Microsoft Security Update Summary for May 8, 2018

May 8, 2018, 8:48 pm

≫ Next: Windows 10 security updates May 8, 2018

≪ Previous: Media Feature Pack for Windows 10 N Version 1803

Windows Update [German]Microsoft has released a series of security updates for various Microsoft products (Windows, Adobe Flash, Microsoft Office and .NET Framework) on May 8, 2018 (patchday). Here is a short overview.

For full information about the published security updates, visit the Security Update Guide. I will publish more details in separate blog posts.

Critical Security Updates
============================

.NET Core 2.0
C SDK for Azure IoT
C# SDK for Azure IoT
ChakraCore
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1
Microsoft .NET Framework 4.7
Microsoft .NET Framework 4.7.1
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7/4.7.1
Windows Host Compute Service Shim
Microsoft Edge
Internet Explorer 9
Internet Explorer 11
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)

Important Security Updates
============================

Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21
Microsoft Exchange Server 2013 Cumulative Update 19
Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2016 Cumulative Update 8
Microsoft Exchange Server 2016 Cumulative Update 9
Microsoft Infopath 2013 Service Pack 1 (32-bit edition)
Microsoft Infopath 2013 Service Pack 1 (64-bit edition)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Deployment Tool for Click-to-Run 2013
Microsoft Office Deployment Tool for Click-to-Run 2016
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Project Server 2010 Service Pack 2
Microsoft Project Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Word Automation Services

Moderate Security Updates
============================

Internet Explorer 10

↧

Windows 10 security updates May 8, 2018

May 9, 2018, 7:42 am

≫ Next: Patchday: Updates for Windows 7/8.1/Server May 2018

≪ Previous: Microsoft Security Update Summary for May 8, 2018

[German]Microsoft released several cumulative updates for the supported Windows 10 builds on May 8, 2018. Also included is a first update for Windows 10 version 1803.

A list of updates can be found on this Microsoft website. I have pulled out the details below. Some of these updates for Windows 10 versions 1607 to 1709 are also available as delta updates for the WSUS.

Updates for Windows 10 Version 1803

Update KB4103721 for Windows 10 Version 1803 includes fixes and quality improvements.
Update KB4135059 for Windows 10 Version 1803 is a compatibility update (used during a fresh install or Windows 10 Restore)

Updates f0r Windows 10 Version 1709

Update KB4103727 for Windows 10 Version 1709 includes fixes and quality improvements.
Update KB4134196 for Windows 10 Mobile
Update KB4163920 for Windows 10 Version 1709 (reliability update)
Update KB4131372 for Windows 10 Version 1709 (Servicing stack update)

Updates for Windows 10 Version 1703

Update KB4103731 for Windows 10 Version 1703

Update for Windows 10 Version 1607

Update KB4103723 for Windows 10 Anniversary Update (Version 1607), only Enterprise and Education, and Windows Server 2016

Updates for Windows 10 Version 1507

Update KB4103716 for Windows 10 Enterprise (LTSC) Version 1507

↧

Patchday: Updates for Windows 7/8.1/Server May 2018

May 9, 2018, 8:11 am

≫ Next: Windows 10 V1803: Rollout stopped for Intel SSDs

≪ Previous: Windows 10 security updates May 8, 2018

Windows Update [German]On May 8, 2018 Microsoft released several (security) updates (KB4103718, KB4103712) for Windows 7 SP1 and other updates (KB4103725, KB4103715) for Windows 8.1 and the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.

KB4103718 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4103718 (May 8, 2018, Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in the previous month’s update. The update addresses the following:

Addresses an issue that may cause a memory leak on SMB servers after installing KB4056897 or any other recent monthly update. This leak may occur when the requested path traverses a symbolic link, a mount point, or a directory junction and the registry key is set to 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\
LanManServer\Parameters\EnableEcp
Addresses an issue that may cause an error when connecting to a Remote Desktop server. For more information, see CredSSP updates for CVE-2018-0886.
Security updates to Internet Explorer, Windows apps, Windows kernel, Microsoft Graphics Component, Windows storage and filesystems, HTML help, and Windows Hyper-V.

The good news is that the SMB server memory leak has been fixed. The update is automatically downloaded and installed by Windows Update. It can also be downloaded from the Microsoft Update Catalog. There is another known problem: A stop error occurs on computers that do not support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). That should be fixed sometime.

KB44103712 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4103712 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the same points as those listed in KB4103718. The described stop error also occurs. The update is available via WSUS or in the Microsoft Update Catalog.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4103725 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4103725 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the rollup for the previous month. It also addresses the following points.

Addresses an issue that prevents customers from typing Hangul correctly with Microsoft’s Korean IME in Microsoft Word Online.
Addresses an issue that may cause an error when connecting to a Remote Desktop server. For more information, see CredSSP updates for CVE-2018-0886.
Security updates to Internet Explorer, Windows apps, Windows kernel, Microsoft Graphics Component, Windows storage and filesystems, HTML help, and Windows Hyper-V.

This update is automatically downloaded and installed from Windows Update, but is also available in the Microsoft Update Catalog. There are no known problems with the update.

KB4103715 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4103715 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses this items.

Addresses an issue that may cause an error when connecting to a Remote Desktop server. For more information, see CredSSP updates for CVE-2018-0886.
Security updates to Internet Explorer, Windows apps, Windows kernel, Microsoft Graphics Component, Windows storage and filesystems, HTML help, and Windows Hyper-V.

The update is available via WSUS or in the Microsoft Update Catalog. Microsoft is currently not aware of any errors.

↧

Windows 10 V1803: Rollout stopped for Intel SSDs

May 9, 2018, 4:19 pm

≫ Next: Windows 10 Insider Preview Build 17666 (RS5) released

≪ Previous: Patchday: Updates for Windows 7/8.1/Server May 2018

[German]Owners of Windows 10 systems with Intel SSDs have to wait for the upgrade for Windows 10 April Update. Microsoft has stopped the rollout due to compatibility issues for such systems.

German blog reader Ralf has left a comment on May 8, 2018, pointing to this issue. A Microsoft moderator has posted this statement within Microsoft Answers forum.

Devices with certain Intel SSDs may enter a UEFI screen reboot or crash repeatedly when upgrading to Windows 10 April 2018

When attempting to upgrade to Window 10 April 2018 Update select devices with certain Intel SSDs may enter a UEFI screen reboot or crash repeatedly.

Microsoft is currently blocking some Intel SSDs from installing the April 2018 Update due to a known incompatibility that may cause performance and stability issues. There is no workaround for this issue. If you have encountered this issue, you can roll back to Windows 10, version 1709 and wait for the resolution before attempting to install the April 2018 Update again.

