[German]Users of Windows 10 get sometimes an update error 0x80070157 when trying to install cumulative updates. Here is an attempt to shed some light on this error.

An error description

The error has been occurring for several months in various Windows 10 builds and with various updates. Here is a forum post from April 2018.

Windows 10 Update – Error code 0X 80070157

I have been trying to install the Windows Update for Windows 10 (feature update for Windows 10, version 1709) for some time, unfortunately the error code 0X 80070157 is displayed again and again from a certain time of installation.

I have already tried to fix a problem, unfortunately without success.

More locations can be found on the Internet (e.g. here), if you search for the error code.

What does error code 0x80070157 stands for?

Error code 0x80070157 stands for Error_External_Backing_Provider_Unknown – The external backing provider is not recognized, which doesn’t help too much at this point. I would interpret it as if a provider (function) for backing up a driver (so that it can be rolled back to the previous version) is not available.

Within this Technet forum entry the error appears in a log file, and here the error occurs during driver installation. However, no solution is given.

There is the error 0x80070057 (see), which I would not use as a basis, even if the coding of the bits is very similar.

Foreign virus scanner as troublemaker

An incompatible virus scanner can block the update installation. In this Microsoft Answers forum thread, there is a hint that disabling Windows Defender and the third-party virus scanner fixed the installation error. 

Check Windows for damage

Under Windows 10, there is always the situation that certain functions no longer work because the system is damaged. To avoid this scenario as an installation error, it is recommended to run the checks from the Check and repair Windows system files and component store blog post. These also apply to Windows 10 and ensure that Windows is intact.

Broken update from Microsoft

Browsing through the forum posts in Microsoft Answers, I suspect that certain cumulative updates from Microsoft are simply broken. I recommend that you search for the KB article in connection with the error code. If there are several hits, I would block the update installation (How to block Windows 10 updates).

Driver error as cause

In this forum post, faulty drivers are given as the cause for the error image. A camera driver did not work there because Intel drivers interfered.

Clean Install of an installation image

I found this thread in the Lenovo forum. Several device owners had this error. There the advice was given to take a Lenovo installation image and restart Windows 10. Then the updates went through. Away from Lenovo devices, you can use the Media Creation tool to download and then install an installation image.

Similar articles:
Windows 10 Wiki
Trick: How to upgrade to Windows 10 using a clean install

[German]Today a short blog post about an ancient topic: How can we delete old network profiles in Windows 7, Windows 8.x and Windows 10 that were created automatically when connecting to a WLAN network? This is quite convenient in Windows 7. In Windows 8.x and Windows 10, there are tricks available.

What is this about?

Windows 7 creates a network profile for Internet access. This specifies whether its location applies to a home network, a work group network or a public network. For my netbook, for example, I use various Internet access options. I can access a router via LAN via the RJ-45 socket or use the WLAN connection. And occasionally I use Android smartphones for Internet access. Either a hotspot is opened – or I use USB tethering.

What annoyed me was that with USB tethering the name for my network is still counting (Network 3, Network 4,…, Network 10). I’ve already been to Network 74 and the problem typically occurs with USB network devices (USB tethering, UMTS stick). But how do you get the old and orphaned network profiles out of Windows 7? For Windows 8 I had described this some time ago within my German blog.

Deleting Network Profiles in Windows 7

In Windows 7 you can delete old network profiles quite comfortably with onboard functions.

1. Open the Network and Sharing Center (enter ‘network and’ in search box and select the entry Network and Sharing Center for instance). Or right click the network icon in the task bar’s status bar and select the context menu command.

2. Click under View your active networks in Network and Sharing Center to the icon shown (see the arrow).

3. In dialog box Set Network Properties click on Merge or Delete Network Locations.

4. In dialog box Merge or Delete Network Locations click to an old profile entry and click Delete.

Confirm the delete within the dialog box shown. This allows you to remove old, unused network profile entries.

Delete Network profiles in Windows 8.x

I’ve described the way to remove old network profiles in Windows 8 using the registry editor within this German blog post.

1. Launch regedit via Windows 8/8.1 start page (search box). It’s important to use Run as administrator.
2. Navigate to the registry branch given below and delete the old registry entries for the network profiles.

The network profiles are located under

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\NetworkList\Profiles

Below is the registry editor with these entries shown.

Using console to delete profile entries

Another way is to use the Windows console to remove the old network profile entries. Therefore opens command prompt window with Run as administrator and enter the command:

netsh wlan show profiles

This shows a list of all profiles known on your Windows machine. The use the following command:

netsh wlan delete profile name=”name 15“

where ”name 15“ stands for the profile name to be removed (see also this article).

[German]On April 4, 2018 Microsoft has revised the updates KB4090450, KB4088875, KB4088878, KB408888881 for Windows. I collected some details, and there are other details about Windows bugs.

German blog reader Sebastian noticed that the updates are offered again at WSUS, so he left a comment.

WSUS today announced that KB4088875, KB4088878 and KB408888881 have been revised.

But nothing has changed in the KB article? Bugs still present.

Who has the latest information?

I then checked the Microsoft Update Catalog and found the Windows Update KB4090450 with release date April 4, 2018. 

The updates are described in the following KB articles at Microsoft, and the revision date has been adjusted. I once compared my old descriptions with the current KB articles on the updates as well as old versions by wayback machine. The following seems to have changed – hope I haven’t overlooked anything.

Update KB4090450 for Windows Server 2008

Update KB4090450 (Description of the security update for the speculative execution side-channel vulnerabilities in Windows Server 2008: March 13, 2018) article has been revised on April 3, 2018.

I haven’t found any details of what has been revised here. However, since this is a Spectre V2 patch, it could be that the microcode has been updated for additional CPUs.   

Update KB4088875 for Windows 7/Server 2008 R2

Update KB4088875 is the March 13, 2018 (Monthly Rollup) for Windows 7 SP1 and Windows Server 2008 R2 SP1. The kb article has been revised on April 5, 2018. They added the following text:

Important Please apply KB4100480 immediately after applying this update. KB4100480 resolves an elevation of privilege vulnerability in the Windows Kernel for the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038.

And there is an extension within the known issues section:

After you install this update, you may receive a Stop error message that resembles the following when you log off the computer:

SESSION_HAS_VALID_POOL_ON_EXIT (ab)

To solve this issue, install update KB4099467.

Update KB4088878 for Windows 7/Server 2008 R2

Update KB4088878 is the March 13, 2018 (Security-only update) for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1. It contains also:

Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows, except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.

and the kb article has been revised on April 5, 2018. Microsoft added the section dealing with the SESSION_HAS_VALID_POOL_ON_EXIT bug (see previous section above). Maybe some micro codes has been updated.

Update KB4088881 foür Windows 7/Server 2008 R2

Update KB4088881 is the March 23, 2018 (Preview of Monthly Rollup) for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1. The kb article has been revised on April 5, 2018 – Microsoft added.

Important Please apply KB4100480 immediately after applying this update. KB4100480 resolves an elevation of privilege vulnerability in the Windows Kernel for the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038.

Addendum to Update KB4088883

Another small addendum to update KB408888883 for Windows 8.1/Windows Server 2012/R2 (from 03/21/2018). The preview rollup update is described in the blog post Updates for Windows 8.1/Windows Server 2012/R2 (03/21/2018). Askwoody reports here that the update can trigger the BlueScreen 0x00000000C4.

askwoody.com also has this article mentions also some update revisions.

