in Windows 10 somehow don’t comes to an end. Currently Microsoft has to deal with the problem that the Windows Manager crashes because of a DirectX error.

The Desktop Windows Manager (DWM)

The Desktop Window Manager (DWM) was introduced with Windows Vista. The Windows Desktop Composition Service forces applications to draw pixels in video memory instead of the primary display device. It then renders a desktop image, which is then displayed on the screen, possibly after applying visual effects and animations.

Desktop Windows Manager (DWM) crashes

However, some users know the effect that the Desktop Windows Manager (DWM) crashes. You can also kill the DWM in Task Manager – then all visual effects on the desktop are lost. Some users, however, experience the effect that the DWM continuously crashes in Windows 10, as Microsoft explains in this support article from June 24, 2020. In the article titled DWM.exe process stops responding when you repeatedly close and open the lid in Windows 10, Microsoft states when the crashes can occur.

Scenario 1

• You plug a High-Definition Multimedia Interface (HDMI) monitor into a laptop computer that is running Windows 10.
• The monitor is configured to operate at 4K resolution.
• You repeatedly play a 4K H264 video in Movies & TV on the computer.
• In Control Panel, you open the Advanced settings screen of the Power Options item, and then you set Lid close action as Do nothing.
• While the 4K video is playing back, you repeatedly close and open the computer lid.

Scenario 2

• You connect two 4K monitors to a Thunderbolt 3 docking station.
• You connect a laptop that has a 4K solution monitor to the docking station, and then you configure a triple 4K display configuration in either “clone” or “extend” mode.
• You repeatedly undock and redock the laptop.

These are ‘exotic’ conditions, but then DWM crashes. This problem occurs with all Windows 10 versions. The cause is a problem in the Microsoft DirectX Video Memory Management (Dxgmms2.sys) component, which is not a hardware problem. Microsoft is working on a fix for this bug. (via)

[German]New problem with the tool CCleaner Version 5.69. The program deletes files of Firefox 79 extensions, in which data or settings are stored, when cleaning. Here are a few details about this free software for Windows and a workaround.

I had already seen it, and German blog reader Gerold left a comment about this problem in the blog (thanks).   

The current version 5.69 of CCleaner deletes extension data from Firefox 79, affected are “storage-sync-v2.sqlite-shm” and “storage-sync-v2.sqlite-wal”.

The problem was already reported to the developers in July, when Firefox 79 was still in beta status.

The people from Techdows noticed this and they published a post about the problem. 

Changes in Firefox 79

Mozilla’s developers have implemented a synchronization of extension settings in Firefox from version 79 on via a user account. Whoever logs on to his Firefox account will have the extensions and other data synchronized with all devices. This concerns “items that store extensions in this area (Storage.sync)”.

When an extension tries to access storage sync data in Firefox for the first time, the extension data stored in profiles is automatically migrated and the data is stored locally in the new file “storage-sync2.sqlite” in the profile directory. The following screenshot shows the three new files.

(Firefox 79 files, Source: Piriform forum)

The CCleaner problem with Firefox 79

Techdows writes in this article, that the CCleaner cleans the Firefox internet cache by default. When cleaning in the background, the CCleaner erroneously removes exactly these setting data of the Firefox extensions, what breaks some things. 

(Deleting the Firefox files, Source: Techdows)

However, the user can explicitly exclude this cleanup of Firefox files in the CCleaner user interface on the Applications tab. Techdows describes in more detail how to exclude the files from the cleanup.

This problem was already reported to Piriform, the developers of CCleaner, in this forum post in July 2020 while Firefox was still in beta testing. The change is not yet reflected in the CCleaner (up to version 5.69.) It is again a proof to keep your hands off such tools.

Remarks about the CCleaner

Cleaner is a free tool for cleaning up Windows – Wikipedia writes here about ‘optimization’. Some hints on what is ‘cleaned and optimized’ can be found under Askvg. I don’t like this part (I’ve met too many people in forums who have used it to clean their systems to the breaking point) and see CCleaner more as a kind of snake oil (not really necessary, but the tool is very popular among users). 