Microsoft is currently working on a solution that will be provided in a near future Windows Update, after which these devices will be able to install the April 2018 Update.

So you have to wait, until Microsoft provides a fix and you should avoid a manual upgrade using an install media.

↧

Windows 10 Insider Preview Build 17666 (RS5) released

May 10, 2018, 2:55 am

≫ Next: Windows 10 V1803: (Boot-) issues with update KB4103721

≪ Previous: Windows 10 V1803: Rollout stopped for Intel SSDs

Microsoft has released on May 9, 2018 the next Windows 10 Insider Preview Build 17666 from the Redstone 5 development branch in Fast and Skip Ahead Ring. The announcement has been made within the Windows Blog, where you may read further details about improvements and know issue. An issue not mentioned from Microsoft: Clipboard history stores passwords in plain text.

↧

Windows 10 V1803: (Boot-) issues with update KB4103721

May 11, 2018, 3:27 pm

≫ Next: Windows 10 V1803: Fix for Explorer Timeline crashes

≪ Previous: Windows 10 Insider Preview Build 17666 (RS5) released

[German]Users who upgraded to Windows 10 version 1803 (April Update) have received the cumulative update KB4103721 as of May 8, 2017. However, some systems have boot problems or other bugs. Here is an overview of what you should know.

Update KB4103721 for Windows 10 V1803

I wrote about the cumulative update KB4103721 for Windows 10 V1803 in the blog post Windows 10 security updates May 8, 2018. This update includes a number of quality improvements, such as the problem that App-V scripts no longer work. Also the freezes observed with Cortana or Google Chrome should be fixed. According to this comment in my blog, this update also fixes the described problems with the Essentials Connector.

WSUS doesn’t offer this update

Within my German blog there are a couple of comments, reporting that WSUS doesn’t offer the Windows 10 updates of May 8, 2018. Especially the update KB4103721 for Windows 10 V1803 does not arrive in WSUS. In the US Technet forum there is this thread, dealing also with this topic.

Black Screen bug and start issuese

In my German blog you can find this comment, which complains about a system that no longer starts.

I have massive problems with KB4103721. 1803 was installed without problems. But after downloading KB4103721 my computer does not start anymore. Only the “spinner” can still be seen..

At Microsoft Answers forum is a discussion thread Windows 10 Cumulative Update KB4103721 Version 1803 where the thread starter warn about installing update KB4103721:

This update has some serious issues, specifically. Do NOT install this update after updating to Windows 10 version 1803. It will prevent your computer from booting up. I am stuck on the spinning circle for a long time. I have to use a Windows 10 USB to boot into the Troubleshooting and use Command Prompt to boot into safe mode. Please fix this update!

In the thread there are the usual postings of the kind ‘I run without problems’, but also a lot of confirmations. The thread now has 18 pages, so the problem seems to occupy a number of users. A German user writes:

I have the same problem with the update on 3 computers at the same time.

One was recovered using a restore point. We are currently running an inplace upgrade with 1803 final version.

On the second computer only a reset to 1709 was possible. The new installation 1803 final version is currently running there.

On the third computer only the reset to 1709 was possible.

This isn’t all that great.

After all, the 3 computers were already running with 1803 pretty well. The update has destroyed everything again!

Users who installed Advanced System Care (ASC) could solve the problem by uninstalling ASC. But there are also those affected without ASCs. In this thread various (voodoo) fixes are suggested. At reddit.com there is this thread, where users are reporting a black screen:

The update is bricking my computer. After the update (KB4103721) download and installs, after restarting my computer will hang on a black screen and do nothing. The only way to fix it is to restore my PC to a previous restore point, where the PC will boot up normally again. Automatic Updates then installed the update again and the issue returned. After a restore point, my PC booted again

How do I get rid of the update?

The first solution to uninstall the update that blocks the boot process is this approach:

1. Try powering down the system three times, if it hangs in the boot process.

2. Once Windows 10 displays Windows 10 PE mode with the repair options, try uninstalling the update.

The first method is to use System Restore and roll back. An alternative method is to select the safe mode at boot time. If Windows 10 then starts, you can uninstall the update in this mode. This page outlines the approach.

Microsoft warns previously ahead of Intel SSDs

Microsoft has added within the kb article for update KB4103721 a known issue. There is a warning, that an upgrade to systems with Intel SSDs may causing issues:

When attempting to upgrade to the Window 10 April 2018 Update, select devices with Intel SSD 600p Series or Intel SSD Pro 6000p Series may repeatedly enter a UEFI screen after restart or stop working.

Microsoft is working with OEM partners on a fix and has suspended the feature update to Windows 10 April Update on these machines (see my article Windows 10 V1803: Rollout stopped for Intel SSDs).

Warning ‘Settings are managed’

Furthermore, the warning “Some settings are managed by your organization” appears in red font in the settings under Windows 10 April Update. In this (German) article, the registry entries for deactivation are mentioned. Start the command prompt with Run as administrator and execute the following command:

Reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection” /v “DoNotShowFeedbackNotifications” /t REG_DWORD /d “1” /f >nul 2>&1

This is one command (I broke it into two lines for formatting reasons). After executing the command, restart Windows. This also fixes the feedback frequency under Privacy. To undo this, the following command is required:

Reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection” /v “DoNotShowFeedbackNotifications” /t REG_DWORD /d “0” /f >nul 2>&1

Quite a few problems – Windows as a service – always something to do …

↧

Windows 10 V1803: Fix for Explorer Timeline crashes

May 13, 2018, 3:09 pm

≫ Next: Windows 10: Issues with WSUS and Store (V1803)

≪ Previous: Windows 10 V1803: (Boot-) issues with update KB4103721

[German]In Windows 10 April Update (version 1803), users users are facing cyclic Explorer crashes or freezes. Other applications may also be affected. The reason is a bug in Timeline. However, there is a workaround.

The error

There are probably different error patterns that users will observe. There may be problems in the taskbar or the Windows Explorer crashes frequently.

The explorer.exe constantly crashes
The taskbar or desktop suddenly freezes

A restart (may happen automatically after the Explorer crash) can fix the problem for a short time – until the next crash. There is a thread on the topic on reddit.com.

Setup: 2 PC’s running windows 10 insider preview (one 17134, one 17655), both using the same Microsoft Account for login.

This morning my desktop started crashing the windows explorer including the desktop repeatedly, preventing access to apps, clicks, typing. I tried rebooting but immediately was faced with the same. This machine is on 17655. I had to leave to meet at a client site, so I left this machine in the state it was.

