[German]Microsoft has re-released Update KB3150513 for Windows 10 Anniversary Update. Its a compatibility diagnostic update that helps to improve installing Windows 10 V1703.

Update KB3150513 contains the latest compatibility definition update for Windows, and has been re-released for Windows 10 Anniversary Update. Microsoft writes:

This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results.

Currently it shall help, to improve the compatibility of V1607 machines for Windows 10 Creators Update. Microsoft has re-released this update a couple of times in May 2017. The last one has caused serious issues – see Windows 10: Issues with May 2017 update KB3150513. Update KB3150513 is available via Windows Update and may be downloaded from Microsoft Update Catalog. 

After releasing Windows 10 Insider Preview Build 16215 a few days ago (see Windows 10 Insider Preview Build 16215 released), users are facing more and more bugs. Here’s a short overview.

Install error 0x80070643

Some users are receiving install error 0x80070643, that stands for ERROR_INSTALL_FAILURE, a critical error without further explanation. Within this Microsoft Answers forum thread a user reported:

Build 16215 Fails to install three times.
It appears to be installing and after restarting, it rolls back to the previous version.  The second time  it appeared to be installing directly from the update screen.  However, again it rolled back after the final restart.  The same happened on the third attempt and the error reported is
oX80070643.

This points to the problem, that Windows Defender can’t update. I’ve addressed this issue within my blog post Windows 10 Insider Preview Build 16215 released.

Install error 0x8024a105

I’ve covered this error within my German blog post Windows 10: Update KB4020102 Probleme. In some cases, just a simple Windows reboot will cure the issue. Also take care, that no third party anti virus software is causing this issue. You can also download Windows Update Troubleshooter and try to fix the update store. Or use the MS tool offered here to reset Windows Update.

Install error 0xC1900101 – 0x30017

Some users are facing install error 0xC1900101 – 0x30017, see this Microsoft Answers forum thread.

According to this MS Answers forum thread it can have something to do with SSD drives. Within my blog post Windows 10: Upgrade error 0xC1900101-0×20017/0x30017, there are other reasons like third party filter drivers, incompatible drivers and so on indentified as a show stopper.

Inaccessible Boot disk error

Within this MS answres forum thread a couple of users are facing an Inaccessible Boot disk error during upgrade.

Live tiles won’t work, Edge crashes, and more

Windows Report mentions here some users who observing crashes in Microsoft’s Edge browser. Others reporting live tiles not working.

Another user reported upgrade fails to install Intel Ethernet driver NETwtw04.sys. This can be solved by installing the driver manually. An WMP error Class not registered has been reported here.

A long list of know issues – extended on 06/09/2017 – has been published by Microsoft at Windows Blog.

[German]Some Windows 10 users are facing a strange issue. Realtek card readers are mounting SD cards cyclically. It seems to be a driver issue.

The issue on Realtek USB 2.0 card readers

I stumbled upon this issue in German forums. The users are facing similar issues: A Realtek USB 2.0 card reader doesn’t work as expected. The media is mounted successfully; but during browsing or copying files, the media is lost. The Windows 10 mounts the SD card again, but unmounts it a short time later again. This is annoying.

Also Realtek USB 3.0 card reader is causing that

I came across a similar description in February 2017 in German Microsoft Answers forum, The user claims the same issue with a Realtek USB 3.0 card reader. Browsing photos on a SD card has been interrupted, due to un-mounted media. The user reported, that this issue has been reproducible on several devices (ASUS F556 U, Dell Latitude 3570). He mentioned, that he was advised from Dell support to install a ‘Dell patch’ to cure this issue.

I’ve seen this issue a while ago

Reading the forum entry with this issue remembered me, that I wrote a German blog post Windows 10: SD-Karten werden ständig neu erkannt in May 2016 – the issue was observed for several devices from German vendor Medion (a Lenovo subsidiary) under Windows 10 Version 1511. It was caused by May 2016 update KB3156421. Uninstalling this update has fixed the issue.

Later on, Windows 10 Anniversary Update has been released, and some users are facing the bug again. Now uninstalling a cumulative update wasn’t an option. Within the comments to my German blog post, a user reported, that Realtek card reader driver version 10.0.10586.31225 (dated 07/18/2016) has fixed the issue.

Where to download Windows 10 drivers

Attention: Realtek offers a Windows 10 driver on their websites, dated February 21, 2017. But the driver is version 10.0.370.147 – it seems that this is an old version.

The Realtek driver for USB 2.0 card reader version 10.0.10586.31225 may be downloaded within Acer’s support site. Dell provides driver version 10.0.10586.31225, A04, for OptiPlex, Precision, Latitude, XPS, Alienware, Inspiron, and Vostro at this download site. The release date is Dec. 12, 2016, a revision is from Dec. 13, 2016. The driver version 10.0.10586.31222 A03 from November 2016 is offered here. And on Mai 23, 2017 Dell has released version 10.0.14393.31228, A05 on this web site. Just check, which driver fits for your machine and fixes the issue. HP offers the driver SP76723 (download as .exe) and a description on a FTP server.

The Reaktek Card Reader driver version 10.0.10586.31225 from 07/18/2016 may be obtained also from Microsoft Update Catalog. There is also a version 10.0.14393.31228 for Realtek card readers for Windows 10 dated Oct. 13, 2016. And for Realtek USB 3.0 card readers driver version 10.0.14393.31233 from January 19, 2017 has been released in Microsoft Update Catalog. Perhaps it helps. 

Similar articles
Windows 10 Wiki
Windows 10 error ‘Device not migrated’

After upgrading to Windows 10 Creators Update, some users are having issues. Microsoft Edge browser isn’t able to use Flash Player. At least I found a reason for this behavior.

The error – Flash nor working

Windows 10 Creators Update (Version 1703) comes with Flash Player, but Microsoft Edge browser can’t use it. This issue has been mentioned here, here and here for instance. In Edge it’s mandatory to activate Adobe Flash execution. During visiting a web site, Edge asks to enable Flash.