The Very Last …

Just stumbled uppon this tweet from Alex Ionescu, that mentions a bug on all Windows versions causing a blue screen (BSOD).

Six months ago I submitted an unprivileged local DoS (BSOD) in all versions of Windows. It was closed as “Won’t fix” and marked that it would be looked into for vNext. I kept the tweetable PoC to myself. The next release is RTM and still has the bug. The fix is a one line change.

— Alex Ionescu (@aionescu) 4. April 2018

Dedicated to all happy Windows 10 users upgrading to Windows 10 Spring Creators Update, V1803: Glad, the bug is still there.

BTW: The name Windows 10 Spring Creators Update is confirmed (see this tweet).

Similar articles:
Windows 7: Preview Rollup Update KB4088881 (03/23/2018)
Security Updates for Windows 7/8.1 (March 13, 2018)
Patchday: Windows 10 Updates (March 13, 2018)
Microsoft Office Patchday (March 13, 2018)
Network issues with Updates KB4088875 / KB4088878
Updates for Windows 8.1/Windows Server 2012/R2 (03/21/2018)
Windows 10 Updates March 22, 2018
Internet Explorer Update KB4096040 (March 23, 2018)

Microsoft has begun distributing Windows 10 Insider Preview Build 17133 in Release Preview-Ring. It will be offered as a Feature Update. On April 9, 2018, this RTM build will be released to the public.

[German]At the end of the week another article about Windows updates Microsoft released at the end of March and beginning of April 2018.

Thanks to Crysta T. Lacey for the hint on Twitter to check out the Microsoft Update Catalog. There are a number of new updates. 

Some of these updates I already mentioned in the blog article Windows Windows Update revisions KB4090450, KB4088875, KB4088878, KB4088881. Here are an addendum to updates that are not covered fully there.

Update KB4099468 for Windows 8/Server 2012

Update KB4099468 is for Windows 8 Embedded and Windows Server 2012. This update is titled ‘Stop error 0xAB when you log off a Windows Server 2012 session’ and will be offered via Microsoft Update Catalog. It shall fixes a blue screen with error code 0xAB, that may occur during Windows logoff:

After you install Monthly Rollup KB4088877 or Security-only update KB4088880, you receive a Stop error 0xAB error message that resembles the following when you log off the computer:

SESSION_HAS_VALID_POOL_ON_EXIT (ab)

Important: If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Update KB4099467 for Windows 7 SP1/Server 2008 R2

Update KB4099467 is available for Windows 7 SP1 and  Windows Server 2008 R2 SP1. This update also has also the title ‘Stop error 0xAB when you log off a Windows 7 SP1 or Windows Server 2008 R2 SP1 session’ and addresses the same issue as update KB4099468 mentioned above.

This update shall also fix the blue screen 0xAB during Windows logoff. This bug may occur after installing the monthly rollup KB4088875 or the security-only update KB4088878. The new update is available via Windows Update Catalog.

Similar articles
Windows Update revisions KB4090450, KB4088875, KB4088878, KB4088881
Updates for Windows 8.1/Windows Server 2012/R2 (03/21/2018)
Patchday: More Microsoft Updates (March 13, 2018)
Update KB4096309 for Windows 10 Version 1607
Windows 10 Updates March 22, 2018

[German]Some information in advance for administrators of Windows systems (with or without Office) for the upcoming Microsoft patchday [April 10, 2018]. According to some information, Microsoft is going to patch a lot vulnerabilities.

April 10, 2018 is the second Tuesday of the month and therefore patchday at Microsoft. On this patchday, security updates for Windows, Office and other Microsoft products are released.

10 critical vulnerabilities

Insiders who deposit enough money and have signed a non disclosure agreement with Microsoft will receive information in advance about the security issues that will be fixed on the next patchday. I’m are not one of those people. 

Microsoft is expected to patch a dozen remote code execution vulnerabilities next week (Patch Tuesday), 10 of which are critical. And, of course, there will be a Flash update.

— briankrebs (@briankrebs) 6. April 2018

But I stumbled some days ago about this tweet from Brian Krebs (Krebs on Security). Beside an update for Adobe Flash it’s expected, that Microsoft will release a dozen of patches against code execution vulnerabilities next patch Tuesday. So be prepared – and let’s hope, that Microsoft has fixed the January, February and March update misery.

[German]In advance to the today’s patch day a small hint about CredSSP updates for Windows. Microsoft’s CredSSP updates can kill remote desktop connections between Linux and Windows.

Some background information about CredSSP

All versions of Windows have a critical vulnerability in the Credential Security Support Provider (CredSSP). The CVE-2018-0886 vulnerability now allows remote attackers to use RDP and WinRM connections to steal data or run malware. I recently mentioned this topic in the German blog post CredSSP-Sicherheitslücke in RDP unter Windows.

Microsoft therefore intends to exclude unpatched systems from RDP connections in future for security reasons. I had mentioned that within the blog post Microsoft will block RDP connections from clients soon. The next RDP update is scheduled for April 17. Microsoft has summarized what you need to know in KB4093492 (CredSSP updates for CVE-2018-0886) for Windows clients and Windows servers. 

Attention: CredSSP collides with rdesktop

According to Wikipedia, rdesktop is an open source program that can establish an RDP connection from Unix-like operating systems to Microsoft Windows. Now there is probably a problem in the interaction of rdesktop and the CredSSP changes planned by Microsoft. I came across a warning from an administrator at German site administrator.de. The user wrote (translated):

KB4093492 describes necessary patches and policies to secure CredSSP, which is used for RDP connections with Single Sign on.

If you have patched and secured this in your network, make sure that remote connections from Linux clients (e.g. via rdesktop) are still working.

Here, on SUSE Leap, no RDP connection to Windows computers can be established unless NLA is disabled on the Windows side.

Otherwise the error “CredSSP required by server” occurs on Linux.
So: for compatibility with rdesktop (if needed) disable NLA, or set the patch to “mitigated”, not “Force updated clients”!

If you have set the GPO to “Force updated clients” and still have compatible Linux RDP clients, I would be very interested to know which ones.

Network Level Authentication has been introduced with RDP 6.0 (supported from Windows Vista onward). NLA requires user authentication before a remote desktop session with the server is established (Microsoft describes the advantages here – e.g. protection against denial of service attacks).

NLA uses CredSSP to present the user’s credentials to the server for authentication before creating a session. If Microsoft is now patching around with CredSSP, this may affect the RDP connections. 

During writing this blog post I stumbled uppon this Technet forum thread, discussing sporadic issues with Windows 7 RDP connections to Windows Server 2012 R2. There it was a RDS certificate causing issues. It’s a different case, but I find the explanations interesting.

The error “CredSSP required by server”

The error “CredSSP required by server” is probably a permanent trouble maker between Linux and Windows (according to this article). I found the article interesting, because it describes the background and some workarounds. The author of this article suggested freerdp as RDP client, because it works.

Final words

It may be that it’s an individual observation (I cannot test anything at the moment for various reasons). So the blog post should be a ‘mention’ and give you a hint, it things went wrong. You can left a feedback here if necessary whether you are affected and if you have solved it differently.

Similar articles:
CredSSP-Sicherheitslücke in RDP unter Windows (German)
Microsoft will block RDP connections from clients soon

[German]Microsoft released a series of security updates for Windows and other products on April 10, 2018. Below is a brief overview.

