[German]Microsoft has updated several products on July 11, 2017, to close a Windows Elevation of Privilege Vulnerability(CVE-2017-8563). But there are manual actions required to fix the vulnerability finally.

The Hacker News has been reporting this critical flaw within Microsoft’s Windows NTLM security protocols here. They wrote:

The first vulnerability involves unprotected Lightweight Directory Access Protocol (LDAP) from NTLM relay, and the second impact Remote Desktop Protocol (RDP) Restricted-Admin mode.

Microsoft has addressed this issue within CVE-2017-8563 and wrote: An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully forward an authentication request to a Windows LDAP server, such as a system running Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS), which has been configured to require signing or sealing on incoming connections.

Microsoft provided patches for all supported Windows versions. But it’s not sufficient, just to install the patches. In an Active Directory environment, you need to take care of the following advise, Microsoft has given within its KB articles.

In addition to installing the updates for CVE-2017-8563 are there any further steps I need to carry out to be protected from this CVE?
Yes. To make LDAP authentication over SSL/TLS more secure, administrators need to create a LdapEnforceChannelBinding registry setting on machine running AD DS or AD LDS. For more information about setting this registry key, see Microsoft Knowledge Base article 4034879.

If we follow the link given above, we may read the following additional advise:

Notes
Before you enable this setting on a Domain Controller, clients must install the security update that is described in CVE-2017-8563. Otherwise, compatibility issues may arise, and LDAP authentication requests over SSL/TLS that previously worked may no longer work. By default, this setting is disabled.
The LdapEnforceChannelBindings registry entry must be explicitly created.
LDAP server responds dynamically to changes to this registry entry. Therefore, you do not have to restart the computer after you apply the registry change.
To maximize compatibility with older operating system versions (Windows Server 2008 and earlier versions), we recommend that you enable this setting with a value of 1. See Microsoft Security Advisory 973811 for more details.

This German site contains a script to check, whether the update is installed or not.

[German]Microsoft has released another out-of-band cumulative Update KB4032188 for Windows 10 Creators Update (Version 1703) on July 31, 2017. It’s a maintenance update to fix a couple of issues within the latest build.

Update KB4032188 changes Windows 10 Creators Update (Version 1703) to build number 15063.502, but provides no new features.The maintenance update fixes the following issues.

• Addressed issue that causes a Microsoft Installer (MSI) application to fail for standard (non-admin) users when installed on a per user basis.
• Addressed issue to enable support in the DevDetail Configuration Service Provider (CSP) to return the UBR number in the D part of the SwV node. 
• Addressed issue where NTFS sparse files were unexpectedly truncated (NTFS sparse files are used by Data Deduplication—deduplicated files may be unexpectedly corrupted as a result). Also updated chkdsk to detect which files are corrupted.
• Addressed issue where the IME pad was not launching correctly in the Microsoft Edge browser for certain markets. 
• Addressed issue to allow Win32 applications to work with various Bluetooth LE devices including head tracking devices.
• Addressed issue in the Mobile Device Manager Enterprise feature to allow headsets to work correctly. 
• Addressed issue where device drivers are not loading.
• Addressed a reliability issue when playing specific types of spatial sound content.
• Addressed issue with a dropped key on Microsoft Surface Keyboard and Microsoft Surface Ergo Keyboard, and addressed Wacom active pen connection failures. 
• Addressed issue to improve stability for USB type C during device arrival and removal during system power changes. 
• Addressed USB host controller issue where the host controller no longer responds to the attached peripherals. 
• Addressed MP4 compatibility issue while playing content from a social media site in Microsoft Edge. 
• Addressed issue with audio headsets connected to a PC through Xbox 360 controllers.
• Addressed a reliability issue with launching a Settings app while another application is using the camera device concurrently.
• Addressed issue with notifications (SMS, Calendar) for an activity tracker. 
• Addressed issue with video playback artifacts during transitions from portrait to landscape on mobile devices.
• Addressed issue with Skype calls becoming unresponsive after about 20 minutes when using Bluetooth headsets with Hands-Free Profile (HFP) connections with negotiated mSBC codec (Wideband Speech). 
• Addressed issue where a service using a Managed Service Account (MSA) fails to connect to the domain after an automatic password update. 
• Addressed issue where, in some cases, a drive that utilizes on-drive hardware encryption would not automatically unlock at system startup. 
• Addressed issue where “cipher.exe /u” fails on client machines that are deployed with InTune, Windows Information Protection (WIP), and an updated Data Recovery Agent (DRA) certificate. Cipher.exe will fail with one of the following errors: “The request is not supported” or “The system cannot find the file specified”. 
• Addressed issue where a memory leak occurs in a nonpaged pool with the “NDnd” memory tag when you have a network bridge set up. 
• Addressed issue where you cannot add Work and School accounts in Windows Store, and you may get an error that reads, “We encountered an error; please try signing in again later.” 
• Addressed issue issue where if a Surface Hub enters Sleep mode and then resumes, it may require the user to sign in to Skype again. 
• Addressed issue where some Windows Forms (WinForms) applications that use DataGridView, Menu controls, or call a constructor for a Screen object experienced performance regressions in .NET 4.7. This was caused by additional Garbage Collections. In some cases, there was an empty UI because of a lack of GDI+ handles.
• Addressed issue where Magnifier Lens users cannot click on buttons or select web content in Microsoft Edge or Cortana results.
• Addressed issue introduced in the June updates where some applications may not launch when a device resum

It seems that no updates are available for other Windows 10 versions (till yet).

Microsoft as released Windows 10 Insider Preview Build 16257 for PC in Fast Ring. There are two branches for Redstone 3 (Fall Creators Update) and Redstone 4 (Version 1803).

The new build has been announced within Windows Blog, where also Windows 10 Mobile Insider Preview Build 15237 has been introduced (I won’t cover mobile device builds here).

What’s new?

Yesterday, Microsoft announced Eye Control, which makes Windows 10 more accessible by empowering people with disabilities to operate an on-screen mouse, keyboard, and text-to-speech experience using only their eyes. The experience requires a compatible eye tracker, like the Tobii Eye Tracker 4C, which unlocks access to the Windows operating system to be able to do the tasks one could previously accomplish with a physical mouse and keyboard. We are starting by supporting the EN-US keyboard layout, and we are looking to expand to more keyboard layouts in the future. Microsoft has released this feature as a beta.

A Tobii Eye Tracker 4C is required (Coming next will be support for Tobii Dynavox PCEye Mini, PCEyePlus, EyeMobile Plus, and I-series.)

(Source: Microsoft)

There are also improvments in Microsoft Edge, in console, in Windows Defender Application Guard (WDAG). Details may be read within Microsoft Blog post.

Bug fixes and improvements

Below is a list of fixed issued within this build.