The above screenshot shows the ‘Activate Adobe Flash’ message shown within a Website. But in some cases, clicking the Flash icon doesn’t activate the Flash Player. There is a German Flash test site chemgapedia.de, which reported, that the Flash Player isn’t activated.

And the problem bear is?

My suspicion was, that this behavior may be caused by third party software. Within German Microsoft Answers forum I found this thread. A user reported, that invoking Flash Player fails and each attempt creates an error 0xC0000409 within log file. Here is the entry in event viewer.

Error 0xC0000409 stands for STATUS_STACK_BUFFER_OVERRUN, the system detected a stack overflow within an application. This may cause a vulnerability allowing an attacker to gain control over the system. Also an attempt to access the Adobe Flash control panel entry leads to an error.

If we assume, that this isn’t caused by malware or a wrong Flash Player, something may cause this behavior. Then another user came with a solution, because he detected, that FlashPlayerApp.exe and FlashPlayerCPLApp.cpl located in folder Windows\SysWOW64 was blocked.

The user defined exceptions for FlashPlayerApp.exe and FlashPlayerCPLApp.cpl, located in folder Windows\SysWOW64 within his TrendMicro antivirus software. Afterward he was able, to run Flash Player and access Flash settings manager in control panel again. After I noticed that, I found other forum entries, mentions other antivirus software with a similar behavior.

Similar articles:
Win10 Wiki
Trick: How to upgrade to Windows 10 using a clean install
Check and repair Windows system files and component store
Windows: Yes button in user account controls is disabled
Windows 10: file system error (-1073741819) – ‘extended attributes are inconsistent’
How to fix Windows-Setup Hard Disk locked error
Windows: UAC opens hidden in background
Windows 10: Volume control is missing
Windows 10 Version 1607: System restore error 0x80070091 [Fix]

Microsoft has released a bunch of security updates for Windows, Office, Flash and other products at June 13, 2017. Here is an update summary.

A list of all updates may be found at Security Portal. More details will follow in separate blog posts.

Critical Security Updates
============================

Critical    Adobe Flash Player
Critical    Internet Explorer 9
Critical    Internet Explorer 10
Critical    Internet Explorer 11
Critical    Microsoft Edge
Critical    Microsoft Office 2007 Service Pack 3
Critical    Microsoft Office 2010 Service Pack 2 (32-bit editions)
Critical    Microsoft Office 2010 Service Pack 2 (64-bit editions)
Critical    Microsoft Office 2013 RT Service Pack 1
Critical    Microsoft Office 2013 Service Pack 1 (32-bit editions)
Critical    Microsoft Office 2013 Service Pack 1 (64-bit editions)
Critical    Microsoft Office 2016 (32-bit edition)
Critical    Microsoft Office 2016 (64-bit edition)
Critical    Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Critical    Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Critical    Microsoft Office Compatibility Pack Service Pack 3
Critical    Microsoft Office Web Apps 2010 Service Pack 2
Critical    Microsoft Office Web Apps 2013 Service Pack 1
Critical    Microsoft Office Word Viewer
Critical    Microsoft Excel 2013 RT Service Pack 1
Critical    Microsoft Outlook 2007 Service Pack 3
Critical    Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Critical    Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Critical    Microsoft Outlook 2013 RT Service Pack 1
Critical    Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Critical    Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Critical    Microsoft Outlook 2016 (32-bit edition)
Critical    Microsoft Outlook 2016 (64-bit edition)
Critical    Microsoft Outlook 2016 for Mac
Critical    Microsoft PowerPoint 2007 Service Pack 3
Critical    Microsoft PowerPoint 2013 RT Service Pack 1
Critical    Microsoft PowerPoint 2016 for Mac
Critical    Microsoft PowerPoint for Mac 2011
Critical    Microsoft Project Server 2013 Service Pack 1
Critical    Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Critical    Microsoft SharePoint Enterprise Server 2016
Critical    Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
Critical    Microsoft SharePoint Server 2013 Service Pack 1
Critical    Microsoft Word 2007 Service Pack 3
Critical    Microsoft Word 2010 Service Pack 2 (32-bit editions)
Critical    Microsoft Word 2010 Service Pack 2 (64-bit editions)
Critical    Microsoft Word 2013 RT Service Pack 1
Critical    Microsoft Word 2013 Service Pack 1 (32-bit editions)
Critical    Microsoft Word 2013 Service Pack 1 (64-bit editions)
Critical    Microsoft Word 2016 (32-bit edition)
Critical    Microsoft Word 2016 (64-bit edition)
Critical    Microsoft Word 2016 for Mac
Critical    Microsoft Word for Mac 2011
Critical    Skype for Business 2016 (32-bit)
Critical    Skype for Business 2016 (64-bit)
Critical    Microsoft Lync 2013 Service Pack 1 (32-bit)
Critical    Microsoft Lync 2013 Service Pack 1 (64-bit)
Critical    Microsoft Silverlight 5 Developer Runtime when installed on
Microsoft Windows (32-bit)
Critical    Microsoft Silverlight 5 Developer Runtime when installed on
Microsoft Windows (x64-based)
Critical    Microsoft Silverlight 5 when installed on Microsoft Windows (32-
bit)
Critical    Microsoft Silverlight 5 when installed on Microsoft Windows (x64-
based)
Critical    Windows 7 for 32-bit Systems Service Pack 1
Critical    Windows 7 for x64-based Systems Service Pack 1
Critical    Windows 8.1 for 32-bit systems
Critical    Windows 8.1 for x64-based systems
Critical    Windows RT 8.1
Critical    Windows 10 for 32-bit Systems
Critical    Windows 10 for x64-based Systems
Critical    Windows 10 Version 1511 for 32-bit Systems
Critical    Windows 10 Version 1511 for x64-based Systems
Critical    Windows 10 Version 1607 for 32-bit Systems
Critical    Windows 10 Version 1607 for x64-based Systems
Critical    Windows Server 2008 for 32-bit Systems Service Pack 2
Critical    Windows Server 2008 for 32-bit Systems Service Pack 2
            (Server Core installation)
Critical    Windows Server 2008 for Itanium-Based Systems Service
            Pack 2
Critical    Windows Server 2008 for x64-based Systems Service
            Pack 2
Critical    Windows Server 2008 for x64-based Systems Service
            Pack 2 (Server Core installation)
Critical    Windows Server 2008 R2 for Itanium-Based Systems
            Service Pack 1
Critical    Windows Server 2008 R2 for x64-based Systems Service
            Pack 1
Critical    Windows Server 2008 R2 for x64-based Systems Service
            Pack 1 (Server Core installation)
Critical    Windows Server 2012
Critical    Windows Server 2012 (Server Core installation)
Critical    Windows Server 2012 R2
Critical    Windows Server 2012 R2 (Server Core installation)
Critical    Windows Server 2016
Critical    Windows Server 2016 (Server Core installation)