Details of these security updates can be found in the Microsoft Security TechCenter. I will also document the updates in separate blog posts.

Critical Security Updates

ChakraCore
Microsoft Edge
Internet Explorer 9
Internet Explorer 11
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)

Important Security Updates

Excel Services
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Wireless Keyboard 850
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Word Automation Services

Moderate Security Updates

Internet Explorer 10

Similar articles:
Adobe Flash Player Update to version 29.0.0.140
Microsoft Office Patchday (April 3, 2018)

[German]Microsoft released several cumulative updates for the supported Windows 10 builds on April 10, 2018. Here are some details about the updates.

A list of updates can be found on this Microsoft website. I have compiled a list of details below. Starting March 2018 patchday, Microsoft has removed the installation check for mandatory compatibility with the installed antivirus solution for Windows 10. Some of these updates for Windows 10 versions 1607 to 1709 are also available as delta updates for WSUS.

Updates for Windows 10 Version 1709

Several updates are available for Windows 10 Fall Creators Update (version 1709).

Update KB4093112 foür Windows 10 Version 1709

Cumulative Update KB4093112 for Windows 10 Version 1709 (Fall Creators Update) contains quality improvements and the following problem fixes:

• Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
• Addresses an issue that causes an access violation in Internet Explorer when it runs on the Microsoft Application Virtualization platform.
• Addresses an issue in Enterprise Mode related to redirects in Internet Explorer and Microsoft Edge.
• Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
• Addresses additional issues with updated time zone information.
• Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
• Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn’t available).
• Addresses an issue with printing content generated by ActiveX in Internet Explorer.
• Addresses an issue that causes document.execCommand(“copy”) to always return False in Internet Explorer.
• Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
• Security updates to Internet Explorer, Microsoft Edge, Windows kpp platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows virtualization and Kernel, and Windows Hyper-V.

Update KB4093112 changes the OS build to 16299.371. This update is available via Windows Update, but may also be downloaded from Microsoft Update Catalog.

Please note that when installing the Servicing Stack Update (SSU KB4099989) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

There is currently only one known issue with this update: Windows incorrectly displays the update as not installed and reports the error 0x80070643, but an update check or winver indicates that the update has been installed.

Update KB4099989 for Windows 10 Version 1709

Update KB4099989 is a Servicing Stack Update for Windows 10 version 1709, which is imported via Windows Update. According to Microsoft, the update brings stability improvements for the Windows 10 version 1709 service stack. A restart is required after installation.

Update KB4099572  for Windows 10 Version 1709 Mobile

Update KB4099572 is for Windows 10 Mobile and changes OS build to 15254.369. This update contains all updates from KB4093107.

Updates for Windows 10 Version 1703

Several updates are available for Windows 10 Creators Update (version 1703).

Update KB4093107  for Windows 10 Version 1703

Cumulative Update KB4093107 for Windows 10 Version 1703 (Creators Update) contains quality improvements and the following fixes (partly also for Windows 10 Mobile):

• Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
• Addresses an issue with printing content generated by ActiveX in Internet Explorer.
• Addresses additional issues with updated time zone information.
• Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
• Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn’t available).
• Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
• Security updates to Internet Explorer, Microsoft Edge, Windows app platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows Hyper-V, and Windows virtualization and kernel.

The package is offered out via Windows Update, but is also available in the Microsoft Update Catalog . There are no known problems. The OS build changes to 15063.1029.

Please note that when installing the Servicing Stack Update (SSU KB4093432) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

Microsoft has also released a direct update for the Windows Update Client to increase reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business deferral policy. This does not apply to Windows 10 LTSC systems.

Update KB4093432 for Windows 10 Version 1703

Update KB4093432 is a Servicing Stack Update for Windows 10 version 1703, which is imported via Windows Update. According to Microsoft, the update brings stability improvements for the Windows 10 service stack. A restart is required after installation.

Updates for Windows 10 Version 1607

Several updates are available for Windows 10 Anniversary Update (version 1607) and Windows Server 2016.

Update KB4093119 for Windows 10 Version 1607

Cumulative Update KB4093119 for Windows 10 Anniversary Update (Version 1607) and Windows Server 2016 ontains quality improvements and the following fixes (partly also for Windows 10 Mobile, OS Build 14393.2189):

• Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
• Addresses an issue with printing content generated by ActiveX in Internet Explorer.
• Addresses additional issues with updated time zone information.
• Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn’t available).
• Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
• Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
• Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Microsoft Edge, Windows graphics, Windows Server, Windows wireless networking, Windows Hyper-V, Windows kernel, and Windows virtualization and kernel.

The update is available via Windows Update and raises the OS build to 14393.2189. The update is also available in the Microsoft Update Catalog . There are no known issue. The update is not available for Express installation in Windows Server.

Please note that when installing the Servicing Stack Update (SSU) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

Microsoft has also released a direct update for the Windows Update Client to increase reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business deferral policy. This does not apply to Windows 10 LTSC systems.

Update KB4093137 for Windows 10 Version 1607

Update KB4093137 is a Servicing Stack Update for Windows 10 version 1607, which is imported via Windows Update. According to Microsoft, the update brings stability improvements for the Windows 10 service stack. A restart is required after installation.

Notes: Windows 10 version 1607 will reach the End of Life on April 10, 2018. Devices running Windows 10 Home or Pro editions no longer receive monthly security and quality updates. Only Windows 10 Enterprise and Windows 10 Education Editions receive six months of additional service at no cost. Devices in Long-Term Servicing Channel (LTSC) will be supplied with updates until October 2026. Devices with Clovertrail chipset and Windows 10 Anniversary Update (v. 1607) will be updated until January 2023 via Microsoft Update.

Updates for Windows 10 Version 1511

Various updates are also available for Windows 10 Enterprise and Windows 10 Education version 1511 (no updates for Windows 10 Home and Pro). After this update cyle support for Windows 10 Version 1511 also ends.

Update KB4093109 for Windows 10 Version 1511

Cumulative Update KB44093109 for Windows 10 Version 1511 contains the following fixes:

• Addresses additional issues with updated time zone information.
• Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
• Security updates to Internet Explorer, Microsoft scripting engine, Windows RDP, Windows kernel, Windows IIS, Windows datacenter networking, Microsoft scripting engine, Microsoft Edge, Windows Hyper-V , and Windows virtualization and kernel.

The update is available via Windows Update and raises the OS build to 10586.154. The update is also available in the Microsoft Update Catalog.

Please note that when installing the Servicing Stack Update (SSU) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

Microsoft has also released a direct update for the Windows Update Client to increase reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business deferral policy. This does not apply to Windows 10 LTSC systems.

Updates for Windows 10 Version 1507 (RTM)

Updates are also available for Windows 10 Enterprise (LTSC) version 1507 only.

Update KB4093111 for Windows 10 Version 1507

Cumulative Update KB4093111 for Windows 10 Version 1507 contains the following fixes:

• Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
• Addresses an issue with printing content generated by ActiveX in Internet Explorer.
• Addresses additional issues with updated time zone information.
• Addresses an issue where AppLocker publisher rules that are applied to MSI files don’t match the files correctly.
• Addresses an issue that prevents the system from booting when you enable LSA (lsass.exe) to run as a protected process by setting the “RunAsPPL” registry entry. Additionally, the Automatic Repair screen may appear.
• Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with Audit mode turned on. Netlogon.log may show the following:SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered
NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413
• Addresses an issue that generates a certificate validation error (0x800B0109 (CERT_E_UNTRUSTEDROOT)) from http.sys.
• Addresses an issue that prevents PIV smart cards from being recognized.
• Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
• Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Windows kernel, Windows graphics, Windows Server, Windows datacenter networking, Windows wireless hetworking, and Windows Hyper-V.

