Microsoft released a new Insider Preview Build 17686 of Windows 10 in Fast Ring for PC. The new build contains some features for Local Experience Packs and Windows Mixed Reality. Details may be read within this blog post, where Microsoft has announced the new build. 

[German]Users of Windows 10 may experience scanner issues after installing a Windows 10 update. For example, after an update to Windows 10 version 1803, scanning from multifunction printer/scanner devices is no longer possible using Easy Document Creator.

Within the text below I will try to explain the various approaches to control scanners and point out the associated problems.

Standards for scanner control

With modern scanners connected to a computer via USB, the scanner is controlled from applications using two standards: Twain and WIA. Here is some background information.

TWAIN, an old standard

TWAIN is is a standard established in 1992 by Aldus Corporation, Eastman-Kodak, Hewlett-Packard and Logitech for exchanging data between image input devices (scanners, digital cameras, etc.) and applications for Microsoft Windows and Apple Macintosh. 

TWAIN 2.4, released December 15, 2015, consists of three elements: The data source, the application program and the source manager. The data source is formed by the scanner or digital camera driver. This must be supplied with the device in a version compatible with the Windows version or may be downloaded and installed at a later date from the manufacturer’s website.

Then application programs such as PhotoFiltre etc. can be used to address the scanner directly and to continue using the image data of the scan. If this does not work, the device’s TWAIN driver may no longer be compatible with the existing Windows version. Here you can only try to uninstall the manufacturer’s Twain driver and reinstall a new driver or the old driver.

The WIA standard, approach with hurdles

This is the interface introduced by Microsoft from Windows Millennium (WIA stands for Windows Image Acquisition). Windows Fax and Scan as well as other functions of the operating system or application programs can use WIA to initiate a scan.

In order to run the scanner under Windows, a WIA driver of the scanner manufacturer suitable for this operating system must be installed. Unfortunately, there is a large hurdle for older scanners. Microsoft has introduced the WIA 1.0 standard for Windows Millennium and also supported it under Windows XP.

Starting with Windows Server 2003, Microsoft switched the model of the WIA service from Local System to Local Service. As a result, all older WIA drivers no longer work under newer Windows versions. This was first noticed on a wider front with Windows Vista, later with Windows 7 and subsequent versions. I had explained this in more detail in my German blog post Scanner unter Windows 7.

Scanning via this interface is not possible without a WIA driver adapted to the currently used Windows version. The scanner is then simply dead. If there is no updated WIA driver, you can only try to scan via the TWAIN interface.

The software Vuescan, occasionally suggested, uses this interface according to my information.

Network scanning to network folders

Meanwhile there are a lot of multifunctional devices on the market, consisting of printer, fax and scanner including network connection. An elegant trick is actually used there: A network share is set up on a computer within the network, on which the scans can then be stored. The multifunction device is then set up to automatically store the scans as files on this network share.

Basically, you only need to configure the network address (URL) and the access data (user name and password). The concept is, because of the access to network shares, independent of the used operating system. 

Pitfall: Windows 10-Updates …

What looks ingenious in theory proves to be a great evil in practice. When searching the Internet, you very quickly come across calls for help in forums, claiming ‘scan to network folders’ no longer works after any update in Windows 10. The HP Forum contains several articles (German entry, cached versions here about the HP LaserJet Pro 400 MFP M425dw, here HP OfficeJet Pro 8720 All-in-One printer series). At hardwareluxx there is an entry here. These postings are all in German, but you should be able to find other posts in English.

… and The SMBv1 problem

In Windows 10 V1709, Microsoft has decided to discontinue support for the SMBv1 protocol. Systems on which the protocol is still installed will retain it. But since Windows 10 version 1709 (Fall Creators Update) there is a dirty trap: Windows 10 checks if the SMBv1 protocol is used. After 15 days without using the SMBv1 protocol it will be uninstalled via DISM command (Susan Bradley pointed this out here some time ago, but Microsoft has also explained this in this KB article).

When scanning to a network share there are then the strangest error messages. Everything from error code 0x80004005 to other messages is included. Here it only helps to reactivate the SMBv1 protocol for test purposes under Windows 10. I had outlined this some time ago in the German blog articleWindows 10: Kein Zugriff auf Freigaben already in another context.

1. Go to control panel (type ‘control’ in Windows 10 search bar and select control panel entry) and invoke Windows features.

2. Then, in the Windows Features dialog box shown above, enable support for SMB 1.0/CIFS file sharing option (check box).

Once OK is confirmed, Windows must restart. When rebooting, SMBv1 is added to the operating system and scanning to network folders should work again.