[German]Microsoft has released a bunch of cumulative updates for supported Windows 10 builds on June 13, 2017. Here is an overview.

A list of all Windows 10 updates is available at this Microsoft site.

Update KB4022725 for Windows 10 Version 1703

Update KB4022725 contains some improvements for Windows 10 Version 1703 (Build 15063.413 for PC and 15063.414 for Windows 10 Mobile). Here are the fixes:

• Addressed issue where the user may need to press the space bar to dismiss the lock screen on a Windows 10 machine to log in, even after the logon is authenticated using a companion device.
• Addressed issue with slow firewall operations that sometimes results in timeouts of Surface Hub’s cleanup operation. 
• Addressed issue with a race condition that prevents Cortana cross-device notification reply from working; users will not be able to use the remote toast activation feature set.  
• Addressed issue where the Privacy Separator feature of a Wireless Access Point does not block communication between wireless devices on local subnets. 
• Addressed issue on the Surface Hub device where using ink may cause a break in the touch trace that could result in a break in inks from the pen. 
• Addressed issue where Internet Explorer 11 may ignore the “Send all sites not included in the Enterprise Mode Site List to Microsoft Edge” policy when opening a Favorites link.
• Addressed additional issues with time-zone information and Internet Explorer.
• Security updates to Windows kernel, Microsoft Windows PDF, Windows kernel-mode drivers, Microsoft Uniscribe, Device Guard, Internet Explorer, Windows Shell, and Microsoft Edge. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Update KB4022715 for Windows 10 Version 1607/Server 2016

Update KB4022715 contains some improvements for Windows 10 Version 1607 (and Windows Server 2016). It changes the Build to 14393.1358. Here are the fixes: 

• Addressed issue where, after installing KB3164035, users cannot print enhanced metafiles (EMF) or documents containing bitmaps rendered out of bounds using the BitMapSection(DIBSection) function.  
• Addressed issue where users may fail to access the Internet using a non-Microsoft proxy device after enabling Credential guard. The failure happens when NTLMv2 is used and the server does not send target information (TargetNameFields is 0) inside the NTLM CHALLENGE MESSAGE. 
• Addressed issue where some Windows clients with Windows Information Protection (WIP) enabled cannot access their secured documents, such as protected documents or mail files. This may occur when the client connects to the enterprise network both directly and remotely (such as with a VPN connection). 
• Addressed issue where Internet Explorer crashes when the Microsoft Active Accessibility application is running in the background.   
• Addressed issue where adding a <select> element to the body of a JavaScript application crashes the application when users click the select box. 
• Addressed an issue where certutil.exe could no longer generate an EPF file when attempting to recover a key for a version 1 style certificate.
• Addressed an issue where the network interface description name of a network adapter is not updated in Hyper-V after a device driver update. Management of a NIC Team or vSwitch within Hyper-V Administrator or System Center Virtual Machine Manager may be affected.
• Addressed issue where the Privacy Separator feature of a Wireless Access Point does not block communication between wireless devices on local subnets.
• Addressed issue that was causing devices to crash when hot plugging USB 3.0 Network Adapters
• Addressed an issue where users on Windows 7 SP1 clients connecting to a Windows Server 2016 based domain controller cannot run applications such as Internet Explorer for a period of approximately 10 minutes after logging on. This issue occurs after upgrading the enterprise domain controllers to Windows Server 2016. 
• Addressed an issue where Cluster health service fails to report fault event to MAS HM component. 
• Addressed an issue that was not allowing users to customize the Application list in their Start menu using the Remove All Programs list from the Start menu setting.
• Updated iDNA table to support resolving latest Unicode emoji characters from Punycode.
• Addressed issue where after installing KB4019472, the end-user-defined characters (EUDCs) is not displayed.
• Addressed additional issues with updated time zone information, storage file system, Windows Update logs, USB, Start menu and taskbar and Windows Shell.
• Security updates to Microsoft Uniscribe, Windows kernel, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows Shell, Microsoft Windows PDF, Device Guard and Microsoft Edge. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Known issues: If an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected.

Update KB4022714 for Windows 10 Version 1511

Update KB4022714 contains some improvements for Windows 10 Version 1607 1511 and changes the build to 10586.962. Here are the fixes:

• Addressed issue where, after installing KB3164035, users cannot print enhanced metafiles (EMF) or documents containing bitmaps rendered out of bounds using the BitMapSection(DIBSection) function.    
• Addressed issue where certutil.exe can no longer generate an export file (.epf) when attempting to recover a key for a version 1 certificate.    
• Addressed additional issues with updated time zone information, updates to the Access Point Name (APN) database and Internet Explorer.
• Security updates to Microsoft Scripting Engine, Microsoft Edge, Windows COM, Windows kernel, Windows kernel-mode drivers, Microsoft Uniscribe, Microsoft Graphics Component, Windows Shell, Microsoft Windows PDF and Internet Explorer. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Update KB4022727  for Windows 10 Version 1507 (RTM)

Update KB4022727 contains some improvements for Windows 10 Version RTM and changes the build to 10240.17443. Here are the fixes:

• Addressed issue where, after installing KB3164035, users cannot print enhanced metafiles (EMF) or documents containing bitmaps rendered out of bounds using the BitMapSection (DIBSection) function. 
• Addressed issue where displays turn off unexpectedly even when “Turn off display” is set to “Never” in Power Options. 
• Addressed issue where certutil.exe can no longer generate an export file (.epf) when attempting to recover a key for a version 1 certificate. 
• Addressed issue where MSI files will no longer install when Device Guard is enabled. 
• Addressed issue where you eventually experience a stop error, “Read disturbance”, on your storage device when Unified Write Filter is enabled.  
• Addressed issue where a thin client becomes unusable and unresponsive when Unified Write Filter (UWF) with DISK mode is enabled causing NTFS errors with ID: 55 & ID: 130 to be logged in the Event Logs.
• Addressed additional issues with updated time zone information and updates to the Access Point Name (APN) database.
• Security updates to Windows COM, Microsoft Uniscribe, Windows kernel, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows Shell, Microsoft Windows PDF, Device Guard and Microsoft Edge. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Similar articles:
Microsoft June 2017 Patchday summary
Office Patchday June 6, 2017

Microsoft has released a couple of security updates for Windows 7 SP1 and Windows 8.1 and for the corresponding Server versions on June 13, 2017. Here are a few details

Updates for Windows 7

The update history for Windows 7 may be found on this Microsoft site.

KB4022719  (Monthly Rollup) for Windows 7/Windows Server 2008 R2 SP1

Update KB4022719 (June Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes and addresses the following issues:

• Addressed issue where, after installing KB3164035, users cannot print enhanced metafiles (EMF) or documents containing bitmaps rendered out of bounds using the BitMapSection(DIBSection) function.
• Addressed issue where updates were not correctly installing all components and would prevent them from booting.
• Addressed issue where an unsupported hardware notification is shown and Windows Updates not scanning, for systems using the AMD Carrizo DDR4 processor. For the affected systems, follow the steps in the Additional Information section to install this update.
• Security updates to Windows kernel, Microsoft Graphics Component, Microsoft Uniscribe, Windows kernel-mode drivers, the Windows OS, Windows COM, Internet Explorer and Windows Shell. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

This update will be available via Windows Update and as a download in Microsoft Update Catalog. 

KB4022722 (Security-only update) für Windows 7/Server 2008 R2 SP1

Update KB4022722 (Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1) adresses the same issues as update KB4022719 (June Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1). 

Updates for Windows 8.1

The update history for Windows 8.1 may be found on this Microsoft site.  

KB4022726 (Monthly Rollup) for Windows 8.1/Windows Server 2012 R2

Update KBKB4022726 (Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2) contains the following improvements and fixes:

• Addressed issue where, after installing KB3170455 (MS16-087), users have difficulty importing printer drivers and get errors with error code 0x80070bcb.
• Addressed a rare issue where mouse input can cease to function. The mouse pointer may continue to move, but movements and clicks produce no response other than a beeping noise.
• Addressed issue where printing a document using a 32-bit application can crash a Print Server in a call to nt!MiGetVadWakeList.
• Addressed issue where an unsupported hardware notification is shown and Windows Updates not scanning, for systems using the AMD Carrizo DDR4 processor or Windows Server 2012 R2 systems using Xeon E3V6 processor. For the affected system, follow the steps in the Additional Information section to install this update.
• Security updates to Microsoft Windows PDF, Windows shell, Windows Kernel, Microsoft Graphics Component, Microsoft Uniscribe, Microsoft Scripting Engine, Internet Explorer, Windows COM, and Windows Kernel-Mode Drivers. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

This update is available via Windows Update and as download from Microsoft Update Catalog. Known issues: If an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected. Microsoft is researching this problem and will post more information in this article when the information becomes available.

KB4022717 (Security-only update) for Windows 8.1/Windows Server 2012 R2

Update KB4022717 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same issues as update KBKB4022726.

Similar articles:
Microsoft June 2017 Patchday summary
Office Patchday June 6, 2017

[German]Microsoft has also released five critical security updates for Windows XP/ Server 2003 and Windows XP embedded on June 13, 2017.  [Article has been rewritten and extended after initial release.}

Updates for Windows XP/Server 2003

Although Windows XP/Windows Server 2003 are out of support since years, Microsoft decided, to release security updates for both operating systems. Microsoft says in a MSRT blog post:

Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures. Some of the releases today are new, and some are for older platforms under custom support agreements, that we are making publicly available today. Customers with automatic updates enabled are protected and there is no additional action required. For customers managing updates, or those on older platforms, we encourage them to apply these updates as soon as possible.

Also Adrienne Hall, General Manager Crisis Management at Microsoft has issued the following statement.

In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.

Both sources are saying: Microsoft’s decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies. Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly.

Update KB4024323

Microsoft hasn’t published details about KB4024323, which is offered for Windows XP/ Server 20 and Windows XP Embedded. Microsoft’s Update Catalog says:

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

The document Microsoft security advisory 4025685: Guidance for older platforms: June 13, 2017 gives more detail. The update addresses security advisory CVE-2017-7269 (Windows RPC remote code execution vulnerability). Because these older Windows versions are out of ordinary support since years, the patches are available via Microsoft Update Catalog or from Microsoft Download Center.

Windows Server 2003 (x86): Download
Windows Server 2003 (x64): Download

Windows XP (x86): Download
Windows XP (x64): Download
Windows XP Embedded: Download

Update KB2347290

This Update for Windows XP SP3 and Windows Server 2003 addresses security advisory MS10-061 (Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)). The update packages may be found within Microsoft Update Catalog.