The update is available via Windows Update and raises the OS build to 10240.17831. The update is also available via Microsoft Update Catalog.

Please note that when installing the Servicing Stack Update (SSU) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

Microsoft has also released a direct update for the Windows Update Client to increase reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business deferral policy. This does not apply to Windows 10 LTSC systems.

Update KB4093430 for Windows 10 Version 1507

Update KB4093430 is a Servicing Stack Update for Windows 10 Version 1507, which is installed via Windows Update. According to Microsoft, the update brings stability improvements for the Windows 10 service stack. A restart is required after installation.

Similar articles:
Adobe Flash Player Update to version 29.0.0.140
Microsoft Office Patchday (April 3, 2018)
Microsoft Patchday Summary April 10, 2018
Patchday: Windows 10 Updates April 10, 2018

[German]On April 10, 2018 Microsoft released several (security) updates (KB4093118, KB4093108, KB4093114, KB4093115) for Windows 7 SP1 and Windows 8.1 and the corresponding server versions. Here is an overview of these updates.

What’s changed: QualityCompat registry check removed

Microsoft has removed the registration check whether the antivirus scanner is compatible with the update on Windows 7 SP1/Windows 8.1 and Windows Server 2008 R2/2012 R2 (this was already the case on Windows 10 the previous month). All updates include the sentence:

Windows Update and WSUS will offer this update to applicable Windows client and server operating systems regardless of the existence or value of the  “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc” registry setting. This change has been made to protect user data.

It will be exciting to see if all systems will receiving updates again. In the last few months, there have been systems running Windows 7 SP1 on which certain updates were not offered (although the registry entry was presumably set).

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.

KB4093118 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4093118 (April 10, 2018, Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in the previous month’s update. The update addresses the following:

• Improves reliability in the kernel, and addresses an issue that can cause applications to have unexpected memory contents on multiprocessor systems.
• Addresses an issue with printing content generated by ActiveX in Internet Explorer.
• Addresses an access violation on certain pages in Internet Explorer when it renders SVGs under high load.
• Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
• Addresses a stop error that occurred when the previous month’s update was applied to a 32-bit (x86) computer with a Physical Address Extension (PAE) mode disabled.
• Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows datacenter networking, Windows virtualization and kernel, and Windows app platform and frameworks.

The update is automatically provided and installed via Windows Update. The update is also available in the Microsoft Update Catalog.

Known issue caused by this update

Unfortunately, Microsoft has not managed to fix up the know issues that were already in the updates last month.

• After you install this update, SMB servers may leak memory.
• A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).

Microsoft is working on a resolution and will provide an update in an upcoming release. But that’s what they are telling us since weeks.

KB4093108 (Security Only) foür Windows 7/Windows Server 2008 R2

Update KB4093108 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following items:

• Improves reliability in the kernel, and addresses an issue that can cause applications to have unexpected memory contents on multi-processor systems.
• Addresses a stop error that occurred when the previous month’s update was applied to a 32-bit (x86) computer with a Physical Address Extension (PAE) mode disabled.
• Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows datacenter networking, Windows virtualization and kernel, and Windows app platform and frameworks.

The update is available for download via WSUS and via Microsoft Update Catalog. The same known bugs apply as for update KB4093118, this time including security patches for Internet Explorer (usually not included in the security-only update).

Updates für Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4093114 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4093114 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the rollup for the previous month. It also addresses the following items:

• Addresses an issue with printing content generated by ActiveX in Internet Explorer.
• Addresses an access violation on certain pages in Internet Explorer when it’s rendering SVGs under high load.
• Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
• Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter networking, Windows Hyper-V, Windows virtualization and kernel, and Windows app platform and frameworks.

The package is offered via Windows Update and in the Microsoft Update Catalog . Microsoft is not aware of any problems with the update.

KB4093115  (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4093115 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.

Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter networking, Windows Hyper-V, Windows virtualization and kernel , and Windows app platform and frameworks.

The update is available for download via WSUS and via Microsoft Update Catalog. Microsoft is not aware of any problems. The security-only update also contains security patches for Internet Explorer.

Please note that Microsoft provides KB4092946 (Cumulative Update for Internet Explorer) – I will document this separately.

Similar articles:
Adobe Flash Player Update to version 29.0.0.140
Microsoft Office Patchday (April 3, 2018)
Microsoft Patchday Summary April 10, 2018
Patchday: Windows 10 Updates April 10, 2018
Patchday: Updates for Windows 7/8.1/Server April 2018

[German]Finally it seems that Windows 10 systems with AMD CPUs can be protected against the Spectre V2 vulnerability with an update. However, there are a lot of hurdles to overcome in order to enjoy the Spectre V2 protection. Here is some information.

A German blog reader pointed me to the details – due to Microsoft’s patch day I haven’t had the time to sum things up.

Update KB4093112 for Windows 10 V1709

Blog reader Karl noticed, that cumulative update KB4093112 (mentioned within my blog post Patchday: Windows 10 Updates April 10, 2018) for Windows 10 Version 1709 (Fall Creators Update) also contains a fix for Spectre V2 on AMD CPUs:

Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.

To obtain this Spectre V2 mitigation Microcode updates for AMD processors are required. Thes updates must be included as BIOS updates for the respective motherboards. These microcode updates provided by AMD go back to the AMD bulldozer CPU generation introduced in 2011.

A combination of BIOS Update with new Microcode and the above mentioned update KB4093112, mitigates systems with Windows 10 version 1709 (Fall Creators Update) against the Spectre V2.

The crux: theory and practice are two shoes

To benefit from Spectre V2 protection, you would first need the microcode update for the motherboard in question. Karl wrote within an e-mail:

This topic is getting more and more abstruse. From 57 systems I support, only 11 are effectively protected against Spectre / Meltdown, for 4 more there are still BIOS updates available. 26 systems have not yet been tested. Thus still known to 16 without patch.

In official whitepapers, for example, many HP systems marks BIOS updates as still pending. HP Tool Support Assist does not find BIOS updates, but there is actually one from the end of March for 2 laptop systems. So not a formerly withdrawn update.

In other words, the whitepapers are no longer maintained, especially the updater products.

Another game at Medion [a German vendor]. There you won’t find any BIOS updates in the DL of the support section, but via the official topic page (even maintained, different from HP).

It’s a little better at DELL. The BIOS updates also arrive in Dell Command Update and Support Assist.

Asus wrote to me that motherboards with Intel B,H,Z 6x / 7x / 8x chipsets “according to Taiwan” should get updates until the end of May.

That would be the hurdle #1 that the user has to manage. Hurdle #2 is the fact, the the mitigation is offered only in certain operating systems. Update KB4093112 supports currently only systems with Windows 10 Version 1709 (Fall Creators Update). But it works only, if hurdle #1 has been managed and a BIOS update has been installed. If that update is available, what’s about Windows Server 2016? Karl wrote (Source):

Operating System Updates for GPZ Variant 2/Spectre
Microsoft is releasing an operating system update containing Variant 2 (Spectre) mitigations for AMD users running Windows 10 (version 1709) today. Support for these mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing.