(Source: Talos)

In my blog posts about the CCleaner (see link list at the end of the article), I advise you to keep your hands off this tool. But every user makes his own decision.

Similar articles
CCleaner has been infected with malware
CCleaner comes mit AVAST PUP
CCleaner forces update from v5.38 to v5.46
AVAST CCleaner 5.45 and the telemetry thing
CCleaner 5.45 pulled and other peculiarities
CCleaner V 5.46 with improved data settings
CCleaner forces update from v5.38 to v5.46
CCleaner v5.52.6967 released
Update to CCleaner 5.59.7230 installs CCleaner Browser PUP
CCleaner v5.60.7307 released
CCleaner v5.64.7613 released
Windows Defender flags CCleaner as PUP – Part 1

[German]It looks like the Windows Defender has run amok again and considers the Windows hosts file as malicious and complains about it as HostFileHijack. I’ve had now a few confirmation from other users.

I had only published the blog post Windows Defender flags CCleaner as PUP – Part 1 a few days ago – and I’ve planned the 2nd article for the next day – but it has been delayed.

A reader comment

It was a reader’s comment from Blog Reader Info here in the comments section that gave me the idea for this article – maybe there are other people who have noticed this. The reader wrote somewhat cryptically:

[WINDOWS SECURITY]
What took you so long?

Since 28.07.2020 the W10 Defender(quick check) only recognizes the “C:\Windows\System32\drivers\etc\hosts” as “HostFileHijack“.

Very old hat with other av programs

Antimalware-Clientversion: 4.18.2006.10
Modulversion: 1.1.17300.4
Antiviren-Version: 1.321.144.0
Antispyware-Version: 1.321.144.0

and added the following as a supplement.

Someone has probably only now noticed that

Statistik
Telemetrie
Bing…

of certain clients is no longer arriving reliably…

I con’t have an idea what the last remark means- but I published the translated text into the post here as I sporadically delete old comments in the discussion area of the German blog.

Findings in the Internet

At this place I searched the internet a few days ago and found this few days old thread on reddit.com.  A user noticed the same thing – because he writes:

Wtf am I going to do…

For the first time since building this computer 7 years ago, I somehow got a virus. It was called HostFileHijack or something, Windows defense picked it up but was unable to remove it. I installed Zamena and it detected the virus and was able to remove it, but about 20 minutes later windows detected it again but Zamena didn’t detect anything. It’s seemingly disappeared from my computer for now but I don’t trust it. Should I just go about my business or bite the bullet, back up 400GB of data and format?

So the affected user seems to have a similar problem (although he probably really did have a virus), the Defender reports a HostFileHijack infection, but cannot remove it. After removing it with other AV software a message came up again (although in this case I consider the system as compromised anyway, this would have to be rebuilt, since you never know if all the malware was detected and removed). In the course of the thread, however, ESET security specialist Aryeh Goretsky points out that

C:\Windows\System32\drivers\etc\hosts

is simply a text file. If there is nothing bad in it, it should be a false alarm. It is strange, however, that the Defender is only now complaining about the file – which would be consistent with the reader observations above. But the story is a bit strange.

What is HostFileHijack

With this term you can find it at Microsoft in this article (and here). The Defender detects the malware SettingsModifier:Win32/PossibleHostsFileHijack, a program that makes changes to the hosts file on a Windows system. Microsoft writes:

The Hosts file is used by your web browser to find out where to redirect certain IP address calls. Malicious or unwanted software can modify this file to prevent users and applications from accessing certain websites. Or the malware may force you to visit other websites instead.

Microsoft’s advice: If you changed the Hosts file yourself, you must exclude it from detection by your antivirus software. Well, and this is now a problem: If I have made changes, with this exception, I disable Defender with regard to monitoring the hosts file. If malware strikes and manipulates this file, Defender is blind. In this case it would be better if there was a hash in Defender that excludes a certain version of the hosts from a check. If the hash value changes, the hosts have been changed, so the alert should be raised again.