Within this english blog post, you will find additional hints, such as how to set up an insecure logon using group policies. But I’m not sure if this still works or if it’s a good idea. In the long term, devices that use SMBv2 for network access should be procured

Windows 10 V1803 and Easy Document Creator

After switching to Windows 10 April Update (version 1803), the forums have seen a series of users who can no longer scan multifunction devices. The common feature is that Samsung Easy Document Creator is used for scanning. I have received requests from Facebook, Microsoft Answers etc. 

Scanning with Samsung Easy Document Creator is described in more detail on this HP page, for example. Windows 10 and Samsung Easy Document Creator, now offered by HP, have been a source of trouble in the past. During the “Scan to PC”, messages such as’The current process has failed’ were displayed.  Or an error message like the following will be displayed.

For example, the HP forum now contains the thread After upgrade Win 10 v 1803 Easy Document Creator won’t comunicate with scanner from early May 2018, which describes the dilemma. The Windows 10 April update knocked out the software, the scanning doesn’t work anymore. Even the TWAIN interface is disabled. In this MS Answers forum post, a user reports that scanning with Windows Fax and Scan still works (WIA is used).

A workaround is to use the software NAPS2 (Not Another PDF Scanner 2)) for scanning. This software can scan via TWAIN and WIA. I haven’t found anything at the moment, but Easy Document Creator might try to use the SMBv1 protocols for writing – and that goes wrong for the known reasons.

Similar articles
How to add a scan function to Word 2013
Scanning in Word 2013/2016 – Part I
Scanning in Word 2013/2016 – Part II

Adobe has released an emergency update (see security advisory APSB18-19) for Flash Player on June 7, 2018, for Windows, macOS, Linux and Chrome OS. Microsoft released Flash Update KB4287903 for Windows 8.1 and Windows 10 (and it’s server pendants) to close this vulnerability too. I’ve added details at my blog post Adobe Flash Player version 30.0.0.113 available.

It seems that Microsoft has messed up the critical Adobe Flash Update KB4287903 for Windows. At least for enterprise environments with WSUS, where the patch may causes install issues.

KB4287903, a critical Flash-Update

Adobe has released an update for Flash Player on June 7, 2018, for Windows, macOS, Linux and Chrome OS. This upgrades Flash player to version 30.0.0.113. It was an emergency patch, that closed Zero-Day vulnerability CVE-2018-5002. Adobe wrote in security advisory APSB18-19:

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.

Later that day, Microsoft released Flash Update KB4287903 for Windows 8.1 and Windows 10 (and it’s server pendants) to close this vulnerability too. I’ve blogged about that within my yesterday’s blog post Adobe Flash Player version 30.0.0.113 available. Further

WSUS install issues with KB4287903

At a first place, security update KB4287903 is available via Windows Update to the appropriate clients (Windows 8.1, Windows 10, Windows Server). The update may be also downloaded via Microsoft Update-Katalog. If you choose a manual install, note the restrictions described in KB4287903. Also read ADV180014 for further details.

But it seems, that users within a WSUS environment are facing install issues. I’ve received two comments within last night for my German blog post Windows: Flash Player Update KB4287903 (7. Juni 2018), claiming serious install issue. One user wrote (freely translated):

Hello, under Windows 10 LTSB 2016 (1607), the update is not recognized after released via WSUS.

When manually downloaded from the Microsoft Update Catalog (2018-06 security update for Adobe Flash Player for Windows 10 version 1607 for x64-based systems (KB4287903)), the following error message appears during installation: The update is not suitable for your computer.

That’s very strange! There is a critical update for flash dedicated for Windows 10 V1607, but LTSB-Clients doesn’t recognize this update after it was released via WSUS. And even stronger: A manual download has been refused during update installation as ‘not suitable’. A second user reported also WSUS install issues:

The update to current Windows 10 Pro via WSUS is not imported here. Since my own PC was also affected, I went to the Windows Update setting and got “You are up to date”. Then I triggered a manual update search, that has found and installed the update.

Within a business environment with hundreds or thousands of Windows 10 clients this isn’t a real option. Have you also noticed such problems?

[German]Just a brief information for users of the Windows 10 April Update who runs into network issues with and possibly with multi-function devices (scanners using a scan to network shares). It seems that Microsoft is working on a fix for the ‘SMBv1 isses’ and plans to release a patch in June (patchday would be June 12, 2018).