AMD Microcode Updates for GPZ Variant 2/Spectre
In addition, microcode updates with our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first “Bulldozer” core products introduced in 2011. AMD customers will be able to install the microcode by downloading BIOS updates provided by PC and server manufacturers and motherboard providers.  Please check with your provider for the latest updates.

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop solutions to protect users from security threats.

Everything is set on hold – so you have wait until the OEMs deliver BIOS updates and till Microsoft provides Windows updates. But it gets even better, because there is a third hurdle. Microsoft’s document Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities contains the information that the following keys must be set manually to activate the Enable usage of Indirect Branch Prediction Barrier (IBPB) command introduced by microcode update and patch to protect against Spectre V2 on AMD CPUs:

To enable usage of Indirect Branch Prediction Barrier (IBPB) when switching from user context to kernel context:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

These values differ from the Intel registry settings for enabling protection against CVE 2017-5715 Branch Target Injection. The whole thing can only be regarded as a ‘surreal’ or alibi event. ‘Yes, we have updates to mitigate Spectre V2. Uh, you don’t have Windows 10 V1709 and a BIOS update with new microcode? We are so sorry, then this update is not for you Sir …’. Well done.

Addendum: The German blog reader pointed out, that the registry entry need

Similar articles:
Microsoft Patchday Summary April 10, 2018
Patchday: Windows 10 Updates April 10, 2018
Spectre v2 update March 2018 for Surface Pro (2017)
Intel Spectre/Meltdown Microcode Updates (March 11, 2018)
New Intel Spectre V2 microcode updates (02/20/2018)

[German]Microsoft has released a couple of updates for Internet Explorer, Windows Server, etc. for April Patchday (April 10, 2018). Below I added some details to selected patches, which are not included in the other articles linked at the end of the article.

General information

Microsoft has closed more than 60 vulnerabilities in Windows, Office and other Microsoft products by April 2018 patchday. 25 of these vulnerabilities are classified as critical. This applies, for example, to various security issues in the Chakra script engine used in the Edge browser. With this vulnerabilities, visiting a prepared website is enough to compromise the system. The whole thing is described in CVE-2018-0994.

Further vulnerabilities CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015 and CVE-2018-1016 in the Windows graphics component allow to overtake the system by manipulated fonts and VBscript. A visit to a prepared website is enough to take over the computer. The Hacker News has published a separate article on the topic.

A remote code execution vulnerability in Microsoft Office allows attackers to execute code with the rights of the user account concerned. For administrator accounts, UAC bypassing could be used to compromise the system. The CVE-2018-0950 vulnerability in Microsoft Outlook allows attackers to access sensitive information from an SMB server. The Hacker News has published a dedicated article on the subject here.

At Talos you will find an overview of the critical security gaps. The complete overview of all updates from Microsoft can be found on this website. Some of the updates mentioned there are described in separate blog posts (see link list at the end of the article).

Removed antivirus check on Windows updates

I already mentioned it for Windows 7/8.1 (see link list below). With the April 2018 update, Microsoft generally removes the check for compatible virus scanners via the registry entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc

This is the case for updates KB4093122 and KB4093123 , for example.

Security updates

The following security updates have been released.

• Update KB4091756: Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009
• Update KB4092946: Cumulative security update for Internet Explorer 9 till 11 – for Windows 7 till Windows 10 and for all server pendants.
• Update KB4093110: Security update for Adobe Flash Player – for Windows 8.x till Windows 10 and for all server pendants.
• Update KB4093122: Security-only update for Windows Server 2012, closes vulnerabilities
• Update KB4093123: Monthly Rollup update Windows Server 2012, schließt closes vulnerabilities.
• Update KB4093224: Security update to close CVE-2018-8116 (Microsoft graphics component denial of service vulnerability) in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009.
• Update KB4093227: Security update to close CVE-2018-0976 (Windows Remote Desktop Protocol (RDP) denial of service vulnerability) in Windows Server 2008.
• Update KB4093257: Security update to close CVE-2018-1003 und CVE-2018-1008 in Windows Server 2008, Windows Embedded POSReady 2009 und Windows Embedded Standard 2009.
• Update KB4093478: Security update to close several kernel vulnerabilities in Windows Server 2008.
• Update KB4101864: Security update for Windows Embedded POSReady 2009 and Windows Embedded Standard 2009.

Non security updates

With update KB890830 the Windows Malicious Software Removal Tool was updated to April 10, 2018. MSRT scans the system once for malware during the update installation. 

Furthermore, some updates have been revised in their meta data, the binary content of the updates has not changed. These updates are listed here.

Similar articles:
Adobe Flash Player Update to version 29.0.0.140
Microsoft Office Patchday (April 3, 2018)
Microsoft Patchday Summary April 10, 2018
Patchday: Windows 10 Updates April 10, 2018
Patchday: Updates for Windows 7/8.1/Server April 2018
Patchday Microsoft Office Updates (April 10, 2018)

[German]Why did Microsoft postpone the rollout of Windows 10 version 1803 on April 10, 2018? In a today’s blog post Microsoft announced a new Windows 10 build 17134 to the Fast Ring and explained why build 17133 has been withdrawn.

Within this blog post Dona Sarkar announced a new Windows 10 Insider Preview and wrote a few words, why the public release of Windows 10 V1803 has been delayed. Microsoft just introduced Windows 10 Insider Preview Build 17134 in Redstone 4 branch for Windows 10 Insider in Fast Ring. This version has no new features and includes the fixes of KB4100375 as well as some fixes for the overall reliability of the operating system.

The reason why build 17133 has been stopped: Shortly before the rollout, Microsoft discovered some reliability issues they wanted to fix. In certain cases, for example, these reliability problems could have led to a higher percentage (BSOD) on PCs. Instead of creating a cumulative update package to fix these problems, Microsoft has decided to build a new build with the fixes included. This is now available for testing in the Fast Ring.

[German]Does Windows Defender in Windows(and Microsoft Security Essentials, MSE) cause user profiles to break and the user to log on with a temporary profile? Here is a short snippet of information on the subject. 

A user reported sporadically sign in issues

German blog reader Stefan contacted me during last weekend, and reported a strange issue. When attempting to log in, he received from time to time a ‘We can’t sign into your account’ message. 

The message says “We can’t sign into your account. This problem often get fixed by signing out of your account and then signing back in.” . Stefan wrote that he observed the issue under Windows 10 version 1607 since several weeks. 

The error message after system startup then looks like in the picture above. In my case, a reboot helped, then it worked again. However, I’m facing the issue  sporadically again and again. Since Defender was disabled, the problem seems to have been fixed.

The error occurs during the boot up phase, after the user clicked onto his/her account’s logo and entered a password.

Some background information

Obviously Windows can’t load the user profile and creates a temporary user profile. If the user clicks Dismiss he can work with Windows, but all personal settings and files within the user folders are missing. Files created or changed will be lost after log out.

Microsoft has published KB article 4027881 with workarounds. There are several reasons why the user profile cannot be loaded (see here). In addition to a damaged or deleted user profile, a blocked profile can also be the reason. This can be caused by a system service or an application.