Update KB4012598

This Update for Windows XP SP3 and Windows Server 2003 addresses security advisory MS17-010 (Security Update for Microsoft Windows SMB Server (4013389)). The update packages may be found in Download Center:

Windows XP SP3 32 Bit
Windows XP SP2 64 Bit
Windows Server 2003

Update KB958644

Update KB958644 for Windows XP SP3 and Windows Server 2003 addresses security advisory MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution (958644)). The update packages may be found in Download Center:

Windows XP SP3 32 Bit
Windows XP SP2 64 Bit
Windows Server 2003

Update KB4012583

Update KB958644 for Windows XP SP3 and Windows Server 2003 addresses security advisory MS17-013 (Security Update for Microsoft Graphics Component (4013075)). The update packages may be found in Download Center:

Windows XP SP3 32 Bit
Windows XP SP2 64 Bit
Windows Server 2003

More security updates for Windows XP/Server 2003

Document Microsoft security advisory 4025685: Guidance for older platforms: June 13, 2017 contains sections ‘Older platforms table x of 3’. This table offers additional security updates for Windows XP and Windows Server 2003. Here are a compressed list of further updates.

Windows XP Service Pack 3: 958644, 2347290, 4012598, 4012583

Microsoft Windows XP Professional x64 Edition Service Pack 2: 958644, 2347290, 4012598, 4012583

Windows Server 2003 x64 Edition Service Pack 2: 958644, 2347290, 3011780, 4012598, 4012583.

Windows XP Service Pack 3: 4022747, Internet Explorer 8 4018271, 4018466, 3197835, 4024323

Microsoft Windows XP Professional x64 Edition Service Pack 2: 4022747, Internet Explorer 8 4018271, 4018466, 3197835, 4024323

Windows Server 2003 Service Pack 2: 4022747, 4018466, 3197835. 4024323

Windows Server 2003 x64 Edition Service Pack 2: 4022747, 4018466, 3197835, 4024323

Windows XP Service Pack 3: 4025218, 4024402, 4019204

Microsoft Windows XP Professional x64 Edition Service Pack 2: 4025218, 4024402, 4019204

Windows Server 2003 Service Pack 2: 4025218, 4024402, 4019204

Windows Server 2003 x64 Edition Service Pack 2: 4025218, 4024402, 4019204

Similar articles
Microsoft June 2017 Patchday summary
Patchday June 2017: Updates for Windows 7/8.1
Patchday June 2017: Updates for Windows 10

Microsoft intends to retire the old SMBv1 network protocol from Fall 2017 for security reasons on Windows 10 and Windows Server 2016. Here are a few details.

SMBv1 30 years old and unsecure

SMB stands for Server Message Block (also known as LAN-Manager or NetBIOS protocol) has been used as a network protocol for file, printer and other server services. SMBv1 has been designed more than 30 years ago and Microsoft’s implementation is categorized as deprecated.

Since Windows Vista there are SMBv2 and later, SMBv3 has been introduced. So SMBv1 isn’t necessary in Windows networks.

This fall SMBv1 shall be deactivated

Ned Pyle from Microsoft has published this blog post on June 1, 2017, where he enlists products from other vendors still using SMBv1. At the end of this blog post, Pyle mentions the end of SMBv1 for Microsoft Windows.

For more information on why using SMB1 is unsafe, see StopUsingSMB1. SMB1 has been deprecated for years and will be removed by default from many editions and SKUs of Windows 10 and Windows Server 2016 in the RS3 release.

RS3 means Windows 10 Fall Creators Update (Version 1709), expected in September/October 2017. Microsoft runs internally some test builds of Windows 10 Enterprise and Windows Server 2016 with SMBv1 deactivated.

Microsoft decided to retire SMBv1 five years ago (long before WannaCry malware used unpatched vulnerabilities in SMBv1). Ned Pyle told Bleeping Computer some more Details.

That date is now the release of Windows 10 Redstone 3, also referenced as the Fall Creators Update, scheduled for launch in October/November 2017.

After that day, every new Windows 10 or Windows Server 2016 OS you install will not have some or all of SMBv1 turned on, which is the norm right now.

This is not patching, nor upgrading, This is clean install RS3

So, only clean installs will see SMBv1 deactivated by default. Already running systems are untouched concerning SMBv1.

How to deactivate SMBv1?

If you intend to deactivate the deprecated SMBv1 in your Windows environment, this is possible. Microsoft has published this document, which describes, registry settings, PowerShell commands and also group policy settings to disable SMBv1 in Windows.

From Windows 8.1 onwards, Windows Features may be used, to uncheck the option SMB 1.0/CIFS File Sharing Support and remove SMBv1 support.

[German]Microsoft has released a couple of security updates for Windows and Office on patchday June 13, 2017. It seems, that some updates are causing serious functional degradation in Outlook, Internet Explorer, or fails to install. Here’s a collection of issues.

Windows 8.1 KB4022726 install error

Blog reader Leon told me via e-mail, that on his Windows 8.1 systems update KBKB4022726 (May 2017 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2) installs failed. He received similar e-mails from his customers.

The reason on his systems was in installed third party antivirus software (Kaspersky), that blocks the installation. After deactivating Kaspersky, the update installation went trough. In some cases it will be necessary to uninstall the third party antivirus software and execute a vendor’s clean tool

KB4022719: Internet Explorer 11 printing issue

Within my blog post Patchday June 2017: Updates for Windows 7/8.1 reader Adrian Robinson left a comment, reporting print issues in Internet Explorer 11. He was forced to uninstall and block update KB4022719 (June Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) to fix that issue.

Outlook issues with KB3203467/KB3191898

It seems that updates KB 3203467 and KB3191898 are causing a couple of major issues in Outlook 2007/20010.

KB3203467/KB3191898 block RTF attachments in Outlook

Some comments from German blog readers pointing out, that Outlook 2010 can’t open  RTF attchments after installing security update KB3203467 (Description of the security update for Outlook 2010: June 13, 2017 (KB3203467)). He received a message, that the required program Outlook isn’t installed or doesn’t answer.

Another reader confirmed, that this issue also comes with update KB3191898 in Outlook 2007. A reader of my English blog post pointed out, that there is a Technet forum entry about that issue. The user mentioned a Known Issue:

If an email message includes an attached email message, and the attached email message’s subject line ends with an unsafe file name extension as listed in the Blocked attachments in Outlook page, the email attachment will be blocked for recipients. To fix this issue, save the email message to the computer and rename its subject line so that it does not end with an unsafe file name extension. Then, attach it to the email message to be sent.