Some background about the network SMBv1 issue

Microsoft had already announced since summer 2017 that support for the SMBv1 protocol in Windows 10 will expire. The abbreviation SMB stands for Server Message Block (former names are LAN Manager or NetBIOS protocol), a network protocol for file, print and other server services in computer networks. Version 1 (SMBv1) of the network protocol designed over 30 years ago, and especially the Microsoft implementation, is considered very error-prone and security-critical (see Microsoft plans to deactivate SMBv1 in  Windows 10 V1709 and StopUsingSMB1).

In the meantime there are SMBv2 and SMBv3, so that the use of SMBv1 in Windows networks is no longer absolutely necessary. For example, Windows Vista is no longer dependent on SMBv1 because SMBv2 is used there.

What’s the problem?

For new installations of Windows 10 it was at least since Windows 10 V1709 that SMBv1 was deactivated. If devices required SMBv1, the administrator had to activate SMBv1 again via Windows features (see also).

With Windows 10 V1803, however, the ‘missing SMBv1’ problem has probably hit a lot of people, because this build also brings a change after upgrade. If the SMBv1 client is not used for a total of 15 days (except when the computer is turned off), Windows 10 April Update automatically uninstalls the SMBv1 client (see this Microsoft article and my blog post Windows 10: Scanner fails after update). But re-enabling SMBv1 in Windows 10 V1803 doesn’t fix all network issues.

Some changes in KB4103721, KB4100403

In May 2018 Microsoft released the updates KB4103721 (05/08/2018) and KB4100403 (05/23/2018) for Windows 10 V1803. However, after upgrading to Windows 10 V1803 or installing these updates, users of Windows 10 April Update seem to experience issues when using the SMBv1 protocol. I noticed postings in the Microsoft-Answers forums, where my hint to try to activate SMBv1 once did not bring a success. I couldn’t figure it out at first. Now Microsoft has added the following paragraph in the ‘Known issues’ section to the two KB articles mentioned above.

Some users running Windows 10 version 1803 may receive an error “An invalid argument was supplied” when accessing files or running programs from a shared folder using the SMBv1 protocol.

The site The Register noticed that, and Microsoft wrote about the know issue within the kb articles:

Enable SMBv2 or SMBv3 on both the SMB server and the SMB client, as described in KB2696547. Microsoft is working on a resolution that will be available later in June.

It is correct to switch to SMBv2 or SMBv3 in your environment (clients and servers) to solve the security problem associated with SMBv1. But there are also scenarios where SMBv1 is mandatory (if a client or server, like a NAS drive, an All-in-One printer etc., which supports only SMBv1 from the firmware). Then you need to activate SMBv1 for a transition time.

Some background about the SMBv1 bug

So Microsoft says, that there is an issue in SMBv1 for Windows 10 V1803. Let’s see, whether we can get more details. The Register has a possible hint, pointing to a MSDN forum discussion. Within the thread RS4:1803]Windows 10 1803 won’t run ODBC SQL connected application from network, there are more details. The thread creator wrote: 

• We have an application that runs from a network location. It has always worked fine in Windows 10 through latest cumulative 1709 builds. Since updating online to 1803 (17134.1) it will not run from the network.
• With an ODBC SQL connection, from Windows 10 Build 17134.1 (the RTM of the Windows 10 April Update) an access error occurs (e.g. to Oracle databases in the network). 
• SMB 1.0/CIFS is enabled for client and server shares, so it should work with shared network accesses.

The thread starter was able to solve his issue activating SMBv2. But if you depend on SMBv1 (see my notes above), you won’t get any further. Within the thread, user Nicolas Casas then posted a possible explanation:  

you are pointing something. I have the same issue , that is running an exe from a SMB1 network share
Since windows 10 1803 update the sql server access was filtered that way
but on one PC it was working. this one runs Avast as well.
so I did a fresh installation of 1803, manually enabled SMB1 in windows with

dism /online /enable-feature /featurename:SMB1Protocol-Server

and SQL access was not working. I then installed avast latest free version
and it worked! Additionnaly I uninstalled Avast.. and blocked again. so … I look on Defender firewall to add the application in the list, disabled defender but no way to succeed yet

Within the MSDN forum thread other users confirmed similar observations with other third-party virus scanners. It appears that Windows Defender in combination with Windows Firewall causes an issue with SMBv1 shares.

Some workarounds

If you depend to access network shares with SMBv1, you can install Avast Free or a third-party firewall so that Windows Defender and Windows Firewall are turned off, and it works. Just crazy.

For a Windows 10 V1803 network environment, Microsoft has outlined a possible workaround without activating the SMBv1 protocol within this article (section Explorer Network Browsing).

For All-in-One printers with a failing scan to network share function, read my blog post Windows 10: Scanner fails after update. Overall we need to wait and see, if and what Microsoft will present us on June 2018 patchday (06/12/2018).