In many cases, a complete restart of Windows (for Windows 10, hold down the Shift key and select Restart from the Start menu) will help. In some cases, you may need to disable Quick Start in Windows 10 to resolve the problem.

In business environments, group policies could be used to prevent the user from logging on with a temporary profile (see here and here).

More cases reported

Stefan posted a link to this German Technet forum thread, where a user describes this behavior for Windows 7 and Windows 10 IoT:

we have had the problem for a week, which now already hits on over 100 Windows customers on startup with a temporary user profile. We know the solution in principle -> the restoration of the original user account via the registry.

The whole thing is probably not an isolated case, but occurs there with a number of customers. As already mentioned above: Broken user profiles are often an indication that software is running around and damaging the profile. In my German blog post I detected Avira SpeedUp or CCleaner as a cause. At ten forums is also a thread dealing with this issue. Also here is a similar discussion with proposals to fix it – but that’s dealing with a different root case. I found the questions, the thread creator mentioned within Technet, interesting.

However, we wonder why this suddenly happens to so many customers, both with Windows 7 Pro and Windows 10 IoT Enterprise based systems.

There are more customers facing this problem every day, sometimes several times with the same system. Support has become a real challenge by now, so we would be very happy to receive a tip or information about what it could be and how we can possibly counteract it. We have already spoken to Microsoft Support but have been referred to this Technet forum.

Microsoft support was not very helpful. Affected users have to dentify the disturbing component. The thread creator has already been able to exclude several causes. Thus, the problem systems are all provided with the same installation image. The systems have been running for years without any problems. What’s in common: Windows Defender (or Microsoft Security Essential) is installed on the machines. A third party antivirus solution could not causing this issue.

There was also a mention of an autologon (which is a source of many evils) and I would have guessed the cause. The person posted at Technet forum wrote that he can exclude Autologon after tests, and no network profiles are used, only local profiles. 

Windows Defender seems the root cause

I had already posted the workaround of blog reader Stefan above: Since he has disabled Windows Defender, the problem seems to have been fixed. Windows Defender and Microsoft Security Essentials (MSE) are also mentioned as troublemakers within the Technet forum thread. The user wrote:

… we thought about the common features of the systems, because it would be quite a coincidence if so many systems with Win 7 and 10 had such a problem in such a short time.

One of the few things in common was MSE and on Win 10 the Defender. As soon as we have deactivated it for testing on a few systems, the problem no longer occurs.

So it seems to be the MSE/Defender updates or something like that.

During Writing the German blog post, I stumbled upon this (German thread at Microsoft Answers reporting the same issue for Microsoft Security Essentials (MSE) in Windows 7. Maybe it will be helpful.

Similar articles:
Windows: Yes button in user account controls is disabled

[German]Another ‘water level report’ for the upcoming Windows 10 release. It’s becoming more and more of a running gag; the story behind the Windows 10 feature update to version 1803 – which will now be named as April 2018 Update and possibly will be released in May.

The expected release of Windows 10 Version 1803 early April 2018 (April 10 for Patchday for example) has been postponed. I’ve reported some details within my blog post Here’s why Windows 10 V1803 has been delayed. Microsoft is testing new build 17134 in Fast Ring and we will see a public release maybe in May 2018.

New name: Windows 10 April 2018 Update

Walking Cat has posted a video from WinHEC 2018 within this tweet, where a Microsoft employee talks about Windows 10 April 2018 update. 

Video: hear Microsftie say “Windows 10 April 2018 Update” pic.twitter.com/H4WPkCC3sA

— WalkingCat (@h0x0d) 17. April 2018

Below is the screenshot from this video – the official name really seems to be ‘Windows 10 April 2018 Update’. The term ‘April Update’ somehow fits the history of this update.

Similar to the Fall Creators Update case, Microsoft always manages to provide a name that may be used for jokes. So April 2018 won’t show in April – it’s just an Aprils fools joke – and comes in May? We will see. If the new name lasts, it fits the same naming scheme introduced with Windows 10 November 2015 Update.

BTW: Greetings from Sigmund Freud, within the above screenshot Microsoft revealed the planned release date (10, April 2018, Patchday, in German date format) .

[German]Microsoft has released updates for Windows 7 (KB4093113), Windows 8.1 (KB4093121) and the relevant server counterparts as of April 17, 2018. These are the monthly preview rollup updates.

Preview Rollup Updates means a preview of updates that appear on patchday of the following month. These optional updates do not actually need to be installed (unless you are affected by a fixed bug).

Similar to the security updates of April 14, 2018, the update installation no longer depends on the cadca5fe-87d3-4b96-b7fb-a231484277cc registry entry in branch:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\

(which signals antivirus compatibility). The updates are offered independently from this registry key via Windows Update and WSUS.

KB4093113 for Windows 7/Windows Server 2008 R2

Update KB4093113 is available for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 as Preview of Monthly Rollup. It’s not a security update, and the package addresses the following issues:

• Addresses additional issues with updated time zone information.
• Addresses a stop error that occurred when the previous month’s update was applied to 32-bit (x86) computers with Physical Address Extension (PAE) mode disabled.

The update is optional and can also be downloaded and installed via Microsoft Update Catalog . Since it is a preview update, I would not install it (unless you are affected by the PAE).

Known issues

This update still includes the SMB memory leak problem. This occurs when SMB shares contain symbolic links. Microsoft is working on a fix, but the error persists for some time through updates. A stop error also occurs on computers that do not support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).

Update KB4099950 for Windows 7/Server 2008 R2

Update KB4099950 has also been released for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1. This is the update that is intended to fix the problem of replacing network adapter (NIC) settings or losing static IP address settings after KB4088875 or KB4088878 is installed. Again, Microsoft points out that this update must be installed before installing the KB4088875 or KB4088878 updates..

Update KB4093121 for Windows 8.1/Server 2012 R2

Update KB4093121 is available for Windows 8.1 and Windows Server 2012 R2 as Preview of Monthly Rollup. This is not a security update that addresses the following issues:

• Addresses additional issues with updated time zone information.
• Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered

NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413     

• Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
• Addresses a race condition in iSCSI that might lead to queries that return incomplete sense data.
• Addresses an issue that causes massive pool commit failures (ID 2019 and ID 2020) to occur when using dedupe and backup on large file servers.
• Addresses an issue that causes a communication failure in an RPC-based network in certain situations. The error is “reason_not_specified_reject”.
• Addresses an issue that might cause Windows Server 2012 R2 Domain Controllers (DC) to periodically restart after a Local Security Authority Subsystem Service (LSASS) module fault. This interrupts applications and services bound to the DC. DCs may log the following events:
  • Application Error event ID 1000; the faulty module is NTDSATQ.dll, and the exception code is “0xc0000005”.
  • User32 event ID 1074; Microsoft-Windows-Wininit event ID 1015 indicates that a critical system process, lsass.exe, failed with status code 255.
• Addresses an issue that causes DTC to stop responding in msdtcprx!CIConnSink::SendReceive during an XA recovery. During this failure, IXaMapper objects with identical RMIDs are corrupted.
• Addresses an issue that causes Eventcollector subscription to fail in cross-forest environments when the target’s FQDN label doesn’t match the domain’s NetBIOS name.
• Addresses an issue that might cause clients that use CSVs to disconnect from SMB3 servers because srv2.sys doesn’t use SMB3 multichannel for recovery. When there are disconnections between nodes, this can cause unexpected failover of the CSVs and creates instability in the VMs located on those CSVs. The disconnections are detected as I/O timeouts and generate Event ID 5120 with “STATUS_IO_TIMEOUT”. Sometimes Event ID 5142 appears when recovery doesn’t occur.