• We fixed an issue where the battery flyout might have shown unexpected text for the % charged (specifically “%1!s!%2!s!% until fully charged”).
• We’ve fixed an issue resulting in certain network setting being lost on upgrade and reverting to default. Specifically, static IP address configuration was reverted to DHCP, and networks marked private were reverted to public.
• If you had installed Builds 16226-16237 and had found Storage Spaces to not be working, today’s build expands upon the fix in 16241 to remediate those PCs that had upgraded from the impacted build range and were still in a bad state. Thanks again to the Insiders that have helped us investigate this!
• We fixed an issue where if you switched to a new tab and back in Microsoft Edge, Narrator would start reading from the top of the page again, rather than remember where you had been on the page.
• We fixed an issue where right-clicking on a folder in File Explorer and saying Scan with Windows Defender wouldn’t work if the folder name contained #.
• We fixed a rare issue where the Windows Search Service might get stuck on initialization after upgrade, resulting in File Explorer showing “Working on it…” infinitely when accessing certain folders.
• We fixed an issue resulting in certain games such as Wargaming’s World of Tanks, World of Warships, and World of Warplanes appearing to hang/freeze shortly after launch when played on x86 PCs in recent flights.
• We fixed an issue where some Insiders were not being offered builds higher than Build 16241.
• We fixed an issue where connecting to a VPN using a solution downloaded from the Windows Store may result in a system crash.

Kown issues

The list of issues are really short:

• Start, Action Center and notification toasts may at times have a background that is 100% transparent. A fix will be available in later flight – for now, if you encounter this issue, try ending ShellExperienceHost.exe via Task Manager or rebooting to resolve the issue.
• We’re investigating reports where Action Center shows it has some number of notifications but when you click to open Action Center, there are no notifications shown.
• We’re investigating reports that suggested apps are visible in Start despite the related setting being off. For now, if you encounter this please try toggling Settings > Personalization > Start > “Occasionally show suggestions in Start”.
• When installing or updating a Windows Store app, you may see error 80070057. As a workaround, you can get the latest app by uninstalling the older version of the app from your device and reinstall latest version from Store.

[German]Sometimes Windows 10 users are facing error 0x800f0922 during installing a cumulative update or a feature update. The system rolls back to the previous state. Here are a few details how to fix this issue.

Searching for details

Users running in an update install error are facing a 2nd problem. In many cases no error code is delivered. The system only reports progress to x %, and suddenly rolls back to a previous state. A typical report:

kb 3147458 will not install,

the installation stalls at bei 59% and the system is rolled back to a previous state.

How to obtain more details? One option is to open the settings app, go to Update and Security and check the hyperlink Extended options –> Update history for error messages. But in many cases, the information are not too helpful.

More details may be found within event manager, because Windows logs all steps and events within this data base.

Just fire up event manager and go to branch Application and service protocols –> Microsoft – Windows – Windows Update Client – Operational.

Double click an entry should open the Details tab to get more details about the install error. More hints may be found within my blog post Windows 10: Analyze upgrade errors.

Update error 0x800F0922

Update error 0x800F0922 means that Windows Update don’t have a connection with Microsoft’s Update servers.

• In some cases an installed VPN software blocks the connection to Microsoft’s Update servers. Uninstall the VPN software and try again.
• I’ve seen also cases, where the free space on System reserved partitions is running low. Use a third party partition tool to check the free space on system reserved partitions.
• If third party antivirus software is installed, uninstall this product. The use a vendor’s clean tool, to remove install files left on the system. Then reboot Windows (press Shift key during selecting the Reboot option).
• Try to check the system for damaged files (see Check and repair Windows system files and component store).

If sfc or dism are reporting system file errors, an Inplaces Upgrade may cure this issue.

[German]Microsoft’s July 2017 updates for Internet Explorer and Edge Browser has caused several issues. Microsoft has revised CVE-2017-8518 for Scripting Engine and they corrects an issue in Power Shell.

Revision for CVE-2017-8518: Scripting Engine

Yesterday I received an e-mail from Microsoft informing me about a revision of CVE-2017-8518.

CVE Revision Information:
=====================

CVE-2017-8518

– Title: CVE-2017-8518 | Scripting Engine Memory Corruption
   Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: CVE-2017-8518 has been added to the June
   2017 Security Updates. This is an informational change only.
– Originally posted: August 4, 2017 
– Updated: N/A
– CVE Severity Rating: Critical
– Version: 1.0

PowerShell issue after KB4025333

After installing July 11, 2017 patches, some users are experiencing PowerShell issues (some are receiving an error). The issue has been caused by KB4025333 as you can read here. Microsoft has proposed a solution: Install KB3000850 or WMF 5.1.

[German]Microsoft ended the ability to going forward in Windows 10 Insider Preview to the next Windows 10 releases after Fall Creators Update (aka Redstone 4 branch).

It has been only a very short ‘adventure – the ability to going forward in Windows 10 Insider Previews  to the Redstone 4 branch. On July 25, 2017, Microsoft announce the ability for Windows Insiders joined the Fast Ring to skip Redstone 3 builds and use Redstone 4 Insider Builds instead. See this neowin.net article for further details for instance.

Skip Ahead is now closed. If you select this option going forward, you will have your Windows Insider Program settings reverted. pic.twitter.com/Kj3tESzrjI

— Tero Alhonen (@teroalhonen) 4. August 2017

As Tero Alhonen posted within the tweet above, Microsoft has closed the ‘Skip Ahead’ option for Insiders in Fast Ring. It seems that MS has planned it and has reserved limited seats for RS 4. (via)

[German]A 20-year-old vulnerability in Microsoft Windows SMB protocol has been discovered. Microsoft says, that it won’t patch this vulnerability. Here is, what to know.

Researchers Sean Dillon (Twitter: @zerosum0x0) and Jenna Magius (Twitter: @jennamagius) found the original vulnerability in June (2017). There is a proof of concept on Github, that allows an attacker to open a connection to a remote computer via the SMB protocol and instruct that computer to allocate RAM to handle the connection. The attacker doesn’t have to be authenticated.

If an attacker opens tens of thousands of connections on a machine, the RAM will be exhausting. This lead potentially to freeze or crash the targeted computer. The vulnerability affects every version (SMBv1, SMBv2, SMBv3) of the SMB protocol and every Windows version dating back to Windows 2000 up to Windows 10.

Windows systems exposing port 445 are vulnerable (i.e. disabling SMB won’t stop attacks). On Linux, admins can set “max smbd processes = 1000” in the Samba smb.conf config file to prevent attackers from opening a large number of SMB connections to the Samba server.

SMBLoris takes its name from the Slowloris attack on web servers. In 2009, security researchers discovered that an attacker could open a large number of connections to the same web server, exhausting bandwidth, sockets, or memory, and carry out one-man DDoS attacks. SMBLoris is the same thing but done via SMB instead of HTTP.

Microsoft has declined to patch this vulnerability in the Server Message Block (SMB) file sharing protocol of Windows. “The case offers no serious security implications and we do not plan to address it with a security update,” a Microsoft spokesperson told Threatpost. “For enterprise customers who may be concerned, we recommend they consider blocking access from the internet to SMBv1.” Further details may be found within the Kaspersky Threatpost article, within this rapid7.com community article or within this Bleeping Computer article. The attack has been demonstrated at Def Con (see below).