Similar articles:
Microsoft plans to deactivate SMBv1 in  Windows 10 V1709
Windows 10: Scanner fails after update
Windows 10: Issues with WSUS and Store (V1803)
Windows 10: ‘An App default was reset’
Windows 10 V1803: Update KB4100403 (with SSD fix)
Windows 10 V1803: Fix for Explorer Timeline crashes
Windows 10 V1803: (Boot-) issues with update KB4103721
Windows 10 V1803 Feature Upgrade and AVAST damages
Windows 10 V1803: Rollout stopped for Intel SSDs
Windows 10 Fall April Update – Upgrade Tips
Media Feature Pack for Windows 10 N Version 1803
Windows 10 security updates May 8, 2018

[German]Microsoft has released a small update KB4134662 for Windows 10 Version 1511 (the November update from 2015). This update has been released last week (on June 8, 2018). Addendum: The Windows 10 RTM build and Windows 10 V1607 (Anniversary Update) also received privacy patches KB4134663 and KB4134659.

End of life dates for Windows 10

In mid-May I published the blog article Windows 10: End of Life for several builds for various Windows 10 versions, where I explained which versions of Windows 10 can still expect updates. Windows 10 (V1507) is out of support (except for the LTSC variant). And also for the Windows 10 V1511 there was no reason to expect anything more in terms of updates. Quote:

Windows 10 Version 1511: This version of Windows 10, released in November 2015, was discontinued on October 10, 2017. However, Enterprise and Education editions for version 1511 still received security updates 6 months after this date (March 2018 was over).

Only the anniversary update still gets updates (in the Enterprise version and as LTSC). All whistles and bells about the details may be read within my blog post linked above.

But there are privacy updates for old Windows 10 builds

But the assumption, that no more updates will be released, was simply wrong. Because Microsoft released (surprisingly for me) already another update KB4134662 for Windows 10 version 1511 last week – and more updates for other EOL builds. I wouldn’t have noticed that, if @phantomofmobile hadn’t nudged me on Twitter.

EARLY PATCH TUESDAY from MS CATALOG for “improved privacy experience”

ICYMI: @SBSDiva @AdminKirsty @woodyleonhard @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @thurrott @MPECSInc @etguenni @SwiftOnSecurity @pcper @SGgrc @MalwareJake @GossiTheDog @ryanshrout @JobCacka pic.twitter.com/Yt3boxaxuy

— Crysta T. Lacey (@PhantomofMobile) 12. Juni 2018

Update KB4134663 for Windows 10 V1511

Checking Microsoft Update Catalogs I found Update KB4134663 available for Windows 10 V1511, released on June 8, 2018. The update is installed automatically via Windows Update, but can also be downloaded and installed from Microsoft Update Catalog. The purpose of this update:  

This Windows update provides a notification of an improved privacy experience to the upgrade to the Windows 10 April 2018 release.

Microsoft intends to inform users about privacy settings, if Windows 10 is upgraded to April Update.

Updates also for Windows 10 RTM and V1607

Inspecting Windows Update Catalog further, I found also two additional updates for Windows 10 RTM and Windows 10 Anniversary Update (V1803):

• Update KB4134662 for Windows 10 (RTM-Version)
• Update KB4134659 for Windows 10 Anniversary Update (V1607)

The same applies as for the Windows 10 V1511 KB4134662 mentioned above. Microsoft is upgrading the privacy settings notification to be ready for the upgrade to Windows 10 April Update (V1803). Why this is happening now for these Windows versions is not clear to me. I find it interesting that Microsoft classified those updates as critical. So, you are informed now – the rest of Patchday notification about other updates will follow sometime this night (here in Germany) as a separate blog post.

Similar posts:
Adobe Flash Player version 30.0.0.113 available
Flash-Update KB4287903: Install issues with WSUS
Flash-Update KB4287903 for Windows released
Windows 10 V1803: Update KB4338548 released

[German]Microsoft has released a series of security updates for various Microsoft products  (Windows,  Microsoft Office, .NET Framework etc.) on June 12, 2018 (Patchday). Here is a short overview.

For full information about the published security updates, visit the Security Update Guide. I will publish more details in separate blog posts.