The update is offered and installed independently of the Registry Checker for compatible antivirus solutions. The distribution takes place via Windows Update or in the Microsoft Update Catalog. There are no know issues.

Similar articles:
Adobe Flash Player Update to version 29.0.0.140
Microsoft Office Patchday (April 3, 2018)
Microsoft Patchday Summary April 10, 2018
Patchday: Windows 10 Updates April 10, 2018
Patchday: Updates for Windows 7/8.1/Server April 2018
Patchday Microsoft Office Updates (April 10, 2018)
Patchday: Other Microsoft Updates (April 10, 2018)
Windows 7/8.1 Preview Rollup Updates (04/17/2018)
Windows 10 Updates KB4093117 and KB4093120 (04/17/2018)

[German]Microsoft has released cumulative updates for Windows 10 (KB4093117, KB4093120) as of April 17, 2018. Here is some information about these updates.

Update KB4093117 for Windows 10 Version 1703

Cumulative Update KB4093117 for Windows 10 Version 1703 raises the OS Build to 15063.1058 and addresses the following issues:

• Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy.

• Addresses an issue where AppLocker publisher rules  applied to MSI files don’t match the files correctly.

• Addresses an issue that causes Microsoft and Azure Active Directory accounts to receive the password prompt repeatedly instead of only once.

• Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.

• Addresses an issue that prevents users from unlocking their session and that sometimes displays incorrect user-name@domain-name information on the logon screen when multiple users log on to a machine using fast user switching. Specifically, this happens when users are logging on from several different domains, are using the UPN format for their domain credentials (user-name@domain-name), and are switching between users with fast user switching.

• Addresses an issue related to smart cards that allow PINs or biometric entry. If the user enters an incorrect PIN or biometric input (e.g., a fingerprint), an error appears, and the user must wait up to 30 seconds. With this change, the 30-second delay is no longer required.

• Addresses an issue that causes the browser to prompt for credentials often instead of only once when using the Office Chrome extension.

• Increases the minimum password length in Group Policy to 20 characters.

• Addresses an issue that incorrectly displays name-constraint information when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.

• Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered

NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413

• Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.

• Addresses an issue where the right-click context menu for encrypting and decrypting files using Windows Explorer is missing.

• Addresses an issue that suspends BitLocker or Device Encryption during device unenrollment instead of keeping the drive protected.

• Addresses an issue that might cause Centennial apps to block the ability to set user-level quotas for NTFS.

• Addresses an issue that causes the connection bar to be missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.

• Addresses an issue where using a GPO logon script to map a network drive fails if the user disconnects from the network and restarts. When the user logs in again, the mapped drive isn’t available. This issue occurs even though the logon script has the persistence flag set to TRUE.

• Addresses an issue that may cause some files to be skipped and may create duplicate files in the Work Folder locations during full enumeration sync sessions.

• Addresses an issue that occurs when Volume Shadow Copy is enabled on a volume that hosts a file share. If the client accesses the UNC path to view the properties in the Previous Version tab, the Date Modified field is empty.

• Addresses an issue that occurs when a user with a roaming user profile first logs on to a machine running Windows 10, version 1607, and then logs off. Later, if the user tries to log on to a machine running Windows 10, version 1703, and opens Microsoft Edge, Microsoft Edge will stop working.
• Addresses a reliability issue with Internet Explorer when entering text in a RichEditText control.
• Addresses a potential leak caused by opening and closing a new web browser control.
• Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.

The update can be installed via Microsoft Update, but can also be downloaded from the Microsoft Update Catalog . There are no known problems with the update.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.

Update KB4093120 for Windows 10 Version 1607

Cumulative update KB4093120 for Windows 10 version 1607 and Windows Server 2016 updates the OS build to 14393.2214 and addresses the following issues:

• Addresses an issue in apps that occurs when using the Japanese IME.

• Addresses an issue where AppLocker publisher rules  applied to MSI files don’t match the files correctly.

• Increases the minimum password length in Group Policy to 20 characters.

• Addresses an issue that causes Microsoft and Azure Active Directory accounts to receive the password prompt repeatedly instead of only once.

• Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.

• Addresses an issue that displays name-constraint information incorrectly when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.

• Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered

NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM

• Addresses an issue that generates certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.

• Addresses an issue that prevents ReFS partitions from being expanded if the volume was originally formatted using ReFS v1.

• Addresses an issue that causes the host Hyper-V node to stop working when starting the hosted VM.

• Addresses a Kernel deadlock that affects server availability.

• Addresses an issue with Windows Update that prevents VMs from being saved after restarting or shutting down a computer after applying an update. vmms.exe doesn’t wait for vmwp.exe to finish copying VM memory data.

• Addresses an issue in which DTC stops responding in msdtcprx!CIConnSink::SendReceive during an XA recovery. During this failure, IXaMapper objects with identical RMIDs become corrupted.

• Addresses an issue that prevents you from modifying or restoring Active Directory objects that have invalid backlink attributes populated in their class. The error you receive is, “Error 0x207D An attempt was made to modify an object to include an attribute that is not legal for its class.”

• Addresses an unhandled refresh token validation issue. It generates the following error: “Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidRefreshTokenException: MSIS9312: Received invalid OAuth refresh token. The refresh token was received earlier than the permitted time in the token.”

• Addresses an issue that prevents ADDS DSAC from running on a client that has PowerShell Transcripting enabled. The following error appears: “Cannot connect to any domain. Refresh or try again when connection is available.”

• Addresses an issue that causes the failover of an NFS server cluster resource to take a long time if the communication from the NFS server to the NFS client is blocked. If the failover takes more than 20 minutes, stop error 0x9E (USER_MODE_HEALTH_MONITOR) occurs.

• Addresses an issue that may generate a capacity reserve fault warning during cluster validation or while running the Debug-StorageSubSystem cmdlet even though enough capacity is actually reserved. The warning is “The storage pool does not have the minimum recommended reserve capacity. This may limit your ability to restore data resiliency in the event of drive failure(s).”

• Addresses an issue that may cause some files to be skipped and may create duplicate files in the Work Folder locations during full enumeration sync sessions.

• Addresses an issue in Windows Multipoint Server 2016 that may generate the error “The MultiPoint service is not responding on this machine. To fix the issue try restarting the machine.”

• Addresses an issue that prevents a UDP profile from loading. This loading failure generates the error “We can’t sign into your account”, and users receive a temporary profile.

• Addresses an issue that causes the high contrast theme setting to be applied incorrectly when a user logs in using RDP.
• Addresses an issue that causes a pairing problem for low-energy Bluetooth devices.
• Addresses a reliability issue with Microsoft Outlook.
• Addresses a reliability issue that occurs while pressing the Alt key when using a Microsoft Office application hosted in an ActiveX container.

The update can be installed via Microsoft Update, but can also be downloaded from the Microsoft Update Catalog. 

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.

Known issues with this update

After installing the cumulative update for Windows 10 version 1607 on March 13, 2018 or later, WSUS returns only the latest feature update for Windows 10 as applicable. This prevents previously published feature updates from being deployed via ConfigMgr (current branch) and Windows 10 service plans.