#SMBloris attack demonstration https://t.co/kovLsEL4Ia

— Frieder Morneweg (@MornewegF) 5. August 2017

[German]Microsoft is ending Current Branch for Business (CBB) in Windows 10. And Microsoft has recently detailed some internals about Feature Upgrade installs. This blog post sum up the relevant details.

Current Branch for Business ends

Microsoft has used Current Branch (CB) and Current Branch for Business (CBB) within gab Windows 10 Pro/Enterprise. Admins has been able to defer Feature Upgrades in CBB for several months. In May 2017 Microsoft announced, that they are going to use new names (see).

• Instead of using Current Branch for Business (CBB), Microsoft is using the term ‘Semi-Annual Channel’ .
• And the Long Term Servicing Branch (LTSB) will be renamed to Long Term Servicing Channel (LTSC).

This has also been detailed within this Technet blog post from Michael Niehaus from July 17, 2017. More important are the support cycles for both channels.

• Semi-Annual Channel: Those builds will be supported for 18 months after release. After this period, an upgrade to a newer build is mandatory.
• Long-Term Servicing Channel: Microsoft plans to release all 2-3 years a new build (next is planned for 2019). Builds within this channel are supported for 10 years with security updates. 

More details may be read within this Technet post. This is the first important change, announced from Microsoft.

Detailing Windows 10 Feature Upgrade install

Microsoft has introduced a Mixer channel for Windows Insider, where developers from product group are introducing some technical details. The first web cast has been held at June 14, 2017 – unfortunately, the session will be streamed only in real time and can’t be viewed later. Within the first web cast Microsoft has given a few details what’s going on during Feature Upgrades. Russian leaker WZor has joined this web cast and published some slides. According to the following slide, a Windows 10 Feature Update (which is an Upgrade, exchanging the whole operating system) is installed in four phases. 

(Source: WZor/Twitter)

During these four phases, several task will be executed. The slides below shows, what’s going on within a phase (click the slide to zoom in an new browser tab).

(Source: WZor/Twitter)

• Phase 1: The Feature Update will be downloaded from Update server. This phase will be terminated from a user clicking the Restart now button within Settings –> Update and Security.

(Source: WZor/Twitter)

• Phase 2: After the first reboot, a Windows RE environment copies/move the Source WIM into the recovery partition, installs the new WIM, drivers and so on. The details are enlisted within the screen shot shown above. This phase has a progress bar value between 0 and 30%.

(Source: WZor/Twitter)

• Phase 3: After ending Windows RE, Windows 10 boots again into the First Boot Phase, where progress values between 31 and 74 % are shown. During this phase, the new OS is entered into BCD store and Sysprep will be executed. Also plugins will be migrated.

(Source: WZor/Twitter)

• Phase 4: After a second restart, progress values between 75 and 100 % will be shown. During this phase, user data will be copied, services are starting and other post OOBE tasks are executed. This phase ends with starting Windows desktop. 

These details may be helpful, if a Feature Upgrade install fails. WZor has posted more slides on Twitter.

Update optimization

Two semi annual Feature Updates are annoying many users, especially, because it takes a long time to install. During install, the system in not useable. If an install fails, users are wasting a lot of time waiting for install steps – and Windows Insiders are ‘enjoying’ this weekly. 

Microsoft has published recently some details for Windows Insider within Feedback hub about Feature Update installs. They say, the install process has been optimized. Now the following steps (see also the section above) are applied:

• Online-Phase: Searching and downloading updates, backup settings and app in background. Also all new OS files are stored within Windows Image (Wim) process. Then Windows waits for reboot.
• Offline-Phase: After reboot the update files are installed, drivers will be integrated and user data will be restored. Then the system reboots and the user is able to work again with Windows 10.

This shall reduce the ‘down time’ for users during Windows Feature Updates. Let’s wait, how good this will be at the end of the day (we will see it during Windows 10 Fall Creators Update release in September 2017). 

Similar articles:
Windows 10 Wiki
How to decode Windows errors?
Windows 10: Analyze upgrade errors
Windows: How to decode update 0x8024…. errors
Uninstalling ‘uninstallable’ Windows Updates
How to block Windows 10 updates
Stop Windows from installing updates over and over again

[German]US-CERT issued a warning: Microsoft Windows automatically executes code specified in shortcut (LNK) files. This allows attackers to execute malware during viewing a lnk file. A public exploit is available.

It’s Windows again, that has a non fixed vulnerability. US-CERT issued this within its Vulnerability Note VU#824672. Microsoft Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. Clicking on a LNK or file has essentially the same outcome as clicking on the file that is specified as the shortcut target. Ok, this is the intention of a shortcut file.

Viewing a shortcut file executes code

But there is a caveat, as CERT pointed out:

Microsoft Windows fails to safely obtain icons for shortcut files. When Windows displays Control Panel items, it will initialize each object for the purpose of providing dynamic icon functionality. This means that a Control Panel applet will execute code when the icon is displayed in Windows. Through use of a shortcut file, an attacker can specify a malicious DLL that is to be processed within the context of the Windows Control Panel, which will result in arbitrary code execution. The specified code may reside on a USB drive, local or remote filesystem, a CD-ROM, or other locations.

Viewing the location of a shortcut file with Windows Explorer (or other application, that display file icons)  is sufficient to trigger the vulnerability.

The origin of this vulnerability is outlined in VU#940193 (CVE-2010-2568). The fix for CVE-2010-2568 and the subsequent fix for CVE-2016-0096 are both insufficient in that they not take into account LNK files that use the SpecialFolderDataBlock or KnownFolderDataBlock attributes to specify the location of a folder. Such files are able to bypass the whitelisting first implemented in the fix for CVE-2010-2568.

By convincing a user to display a specially-crafted shortcut file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, this can happen automatically by connecting a USB device. Exploit code for this vulnerability is publicly available.

Fix or Workaround to overcome this issue

CERT recommends to apply an update, this issue is addressed in the Microsoft Update for CVE-2017-8464. After applying the update, block connections from Internet to shares.

• Block outgoing SMB traffic: CERT recommends to block outgoing connections on ports 139/tcp, 139/udp, 445/tcp, and 445/udp at your network perimeter. This helps to prevent machines on the local network from connecting to SMB servers on the internet. This does not remove the vulnerability, but it blocks an attack vector for this and other vulnerabilities.
• Disable WebDAV: A second recommendation is to block connects to network shares using the WebDAV protocol over HTTP.

WebDAV can be disabled at various layers, depending on the requirements of your organization:

• At the client: To disable WebDAV on a Windows client, set the Startup type property for the WebClient service to Disabled. Note that this may interfere with the ability to access features that utilize WebDAV, such as some aspects of Microsoft SharePoint.
• On the network: WebDAV can be blocked at the network level by blocking the methods used by the WebDAV extension to HTTP.

The latter method is discussed within Blocking WebDAV methods for example. Check with your firewall vendor for more details.