Critical Security Updates
============================

ChakraCore
Microsoft Edge
Internet Explorer 9
Internet Explorer 11
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)

Important Security Updates
============================

Excel Services installed on Microsoft SharePoint Enterprise
Server 2013 Service Pack 1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel Viewer
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Project Server 2010 Service Pack 2
Microsoft Publisher 2010 Service Pack 2 (32-bit editions)
Microsoft Publisher 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Word Automation Services installed on Microsoft SharePoint
Server 2010 Service Pack 2
Word Automation Services installed on Microsoft SharePoint Server
2013 Service Pack 1
Office Online Server 2016

Moderate Security Updates
============================

Internet Explorer 10

Similar articles:
Adobe Flash Player version 30.0.0.113 available
Flash-Update KB4287903: Install issues with WSUS
Flash-Update KB4287903 for Windows released
Windows 10 V1803: Update KB4338548 released
Windows 10 V1511-1607: Privacy notification update KB4134662, KB4134663 and KB4134659

[German]Today I like to discuss within a blog post the question, how reasonable is it, to use a Windows 10 LTSC versions. And I also take a look at the idea of using Windows 10 version 1607 as a poor mans LTSC version.

The initial idea for this article raided from my German blog post Windows 10, geplante Obsoleszenz? Within this article I pointed out some implications of Windows as a service. Furthermore, some blog readers asked why I ‘m not mentions Windows 10 LTSC often. Others asked about a ‘home made’ slimmed-down Windows 10 version wit blocked feature updates and long term support.

On some days, however, the pieces of a puzzle come to light and forces suddenly an image. I’m discussing with some people who are active as administrators in the Windows 10 environment to benefit from their experiences.

Crazy idea Windows Long Term Servicing Channel (LTSC)

I confess, I have occasionally thought about setting up and working with a Windows 10 Enterprise LTSC here. No more feature updates and a operating system base that gets 10 years of support. But Microsoft has made it always clear that Windows 10 LTSC is intended for ‘mission-critical’ applications and not for day-to-day operation in office environments. 

Within the last hours I became aware (via Twitter) of the Microsoft blog entry Say No to Long Term Servicing Channel (LTSC). British consultant Greg Nottage explains why the LTSC of Windows 10 is not a solution for corporate use. And there are a number of disadvantages that users face with an LTSC solution compared to the SAC (Semi-Annual Channel) approach.

• No new operating system extensions via feature update
• No new security features via feature update – LTSC does not keep pace with the feature enhancements of Windows Defender ATP.
  
• No support for newer hardware – keyword Windows 10 LTSC 2016 does not support Intel chipsets beyond Kaby Lake
• No Windows Analytics Upgrade Readiness support for LTSC
• No support for the Edge browser
• No support for Cortana
• No support for Windows Store
• No support for surface hardware
• LTSC does not support ConfigMgr Express Updates

Nottage wrote that in-place upgrade from Windows 7 to Windows 10 is not supported for LTSC. Also: Microsoft Office 365 on LTSC will no longer be supported from January 2020. How silly. Furthermore, he claims missing support and restrictions in the LTSC area by independent hardware and software manufacturers. And non-security operating system fixes and extensions may not be back ported to LTSC by Microsoft. Loosely defined LTSC release cycles should also make advance planning more difficult. Some people will see it differently, and some arguments a bit silly!

Windows 10 V1607: Poor man’s LTSC?

I still had since long time the idea of installing Windows 10 Anniversary Update (V1607), using DISM or tools to remove Store, Cortana, Telemetry and so on. The background for this idea was the fact, that Microsoft promised to support Windows 10 V1607 until 2023 with security updates (see my blog post Windows 10 support for Clover Trail machines till 2023).

Because Microsoft cannot provide Clover Trail support from Windows 10 V1703 upward, security updates are granted until 2013 for Windows 10 V1607. But I didn’t know, whether Microsoft checks for Clover Trail chipset during update install. This comment confirmed, that updates still install on officially unsupported Windows 10 Anniversary Update. The user downloaded the June KB4287903 flash update manually and was able to install it on Windows 10 Pro V1607. Nevertheless, it is a crazy idea to use Windows 10 V1607 as a basis, as you will see below.

Looking behind the curtain

Let’s go one step further now – I’m not a consultant for Microsoft, so I’m not suspicious of wanting to sell Windows as a service (WaaS). Within the last weeks I received several comments within my blogs. And I had an exchange of ideas with blog reader Karl about the idea of the Windows 10 V1607 LTSC (also the homemade version). So I can lift the curtain of the stage a little and show the dirty floor behind the scenes.

LTSC, just a dead horse …

German blog reader Christian wrote this comment (just scroll down a bit, up to his text) an aspect I wasn’t so familiar with. His message: The LTSC is not intended for office computers. Why?

Quote: I now have software here that requires at least Windows 10 – 1607 if you are using Win 10. With Win 7 and 8.1 the software does not make any restrictions. It is a special software, but the problem is not the software itself but in the background and there it can affect any program..