Short time later while at work, my Surface book 2 started doing the same (its on 17134). I thought this was strange and continued troubleshooting as I now had no working machines. I tried a number of things, but finally was able to get the machine working by enabling the built-in administrator account, setting a password and logging into it. There’s some downsides to doing this, but at least I could navigate around the machine. On the Surface book, I could recreate the MS account login, but it would start crashing shortly thereafter (looks tied to sync of settings). That said, I went online to Microsoft’s Account management page and removed all the data I could find in my microsoft account from the devices area.

I also was able to remain logged in under the Microsoft Account by stopping the Windows Search and Windows Error Reporting Services and disabling them, but that only worked on the surface book and not the desktop. From there, I tried a reset of the Surface Book PC and tried adding my account after cleaning everything, but nearly immediately the crashing started again (I believe again the sync of settings occurred). I’ve started backing up the desktop to wipe it as well, but I think if I use my MS-ID to log into it after blowing it away and reinstalling a production copy of windows I’ll run into the same problem.

I also found some entries in German Microsoft Answers forum, mentions that Timeline crashes explorer.exe in Windows 10 V1803.

And if this article is correct, the bug is already known for a while, Microsoft just did not consider it necessary to fix the bug.

Windows 10 Timeline

Fix: Switch off the activity history

Fortunately, a bright mind at Microsoft had the idea to switch off the timeline function. You can manage the activity history function in the Settings page by going to Privacy. Then you will find the category Activity History in the left column.

Aktivitätsverlauf (Timeline) abschalten

When selecting the entry there is the option ‘Let Windows collect my activities on this PC’. If unchecked, the activity history (timeline) is turned off. Then the crashes should be fixed.

According to a German forum post, delete also everything under Activity History to prevent it from being affected.

No access to the settings page?

If the explorer crashes to fast that you can’t get into the settings, call the task manager with Ctrl + Alt + Del and then terminate the explorer.exe task. Start regedit.exe as a new task in the Task Manager and then navigate to the following key.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

Create the 32-bit DWORD value EnableActivityFeed in this key and set it to 0 (switches off the timeline, see also). Then exit the Registry Editor and restart explorer.exe in Task Manager. Now the Explorer should not crash any more.

↧

Windows 10: Issues with WSUS and Store (V1803)

May 14, 2018, 2:09 pm

≫ Next: Update ‘Surface – HIDClass 4/26/2018 12:00:00 AM – 3.3.206.0’

≪ Previous: Windows 10 V1803: Fix for Explorer Timeline crashes

[German]Windows 10 April Update (version 1803) probably causes issues with the Microsoft Store. And WSUS may have problems rolling out updates for Windows 10 clients. With WSUS it turns out that Microsoft has fixed something and distributed it in the last days.

Trouble with WSUS on Windows 10 clients

I’ve noticed a few places in the last few days where administrators have been reporting problems with WSUS. It does not provide updates for Windows 10 clients. The first message can already be found on May 9, 2018 as a comment within my German blog.

Does anyone else have the problem that Windows 10 1803 does not report the KB410103721 as required via WSUS but does it report via Windows Update?

At Technet is this furum thread and at reddit.com is a thread 1803 May cumulative update WSUS fail to detect?. I’ve noticed also some posts in other German sites.

Win10 1803 is currently not able to get Windows updates from WSUS!

… Edit: 1709 Build 16299.402 is also affected!

Among other things, there is an administrator in the thread who is offered age-old driver updates in WSUS.

(Source: Administrator.de)

Others report that ancient drivers are offered in WSUS. If I have read it correctly, this problem seems to have been solved automatically in the meantime (around May 10th). At least there is some feedback that the WSUS systems have worked with the deployment of updates for Windows 10 clients. Also German blog-reader Markus has posted a comment with hints.

But there are also voices (e.g. at administrator.de) that still reporting issues like no updates (except Office) are offered via WSUS on Windows Server 2012 R2. I also read in the Technet thread that the changes take a very long time or have still not arrived on certain systems. I have not set up WSUS (Windows Server Update Services) to distribute updates in an enterprise environment, so I cannot test anything.

Store Problems with Windows 10 Version 1803

Users who have installed Windows 10 version 1803 (April Update) complain that the Microsoft Store can no longer download new apps. App updates, on the other hand, are still running. German blog reader Martin Blaumeiser writes here that it is associated with update KB4103721:

Update kb4103721 caused the trouble with two of my PCs (desktop & notebook) that the Windows Store became unusable. If you select an app that does not yet exist and click on ‘Download’, the Store App stops the DL after a fraction of a second, in which the usual progress bar briefly appears – of course without any error messages. Updating existing apps, however, works without problems, even Windows Update. Reinstalling or resetting the Store APP with wsreset or similar does not help.

After the error that with 1803 the content of large folders is often calculated completely wrong – a feature that I need every day – was also not fixed (see comment), I went back to 1709. Banana Ware!

German site deskmodder.de believes, a bug in the Store app is responsible (last updated May 9 to version 11804.1001.8.0). Here is a temporary workaround.

Launch the Store app and log out of your account.
Then exit and restart the Store app.
Then log in again with your user account in Microsoft store app.

Then test whether the Store app works again and allows downloading new apps from the Microsoft Store. The workaround lasts until the next reboot.

↧

Update ‘Surface – HIDClass 4/26/2018 12:00:00 AM – 3.3.206.0’

May 15, 2018, 1:24 pm

≫ Next: Windows 7 SP1 network bug (KB4103718/KB4103712)

≪ Previous: Windows 10: Issues with WSUS and Store (V1803)

[German]Are you suddenly seeing a ‘Surface – HIDClass 4/26/2018 12:00:00 AM – 3.3.206.0’ driver update on your Windows machines? But you don’t have a Surface devices? Here are some details about that update.

A Strange Surface – HIDClass driver update

Currently strange things are happening on Windows systems again. Windows Update suddenly offers users a ‘Surface – HIDClass 4/26/2018 12:00:00 AM – 3.3.206.0’ driver update. Surface device owners will accepting this update. But owners of normal Windows desktop devices are amazed at least, because what is this driver update for?

After I recognize this topic, I started an Internet search. The topic has been mentioned on dozens of websites. On reddit.com there is this thread, where the thread creator was offered the update under Windows 7 SP1. The user has posted the following screenshot of Windows Update.

Surface – HIDClass 4/26/2018 12:00:00 AM – 3.3.206.0’

The update was released on April 26, 2018 and seems to have been rolled out on some machines on May 8/9, 2018. The affected user wrote:

One of the newest Win (7 pro) “important updates” “Surface – HIDClass – 4/26/2018 12:00:00 AM-3.3.206.0” has started appearing on 2017-05-11.