[German]Today I will discuss a curious behavior in Windows 10 Task Scheduler. A German blog reader (Olaf E.) has pointed me a couple of weeks ago to this issue. It not possible, to change settings for predefined Microsoft tasks.

What’s the problem with Task Scheduler?

Olaf E came across this issue, after he intended to change some triggers for Windows Update related tasks in Windows Task Scheduler. His attempt, to enter the settings tabs of a predefined Windows Update task, change something and leave the property windows ends either with an error dialog or with a MMC crash. To reproduce this behavior, try the following steps.

1.  Launch Windows 10 Task Scheduler via taskbar’s search box. Then the Task Scheduler’s windows should be visible (see below, I used a German Windows 10 for screenshot).

2. Navigate within the left pane to Task Scheduler Library–> Microsoft –> Windows –> Windows Update.

3. Now all Tasks entries visible within the screenshot above are visible. Double click an entry to open the Task’s property page.

The try to leave the property page via OK button. Task Scheduler will show an error dialog box, informing you, that the Task Scheduler service is not running.

You can close this window, using the OK button. Then you will land at the Task Scheduler’s property page. In best case you can use the Cancel button to leave the property windows – but this means, you are not able to change any settings for the Task. Olaf E. wrote, that he have had cases, where MMC crashed. I did not observed those crashes, but I got the error dialog shown above. Currently I have no explanation for this behavior.

[German]On August 2017 Patchday (08/08/2017), Microsoft released several cumulative Updates for Windows 10 Builds. Here are a few details – but this article is work in progress.

Note: I’ve addressed the out-of-band cumulative Update KB4032188 for Windows 10 Creators Update (Version 1703) on July 31, 2017 within my blog post Windows 10 V1703: Update KB4032188 (July 31, 2017). .

KB4034674 für Windows 10 Version 1703

Cumulative security update KB4034674 for Windows 10 Version 1703 (Creators Update) brings quality improvements and fixes the following issues:

• Addressed issue where the policies provisioned using Mobile Device Management (MDM) should take precedence over policies set by provisioning packages.
• Addressed issue where the Site to Zone Assignment List group policy (GPO) was not set on machines when it was enabled.
• Addressed issue where the AppLocker rules wizard crashes when selecting accounts.
• Addressed issue where the primary computer relationship is not determined when you have a disjoint NetBIOS domain name for your DNS Name. This prevents folder redirection and roaming profiles from successfully blocking your profile or redirects folders to a non-primary computer.
• Addressed issue where an access violation in the Mobile Device Manager Enterprise feature causes stop errors.
• Security updates to Microsoft Edge, Microsoft Windows Search Component, Microsoft Scripting Engine, Microsoft Windows PDF Library, Windows Hyper-V, Windows Server, Windows kernel-mode drivers, Windows Subsystem for Linux, Windows shell, Common Log File System Driver, Internet Explorer, and the Microsoft JET Database Engine.

The update changes the build number to 15063.540. During update install Czech an Arabic languages may change to English. Microsoft is working on this issue an will fix it within a further update. This Update is available via Windows Update and may be downloaded from Microsoft Update Catalog as a delta update.

KB4038220 for Windows 10 Version 1607

Update KB4038220 (2017-08 Cumulative Update for Windows 10 Version 1607 for x64-and x32-based Systems (KB4038220)) has been released prematurely in Microsoft Update Catalog. It shifts the build number up to 14393.1537. The x32 package is 608.1 MB in size, while the x64 package has a size of 1074.1 MB.

Microsoft Update Catalog contains both updates (see) and says, it will resolve issues in Windows 10. This update replaces KB4025334, KB3194496, KB3194789, KB197954, KB3200970 (see also this tweet).

Addendum: Microsoft has released a KB article KB4038220. This article says the update addressed an issue where a .NET application could unexpectedly terminate with an A/V in clrjit.dll.

KB4034658 for Windows 10 Version 1607

Update KB4034658 has been released for Windows 10 Version 1607 and Windows Server bereit. It changes the build number to 14393.1593 and contains quality improvements and bug fixes.

• Addressed issue where apps sometimes launch with a border when a device is in Tablet mode.
• Addressed issue introduced in the June updates where some applications may not launch when a device resumes from Connected Standby mode.
• Security updates to Windows kernel-mode drivers, Microsoft Windows Search Component, Microsoft Windows PDF Library, Internet Explorer, Microsoft Scripting Engine, Common Log File System Driver, Windows Server, Windows Hyper-V, and the Microsoft JET Database Engine.

This Update is available via Windows Update and may be downloaded from Microsoft Update Catalog.

Update KB4034660 for Windows 10 Version 1511

Update KB4034660 for Windows 10 Version 1511 changes the build number to 10586.1045 and contains security fixes, quality improvements and bug fixes:

• Addressed issue where, when deploying an application to a device that is managed by AppLocker, the application deployment fails. 
• Addressed issue introduced in the June updates where some applications may not launch when a device resumes from Connected Standby mode. 
• Security updates to Windows kernel-mode drivers, Microsoft Graphics Component, Microsoft Windows Search Component, Microsoft Windows PDF Library, Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows Server, Common Log File System Driver, Windows Hyper-V, and the Microsoft JET Database Engine.

This Update is available via Windows Update and may be downloaded from Microsoft Update Catalog. The Update is between 577.5 and 1092.9 MB in size.

Windows Update Client Improvement

Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed any recent cumulative updates and are not currently managed (e.g. domain joined).

Update KB4034668 for Windows 10 RTM

Update KB4034668 is for Windows 10 RTM version and changes the build number to 10240.17533. The patch includes quality improvements and bug fixes:

• Addressed issue where some of the event data for user logon events (ID 4624) from Domain controllers were corrupted.

• Addressed issue introduced in the June updates where some applications may not launch when a device resumes from Connected Standby mode.

• Security updates to Microsoft Scripting Engine, Microsoft Edge, Internet Explorer, Microsoft Windows Search Component, Microsoft Graphics Component, Windows kernel-mode drivers, Microsoft Windows PDF Library, Windows Server, Common Log File System Driver, Windows Hyper-V, and the Microsoft JET Database Engine.

This Update is available via Windows Update and may be downloaded from Microsoft Update Catalog.

Windows Update Client Improvement

Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed any recent cumulative updates and are not currently managed (e.g. domain joined).

Similar articles:
Microsoft August 2017 Patchday Summary
Windows 10 V1703: Update KB4032188 (July 31, 2017)
Windows 10: Critical Updates KB4035631 and KB4035632
Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660

[German]Microsoft has released some updates prematurely to August 2017 Patchday for Windows 10 (Version 1511 and 1607) within Windows Update Catalog. The two updates mentioned within the title are quoted as critical.

Update KB4032188 for Windows 10 Version 1703 (released July 31, 2017) has been addressed within my blog post Windows 10 V1703: Update KB4032188 (July 31, 2017). Update KB4038220 for Windows 10 Version 1607 is available within Windows Update Catalog, but still hasn’t documented. What I know so far, has been compiled within my blog post Windows 10: August 2017 Updates KB4038220.