Christian also provides the explanation, which shows that Microsoft can (and probably will) create a rocky road to users who are installing LTSC builds.

Reason: All Win 10 versions below version 1607 cannot install Net Framework 4.7, which automatically results in an LTSB version below version 1607, e.g. 1511, will be cut off from using current software.

For example, paint.net also requires Net Framework 4.7 in its current versions. And if also the provider of the own standard office software takes this step you are quite nailed with your old LTSB version.

Win 7 and 8.1 do not have this problem, Net Framework 4.7 is still fully supported.

And now .NET Framework 4.8 is already in the pipeline. As soon as Microsoft realizes that people don’t switch to the most recent Windows 10 builds, you fastens the thumbscrews.

A practical experience

I discuss behind the scenes with some administrators. One, I will call him Karl, just gave up his administrative job some year ago and is now an IT service guy. When I asked him for his opinion about using LTSC or a customized Windows 10 V1607, he came up with a clear statement.

I personally don’t believe in LTSC or in cobbling something like Windows 10 V1607 together. What you should ideally do: Install Windows 10 1803 and then use DISM GUI to uninstall the pre-provisioned apps. Or switch off telemetry with local GPOs.

Karl justifies his rejection with the following practical experience, which I cannot reject nor confirm.

Windows 10 V1507, V1511 and V1607 in particular are anything but well designed versions under the hood, which is why I am also not recommending Windows Server 2016 V1607. 

We have 2 well-known customers who have taken this stony path with LTSC and now it is over. All of us wasted money, me included. All clients are now reinstalled and relicensed with Windows 10 Enterprise.

Then he adds the following explanations (that fits with the british consultant’s comments cited above).

Reason 1: With the end of mainstream support, the support claim of the same LTSC build against the OEM manufacturer regarding drivers and security updates expired! But it’s absurd.

Reason 1a: The LTSC does not allow code changes and is therefore out.

Karl notes also that the OEMs do not live an LTSC ideology. He referred to a discussion with me on Google+, where I wrote, OEMs often make little or no effort to test the insiders and see what happens’. I know this argumentation from Microsoft (see Moving from project to process: digital transformation with Windows as a service, from John Wilcox, Microsoft). That was also the point where Karl went into the discussion and we couldn’t find a common sense in the discussion – because Microsoft creates a moving target with Windows 10 semi annual channel (SA)C, which is fundamentally patched one day before the release. And then Karl gave me further reasons for his argument against LTSC:

Reason 2: The updates provided for LTSC are pure security updates, bugs stay in forever if they are not security critical. This is part of the concept.

Reason 3: An LTSC version cannot be upgraded from LTSC to current non-LTSC versions, not even in-place because of other codebase / WIM images .

Reason 4: An LTSC is more expensive to license than other models in the long run. An LTSC is revised approximately every 3 years (LTSC 2015 – 1507,  LTSC 2016 1607,  LTSC 2019 – probably 1809) 

Reason 5: Microsoft does not support Usual Business Use on LTSC, i.e. Office or Office 365 etc. The applications are therefore not road warriors or laptop users, but rather machine controls, telephone systems, devices in the operating room, etc. Devices with little to no changes and high uptime.

Karl argues that the current way with 6 months of upgrades (or if delayed, with 18 months of upgrade support) is the only way to prevent fragmentation like XP, Windows 8 or Windows 7. He told me: By the way, nobody had gotten upset about it at Apple, it had been there since MacOS X.

Note from my side: With macOS you have a closed hardware environment, and still suffer from bugs, but can fix them faster than Microsoft. And Apple recently set itself the internal goal of slowing down the development of new features for higher quality and fewer bugs. Besides (but I’m not 100% in there), it seems to me that the number of collateral damage due to incompatible hardware and software is quite limited with macOS. Eventually a Mac series didn’t made it to a new macOS version, but the software can often be used again. But I may be wrong.

So, this has once again become a much too long blog post. However, I think and hope that the aspects mentioned here will lead to a critical and fruitful discussion or new insights. At least now everyone should realize where the journey with Windows should go. I don’t envy administrators in the Windows environment for their job.

PS: Finally, a reference to the ZDNet.com article by Mary Foley Microsoft looks to add security, stability with Windows 10 IoT Core Services, where she already outlines in the header text: Microsoft is adding a new, paid option to its Windows 10 IoT Core operating system that will prevent it from getting regular feature updates, among other features.

Similar articles:
Windows 10 support for Clover Trail machines till 2023
Windows 10: End of Life for several builds

[English]On June 12, 2018 Microsoft released several (security) updates (KB4284826, KB4284867) for Windows 7 SP1 and other updates (KB4284815, KB4284878) for Windows 8.1 and the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.