There is this article from 2016, which also addresses this and recommends to define the hosts from exception in Defender, if you have made changes yourself. Otherwise you would get the Defender alerts.  But even there it is not recognized that with the definition of the exceptions the Defender is blind and does not recognize a malicious manipulation.

Feedback of a user

Addendum: By e-mail, blog reader Rolf (thanks for that) sent me the following information:

the problem with the Defender and the host file SettingsModifier:Win32/PossibleHostsFileHijack
exists since 28.7.2020.

I have helped myself in the following way: Disabled detection by Defender and made the host file read-only.

Anyone of you who affected? I hadn’t heard of this behavior before. Addendum: After a discussion with me Lawrence Abrams took also a look at that topic and published some additional information on Bleeping Computer.

Similar article:
Windows Defender flags CCleaner as PUP – Part 1
Defender flags Windows Hosts file as malicious – Part 2
Defender blocks redirected Microsoft hosts entries – Part 3
Microsoft Defender Antimalware Platform: June 2020 Update KB4052623 drops Error 0x8024200B
SCEP/MSE/Defender: Broken Signatureupdate kills Microsoft Antivirus (04/16/2020)
Defender mis-classified Winaero Tweaker as a hacker tool

[German]Microsoft’s developers have now fixed two known issues with Bluetooth and Intel iGPU support in Windows 10 version 2004. Such systems can now be updated to version 2004.

The Windows 10 May 2020 Update (Version 2004) was released to the public on May 27, 2020. Since that release, a lot of minor and major bugs in the new Windows 10 version that may affect individual users have been reported. The rollout is done in waves to bring only compatible machines to the new Windows 10 version.  On the Windows 10 version 2004 status page, since the Windows 10 version 2004 release, there has been a list of ten confirmed bugs that Microsoft is investigating. In the meantime, however, a number of bugs have been dealt with in Redmond.

Auf der Windows 10 Version 2004-Statusseite fand sich seit der Freigabe von Windows 10 Version 2004-Freigabe eine Liste mit zehn bestätigten Bugs, die Microsoft untersucht. Inzwischen hat man in Redmond aber eine Reihe Bugs abgearbeitet.

Intel iGPU Support

In the list of known issues, there was an entry about refresh rate issues with Intel iGPU connectors under Windows 10 version 2004 (client only) with the following explanations: 

Variable refresh rate not working as expected on devices with Intel iGPU

Intel and Microsoft have found incompatibility issues when using a monitor with Variable refresh rate (VRR) plugged into an Intel integrated graphics processing unit (iGPU) display adapter and Windows 10, version 2004 (the Windows 10 May 2020 Update). Enabling VRR on affected devices will not enable the VRR for games using Direct X 9.

Certain integrated Intel graphics chips (Intel iGPUs) had compatibility issues that caused problems with the refresh rate of connected monitors. This meant that VRR operation was not possible for games under DirectX 9. Microsoft had therefore set an upgrade lockout for the new Windows 10 on affected devices. Exactly this problem has now been solved with the optional cumulative update KB4568831 for Windows 10 version 2004 (May 2020 Update). Microsoft plans to remove the lock on upgrading to Windows 10 version 2004 for affected clients in mid-August 2020.

Realtek Bluetooth issues

lso on machines with Realtek Bluetooth chips, there were issues after upgrading to Windows 10 version 2004 (May 2020 update), which were mentioned as.

Difficulty connecting to more than one Bluetooth device

Realtek and Microsoft have found incompatibility issues with certain versions of drivers for Realtek Bluetooth radios and Windows 10, version 2004 (the Windows 10 May 2020 Update). Windows 10 devices with affected Realtek Bluetooth radio drivers might be unable to connect or pair with more than one Bluetooth device at a time after updating.

To avoid issues after an upgrade to Windows 10 version 2004 (May 2020 update), Microsoft had also set an upgrade lockout for affected machines (both Windows 10 clients and Windows Server 2004) with Realtek Bluetooth chips. This problem has now also been corrected with the optional cumulative update KB4568831 for Windows 10 version 2004 (May 2020 Update). Microsoft plans to remove the lock on upgrading to Windows 10 version 2004 for affected clients in mid-August 2020. 