I usually check to know what I’m installing, but I couldn’t find info concerning this on the net, and neither do I recall this type of updates from earlier.

Even the update becoming available after some 2 weeks from its release is making me wonder, to say the least.

Clicking the “More Information” link redirects to a generic page, which means that no info/page is available at the provided link.

Any idea what it is, and whether it could be a cause for some security concern? (e.g. some breach at MS)

P.s.: This appeared on a custom-made desktop, not in a way related to the Surface device.

It’s a bit odd that a Surface driver is offered on a desktop system, and then under Windows 7. MVP colleague Robert Aldewinkle takes this up in this Microsoft Answers forum post.

Installation Successful: Windows successfully installed the following update: Surface – HIDClass – 4/26/2018 12:00:00 AM – 3.3.206.0

Where is this documented? If I had been blinking I wouldn’t have known about it. I later found it using Reliability Monitor. There are some Surface Pro updates on the Catalog, so maybe this will show up there some time but those aren’t well described either. Another thing to perhaps be waiting for (I’m not going to hold my breath) is

https://sysdev.microsoft.com/en-CA/Hardware/support/default.aspx

<quote> Driver Information: Coming Soon </quote>

Ah. Judging by an earlier one It looks like a .cab file may have arrived with this. And the Reliability Monitor gives me a possible timestamp…

2018-05-08 09:34:52 3193 C:\Windows\INF\oem248.inf

WirelessKB850NotificationSvcDisplayName = “Wireless Keyboard 850 Notification Service”

ManufacturerName=”Surface”

Is there such a thing for a Surface 2 Pro? My Screen cover is attached but because my tablet’s orientation is Portrait the Screen cover is disabled. My keyboard is normally a Wireless USB but recently I have been using Remote Desktop Connection.

Searching the Microsoft Update Catalog

Searching the Microsoft Update Catalog reveals an update for Windows 7 SP1, Windows 8.1 and Windows 10 Fall Creators Update and later with a size about 400 KByte.

(Click to zoom)

This is referred as a ‘Description: Surface HIDClass driver update released in April 2018’. The driver belong to the “Microsoft Hardware USB Keyboard” model and has the update date 04/26/2018 and supports the following hardware IDs.

usb\vid_045e&pid_0745&mi_00
usb\vid_045e&pid_0746&mi_00

If you search the Internet for this device ID, you will find many websites that offer the driver for download. But that doesn’t get you anywhere. The best source is this GitHub address, which contains an extract from an .inf file.

; itpcdless.inf
;
; Driver for plug and play installations of USB Input Devices
;
; Copyright (c) Microsoft Corporation. All rights reserved.
;

It is a driver for Plug&Play USB Input Devices, which comes from Microsoft.

An explanation

Although Microsoft has failed (again) to document the stuff cleanly once again, this Microsoft Answers forum post contains an explanation

Hi Tom,

Surface – HIDClass is an update for Microsoft Hardware USB Keyboard. This is not specifically for Surface Tablets and Laptops. However, if you are having issues with this update, you can Hide it by downloading the troubleshooter in this link.

If you have issues with this update, you should uninstall it and then block it. Under Windows 7/8.1 this can be done via the context menu in Windows Update. Under Windows 10, the update can be blocked with the linked tool (see also How to block Windows 10 updates).

↧

Windows 7 SP1 network bug (KB4103718/KB4103712)

May 15, 2018, 2:10 pm

≫ Next: 0day patch for CVE-2018-8174 available

≪ Previous: Update ‘Surface – HIDClass 4/26/2018 12:00:00 AM – 3.3.206.0’

win7 [German]On Patchday, May 8, 2018, Microsoft has also released the updates KB4103718/KB4103712 for Windows 7 SP1 and Windows Server 2008 R2 SP1. Now there are reports, that these updates may cause network issues.

I’ve blogged about that updates within my blog post Patchday: Updates for Windows 7/8.1/Server May 2018. At the time of writing this article, only one known issue has been reported by Microsoft. But later on, some users of Windows 7 SP1 and Windows Server 2008 R2 SP1 are facing network issues. Susan Bradley mentioned it at askwoody.com.

Microsoft has update the known issues section within the KB articles (e.g. KB4103718). The following text has been added:

Microsoft is aware that some customers have reported that network drivers are intentionally uninstalled, then fail to reinstall after applying the May 8, 2018 update. This can result in the loss of network connectivity.

Microsoft is presently investigating and will provide a status update when the investigation is complete. The only solution for affected systems is to uninstall the update.

The problem with uninstalling these updates is, that CVE-2018-8174 (Windows VBScript Engine vulnerability) won’t be fixed. But there is a solution, see my blog post 0day patch for CVE-2018-8174 available.

↧

0day patch for CVE-2018-8174 available

May 15, 2018, 2:24 pm

≫ Next: Windows 10: Updates KB4134660/KB41346 released

≪ Previous: Windows 7 SP1 network bug (KB4103718/KB4103712)

[German]0patch has released a 0day patch to fix a critical vulnerability (CVE-2018-8174) in Windows VBScript Engine. This will be helpful for users who are not able to install May 2018 security updates due to issues.

Vulnerability CVE-2018-8174

In Windows, there is a critical remote code execution vulnerability CVE-2018-8174 in the Windows VBScript engine. The whole thing must have caught the attention of Kaspersky security researchers, but also of Chinese security researchers from 360, who reported the whole thing to Microsoft. Microsoft writes in the Security Guidances for CVE-2018-8174:

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Hey dude, it’s fixed already …

Microsoft provides within Security TechCenter not only details about CVE-2018-8174. There are also security updates for Windows 7 till Windows 10 to mitigate this vulnerability. So the issue has been fixed since May 8, 2018.

But wait, that’s not all. Some users are facing RDP connection issues due to inconsistent patch level (cause by the May 2018 security updates). In some scenarios they are forced to (temporary) remove all May 2018 updates to establish RDP connections.

And I just mentions network issues after installing KB4103718/KB4103712 on Windows 7 SP1 or Windows Server 2008 R2 SP1. I’ve blogged about this within my blog post Windows 7 SP1 network bug (KB4103718/KB4103712).

0patch to mitigate CVE-2018-8174 available

I read today at askwoody.com that ACROS Security released fix (called 0patch) to mitigate CVE-2018-8174. 0patch is well know for their fixes to mitigate 0-day exploits. Details about CVE-2018-8174 may be found within this opatch blog-post.