KB4284826 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4284826 (June 12, 2018, Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in the previous month’s update. Among other things, the update addresses the Spectre vulnerabilities including the following items:

• Provides support to control use of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See AMD Architecture Guidelines for Indirect Branch Control and AMD Security Updates for more details). For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable use of IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
• Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren’t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
• Increased the Internet Explorer cookie limit from 50 to better align with industry standards.
• Improves the reliability of Internet Explorer when using geolocation.
• Security updates to Internet Explorer, Windows apps, Windows Server, Windows storage and filesystems, Windows wireless networking, and Windows virtualization and kernel.

The update is automatically downloaded and installed by Windows Update. It can also be downloaded from the Microsoft Update Catalog. Microsoft continues to report a known problem: A stop error occurs on computers that do not support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). That should be fixed sometime.

The second issue has also been known for months: There is a problem with third-party Windows and software that refers to a missing file (oem<number>.inf). For this reason, the network interface controller will not work after installing this update. I picked up the topic in the blog post Windows 7 SP1 network bug (KB4103718/KB4103712) . Microsoft recommends updating the network driver as a workaround.

KB4284867 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4284867 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the same points as those listed in KB4103718. The described stop error also occurs. The update is available via WSUS or in the Microsoft Update Catalog.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4284815 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4284815 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the rollup for the previous month. It also addresses the following items.

• Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
  • 1. Temporarily suspending BitLocker.
  • 2. Immediately installing firmware updates before the next OS startup.
  • 3. Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
• Permits a band-capable disk that has only one partition, and it is an MSR partition, to convert to a dynamic disk.
• Increases the Internet Explorer cookie limit from 50 to better align with industry standards.
• Improves the reliability of Internet Explorer when using geolocation.
• Security updates to Internet Explorer, Windows apps, remote code execution, Windows Server, Windows storage and filesystems, and Windows wireless networking.

This update is automatically downloaded and installed from Windows Update, but is also available in the Microsoft Update Catalog. There are no known issues with this update.

KB4284878 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4284878 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses only one item.

Security updates to Windows apps, remote code execution, Windows Server, Windows storage and filesystems, and Windows wireless networking.

The update is available via WSUS or within the Microsoft Update Catalog. There are no know issues.

Similar articles:
Adobe Flash Player version 30.0.0.113 available
Flash-Update KB4287903 for Windows released
Flash-Update KB4287903: Install issues with WSUS
Microsoft Office Patchday (June 5, 2018)
Windows 10 V1803: Update KB4338548 released
Microsoft Security Update Summary for June 12, 2018
Windows 10 V1511-1607: Privacy notification update KB4134662, KB4134663 and KB4134659Microsoft Office Patchday (5. Juni 2018)

[German]Microsoft released several cumulative updates for the supported Windows 10 builds on June 12, 2018. Here are some details about these updates.

A list of updates can be found on this Microsoft website. I have pulled out the details below. Some of these updates for Windows 10 versions 1607 to 1709 are also available as delta updates  for the WSUS.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 April Update (version 1803).

Update KB4284835 for Windows 10 Version 1803

Cumulative update KB4284835 contains quality improvements but no new operating system functions and raises the OS build to 17134.112. The most important changes are the following Specte patch and some other fixes:

• Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren’t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
• Addresses an issue in which the 2017 and 2018 versions of Intuit QuickBooks can’t run in multi-user mode on Windows 10 1803 devices. Users will now be offered Windows 10, version 1803.
• Adds support for the SameSite cookie web standard to Microsoft Edge and Internet Explorer. 
• Addresses an issue with Internet Explorer that prevents it from using an updated version of location services.
• Addresses an issue that causes certain games to fail to show dialogs when connected to monitors that support interlaced display formats. 
• Addresses an issue with the brightness controls on some laptops after updating to the Windows 10 April 2018 Update. 
• Addresses a reliability issue in which the GameBar may fail to launch. 

• Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:

  1. Temporarily suspending BitLocker.
  2. Immediately installing firmware updates before the next OS startup.
  3. Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
• Addresses an issue that caused the system to start up to a black screen. This issue occurs because previous updates to the Spring Creators Update were incompatible with specific versions of PC tune-up utilities after installation.
• Addresses an issue in which customers with a combination of specific Windows display languages and user preferred language list (UPLL) entries receive an extraneous UPLL entry and input language selector entry. This issue occurs after upgrading to Windows 10 version 1803 and, as a result, customers cannot remove this language entry or its keyboard.
• Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows shell, Windows kernel, Windows Server, Windows storage and filesystems, Windows wireless networking, remote code execution, and Windows virtualization and kernel.