Update KB4035631 for Windows 10 Version 1607

Update KB4035631 is available with date August 7, 2017) in Windows Update Catalog. This update is quoted as critical and addresses Windows 10 Version 1607. There are a 32 and 64 bit version, exchanging the following older updates:

• 2017-06 Update for Windows 10 Version 1607 for x64-based Systems (KB4023834)
• Update for Windows 10 Version 1607 for x64-based Systems (KB3211320)
• Update for Windows 10 Version 1607 for x64-based Systems (KB4013418)

The size of the update packages varies between 5.2 and 11.4 MB. But till now, Microsoft hasn’t published any details on this security update.

Update KB4035632 for Windows 10 Version 1511

Update KB4035632 is offered within Windows Update Katalog with date August 4,2017 as critical. There are 32 and 64 bit versions available for Windows 10 Version 1511. This update supersedes the following updates:

• Update for Windows 10 Version 1511 (KB3173428)
• Update for Windows 10 Version 1511 (KB3181403)
• Update for Windows 10 Version 1511 (KB4015220)

Update size is between 5.4 and 11.9 Megabyte. Unfortunately Microsoft hasn’t provided more details till yet.

If details are available, I will update this article.

Microsoft has released a couple of security updates for Windows and other products on August 8, 2017. Here is a short patchday summary.

Details about these security updates may be found within Security TechCenter and within several blog posts here.

Critical Security Updates
============================

Adobe Flash Player
Internet Explorer 9
Internet Explorer 11
Microsoft Edge
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
(Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
(Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Important Security Updates
============================

Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3
Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 (CU)
Microsoft SQL Server 2012 for x64-based Systems Service Pack 3
Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 (CU)
Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems
Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems (CU)
Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems
Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems (CU)
Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems
Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (CU)
Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems
Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (CU)
Microsoft SQL Server 2016 for x64-based Systems
Microsoft SQL Server 2016 for x64-based Systems (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU)

Moderate Security Updates
============================

Internet Explorer 10

Revised CVEs

Microsoft has also revised the following security bulletins.

CVE-2017-0071

– Title: CVE-2017-0071 | Scripting Engine Memory Corruption
   Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0071,
   Microsoft released the July security updates for all versions of
   Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10
   for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems,
   and Windows 10 Version 1703 for x64-based Systems have been added
   to the Affected Products table as they are also affected by this
   vulnerability. Microsoft recommends that customers who have not
   already done so install the July 2017 security updates to be
   fully protected from this vulnerability.
– Originally posted: March 14, 2017 
– Updated: August 8, 2017
– CVE Severity Rating: Critical
– Version: 2.0

CVE-2017-0228

– Title: CVE-2017-0228| Scripting Engine Memory Corruption
   Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0228,
   Microsoft has released August security updates for Internet
   Explorer 11 on affected editions of Windows 8.1, Windows Server
   2012 R2, Windows 8.1 RT, Windows 10, Windows 10 Version 1511,
   Windows 10 Version 1607, and Windows 10 Version 1703; and for
   Microsoft Edge on affected editions of Windows 10, Windows 10
   Version 1511, Windows 10 Version 1607, and Windows 10 Version 1703.
   Microsoft strongly recommends that customers install the updates
   to be fully protected from the vulnerability. Customers whose
   systems are configured to receive automatic updates do not need
   to take any further action.
– Originally posted: May 9, 2017
– Updated: August 8, 2017
– CVE Severity Rating: Critical
– Version: 2.0

CVE-2017-0299

– Title: CVE-2017-0299 | Windows Kernel Information Disclosure
   Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0299,
   Microsoft has released August security updates for all affected
   editions of Microsoft Windows. Microsoft strongly recommends that
   customers install the updates to be fully protected from the
   vulnerability. Customers whose systems are configured to receive
   automatic updates do not need to take any further action.
– Originally posted: June 13, 2017
– Updated: August 8, 2017
– CVE Severity Rating: Important
– Version: 5.0

Security Bulletin Revision Information:
=====================

MS17-007

– Title: Cumulative Security Update for Microsoft Edge (4013071)
– https://technet.microsoft.com/library/security/ms17-007.aspx
– Reason for Revision: To comprehensively address CVE-2017-0071,
   Microsoft released the July security updates for all versions of
   Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10
   for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems,
   and Windows 10 Version 1703 for x64-based Systems have been added
   to the Affected Products table as they are also affected by this
   vulnerability. Microsoft recommends that customers who have not
   already done so install the July 2017 security updates to be fully
   protected from this vulnerability.
– Originally posted: March 14, 2017
– Updated: August 8, 2017
– Bulletin Severity Rating: Critical
– Version: 2.0

MS17-MAR

– Title: Microsoft Security Bulletin Summary for March 2017
– https://technet.microsoft.com/library/security/ms17-MAR.aspx
– Reason for Revision: For MS17-007, to comprehensively address
   CVE-2017-0071, Microsoft released the July security updates for
   all versions of Windows 10. Note that Windows 10 for 32-bit Systems,
   Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit
   Systems, and Windows 10 Version 1703 for x64-based Systems have been
   added to the Affected Products table as they are also affected by
   this vulnerability. Microsoft recommends that customers who have not
   already done so install the July 2017 security updates to be fully
   protected from this vulnerability.
– Originally posted: March 14, 2017
– Updated: August 8, 2017
– Bulletin Severity Rating: N/A
– Version: 4.0

[German]Microsoft has released several updates on August 8, 2017 for Windows 7 SP1 and Windows 8.1 and its corresponding server versions. Here are a few details about those updates.

Updates for Windows 7 SP1/Server

Microsoft released updates KB4034664 and KB4034679 for Windows 7 SP1 and Windows Server 2008 R2 SP1. The Windows 7 update history may be found on this Microsoft page.

KB4034664  (Monthly Rollup) for Windows 7/Windows Server 2008 R2 SP1

Update KB4034664 (August Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains quality improvements and fixes:

• Security updates to Microsoft JET Database Engine, Common Log File System Driver, Microsoft Windows Search Component, Volume Manager Driver, Internet Explorer, Windows Server, and Windows kernel-mode drivers.

The package will be offered via Windows Update and via Microsoft Update Catalog.

KB4034679 (Security-only update) für Windows 7/Server 2008 R2 SP1

Update KB4034679 (Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1) addresses the same security issues as update KB4034664. This Update is available via WSUS and in Microsoft Update Catalog.

Updates for Windows 8.1

Microsoft has released updates KB4034681 and KB4034672 for Windows 8.1 and Windows Server 2012 R2. The update history for Windows 8.1 may be found at this Microsoft site.

KB4034681 (Monthly Rollup) for Windows 8.1/Windows Server 2012 R2

Update KB4034681 (August 2017 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2) fixes security issues and addresses the following topics.