But RTF attachments are not unknown files. It seems that this is an unplanned issue. A workaround is: save the RTF attachment to a local folder and open it. Also uninstalling this security updates helps.

German blog reader Winfried Ortner left another workaround for Outlook 2010: Go in Outlook to File and select Options. Go to security center and to settings for security center. Then uncheck the option to read messages ‘in text only format’ (I could not test it).

Update KB3203467 blocks embedded documents in tasks

Another issue has been mentioned at reddit.com: KB3203467 seems to block embedded documents in tasks. Some user mentioned embedded PDF attachments in tasks. I received also a German comment, that attachments (PDF & DOCX tested)  to tasks and calendar appointments can’t be opened. Also a German forum comment says, that Outlook 2010 can’t open attachements in calendar appointments.

A user at reddit.com says also, that embedded PDFs in contacts are blocked. Uninstalling this updates solves this issue.

Update KB3203467 blocks scripte in forms in public folders

A German reader commented, that scripts within forms are causing issues. He wrote that update kb3203467 blocks scripts in forms, located in public folders. He activated script execution in Trust Center. After uninstalling this update, the issue was gone.

Update blocks search

Within this reddit.com thread there is a comment, that one of the Office update is affecting search. The use wrote, that a search (probably in Outlook) either doesn’t show results or access to folder is blocked. 

Outlook 2007: no access to adresses and calendar in icloudsync

A German comment says, that Outlook 2007 can’t access adress and calendar files via icloudsync, after installing the latest Office patchday updates.

Ok, we have now Saturday, so it’s obvious – we won’t have a new Windows 10 Insider Preview. I suppose, Microsoft is busy to read feedback send from Insiders and fix bugs found within the last Insider Preview.

Dona Sakar has published this tweet, mentions, that no new Insider Preview will come this week. So, I wish everybody a happy weekend . (via)

#WindowsInsiders we are done flighting builds for the week. Have an awesome week!

— Dona Sarkar (@donasarkar) 15. Juni 2017

[German]Microsoft announced this week some changes for Windows Server 2016. There will be an Insider Preview program for Windows Server 2016. And there will be a new ‘Semi-annual Channel’ releases updates twice a year.

Within the document Windows Server Semi-annual Channel Overview has detailed the planned changes to Windows Server 2016. Windows Server release model is offering a new option in order to align with similar release and servicing models for Windows 10 and Office 365 ProPlus.

A new Semi-annual Channel

The Semi-annual Channel releases, available for volume license customers, will deliver new functionality twice a year, in spring and fall. Each release in this channel will be supported for 18 months from the initial release.

Long-term Servicing Channel

This is the release model already knows for Windows Server 2016, where a new major version is released every 2-3 years. Users are entitled to 5 years of mainstream support, 5 years of extended support. And there are optionally 6 more years with Premium Assurance. The following image shows the release cycles for the two channels.

(Source Microsoft)

Windows Insider Program

Microsoft also announced a Insider Program for Windows Server 2016 suitable form developers and IT professionals.

[German]Users installing June 13, 2017 security updates are facing printing issues in Internet Explorer 11. This has been reported for Windows 7 SP 1, Windows 8.1 and also Windows 10. And there is a statement from Microsoft (maybe wrong interpreted), that this bug won’t be fixed.

I’ve addressed this issue briefly within my blog post Office/Outlook und Windows Patchday issues – but there is more.

Security Updates causing IE 11 print issues

Microsoft released several security issues on June 13, 2017 for Internet Explorer. This update is part of Microsoft’s Rollup updates (KB4022719 for Windows 7 SP1, KB4022726 for Windows 8.1) or cumulative update (KB4022725 for Windows 10 V1607). After installing these updates, Internet Explorer 11 won’t print iframes. Only a blank page will be printed.

A user has created this Microsoft Answers forum thread, reporting the issue for Windows 7 SP1 and Update KB4022719. But it has also been confirmed, that Update KB4022725 is causing the same IE 11 printing issues under Windows 10. And I found a confirmation within the thread linked above, that Update KB4022726 is causing the same IE 11 printing issues under Windows 8.1.

The bug is not restricted to Windows 7, and I guess, that also Windows Server is affected. Steve Spirk pointed out here, that Update KB4022722 (cumulative Internet Explorer June security update) didn’t cause that printing issues.

How to fix/workarounds

Most administrators solved this issue by uninstalling the security updates mentioned above. But this is a worse idea, because those security updates are closing critical vulnerabilities. It’s possible, to block update installation and install update KB4022722 (cumulative Internet Explorer June security update). But that won’t close other vulnerabilities in Windows. 

Developers who has access to the HTML code may be add an additional Print button to forms, allowing to print also documents with frames. This has been discussed at stackoverflow.com. Also here the command

document.execCommand(‘print’, false, null)

has been mentioned to print a HTML page with frames.

Collateral damages uninstalling updates

Uninstalling security updates to fix the printing issue may cause other damages. At askwoody.com I found this comment. A user reported, that one of his customers had another error after uninstalling security patch. Intuit Utilities are reporting a missing 3DCompiler_47.Dll file. After re-installing KB4027719 the error was gone.

Microsoft won’t offer a fix?

Thre is a thread IE 11 Window 7 IFrame print error since kb4021558 at Microsoft’s Edge developer forum, addressing this issue. Here is a screenshot of the start page.

First of all, a Microsoft employee replied, that no IE feedback will be accepted via the Edge developers forum. Nothing about ‘Microsoft is listen to our customers …’ in my reading. And later on, somebody at Microsoft are setting the status to ‘Won’t fix’. I don’t know what’s going on. But I would say ‘take your conclusion, how reliable Microsoft will be for the future’. (via Askwoody)

CNAME (Canonical Name) records can be used to alias one name to another (see). Also Computer Names Aliases may be used in Active Directory environments. In a blog post Brandon Wilson from Microsoft discusses, why use Computer Names Aliases in place of DNS CNAME Records and shows also, how to do that.