There is still a compatibility problem with Nvidia graphics drivers, which is also described on the status page. Microsoft hopes to solve the problem by mid August 2020 with a successor version of the Nvidia graphics driver version 358.00.  

For both points addressed above, Microsoft advises against upgrading to Windows 10 version 2004, for example by using the Media Creation Tool. With the optional cumulative update KB4568831 further issues (e.g. with network printers, storage spaces drives etc.) have been fixed. The changelog provides information in case of doubt. The content of update KB4568831 will be released in August as a new security update on August 11, 2020. 

[German]Today still an issue, that has been observed through all Windows 10 builds. After upgrading to the next build, OneDrive fails and delivers ‘OneDrive cannot connect to Windows’. There can also be printer problems. Here is some information about this topic that a German blog reader provided me. Microsoft has confirmed the problem, but did not provide a fix yet nor the workaround the reader gave me. Maybe this is helpful for one or the other admin.

The whole thing goes back to my blog post Windows 10 Version 2004 has problems with OneDrive ‘Files On-Demand’. There I had reported that in my blog post Windows 10 Version 2004’ Issues with OneDrive ‘Files On-Demand. Microsoft had confirmed this for systems with Windows 10 Version 2004. After that German blog reader Martin E. contacted me with some information.

Does an upgrade causes the OneDrive issue?

Blog-reader Martin told me in a mail (thanks for that) about his observation he made under Windows 10 with OneDrive. He wrote me:

Hi Günter,

the problem has been running through their INPLACES in MS for years. Only the inplace is affected, never a new installation with the ISO. The reason is a faulty procedure in the INPLACE. It affects:

• OneDrive Problem
• Printer Problem: No printer worked after an INPLACE upgrade

Both had the same cause: An INPLACE Upgrade. But MS did not know this, nobody had ever noticed.

So once again it is a user of Windows 10 who has to show the Microsoft people where the problems are.

There is a workaround

Martin has also found a workaround, as he continued to write to me. The solution is to import the following value into the registry (via .reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data]
“41960B29A3BC0C75″=hex:01,00,00,00,01,00,00,00

Martin told me: You have to do this right after the INPLACE[-Upgrade], i.e. when the version number has changed and the SETUP.EXE of the INPLACE is finished and the box has booted (in case of doubt into the SETUPCOMPLETE.CMD, which you can give to the SETUP.EXE) and boot again.

Martin also provides an explanation: If the key is missing, Windows “believes” that the INPLACE update is not ready yet. As a side effect the above error occurs with OneDrive and with the printers (see above note). Then OneDrive drops the following error message.

(OneDrive cannot connect to Windows)

If the key is there after the INPLACE upgrade, you won’t have any problems, Martin writes. According to Martin, you just can’t predict when the entry is missing and when it isn’t.

You can test

Whether one is affected can be checked via the CldFlt, according to Martin. To do so, open an administrative command prompt and enter the command Fltmc for testing. The command lists the found filter instances:

(Bad-Case: List of filter drivers in Fltmc)

In the above sample output, the CldFlt entry has no instances. This is the bad case, in which OneDrive then cannot set up an instance to the OS. Then OneDrive Files on Demand does not work and the above error message appears. If everything is ok, the Fltmc-command returns an output like shown here.

(Good-Case: List of filter drivers in Fltmc)

Martin E. told me in addition: This was our way to have NO problems after the last INPLACE upgrade to 1903 (the one to 1909 isn’t a feature upgrade). In our pilot project we had, without the key , 5% failure with onedrive and 2% with the printers => 7% failure. When we set the key and booted, we had 0% failure. Due to the lack of 2004 INPLACE-Upgrade I can’t say, if this is the solution this time as well. But it was in 1903 – and it “smells” like it again.

At this point my thanks to Martin E. for the information – and sorry that I delayed the publication for a month. Maybe one of you can use it and/or confirm Martin’s assumptions.