• Addressed issue where a LUN connection that was received after the buffer allocation during iSCSI statistic collection overflowed the buffer and caused error 0x19. A UI issue that hides the iSCSI targets will be addressed in an upcoming release.
• Security updates to Windows Server, Microsoft Windows Search Component, Volume Manager Driver, Common Log File System Driver, Microsoft Windows PDF Library, Microsoft JET Database Engine, Windows kernel-mode drivers, and Windows Hyper-V.

This update is available via Windows Update and as download within Microsoft Update Catalog.

KB4034672 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4034672 (August 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same items as Update KB4034681. It will be offered via WSUS and via Microsoft Update Catalog.

Similar articles:
Microsoft August 2017 Patchday Summary
Windows 10 V1703: Update KB4032188 (July 31, 2017)
Windows 10: Critical Updates KB4035631 and KB4035632
Patchday August 2017: Updates for Windows 7/8.1
Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660

[German]Microsoft hat released more updates on patchday (August 8, 2017) for .NET-Framework, Windows Server, Flash and so on. Here is an overview.

A complete overview of all August 2017 updates may be found on this Microsoft page. Some of these updates are covered within other blog posts (see links at articles end).

Security updates

Microsoft released the following security updates.

Security Update for Windows Server 2008 (KB4022750)

Update KB4022750 (Security update for the Windows NetBIOS denial of service vulnerability in Windows Server 2008: August 8, 2017) closes a vulnerability in NetBIOS under Windows Server 2008.

A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploits this vulnerability could cause a target computer to become completely unresponsive.

Details may be read under CVE-2017-0174. This update exchanges KB4021923 on Windows Server 2008. The Update is offered via Windows Update, WSUS, and Microsoft Update Catalog. A restart is required after installing this update.

Security Update for Windows Server 2008 (KB4034034)

Update KB4034034 (Security update for the Windows Search remote code execution vulnerability: August 8, 2017) addresses  a critical vulnerability within Windows Search.

A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploits this vulnerability could take control of the affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Details may be read at CVE-2017-8620. The Update is offered via Windows Update, WSUS, and Microsoft Update Catalog. After installing a language pack, the update needs to be re-installed.

Adobe Flash-Player security update (KB4034662)

Update KB4034662 (2017-08 Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012) fixes a few critical and moderate vulnerabilities within Adobe Flash Player.

Security Monthly Quality Rollup for Windows Server 2012 (KB4034665)

Update KB4034665 (2017-08 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012) is a critical patch and addresses the following issues:

• Security updates to Windows Hyper-V, Windows kernel-mode drivers, Microsoft JET Database Engine, Microsoft Windows PDF Library, Common Log File System Driver, Volume Manager Driver, Internet Explorer, Microsoft Windows Search Component, and Windows Server.

The Update is offered via Windows Update, WSUS, and Microsoft Update Catalog.

Security Only Quality Update for Windows Server 2012 (KB4034666)

Update KB4034666 is quoted as critical and is available for Windows Server 2012 and Windows Embedded 8 Standard in WSUS and in Microsoft Update Catalog. This update fixes a remote code execution vulnerability in Windows search and in Windows kernel-mode driverreiber.

Cumulative Security Update Internet Explorer (KB4034733)

Cumulative Security Update KB4034733 for Internet Explorer is available via Windows Update, WSUS and within Microsoft Update Catalog. It’s been quoted as critical for Windows 8.1, Windows Embedded 8 Standard, Windows Embedded Standard 7, and Windows 7, and moderate for Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 and Windows Server 2008.

Security Update for Windows Server 2008 (KB4034744)

Update KB4034744 (Security update for the Volume Manager Extension driver information disclosure vulnerability in Windows Server 2012: August 8, 2017) is available via Windows Updates, WSUS and via Microsoft Update Catalog. It addresses CVE-2017-8668 and is important:

An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To learn more about the vulnerability, go to .

Security Update for Windows Server 2008 (KB4034745)

Update KB4034745 (Security update for the Windows CLFS elevation of privilege vulnerability in Windows Server 2008: August 8, 2017) is important. It closes an elevation of privilege vulnerability in Windows Common Log File System (CLFS) driver. Details may be found in CVE-2017-8624. Update KB4034745 is available via Windows Updates, WSUS and within Microsoft Update Catalog.

Security Update for Windows Server 2008 (KB4034775)

Update KB4034775 (Security update for the Microsoft JET Database Engine remote code execution vulnerability in Windows Server 2008: August 8, 2017) is also available for Windows XP Embedded (WES09 and POSReady 2009). This critical update closes a remote code execution vulnerability in Microsoft JET Database Engine. Details may be found in CVE-2017-0250. If a language pack is installed later, the security update needs to be reinstalled. This update is available via Windows Update, WSUS and via Microsoft Update Catalog.

Security Update for Windows Server 2008 (KB4035055)

Update KB4035055 (Security update for the Win32k information disclosure vulnerability in Windows Server 2008: August 8, 2017) is important and will also be shipped for Windows XP Embedded (WES09 and POSReady 2009). It fixes an information disclosure vulnerability in win32k kernel. Details may be read within CVE-2017-8666. If a language pack is installed later, the security update needs to be reinstalled. This update is available via Windows Update, WSUS and via Microsoft Update Catalog.

Security Update for Windows Server 2008 (KB4035056)

Update KB4035056 (Security update for the Express Compressed Fonts remote code execution vulnerability in Windows Server 2008: August 8, 2017) is important and will also be shipped for Windows XP Embedded (WES09 and POSReady 2009). It fixes a vulnerability that allows a remote code execution via die Windows Font library. Details may be read within CVE-2017-8691. If a language pack is installed later, the security update needs to be reinstalled. This update is available via Windows Update, WSUS and via Microsoft Update Catalog.

Security Update for Windows Server 2008 (KB4035679)

Update KB4035679 (Security update for the Windows Error Reporting elevation of privilege vulnerability for and Windows Server 2008: August 8, 2017) is important. It allows an elevation of privilege attack via Windows Error Reporting (WER). Details are available within CVE-2017-8633 nachlesen. If a language pack is installed later, the security update needs to be reinstalled. This update is available via Windows Update, WSUS and via Microsoft Update Catalog.

Other non security updates

Microsoft has released som non security updates in August 2017.

Dynamic Update for Windows 10 Version 1703 (KB4037589)

This  dynamic Update KB4037589 is for Windows 10 Version 1703 and isn’t documented from Microsoft till yet. A dynamic update enables Windows 10 during setup/install to load critical drivers, setup fixes and other components from Microsoft’s update servers (see Windows 10: What are dynamic updates?).

Windows Malicious Software Removal Tool – August 2017 (KB890830)

MSRT has been updated for August 2017 and will be shipped via Windows Update, WSUS and Microsoft Update Catalog. It checks the system for know malware. Details may be found on this Microsoft webpage.

Changes in Updates

Microsoft has changed some older update packages.

Update for Windows Server 2012 R2 (KB4033428)

Update KB4033428 for Windows Server 2012 R2 has been shipped in July 2017 and shall improve CPU detection.

Update for Windows Server 2008 (KB4019276)

Update KB4019276 has been released in July 2017 and changes support for TLS 1.1 and TLS 1.2 in Windows Server 2008 Service Pack 2 (SP2).