It’s probably a good news for Windows 10 users. Whilst current versions of Windows 10 doesn’t provide EMET Anti Exploit features, it seems that Microsoft intends to add that to the upcoming Windows 10 Fall Creators Update.

What is EMET?

EMET stands for Enhanced Mitigation Experience Toolkit, an optional and free anti-exploit toolkit from Microsoft for Windows operating systems. EMET is designed to boost the security of Windows against complex threats such as zero-day vulnerabilities.

Microsoft says, Windows 10 is more secure than older Windows versions, but EMET isn’t shipped with Windows 10 till yet. But I pointed out within my blog post Microsoft announces Windows 7 EOL, recommends Windows 10 that Windows 7 + Enhanced Mitigation Experience Toolkit (EMET) is far more secure then Windows 10 without EMET.

(Source: Will Dorman, CERT)

Will Dormann from CERT has published the table shown above and pointed to some weaknesses in Microsoft’s arguments “Windows 10 is more secure”.

“Windows 10 does indeed provide some nice exploit mitigations. The problem is that the software that you are running needs to be specifically compiled to take advantage of them.

Will Dormann’s intension of his article was to keep EMET alive (because Microsoft intends to retire EMET in July 2018).

Will EMET be integrated into the Windows Kernel?

According to this Hacker News article, it seems Microsoft is planning to build its EMET into the kernel of Windows 10 Fall Creator Update (Version 1708, also known as RedStone 3). It’s expected that Windows 10 Version 1709 will be released in September/October 2017.

EMET detects and prevents buffer overflows and memory corruption vulnerabilities, often used in zero-day attacks. Some other features like DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) are implemented already in Windows 10.

So integrating EMET into Windows 10 kernel will hardening the operating system against zero day exploits. The rumor was spread by Alex Ionescu via Twitter:

Well well well.. look who built-in EMET into the kernel of Windows 10 RS3 (Fall Creator’s Update). Thanks to @epakskape for the hint. pic.twitter.com/RhxZiYHFAW

— Alex Ionescu (@aionescu) 18. Juni 2017

These changes are new to Build 15125. But note, that this isn’t confirmed by Microsoft till yet. Let’s hope, EMET will survive within the kernel after Windows 10 V1709 release.

[German]A couple of days ago I reported about printing issues within my blog post June 2017 Patches causing Internet Explorer 11 printing issues. These printing issues is caused by June 2017 security updates. Now Microsoft has confirmed those issues.

The issue

Microsoft released on June 13, 2017 a couple of security updates addressing issues in Internet Explorer. Those updates for Windows 7 SP1 (KB4022719), and Windows 8.1 (KB4022726) and Windows 10 (KB4022725) are included within cumulative updates and update rollups. And there is also a cumulative security update KB4021558 for Internet Explorer.

After installing on of those updates, the content from iframes and frames can’t be printed. Details has been mentioned within my blog post June 2017 Patches causing Internet Explorer 11 printing issues. Only June Security Only Quality Update KB4022722 doesn’t cause printing issues.

Confirmation from Microsoft

A reader mentioned at Askwoody that Microsoft has revised some KB articles on June 20, 2017:

Microsoft has finally acknowledged/confirmed the printing problems with the IE11 KB4021558 security update for Windows 7 & 8.1 as well as the printing problems with the KB4022719 security monthly update for Win7 SP1 & the KB4022726 security monthly update for Win8.1 …

Microsoft has added the following text to the knows issues section of several KB articles. 

When you print a specific iframe or frame in a web page, the print output may be blank, or text is printed that resembles the following:

404 – Not Found

(A frame is a part of a web page or browser window that displays content independent of its container. A frame can load content independently.)

This problem has also been observed in both Internet Explorer 11, and in applications that host the IE Web Browser Control.

There is currently no workaround for this issue. However, if you print the entire web page, it will print correctly.

Microsoft is researching this problem and will post more information in this article when the information becomes available.

Here is a list of the altered KB articles:

• Cumulative security update for Internet Explorer: June 13, 2017 (KB4021558)
• June 13, 2017—KB4022719 (Monthly Rollup) Windows 7 SP1
• June 13, 2017—KB4022726 (Monthly Rollup) Windows 8.1
• June 13, 2017—KB4022725 Windows 10 V1703

Security update KB4022722 for Windows 10 hasn’t been mentioned at Askwoody – I’ve added it to the above list. Also all corresponding Windows Server builds are affected. Microsoft can’t offer a fix or a workaround. Currently uninstalling the security update is the only option to fix that issue (but that’s not a good idea).

Similar articles:
June 2017 Patches causing Internet Explorer 11 printing issues
Fixes for Windows printing issue (August 2016)
Update KB3186988 for Windows 10 Version 1511 printing issues?
Update KB3187022 fixes Windows 7/8.1 printing issue
Patchday June 2017: Updates for Windows 7/8.1
Office/Outlook und Windows Patchday issues

[German]From time to time users are facing issues with missing DLL files in Windows 10. One issue is a missing msvcp100dll dll file. Here are a few hints, how to fix this issue.

Some details about the issue

An attempt to launch an application stalls with an error message, that a DLL file from Microsoft VCR or MFC runtime is missing. A message ‘The program can’t start because MSVCP100.dll is missing from your computer. Try reinstalling the program to fix this problem.’ or similar is shown.

The name of the dll file may vary (MFCU100.dll, MFCU120.dll, MFCU120U.dll etc.). But the root cause is the same, a library file (dll) from MFC or VCR run time environment, requested from the application, is missing. An Internet search will reveal many hits like here and here.

Fix #1: Reinstall the application

In many cases, it’s sufficient to uninstall the faulty application program and re-install the whole application again. In best case the missing run time library files will also be re-installed. If that didn’t help, try other fixes.

The file msvcr100.dll is missing

This dll is a library belongs to Microsoft Visual C++ 2010 run time environment. If that file is missing, applications compiled with VC2010 wont run. The solution: Just re-install the Microsoft Visual C++ 2010 Service Pack 1 redistributable package. This package may be downloades from this Microsoft site (see also). Note, that there are a 64 bit and a 32 bit package.