↧

Windows 10: Updates KB4134660/KB41346 released

May 15, 2018, 3:58 pm

≫ Next: Windows 10 V1803: Microcode update KB4100347 (05/15/2018)

≪ Previous: 0day patch for CVE-2018-8174 available

[German]Microsoft has released the updates KB4134660 (Windows 10 Creators Update) and KB413461 (Windows 10 Fall Creators Update) as of May 15, 2018. The updates supports the upgrade to Windows 10 April Update.

Update KB4134660 for Windows 10 Version 1703

Update KB4134660 for Windows 10 Version 1703 (Windows 10 Creators Update) will be distributed via Windows Update automatically. It’s also available via per Microsoft Update Catalog. This Windows update provides a notification of an improved privacy experience on upgrade to the Windows 10 April 2018 release.

Update KB413461 for Windows 10 Version 1709

Update KB4134661 for Windows 10 Version 1709 (Windows 10 Fall Creators Update) will be distributed also via Windows Update. It is also available via Microsoft Update Catalog for manual install. It’s purpose: provides a notification of an improved privacy experience on upgrade to the Windows 10 April 2018 release.

↧

Windows 10 V1803: Microcode update KB4100347 (05/15/2018)

May 16, 2018, 12:29 am

≫ Next: Bug: Google Chrome browser renders black boxes randomly

≪ Previous: Windows 10: Updates KB4134660/KB41346 released

Microsoft has released also a Microcode update KB4100347 for Windows 10 April Update to mitigate the Spectre V2 vulnerability.

Microsoft has provided a number of Intel Microcode updates for various Windows 10 versions (see link list at the end of the article). Unlike microcode updates, which are rolled out by the board manufacturers for the BIOS or UEFI, Windows loads the new microcode on system startup.

After installing Windows 10 April Update (V1803), users quickly noticed that the Spectre V2 microcode was not included (see Windows 10 April Update: Bugs and Issues). For Patchday (May 8, 2018), only special microcode updates for AMD CPUs for Windows 10 version 1607 were rolled out (see Windows 10 security updates May 8, 2018).

Update KB4100347, released on May 15, 2018, is the microcode update to mitigate the Specte V2 vulnerability (CVE 2017-5715 [“Branch Target Injection”]). It is available for Windows Server version 1803 and for Windows 10 version 1803 clients. Please note, however, that the update only applies to certain CPUs listed in article KB4100347. If required, the update can also be downloaded via Microsoft Update Catalog.

↧

Bug: Google Chrome browser renders black boxes randomly

May 16, 2018, 5:07 pm

≫ Next: Windows 10 Insider Preview build 17672 released

≪ Previous: Windows 10 V1803: Microcode update KB4100347 (05/15/2018)

[German]Her’s another short article on to topic ‘Google’s Chrome browser suddenly shows black boxes on web pages while surfing’. The subject comes up every now and then. Currently it may hit Windows users with the Chrome 66.

What’s the problem?

Using Google Chrome, it can happen that black rectangles suddenly appear in the browser window. The following picture shows the effect, whereby I blurred the content of the actual website (shown in the background) for data protection reasons.

Black rectangles in Google Chrome

When scrolling, the black areas somehow stay within the browser window and do not disappear either. I’ve been affected since I updated to Google Chrome 66 portable. Sometimes the rectangles get distorted when you close and reopen the browser – and there is no reproducible behavior.

I myself thought the whole has something to do with my graphics card driver or I supposed it’s a memory issued of the chrome browser (many tabs are often open here). Yesterday I came across a similar user report on Facebook and did some research.

The problem has been occurring for years

A brief search for ‘Chrome black boxes’ revealed that the issue has been reported sporadic for years. The article Fix Chrome Shows Black boxes on Screen gives some hints like installing the latest version of the browser, activating hardware acceleration etc. Also here you will find similar tips.

A bug in Google Chrome 66

But with Google Chrome 66 you don’t have to do anything. The issue is known because the bug report 836230 Black boxes appearing in different spots on numerous pages has been available since April 24, 2018. It appears only under Windows. In this community thread the topic is also discussed and there are further screenshots (e.g. in this article at Chrome 66.0.3359.117).

According to the forum entries the bug is probably fixed in Chrome Canary Build 68.0.3412.0. When the fix will enter the stable channel of the Google Chrome browser is not quite clear to me. This page writes that the bug has occurred again since Chrome 60, increased in version 66 and should be fixed in Chrome 67. Maybe it will help those affected.

↧

Windows 10 Insider Preview build 17672 released

May 16, 2018, 5:37 pm

≫ Next: .NET Framework Mai 2018 Preview of Quality Rollup

≪ Previous: Bug: Google Chrome browser renders black boxes randomly

Microsoft has released another Windows 10 Insider Preview build 17672 [Redstone 5] in fast ring. The announcement and further details may be obtained from this post in Windows blog.

↧

.NET Framework Mai 2018 Preview of Quality Rollup

May 16, 2018, 7:32 pm

≫ Next: Windows 10: Updates KB4103722, KB4103720 and more

≪ Previous: Windows 10 Insider Preview build 17672 released

Windows Update [German]Another short supplement to May 15, 2018: Whilst there are no preview quality rollups for Windows 7/8.1, Microsoft has managed to release Quality Rollup Preview updates for the.NET framework.

On May 15, 2018 was the third Tuesday of the month. Actually, the preview rollups for Windows 7 SP1 and Windows 8.1 should have been released last Tuesday. While updates came for Windows 10 (see Windows 10: Updates KB4134660/KB413461 released, I did not find any preview rollups for Windows 7/8.1. But Susan Bradley noticed that there is something for .NET framework.

.NET Framework May 2018 Preview of Quality Rollup

Microsoft has made the announcement in this blog post. The relevant Preview of Quality Rollups for the various .NET framework versions and platforms have been available since May 15, 2018. The following improvements were made in the Preview of Quality Rollup:

CLR

Resolves an issue in WindowsIdentity.Impersonate where handles were not being explicitly cleaned up. [581052]
Resolves an issue in deserialization when using a collection, for example, ConcurrentDictionary by ignoring casing. [524135]
Removes case where floating-point overflow occurs in the thread pool’s hill climbing algorithm. [568704]
Resolves instances of high CPU usage with background garbage collection. This can be observed with the following two functions on the stack: clr!*gc_heap::bgc_thread_function, ntoskrnl!KiPageFault. Most of the CPU time is spent in the ntoskrnl!ExpWaitForSpinLockExclusiveAndAcquire function. This change updates background garbage collection to use the CLR implementation of write watch instead of the one in Windows. [574027]

Networking

Fixed a problem with connection limit when using HttpClient to send requests to loopback addresses. [539851]

WPF

A crash can occur during shutdown of an application that hosts WPF content in a separate AppDomain. (A notable example of this is an Office application hosting a VSTO add-in that uses WPF.) [543980]
Addresses an issue that caused XAML Browser Applications (XBAP’s) targeting .NET 3.5 to sometimes be loaded using .NET 4.x runtime incorrectly. [555344]
A WPF application can crash due to a NullReferenceException if a Binding (or MultiBinding) used in a DataTrigger (or MultiDataTrigger) belonging to a Style (or Template, or ThemeStyle) reports a new value, but whose host element gets GC’d in a very narrow window of time during the reporting process. [562000]
A WPF application can crash due to a spurious ElementNotAvailableException. [555225]

For the last item in the above list, Microsoft has published instructions on how to fix the problem. The preview of the Quality Rollup for.NET Framework is available via Windows Update, Windows Server Update Services (WSUS) and Microsoft Update Catalog. The download links for the Microsoft Update Catalog can be found in the blog article. Since this is a preview, I would not install it.