Microsoft is working on this issue and recommends that you reject all feature updates under WSUS as a workaround. Only the update that is to be provided with ConfigMgr must then be approved. Then start another software update scan cycle via the ConfigMgr control panel (or wait for the client devices to perform their next scan).

Similar articles:
Adobe Flash Player Update to version 29.0.0.140
Microsoft Office Patchday (April 3, 2018)
Microsoft Patchday Summary April 10, 2018
Patchday: Windows 10 Updates April 10, 2018
Patchday: Updates for Windows 7/8.1/Server April 2018
Patchday Microsoft Office Updates (April 10, 2018)
Patchday: Other Microsoft Updates (April 10, 2018)
Windows 7/8.1 Preview Rollup Updates (04/17/2018)
Windows 10 Updates KB4093117 and KB4093120 (04/17/2018)

[German]Protection against online threads (phishing, malware websites) etc. for the Google Chrome browser? Microsoft makes it possible with a chrome extension. 

WalkingCat has posted this tweet on Twitter, mentions the new real time protection for Google Chrome browser.

Windows Defender Browser Protection for Chrome ? https://t.co/mwAYoQ2hha

— WalkingCat (@h0x0d) 18. April 2018

Windows Defender Browser Protection was released on April 11, 2018 and can be downloaded for free from Google Webstore The installed extension can be switched on or off via an icon to the right of the address bar.

Protection against online threats

The browser extension promises to protect users from online threats such as phishing and malicious websites with (the Defender) real-time protection from Microsoft. The Windows Defender Browser Protection extension protects users from online threats such as links in phishing emails and websites that tempt them to download and install malicious software that can harm your computer. 

When users click a malicious link in an email or navigate to a Web site that triggers it to disclose financial, personal, or other sensitive information, or to a Web site that contains malware, Windows Defender Browser Protection checks it against a constantly updated list of malicious URLs known to Microsoft.

If the malicious link matches one in the list, Windows Defender Browser Protection displays a red warning screen. This informs the user that the website being visited is known to be harmful. The extension prevents the display and makes it possible to leave the malicious website with one click.

Final words

On this website, Microsoft shows a graph comparing how different browsers detect phishing (see the figure below). 

What I don’t understand there: Why the Google Chrome only reaches 87% there. All browsers, from Microsoft Edge to Google Chrome and Mozilla Firefox, have integrated phishing detection.

(Phishing detection in Google Chrome)

I had already covered this topic in more detail in 2014 as part of a phishing attack on German banks within the German blog post Phishing-Angriff auf Spar-, Volks- und Raiffeisenbank-Kunden. Within this article I covered the browser’s phishing filters and asked, why the browser vendors won’t cooperate and release one common phishing data base. Now we are in 2018, and nothing happened, although Firefox seems to use Google Safe Browsing, Microsoft uses it’s own smart filter …

[German]Is Microsoft experimenting with a lean version of Windows 10? A SKU ‘Windows 10 Lean’ could be coming in the Redstone 5 branch in this fall. here are a few information.

It’s all still highly speculative and confusing. A user named Lucas (Twitter- name @tfwboredom) stumbled in Windows 10 Insider Preview Build 17650 (Redstone 5, Skip Ahead) upon a new SKU.

Welcome to Windows 10 Lean/CloudE/S (once again?)
This new edition started shipping with this week’s Skip Ahead build (17650)
It seems to be heavily cut down, an x64 clean install is roughly 2 GB smaller than Pro
Its edition ID is 0xB7 which was missing from SDK headers pic.twitter.com/2Sn3SVXeZB

— Lucas (@tfwboredom) 20. April 2018

In Setup a new entry Windows 10 Lean is enlisted. Lucas wrote, the a 64 bit installation ist 2 GB smaller als Windows 10 Pro.

Some accessories like backgrounds, drivers and apps have been omitted. Seems to identify itself as Windows 10 S Insider Preview and CloudE Edition, as a screenshot of the console in the tweet above suggests. However, it is unclear what the purpose of Microsoft is. (via)

[German]Microsoft has cleaned up some things concerning the Redstone 4 Insider Preview builds this week for and fixed some problems. So let’s have a few about the current state.

The Redstone 4 development branch is supposed to result to Windows 10 version 1803 (Windows 10 April 2018 Update). A release of this Windows version was expected sometime in the first half of April, but this did not happen because of bugs. As a result, Microsoft withdrew the ‘never formally announced’ release version of Windows 10 Insider Preview Build 17133 and focussed on the release version of Windows 10 Insider Preview Build 17134.

Windows 10 Insider Build 17134 in Release Preview ring

The most important news about the week-end: Microsoft had released the Windows 10 Insider Build 17134 in the Slow Ring for Insiders for testing on Friday (20.4.2018). Dona Sarkar announced that via Twitter.

Hello #WindowsInsiders we have released Build 17134 to the Slow ring! https://t.co/WzGoWBSy3k

— Dona Sarkar (@donasarkar) 20. April 2018

What surprised me, was the 2nd Tweet from Dona Sarkar about 40 minutes minutes later.

We have also released Build 17134 to the Release Preview ring as well. https://t.co/uNSl9s8ov7

— Dona Sarkar (@donasarkar) 20. April 2018

So Build 17134 has been released in Slow and Release Preview ring. My naive understanding was, that a build is going to be tested intensively in each ring before it’s released into the next ring. Here is the ring model, Microsoft has published years ago. 
(Source: Microsoft)

The daily builds are only tested by a few people at Microsoft in the Canary Ring. Only when they approve a build, it will be included in the Operating System Group (OSG) tester group. If an improvement is given there again, further Microsoft employees can test. And only when the release passes successful this ring, a build makes it into the Fast ring. If the build passes this course, it goes into the slow ring – the release preview ring (the level before the general release) does not appear in the diagram above. It was first mentioned (as I remember) only a few months ago.

And I was surprised, that Dona Sarkar didn’t announced Build 17124 for Slow and Preview ring in one tweet. So it is a kind of scattered communication, what she did. But maybe there are technical reasons for.

Bug in Windows 10 Insider Build 17134 fixed!

Some users has been affected by a nasty bug in Build 17134 (I’ve addressed it within my German blog post Windows 10: Insider Preview Build 17134 mit eigenem Bug? ). The bug crashed Settings app in several scenarios. According to Brandon Le Blanc this bug affects only a few users.

An investigation of this issue has determined that this is in fact not “wide spread” based on the data we have. cc @JenMsft https://t.co/uj1gdQiNr2

— Brandon LeBlanc (@brandonleblanc) 19. April 2018

I got mixed feedback within my German blog. Anyway, this bug is fixed, as Dona Sarkar posts here via Twitter.

It’s fixed.

— Dona Sarkar (@donasarkar) 21. April 2018

Feature update for Build 17133

German site deskmodder.de mentioned here, that Windows Insider still on Build 17133 received a ‘Feature update Windows 10 1803’, that updates the installation to Build 17134. So these users are on Windows 10 April 2018 Update, and it seems that Microsoft is testing the ‘Feature update Windows 10 1803’ install with Insiders.

Some more information

On April 24, 2017 there will be a WatchMixer Live Cast for Windows Insider, which promises a glimpse into the future. Details under this Tweet. 

More interesting was the page Flight Hub, which Brandon LeBlanc created and maintains here. He calls it a dashboard, where you can see at a glance which builds are available in which rings or as ISOs.