Some Internet postings suggests (here) suggests a download of msvcp100.dll as a ZIP file, unpack it and copy it to the folder C:\Windows\System32 or for 64 bit systems to C:\Windows\SysWOW64 and restart Windows. The problem: The DLL will be downloaded from http://www.dll-files.com, which isn’t a Microsoft source. I found also adware on this site, so a clear warning: Don’t use this source.

If installing the DLL file didn’t help, open an administrative command prompt and move to folder with the DLL file. Then enter regsvr32 msvcp100.dll to re-register the DLL. 

MFCU120.dll is missing

This dll belongs to Microsoft Visual C++ runtime environment. Here I recommend to download the VC++ redistributable from here or download the 2013 version from icrosoft and install the package.

The problem with Microsoft’s Visual C++ redistributable is, that we will have a couple of versions.

If that doesn’t help, this post from Ableton suggests to execute the installer from the program’s folder within ProgramData. You can also try to run a system file check (see Check and repair Windows system files and component store).

Similar articles
Windows 10: Open command prompt window as administrator
Check and repair Windows system files and component store

[German]Microsoft has released an update KB4032782 to fix printing issues in Internet Explorer 11, caused by June 13, 2017 security updates. Here are a few details about that issue.

The issue

I’ve addressed this issue briefly within my blog post Office/Outlook und Windows Patchday issues and in detail within the blog post June 2017 Patches causing Internet Explorer 11 printing issues.

Microsoft released several security issues on June 13, 2017 for Internet Explorer. This update is part of Microsoft’s Rollup updates (KB4022719 for Windows 7 SP1, KB4022726 for Windows 8.1) or cumulative update (KB4022725 for Windows 10 V1607). After installing these updates, Internet Explorer 11 won’t print iframes. Only a blank page will be printed. It has been observed on all Windows versions, but the issue doesn’t affect all systems. Microsoft has confirmed the issue (see June 2017 security updates IE 11 printing issues confirmed).

Microsoft released a fix

A German reader informed me, that Microsoft has released a patch KB4032782 to fix this printing issues. The update shall be installed only, if the system is affected. In this case download the package from Microsoft Update Catalog. But I was wondering, that Microsoft didn’t mentions a fix for Windows 10, where the issue also has been observed.

[German]Desaster for Microsoft? It’s reported, that 32 Terabyte of data, containing parts of Windows 10 source code and also many internal Windows builds has been leaked. Here are a few details.

Exklusive report from The Register

The Register has published an exclusive article, claiming that 32 Terabyte of Data has been uploaded as a 8 Terabyte batch to betaarchive.com. It’s reported, that it is part of Microsoft’s Shared Source Kit – according to people who has seen the material.

The Shared Source Kit contains sources of Windows 10 hardware drivers, PnP code, USB and Wi-Fi stacks, storage drivers, and ARM-specific OneCore kernel code.

(Source: The Register)

The above screen shot has been shown as a prove. The Register speculates, that the material helps to find new security holes. The released material also contains non public internal Windows 10 builds, and 64 bit ARM variants, and multiple versions of Microsoft’s Windows 10 Mobile Adaptation Kit,  and should be uploaded at June 19, 2017 to a FTP folder.

The Shared Source Kit is port of Microsoft’s Shared Source-Initiative – where the company is sharing code with partners, customers and more, to support debugging.

Leak is smaller, material removed

Administrators from betaarchive.com has published a statements tonight, giving a few more details:

The Register article https://www.theregister.co.uk/2017/06/2 … s_10_leak/ has got BetaArchive a fair amount of attention this evening. They claim, and I quote “32TB of Windows 10 internal builds, core source code leak online”.

First of all let us clear up a few facts. The “Shared Source Kit” folder did exist on the FTP until this article came to light. We have removed it from our FTP and listings pending further review just in case we missed something in our initial release. We currently have no plans to restore it until a full review of its contents is carried out and it is deemed acceptable under our rules.

The folder itself was 1.2GB in size, contained 12 releases each being 100MB. This is far from the claimed “32TB” as stated in The Register’s article, and cannot possibly cover “core source code” as it would be simply too small, not to mention it is against our rules to store such data.
At this time all we can deduct is that The Register refers to the large Windows 10 release we had on March 24th which included a lot of Windows releases provided to us, sourced from various forum members, Windows Insider members, and Microsoft Connect members. All of these we deemed safe for release to BetaArchive as they are all beta releases and defunct builds superseded by newer ones, and they were covered under our rules.

If any of this should change we will remove these builds from the FTP and we will happily comply with any instructions to do so by Microsoft.

With regards to the BBC article http://www.bbc.co.uk/news/technology-40366823 about two Britons that have been arrested following an alleged Microsoft hack, we don’t believe there is any connection with this alleged “Windows 10 core source code leak”.

So in brief: The leak was smaller as reported, and the material has been removed from the ftp servers.

[German]Microsoft refreshes the Windows 10 ISO install images offered for download from time to time (all 3 to 4 months). Now Microsoft offers refreshed ISO install media for download.

Windows 10 Creators Update (Version 1703) has been released on March 2017. Now Microsoft is releasing refreshed ISO install images.

June 2017 refresh in MSDN

MSDN subscribers are able to download Windows 10 Version 1703 Install ISO (Updated June 2017), see screenshot below.

The new ISOs comes with integrated cumulative updates from May and June 2017.

June 2017 refresh: ESD image for all

Microsoft has also released the ISO ESD install media for Windows 10 Creators Update (Version 1703) as June 2017 refresh. @rgadguard has confirmed within a tweet, that a new build has been added:

Added ESD = 15063.413 https://t.co/skOfBR8mBK pic.twitter.com/rnVr41mLyY

— adguard (@rgadguard) 24. Juni 2017

The new ESD ISOs (build 15063.413) also comes with integrated cumulative updates from May and June 2017.

Use this adguard site, to select the appropriate build. Adguard will point you to official Microsoft download links obtained from MS servers. (via)