↧

Windows 10: Updates KB4103722, KB4103720 and more

May 18, 2018, 12:38 am

≫ Next: Windows 7/8.1 Preview Rollup Updates (May 2018)

≪ Previous: .NET Framework Mai 2018 Preview of Quality Rollup

[English]Microsoft has released new updates for Windows 10 versions 1607 and 1703 as of May 17, 2018. In addition to the updates KB4103722 and KB4103720 there are also service stack updates. Here are the details of these updates.

Updates foür Windows 10 Version 1607

For Windows 10 version 1607 (Anniversary Update) and Windows Server 2016 a cumulative update and a servicing stack update have been released.

Update KB4103720 for Windows 10 Version 1607

Cumulative update KB4103720 is available for Windows 10 Version 1607 (Anniversary Update) and Windows Server 2016. It changes the OS Build to 14393.2273 and is a quality update that addresses the following items:

Addresses additional issues with updated time zone information.
Addresses an issue that causes Internet Explorer dialogs on a second monitor to also appear on the primary monitor when using extended display.
Addresses an issue that prevents adding performance counters to the Performance Monitor on systems with many processors.
Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
Addresses an issue that causes BitLocker to go into recovery mode when updates are applied.
Addresses an issue that can cause excessive memory usage when using smart cards on a Windows Terminal Server system.
Addresses an issue that makes it impossible to revert to a virtual machine checkpoint. Reapplying the checkpoint fails with an error.
Enables the Visual Studio IntelliTrace step-back feature to take snapshots of an application whose debug platform target is set to x86.
Ensures that CPU Groups function properly.
Addresses an issue where querying the Hyper-V Dynamic Memory Integration Service\Maximum Memory, Mbytes performance counter always returns 0 instead of returning the maximum configured RAM for a VM.
Addresses an issue that causes a VM to throw an error after creating the VM with static memory. This occurs when you enable HYPER-V and disable NUMA in the BIOS on a physical machine that has more than 64 logical processors. The error is “The data is invalid. (0x8007000D)”, and the VM fails to start.
Addresses an issue with ADFS that causes an IdP-initiated login to a SAML relying party to fail when PreventTokenReplays is enabled.
Addresses an issue where PolicySOM (WMI policy provider) consumes all available dynamic ports on UDP, which causes affected machines to become unresponsive. The component that doesn’t close the sockets properly is the LDAP client.
Addresses an issue where an NDES server connection to ADCS sometimes doesn’t automatically reconnect after the ADCS server restarts. If this occurs, new devices won’t be issued certificates without restarting the NDES server.
Addresses an ADFS issue that occurs when OAUTH authenticates from a device or browser application. A user password change generates a failure and requires the user to exit the app or browser to log in.
Addresses an issue where enabling Extranet Smart Lockout in UTC +1 and higher (Europe and Asia) did not work. Additionally, it causes normal Extranet Lockout to fail with the following error:
Get-AdfsAccountActivity: DateTime values that are greater than DateTime.MaxValue or smaller than DateTime.MinValue when converted to UTC cannot be serialized to JSON.
Addresses an issue where disks that have been blacklisted or marked as bad will be ignored and not be repaired when a user invokes S2D Repair. The Repair-S2D cmdlet will now work on a single node when the -RecoverUnboundDrives parameter isn’t passed.
Addresses an issue that causes docker builds to fail with the error message “hcsshim::ImportLayer failed in Win32: The system cannot find the path specified.”
Addresses an issue where Windows 10 clients that authenticate to 802.1x WLAN access points fail to apply Group Policy permissions, run scripts, or retrieve roaming profiles at user logon. This occurs because Kerberos authentication fails for \\domain\sysvol, \\domain\netlogon, and other DFS paths.
Addresses an issue with default applications that reset for browsers on server platforms.

The update is offered via Windows Update as soon as you start an update search. A manual download is possible via Microsoft Update Catalog. The update is cumulative and installs only those parts that have not yet arrived on the machine with previous updates.

Note: Windows 10, version 1607, reached end of service on April 10, 2018, so this update isn’t offered for Windows 10 Home or Pro editions. Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026. Also systems with clover trail SoC will receive updates until 2023 (see Windows 10 support for Clover Trail machines till 2023).

When installing both the servicing stack update (SSU) KB4132216 and the latest cumulative update (LCU) from the Microsoft Update Catalog, install the SSU before installing the LCU.

Known issue

Reliability issues have been observed during the creation of shielded VMs and the required artifacts for their deployment. There are also reliability issues for the Shielding File Wizard with or without the SCVMM interface. Existing shielded VMs and HGSs are not affected. Microsoft is working on a resolution and will provide an update in an upcoming release.

Servicing Stack Update KB4132216 for Windows 10 Version 1607

Update KB4132216 for Windows 10 Version 1607 is a Servicing Stack Update (SSU), which should bring stability improvements. The update is automatically rolled out via Microsoft Update Catalog, but can also be downloaded from the Microsoft Update Catalog. The update is also offered via WSUS.

Updates for Windows 10 Version 1703

For Windows 10 version 1703 (Fall Creators Update) a cumulative update and a servicing stack update have been released.