Similar articles:
OneDrive: Fetch files on a PC ends on July 31, 2020
OneDrive Error 0x8004de40 (Microsoft 365 Business)
Windows 10 Version 2004’ Issues with OneDrive ‘Files On-Demand
OneDrive causes network performance issues

[English]Microsoft has begun to block redirects in the Windows native hosts file that affect Microsoft sites in its antivirus products such as Microsoft Defender. The redirects are flagged as malicious (as HostFileHijack). I already mentioned that in part 2 of the article series – but now I get a more complete picture.

The hosts file in Windows

In Windows there is the hosts file, a simple text file located in the following folder.

C:\Windows\System32\drivers\etc\hosts

Windows allows administrators to easily set up redirections from host names to IP addresses via the hosts file. Some users use entries in the hosts file to redirect Microsoft network addresses to which telemetry data is transmitted to the local IP address 127.0.0.0. The Microsoft server in question can then no longer be reached.

Microsoft say no, and puts a stop on it

This approach is now likely to be stopped by Microsoft on systems running Windows Defender (or any other Microsoft antivirus solution). I had reported in the blog post Windows Defender flags Windows Hosts file as malicious – Part 2 that Microsoft Defender suddenly considers a modified native Windows hosts file to be malicious and complains that it is a HostFileHijack. This has been happening since July 28, 2020 with the following components:

Antimalware-Clientversion: 4.18.2006.10
Modulversion: 1.1.17300.4
Antiviren-Version: 1.321.144.0
Antispyware-Version: 1.321.144.0

The blog reader who observed this and gave a tip wrote: “Someone has probably only now noticed that statistics, telemetry, Bing… of certain clients no longer arrive reliably.” The last information was not quite comprehensible for me, even though Blog-reader Info has added this comment in part 2. The same applies to the remarks of Mark Heitbrink in his German comment yesterday. I only became aware of this afterwards, when the following puzzle pieces fell into the picture.

Defender blocks redirected Microsoft pages

I spent the night on Twitter with Lawrence Abrams of Bleeping Computer in a private communication on the subject. He had become aware of the issue through the English language version of my post. So he took another look at the whole thing, tested it and came across some connections. Lawrence has now published some additional information on Bleeping Computer.

After learning about this today from @etguenni, BleepingComputer performed some tests to see if this was a false positive or something else triggering the detections.

— BleepingComputer (@BleepinComputer) August 3, 2020

The above tweet already summarizes the situation. If the Microsoft virus scanner detects a manipulation in the file hosts and you allow the Microsoft Defender to delete the file, its content is reset to default settings. Then Lawrence Abrams tested my hint that some users use the hosts file to block Microsoft URLs.

Now when you try to add a Microsoft privacy HOSTS file, Windows Defender will not allow you to save the file as it “contains a virus or potentially unwanted software.” pic.twitter.com/RWrjjBSWEY

— BleepingComputer (@BleepinComputer) August 3, 2020

The above tweet then reveals the insight. If an administrator attempts to block Microsoft websites via the hosts file, Defender will block that and report a security risk. Saving the changes is rejected in the editor with an error message..

(Error message when saving the hosts file, source: Bleeping Computer)

The message indicates that the file contains a virus or potentially unwanted software – where the hosts is a text file. In any case, the changes cannot be saved. Lawrence Abrams has found the following Microsoft sites, among others, which are not allowed to be entered into the hosts.

www.microsoft.com
microsoft.com
telemetry.microsoft.com
wns.notify.windows.com.akadns.net
v10-win.vortex.data.microsoft.com.akadns.net
us.vortex-win.data.microsoft.com
us-v10.events.data.microsoft.com
urs.microsoft.com.nsatc.net
watson.telemetry.microsoft.com
watson.ppe.telemetry.microsoft.com
vsgallery.com
watson.live.com
watson.microsoft.com
telemetry.remoteapp.windowsazure.com
telemetry.urs.microsoft.com

Because then the Defender will sound the alarm and prevent it from saving. Users who wish to maintain these URLs in the hosts file must then define the file in Defender as an exception and exclude it from the check (see also Part 2). In this case, Defender does not monitor any malware manipulation of the hosts file. And that’s the missing piece of the puzzle from the user note above. Microsoft is taking targeted action against blocking certain URLs via the hosts file.