Update for Microsoft .NET Framework 4.7 (KB3186497)

Update KB3186497 for Windows 7 and Windows Server 2008 R2 is available via Microsoft Update Catalog .

Update for Microsoft .NET Framework 4.7 (KB3186505)

.NET Framwork 4.7 Update KB3186505 is available for Windows Server 2012 (x64).

Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 (KB4035508)

Metadata and binary data has been changed within Update KB4035508 for Windows Embedded 8 Standard and Windows Server 2012.

Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 (KB4035509)

Metadata and binary data has been changed within Update KB4035509 for Windows 8.1 und Windows Server 2012 R2.

Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 (KB4035510)

Metadata and binary data has been changed within UpdateKB4035510 for Windows Embedded Standard 7, Windows 7 and Windows Server 2008 R2.

Similar articles:
Microsoft August 2017 Patchday Summary
Windows 10: Critical Updates KB4035631 and KB4035632
Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660
Patchday August 2017: Updates for Windows 7/8.1
Further Microsoft Updates August 8, 2017
Flash Player Update 26.0.0.151 (August 8, 2017)
Microsoft Office Security Updates (August 8, 2017)
Windows10 V1607: KB4034658 clears update history
Windows 10: What are dynamic updates?

[German]Adobe (and Microsoft) has released on August 8, 2017 another Flash Player update that fixes vulnerabilities. Here are a few details about this security update.

The Flash Player for Windows 8.1 and Windows 10 has been updated through patches released from Microsoft (see Weitere Microsoft Updates zum Patchday 8.8.2017).

Adobe Flash Player-Update 26.0.0.151 (August 2017)

Adobe has published a Security Bulletin APSB17-23 and released Flash-Player Version 26.0.0.151. According to the the Security Bulletin the Flash Player versions listed below are vulnerable.

Updates to version 26.0.0.151 are available from this Adobe site. If the Flash Player is already installed, auto update shall install the new build. In Windows 8.1 and Windows 10 Microsoft’s Update KB4034662 ships the new version. Also updating Google Chrome browser should also update the Flash Player.

Which Flash Player version is installed?

To check the installed Flash Player version, visit this Adobe web page. The page displays the installed Flash version and also whether an update is available.

If you use this Adobe page to update the Flash player, take care not to download PUP’s (like McAfee Security Scan Plus and True Key from Intel). The direct download links for all Flash Player installers may be found within this (German) comment.

On August 8, 2017, Microsoft has released cumulative update KB4034658 for Windows 10 Version 1607 (Anniversary Update). This update may clear the whole update history.

I’ve blogged about this update within this blog post Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660. Shortly after I’ve released the corresponding German blog post, I received comments. My German readers mentions, that the update history in Windows 10 Version 1603 was empty after installing this update. Here is, what a German blog reader wrote:

… currently I’ve a reproducible update issue Windows 10 LTSB 2016 (Enterprise Edition, V 1607) – I guess it is caused from last patchday. On notebooks we don’t use WSUS, we use Windows Update to pull updates.

[Till August patchday] Windows 10 update history shows all installed updates. Updates KB4035631, KB4034658  are reported as pending. We let Windows 10 install both updates. After restarting Windows 10, the Update history is empty – there is a message, that no updates has been installed.

We tried to let Windows 10 search for updates, but the a report came back, that Windows 10 is up to date. BTW, the log file:

C:\Windows\SoftwareDistribution\ReportingEvents.log

lists all patches as successful installed after installing August 8, 2017 cumulative updates. But the last line within the log looks strange:

{00000000-0000-0000-0000-000000000000} 0 0 UpdateOrchestrator Success Software Synchronization Windows Update Client successfully detected 7 updates.

So what: not updates available, or seven updates detected.

Other German blog readers has confirmed this observation within additional comments. And I found also several forum posts here, here, here, here and an article at askwoody.com confirms this issue. As far as I read, only Windows 10 Version 1607 seems to be affected via cumulative Update KB4034658 (Windows 10 Version 1703 seems to be without this issue).

Some readers reported, that they haven’t this issue. And some readers mentions, that the installed updates may be enlisted using the control panel Add/remove feature. I don’t have an explanation yet, what went wrong.

Addendum: Microsoft has updated support article kb4034658 with the following text:

#1: For some users, their “Update History” does not list previously installed updates.

Workaround

As an alternative, to see which quality updates have been applied, navigate to the inventory by going to Control Panel -> Programs -> “View Installed Updates”

#2: Some users may find that updates that were previously hidden may not be offered after installing this update.

Workaround

Updates that were previously hidden can be hidden again.

Microsoft is investigating both issue and will provide an update as soon as possible.

Similar articles:
Microsoft August 2017 Patchday Summary
Windows 10: Critical Updates KB4035631 and KB4035632
Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660
Patchday August 2017: Updates for Windows 7/8.1
Flash Player Update 26.0.0.151 (August 8, 2017)
Microsoft Office Security Updates (August 8, 2017)
Further Microsoft Updates August 8, 2017

[German]It seems, that Microsoft’s Update KB4034664 (and KB4034679) for Windows 7 and Windows Server is causing display issues with several applications on a second screen. I’ve seen issues with PDF viewer, Excel, Office 2013, JAVA and Irfanview. Here are some more details and maybe a workaround

Update KB4034664 for Windows 7 SP1

Update KB4034664 (August Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) (and KB4034679) contains improvements and bug fixes for Microsoft JET Database Engine, Common Log File System driver, in Windows search, in Volume Manager driver, in Internet Explorer, and in Windows kernel-mode drivers.

Display issues on 2nd screen

First I stumbled about reports discussing issues with displaying pdf documents with PDFXchange Viewer on a 2nd screen. Currently I  only have a German forum entry, where users are discussing about this issue. One user wrote (freely translated):

I just have seen, that Version 2.5 of PDFXchange Viewer has issues, if the PDF document shall be viewed on a 2nd monitor. On the primary screen the PDF document will be shown properly.

The PDF document will be distorted on the second monitor or will not be displayed. After uninstalling KB4034664, everything works again. Updating the graphics driver won’t fix.

In normal cases, I have had not recognized this forum post. But this comment confirmed the issue within the newest software version:

This happens also with the current build of PDF XChange Editor (6.0.322.6). Also IrfanView, and sometimes Adobe Reader has this issue.

Within this comments (German) a user describes the issue in detail. The issue occurs on the 2nd monitor, where the rendering is broken. It seems that I is independent of the graphics card used within the system (see this German commend).

Note: There is an update for PDF Xchange Viewer – as you can read here. They wrote ‘Added a workaround for a bug in a Windows 7 update – possible rendering issues when KB4034664 is applied to Windows 7 systems that have ‘Desktop Composition’ turned off.’

A user mentioned JAVA display issues on a 2nd screen. This reminds me on my German blog post Probleme nach Microsoft August-Updates. Within this article I mentioned issues with Excel after update. The icons from VBA editor is vanishing on an 2nd screen.