Update KB4103722 for Windows 10 Version 1703

Cumulative update KB4103722 for Windows 10 Version 1703 (Fall Creators Update) changes the OS Build to 15063.1112. This quality update addresses the following items:

Addresses additional issues with updated time zone information.
Addresses an issue that causes Internet Explorer dialogs on a second monitor to also appear on the primary monitor when using extended display.
Addresses a reliability issue in .NET applications when using a Japanese IME in a text box.
Addresses an issue with the connection status of some Bluetooth devices.
Addresses an issue that prevents Autodiscover in Microsoft Outlook 2013 from being used to set up email accounts when UE-V is enabled.
Addresses an issue that prevents adding performance counters to the Performance Monitor on systems with many processors.
Addresses an issue that generates an error when attempting to change the smart card service’s startup type from Disabled to Manual or Automatic. The error is “Cannot create a file when that file already exists.”
Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
Addresses an issue that causes client applications that use Windows Authentication Manager to stop working when making a request to the server.
Addresses an issue that causes BitLocker to go into recovery mode when updates are applied.
Enables the Visual Studio IntelliTrace step-back feature to take snapshots of an application whose debug platform target is set to x86.
Addresses an issue where the connection bar is missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.
Addresses an issue where Windows 10 clients that authenticate to 802.1x WLAN access points fail to apply Group Policy permissions, run scripts, or retrieve roaming profiles at user logon. This occurs because Kerberos authentication fails for \\domain\sysvol, \\domain\netlogon, and other DFS paths.
Addresses an issue that causes UWP applications to stop working when they use the XAML Map Control.

The update is available via Windows Update as soon as you start a search. A manual download is possible via Microsoft Update Catalog . The update is cumulative and installs only those parts that have not yet arrived on the machine with previous updates.

If the Servicing Stack Update (SSU) KB4132649 and the last cumulative update (LCU) from the Microsoft Update Catalog are to be installed manually, the Servicing Stack Update must be installed first.

Servicing Stack Update KB4132649 for Windows 10 Version 1703

Update KB4132649 for Windows 10 Version 1703 is a Servicing Stack Update (SSU) that brings stability improvements. The update is available via Windows Update, via WSUS and may be downloaded fromMicrosoft Update Catalog.

↧

Windows 7/8.1 Preview Rollup Updates (May 2018)

May 21, 2018, 3:10 am

≫ Next: Windows 10: ‘An App default was reset’

≪ Previous: Windows 10: Updates KB4103722, KB4103720 and more

Windows Update [German]Microsoft released updates for Windows 7 (KB4103713), Windows 8.1 (KB4103724) and the relevant server counterparts on May 17/18, 2018. These are the monthly preview rollup updates. There are also some other updates in the server area.

This is a supplement to last Thursday, May 17/18, 2018 (thanks to blog reader Markus B. for his note last Friday, May 18, 2018). I’ve been on the road and haven’t got a chance to blog about the updates yet. The preview rollup updates have also been rolled out this month two days later than usual (late Thursday instead of the 3rd Tuesday of the month).

Preview Rollup Updates means a preview of updates that appear on patchday of the following month. These optional updates do not actually need to be installed (unless you are affected by a fixed bug).

KB4103713 foür Windows 7/Windows Server 2008 R2

Update KB4103713 is available for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 as Preview of Monthly Rollup. This is not a security update. The preview rollup addresses the following items:

Addresses additional issues with updated time zone information.
Adds SMB1 access auditing on Windows Server 2008 R2 SP1. The auditing will be disabled by default.

However, SMB1 access auditing must be explicitly released in an administrative command prompt (called with Run as administrator) in the registry. Then enter the following command:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
LanmanServer\Parameters /v AuditSmb1Access /t REG_DWORD -d 1 /f

This is one command that has been formatted as several lines here within the blog. To disable SMB1 access auditing, enter the following command in the administrative command prompt:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer
\Parameters /v AuditSmb1Access /t REG_DWORD -d 0 /f

This rollup has two known problems that can occur during installation:

A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). Microsoft is working on a resolution and will provide an update in an upcoming release.
Microsoft is aware that some customers have reported that network drivers are intentionally uninstalled, then fail to reinstall after applying the May 8, 2018 update. This can result in the loss of network connectivity. Microsoft is presently investigating and will provide a status update when the investigation is complete.

The update is optional and is offered via Windows Update, but can also be downloaded and installed via Microsoft Update Catalog.

KB4103724 for Windows 8.1/Windows Server 2012 R2

Update KB4103724 is available for Windows 8.1 and Windows Server 2012 R2 as Preview of Monthly Rollup. This is not a security update. The preview rollup addresses the following items:

Addresses additional issues with updated time zone information.
Addresses an issue that can cause excessive memory usage when using smart cards on a Windows Terminal Server system.
Addresses an issue in the SRVNET.SYS driver that can cause a BAD_POOL_CALLER (0x000000C2) or a PAGE_FAULT_IN_NONPAGED_AREA (0x00000050) error in a SMB scale-out file-share scenario.

This optional update is offered via Windows Update, but can also be downloaded and installed via Microsoft Update Catalog. Microsoft currently has no known issues with this update.

The update should also be offered via WSUS, as Markus B. writes: The[kb4103724] updates are synchronized since yesterday afternoon.

Further updates for Windows Server 2008 / R2

Markus B. pointed out to me in his above mentioned mail that he released further updates via WSUS for Windows Server 2008 R2 and for Windows Server 2008.

Update KB4039648: Update to add SHA-2 code signing support for Windows Server 2008 SP2 (released 02/21/2018).
Update KB4090928: Windows leaks handles in the lsm.exe process and smart card applications may display “SCARD_E_NO_SERVICE” errors. released May 17, 2018 for Windows Server 2008.
Update KB4130978: Time zone and DST changes in Windows for Morocco and the West Bank and Gaza; applies to Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows 8.1, Windows Server 2012, Windows Server 2012 R2 and Windows XP Embedded. Released 05/18/2018.

The updates will probably also be distributed via Windows Update. Details can be found in the linked KB articles.

Issues with various WSUS patches??

Markus B. wrote me the following lines in last Friday’s mail, which refer to WSUS and various updates:

Meanwhile, do you know something about when the Cumulative Patch is coming in for the Win10 1709? This is simply not or only partially distributed via the WSUS. You already mentioned that in a blog.

It strikes me that the number of installations will then also totally decrease. Somewhere there should be a problem with feedback from the system. Anyway, I notice that in the last few months more and more clients suddenly stop reporting (reports). Contact is still there, but the status report is no longer coming.

Do you have any such reports? Also the Flashplayer distributes much slower. Usually the office security patches from last week.

Under 1607, the cumulative is now distributed normally. They had problems at the beginning but got a new revision.

The latest cumulative from this week is not offered in WSUS only via Windows Update in the Catalog.

Since I don’t run a WSUS, I can’t say anything about it. Any of you notice anything in this regard?

↧

Windows 10: ‘An App default was reset’

May 21, 2018, 3:40 pm

≫ Next: Windows 10 Version 1709: Update KB4103714/KB4132650 released

≪ Previous: Windows 7/8.1 Preview Rollup Updates (May 2018)

[German]Some Users of Windows 10 are facing the issue that the file type assignments of apps are reset. The message ‘An App default was reset’ is displayed repeatedly.