Similar articles:
Windows Defender flags CCleaner as PUP – Part 1
Windows Defender flags Windows Hosts file as malicious – Part 2
Defender blocks redirected Microsoft hosts entries – Part 3

[German]Microsoft rolls out the new Chromium Edge for Windows 10  on a broad base. Some users are facing a slowed down Windows 10 after installing Chromium Edge update KB4559309. Now Microsoft has confirmed the issue and seeks for user feedback.

With the Edge-Rollout, Microsoft once again demonstrated real pusher methods. Popups, which aggressively pushed the update to the new Edge browser, angered many users. I hadn’t discussed it here in the blog, but already in early July 2020 I got this tweet where someone complained about stalking from Redmond. In mid-July 2020, blogs like this one took up, how Microsoft was acting again. 

As an irony of history I interpret the fact that I first came across it on Twitter. The ISO installation image of Windows 10 2004 does not roll out the new chromium edge, but the old legacy edge (see also).

Slow Windows 10 performance with the new Edge

After Microsoft shipped the Chromium Edge via update KB4559309 , some users complained about a slower Windows 10, but I don’t use the Edge (it’s lame on Windows 7 and if possible I use the Chrome). In early June 2020, for example, Microsoft Answers had this thread about performance issues. Windows Latest  had this post at the end of June 2020 about ‘the new Edge slows down Windows’.  In this Microsoft Answers forum thread another user complains about this in mid-June 2020.

[Windows update installing the new Edge browser] Update KB4559309 Makes Computer Unbearably Slow

Last night I updated my windows 10 pro using KB:4559309. Since then my computer performance has absolutely tanked. my startup time is probably triple, loading any window has a few second delay.

I attempted to uninstall the update however windows tells me that it is required and cannot be removed.

This update has essentially rendered my brand new computer useless.

Please help!

A community moderator (recently called a volunteer moderator because he is allowed to help) writes that the Microsoft Edge development team is investigating the whole thing.  

I have spoken to Missy Quarry, from the Edge team, and they are investigating this problem. However, they really need more details submitted though the Feedback Hub on Windows 10. 

To submit feedback, please go to start > Feedback Hub.

So if you are bothered by something like this, you should give feedback to Microsoft. It’s unfair dialectic now: But what is Microsoft doing with all its captured telemetry data? Shouldn’t they be there for exactly this kind of thing? (via)

Similar articles:
Run old and new Edge in Side-by modus
Microsoft Edge: Error playing YouTube vidos and using AdBlock Plus
Edge imports Firefox data without user consent
Edge Browser Update KB4567409 for Windows 7 and 8.1
Microsoft investigats Autostart bug on the Chromium Edge
Microsoft Edge upgrade to be extended
Release scheme for the Microsoft Edge Browser
Windows 10: Is Microsoft creating Chaos with Edge Alt+Tab test?

[German]On August 5, 2020, Microsoft released the Windows 10 Insider Preview Build 20185 for insiders in the Developer Channel. The announcement with references to the innovations was made in the Windows Blog.

Microsoft has improved the DNS configuration in the settings page. And Encrypted DNS (DNS over HTTPS, DoH) can be configured in the settings page. Furthermore there are new Group Policies in ADMX files.

The seamless integration of #Windows10, #YourPhone, #Microsoft365 and the new Samsung #GalaxyNote20 will enable you to stay in the flow and be productive across your PC and phone like never before. https://t.co/1yTc37Jr9e

— Yusuf Mehdi (@yusuf_i_mehdi) August 5, 2020

With the Your Phone app, access to Android smartphones is possible and you can pin Android apps to the desktop. The build also brings the following fixes.