Searching the Internet brought me to this Technet forum post, where some user reported issues with Office 2013 on a 2nd monitor:

We have 2008 R2 Term server that has Office 2013.  It’s a guest on a VMWare host.
When our users that are running Dell desktops with dual monitors RDP in, they are having issues with Office 2013 on the second monitor ONLY.  On the second monitor only, the Office applications will have shadows, the scrollbars, the text along the top of the window, and the minimum and maximize icons will be all messed up.

(Source: Technet)

I found also another entry within NVIDIA-Forum, where video issues are reported after installing Update KB4034664. And here somebody reported a black Mathlab display on a 2nd monitor. Also a user comment here reported similar issues.

Office 2013 Refresh issues during RDS sessions

Another isssue has been reported at MS Answers within this forum thread. Users observing a missing refresh in Office Pro 2013 on multiple monitors running on Microsoft Server 2008 R2 using a RDS session. The issue is caused by Update KB4034664.

A Workaround?

The first solution will be uninstalling Update KB4034664 to fix this issue. Within this comment a user says, that rendering works flawless, after he activated an Aero design/theme:

What helped was, activating an Windows 7 Aero design. After activating Aero, a broken frame was rendered correctly. Switching back to an Aero-less design/theme broke rendering again.

Addendum: The PDF Xchange Viewer changelog (see above) mentioned a workaround ‘for a bug in a Windows 7 update’ causing possible rendering issues when KB4034664 is applied to Windows 7 systems that have ‘Desktop Composition’ turned off.’ On sevenforums.com is this tutorial showing how to enable/disable ‘Desktop Composition’. Maybe it helps too.

If somebody is affected, maybe you can left a comment, whether the workaround helped.

[German]Adobe has released some security updates for his Adobe PDF Readers. And there is a security update for Adobe Digital Editions.

Adobe Reader Version 2017.012.20093

Adobe has released on August 8, 2017 Security Bulletin APSB17-24 informing, that older version of Adobe Acrobat applications are vulnerable. Here is a list of affected products.

The Security Bulletin APSB17-24 enlists a long list of partially critical issues. Adobe provided a security update for Adobe Acrobat and Adobe Reader for Windows and Macintosh (see table below).

Update for Adobe Digital Editions

On August 8, 2017 Adobe also published Security Bulletin APSB17-27 for Adobe Digital Editions. Adobe Digital Editions enables viewing copy protected eBooks under Windows, Macintosh, iOS and Android. Supported are PDF, XHTML and EPUB (from Version 4.0 upward also EPUB3, see this Adobe page).

Adobe Digital Editions up to version 4.5.5 has critical vulnerabilities and shall be updated to version 4.5.6. The table below contains the download links.

[German]Microsoft has releases several updates on August 1, and August 8, 2017 for Windows and other products. Some users are reporting several issues caused by these updates. Here is an overview, what I’ve found so far.

KB4034658 cleans Windows 10 V1607 update history

Microsoft released several cumulative updates for Windows 10 (see Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660). Update KB4034658 seems to wipe the update history under Windows 10 Anniversary Update (V1607) – see also my blog post Windows 10 V1607: KB4034658 clears update history.

Microsoft has confirmed this bug in KB article KB4034658, where the ‘Known issues’ paragraph says:

#1: For some users, their “Update History” does not list previously installed updates.

Workaround

As an alternative, to see which quality updates have been applied, navigate to the inventory by going to Control Panel -> Programs -> “View Installed Updates”

#2: Some users may find that updates that were previously hidden may not be offered after installing this update.

Workaround

Updates that were previously hidden can be hidden again.

No Office security updates are offered in WSUS

I’ve documented some security updates for Office within my blog post Microsoft Office Security Updates (August 8, 2017). Several German blog readers mentioned, that none of those Updates are not offered via Windows Update. For users having click to run packages of Microsoft Office installed, it is clead. Click to run installs will be updated via the Office installer. But I received also feedback, that WSUS didn’t receive those Office updates.

KB4025336 blocks access to WSUS

I’ve written about connection issues from Windows clients to WSUS within my blog post July 2017 Updates KB4025336/KB4025331 breaks WSUS. Now I received feedback from users, that KB4025336 breaks again access from Windows 7 SP1 clients to WSUS.

KB4032188 fails in Windows 10 Version 1703

Update KB4032188 for Windows 10 Version 1703 has been released on July 31, 2017 (see Windows 10 V1703: Update KB4032188 (July 31, 2017)). This comment says, that Update KB4032188 for Windows 10 Version 1703 drops an install error. The tip is to repeat the update install several times.

Within this Windows 10 forum thread someone reported issues (slow boot, explorer crashes, VSS issues). The user finally mentioned, that he has used DISM++ to customize Windows 10. Also AVAST antivirus software has been involved.

Update KB4034681 disturbs Network Policy Server (NPS)

Update KB4034681 (August 2017 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2) fixes several security issues and the iSCSI bug (see Windows Server: an Update causes iSCSI connection issues). German blog reader Michael H. informed me via e-mail about another issue.

this morning I found another bug associated with KB4034681. We are using NPS with Certificate authorization – which failed this morning. After testing, we found that KB4034681 was the root cause.

Michael pointed to this Technet forum post, where the issues with Network Policy Server (NPS) is also discussed. Microsoft has published a workaround within this KB article:

NPS authentication may break, and wireless clients may fail to connect

On the server, set the following DWORD registry key’s value to = 0: SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13\DisableEndEntityClientCertCheck

Microsofts LDAP Server CVE-2017-8563-Fix

Just a short note: Microsoft has closed a Windows Elevation of Privilege Vulnerability (CVE-2017-8563) for Windows Clients on July 11, 2017 with an update. This update shall improve LDAP authentication. Within this comment a German blog reader reported, that delegated administrators can’t reset passwords anymore.

Update KB4034664 is causing issues with 2nd screen

It seems, that Microsoft’s Update KB4034664 (and KB4034679) for Windows 7 and Windows Server is causing display issues with several applications on a second screen. I’ve discussed details within my blog post Windows Update KB4034664 is causing trouble on 2nd screen.

Other issues

A blog reader reported, that after installing update KB4011051, hyperlinks in Excel works no more. The blog reader posted a link to this Microsoft forum hread, where the issue is confirmed by several users. There is also a comment, that KB4011051 blocks the plugin for Document Management Software LoboDMS in Outlook. Another blog reader send me an e-mail, that some customers are reporting the following issues.

• Exchange 2010 in SBS 2011 is no more reachable.
• Docuware data base is is no more reachable.
• Terminal server 2008R2 has rebootet (although reboot has been switched off)

But I have no further details about the issues listed above.

Similar articles:
Microsoft August 2017 Patchday Summary
Windows 10: Critical Updates KB4035631 and KB4035632
Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660
Patchday August 2017: Updates for Windows 7/8.1
Flash Player Update 26.0.0.151 (August 8, 2017)
Microsoft Office Security Updates (August 8, 2017)
Further Microsoft Updates August 8, 2017