The error description

I first became aware of the problem via this German blog comment. The affected user wrote:

Under Windows 10 1709 we have the phenomenon that the standard apps are reset on various clients. For example PDF on the Edge. jpg, nef etc. on photo.

The problem is that the user may be annoyed by a lot of notifications about this problem in the Info Center.

App default was reset

Furthermore, he cannot open the file type with his preferred application. He wrote that in the event viewer under Shell-core\appDefaults entries of the following type can be found:

AppDefault-Info: SetDefault: Association=.pdf, ProgId=AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723

AppDefault-Info: SetDefault-Info: Association=.pdf, ProgId=AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723, U=S-1-5-21-1078081533-1060284298-682003330-1176, T=2018:05:02:08:21:38, H=uUYaKekA32M=

The user selection for .pdf has been reset to the program ID AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723.

The error also does not occur on all machines. The user concerned writes that out of 190 machines changed over, only 10 systems reported that apps have been reset.

Searching the Internet

I then searched the Internet whether there was a solution. The search for the above entries in the event display has revealed several locations. On reddit.com, a user complains about this behavior because an assignment of the PDF file format was reset to the Edge after an update.

here is a long thread An App Default Was Reset from 2016 on Technet – a user has problems with Internet Explorer 11 who loses his mappings. Another user complains about lost file type assignments in the image viewer IrfanView. Various apps appear in the thread, from which the file type assignment is removed. Guess: A buggy update or inconsistent apps are the cause.

A fix for the issue

In this [German] article you will find hints on how to assign file types to Apps under Windows 10 using the Control Panel or the Settings app. But this changes with every Windows 10 build.

An explanation of why the problem with resetting the file type mapping for apps occurs can be found in this article. If no user mapping is found or an application writes incorrect values to the User Mapping registry branch, this triggers a file type mapping reset in Windows 10, which then writes back the Windows 10 defaults.

To block, the registry value is NoOpenWith in the registry key:

HKEY_CURRENT_USER\SOFTWARE\Classes\AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9

of the app without a value – as explained in the article. This tells Windows 10 that no selection appears in the Open with popup and prevents Windows 10 from resetting the file to default values. As of Windows 10 Anniversary Update, the value NoStaticDefaultVerb must also be added to the registry key of the app

This web site offers a .reg file which can be used to block the resetting of different file type assignments. This file also sets the relevant registry entries. Maybe it’ll help you.

↧

Windows 10 Version 1709: Update KB4103714/KB4132650 released

May 21, 2018, 4:44 pm

≫ Next: Windows 10: End of Life for several builds

≪ Previous: Windows 10: ‘An App default was reset’

Windows Update [German]Microsoft surprisingly released another cumulative update KB4103714 for Windows 10 version 1709 (Fall Creators Update) on May 21, 2018. Microsoft has also released a Servicing Stack Update KB4132650. Here are some information.

Update KB4103714 for Windows 10 Version 1709

Cumulativ update KB4103714 for Windows 10 Version 1709 (Fall Creators Update) contains quality improvements. No new operating system features are introduced in this update. The most important changes include:

Addresses additional issues with updated time zone information.
Addresses an issue that causes Internet Explorer dialogs on a second monitor to also appear on the primary monitor when using extended display.
Addresses an issue with Microsoft Edge browser windows in remote sessions.
Addresses a reliability issue in .NET applications when using a Japanese IME in a textbox.
Addresses a reliability issue that may cause Microsoft Edge or other applications to stop responding when you create a new audio endpoint while audio or video playback is starting.
Addresses an issue with Bluetooth devices failing to receive data after a restart.
Addresses an issue that can prevent the touch keyboard from showing up reliably in some instances.
Addresses an issue where UWP apps that store local crash dumps in their local app data folders can’t be cleared using Disk Cleanup or StorageSense. In these cases, LocalDumps isn’t enabled.
Addresses an issue that prevents adding performance counters to the Performance Monitor on systems with many processors.
Addresses an issue that causes BitLocker to go into recovery mode when updates are applied.
Addresses an issue where expired VPN certificates aren’t deleted, slowing application performance.
Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
Addresses an issue that causes client applications that use Windows Authentication Manager to stop working when making a request to the server.
Addresses an issue with the invalidation of the Windows Authentication Manager token cache.
Addresses an issue that cause a timeout error when a VPN tries to disconnect from a device that is in the Connected Standby state.
Provides an explicit error when plugins fail to connect to prevent timeouts.
Addresses an issue where running the DiskShadow utility after adding a persistent memory controller causes RetrieveAllVirtualMachinesComponentsMetadata() to stop responding.
Addresses an issue that causes a VM to throw an error after creating the VM with static memory. This occurs when you enable HYPER-V and disable NUMA in the BIOS on a physical machine that has more than 64 logical processors. The error is “The data is invalid. (0x8007000D)”, and the VM fails to start.
Addresses an issue that occurs when multiple processes are limited by rate, using job objects. This can cause various symptoms including, but not limited to, system-process CPU spikes, interrupt-time CPU spikes, high privileged time on some CPUs, and increased system or processor queue lengths.
Addresses an issue that causes docker builds to fail with the error message “hcsshim::ImportLayer failed in Win32: The system cannot find the path specified.”
Addresses an issue in which Windows 10 clients that authenticate to 802.1x WLAN access points fail to apply Group Policy permissions, run scripts, or retrieve roaming profiles at user logon. This occurs because Kerberos authentication fails for \\domain\sysvol, \\domain\netlogon, and other DFS paths.
Addresses an issue in a RemoteApp session that causes clicking in the foreground window to become unresponsive when using grouped windows.
Addresses an issue in a RemoteApp session that may result in a black screen when maximizing an application on a secondary monitor.
Addresses an issue with application association in the DISM tool.
Adds support to Microsoft Edge and Internet Explorer 11 for the SameSite cookie web standard. For more details about SameSite cookies, see our recently published blog post.

The update is offered via Windows Update when the update search is started. The update is also available for download from the Microsoft Update Catalog. It changes the build number to 16299.461. Microsoft is currently not aware of any problems with the update. (via)

If you are installing both the KB4132650 Service Stack Update (SSU) and the latest cumulative update (LCU) from the Microsoft Update Catalog, install the SSU before installing the LCU.

Update KB4132650 for Windows 10 Version 1709

It’s already mentioned in the previous paragraph, Update KB4132650 is a Servicing Stack Update for Windows 10 version 1709 (Fall Creators Update). The update brings stability improvements for Windows Update and is installed automatically via Windows Update. It is also distributed via WSUS and is available for download in the Microsoft Update Catalog.

↧