• Fixed an issue where sometimes the “close all windows” action in the Taskbar wasn’t closing all of the open tabs for pinned sites.
• Fixed an issue that could result in the network icon in the Taskbar saying there was no internet although there was an active connection.
• Fixed an issue where dragging and dropping an app from Start’s all apps list over to the tile grid to pin it wasn’t working for certain apps.
• Fixed an issue where the letter headers in the Start menu’s all apps list had unnecessary left padding when the all apps list was set to hidden.
• In order to address an issue where the tiles were difficult to read against certain backgrounds when using full screen Start we’re adjusting the background to be slightly less transparent.
• Fixed an issue where when using a Start menu layout applied by MDM, tile groups may disappear after a few days of uptime without rebooting.
• Fixed an issue where if a notification included an inline image the app icon would be slightly out of line with it.
• Fixed an issue where launching an app from its taskbar jumplist wasn’t working for certain desktop bridge apps and instead would result in the app disappearing from the taskbar.
• Fixed an issue resulting in excessive network traffic when using the Open File dialog to navigate to shared network folders where previous versions where enabled.
• Fixed an issue that could result in a blank icon displaying instead of a plus button on the main Default Apps page in Settings after uninstalling the app set as default.
• Fixed an issue where opening Storage Settings then immediately going into one of the sub-pages and then back could result in the page not loading.
• Fixed an issue resulting in the new Microsoft Edge not being listed in the App History section of Task Manager.
• Fixed an issue impacting touch keyboard launch reliability.
• Fixed an issue where TextInputHost.exe would enter an unresponsive state, leading to clipboard history, the Emoji Panel, and dictation not appearing when pressing their corresponding keyboard shortcuts.
• Fixed an issue that could result in not being able to paste the first entry in clipboard history.
• Fixed an issue that could result in ARM64 devices bug checking when resuming from hibernation.

There are also some known issues left, which are listed in the Windows Blog. In addition, the next webcast on Twitch will take place on August 18, 2020.

[German]Microsoft and Google have fixed am issue that drove some users crazy: The Edge Browser crashed under several circumstances during typing in Omnibox. The Edge development team found the cause and Google then cleaned up the code.

At the end of July 2020, users of the Chromium Edge were suddenly annoyed by crashes. A possible bug in Microsoft Edge caused the browser to crash when users started typing something into the Omnibox. This only happens if Google was configured as the default search engine in Edge. Microsoft confirmed the problem after users reported social platforms. I had added all this in this blog post. But it should only affect the developer and canary version of the Chromium browser. But Microsoft has announced that Edge is affected by the problem.

Are you seeing Edge crash when trying to type into the address bar? The team is looking into it! In the meantime, as a workaround, please turn off Search Suggestions here: edge://settings/search. We’ll follow up once we have more!

— Microsoft Edge Dev (@MSEdgeDev) July 30, 2020

Microsoft then suggested (see the tweet above) to change the search provider. Because the error did not occur if:

• The search suggestions were deactivated and the users switched to Bing as search engine
• When the InPrivate Browsing mode was used

If you have had these crashes switching off the search suggestions may solve it (as a workaround) .

Thanks for everyone’s patience while we investigated! We believe this to be resolved now. We encourage you to revert your browser settings that you may have changed, and let us know if you are still experiencing any crashes typing into the address bar. https://t.co/Icx2qR3UHM

— Microsoft Edge Dev (@MSEdgeDev) July 31, 2020

According to the above tweet, Microsoft is said to have fixed the crash bug now. The change of the search provider can be considered undone.(via)

Similar articles
Run old and new Edge in Side-by modus
Microsoft Edge: Error playing YouTube vidos and using AdBlock Plus
Edge imports Firefox data without user consent
Edge Browser Update KB4567409 for Windows 7 and 8.1
Microsoft investigats Autostart bug on the Chromium Edge
Microsoft Edge upgrade to be extended
Release scheme for the Microsoft Edge Browser
Windows 10: Is Microsoft creating Chaos with Edge Alt+Tab test?
Edge Update KB4559309 may slow down Windows 10