Interesting is the fix of the black screen bug that has been available since the Spring Creators update (Windows 10 V1703) and is caused by Tune-Up. The update is distributed via Windows Update, but should also be available via WSUS or may be downloaded from Microsoft Update Catalog.

Unfortunately, Microsoft has not fixed the SMBv1 issue I discussed in the blog post Microsoft plans a Windows 10 V1803 SMBv1 fix on June 2018. The issue that SMBv1 protocol is causing connection errors is described as a Known Issue.

German blog reader Johann H. notified me via e-mail (thanks for that) about a curiosity. He wrote: If you load the update package windows10.0-kb4284835 from the “Microsoft Update Catalog” you will get the OS Build 17134.111. If you do it with the Windows 10 “Update and Security” you will get the OSBuild 17134.112. 

Updates for Windows 10 Version 1709

The following updates are available for Windows 10 Fall Creators Update (version 1709)

Update KB4284819 for Windows 10 Version 1709

Cumulative update KB4284819 for Windows 10 Version 1709 (Fall Creators Update) raises the OS build to 16299.492 and includes quality improvements and the following fixes:

• Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren’t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
• Includes additional performance improvements.
• Addresses an issue in Microsoft Edge that causes incorrect responses to XML requests. 
• Adds support for the SameSite cookie web standard to Microsoft Edge and Internet Explorer. 
• Addresses an issue with Internet Explorer that prevents it from using an updated version of location services.

• Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:

  1. Temporarily suspending BitLocker.
  2. Immediately installing firmware updates before the next OS startup.
  3. Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
• Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows shell, Windows storage and filesystems, Windows app platform and frameworks, Windows virtualization and kernel, Windows wireless networking, and Windows Server.

The update is distributed via Windows Update, but can also be downloaded via Microsoft Update Catalog. The update inherited the known issue from the previous update. Some non-English platforms can display the following string in English instead of the localized language: “Reading scheduled jobs from file is not supported in this language mode.” This error is displayed when Device Guard is enabled and you are trying to read the scheduled jobs you have created. In addition, there are other known bugs with Device Guard activated (e.g. no & or . operator etc., see) Microsoft is working on solving the issues.

Update KB4316692 for Windows 10 Mobile

Cumulative update KB4316692 for Windows 10 Mobile raises the OS build to 15254.489 and includes some improvements listed in the KB article. It is delivered via Windows Update.

Updates for Windows 10 Version 1507 till 1703

Various updates are available for Windows 10 RTM to Windows 10 Creators Update (version 1703). Here is a short overview.

• Windows 10 Version 1703: Update KB4284874 is available for Windows Mobile as well as for the desktop. It raises the OS build to 15063.1155 (Mobile 15063.1154) and also contains fixes for the Spectre vulnerabilities. Details can be found in the KB article.
• Windows 10 Version 1607: Update KB4284880 is only available for Enterprise and Education and Windows Server 2016. Systems with Clovertrail chipset also receive the update. The update raises the OS build to 14393.2312 and also contains fixes for the Spectre vulnerabilities. Details, also to the known problems can be found in the KB article. 
• Windows 10 Version 1507: Update KB428486 is available for the RTM version (LTSC). The update raises the OS build to 10240.17889 and also contains fixes for the Spectre vulnerabilities. Details, also about the known problems can be found in the KB article.

For Windows 10 V1511 there was no update that this version has fallen on the support. Details on the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Adobe Flash Player version 30.0.0.113 available
Flash-Update KB4287903 for Windows released
Flash-Update KB4287903: Install issues with WSUS
Microsoft Office Patchday (June 5, 2018)
Windows 10 V1803: Update KB4338548 released
Microsoft Security Update Summary for June 12, 2018
Windows 10 V1511-1607: Privacy notification update KB4134662, KB4134663 and KB4134659Microsoft Office Patchday (5. Juni 2018)
Patchday: June 2018 Updates for Windows 7/8.1/Server

Just a brief note to users of Windows 10 April Update (V1803) who are affected by the All-in-on printer scanner bug, preventing scans via HP/Samsung’s Easy Document Creator. HP/Samsung has released a hotfix hotfix_usb_win10_v1803.zip, to fix the issue. I have added the necessary information within the blog article Windows 10: Scanner fails after update.

Microsoft just released Windows 10 Insider Preview Build 17692 for PC in Fast Ring. The announcement has been made within the Windows blog, where you can read about improvements and the bucket of bugs and issues coming with this new build.

[German]Some users are facing an empty network environment and have problems accessing other shares, after upgrading to Windows 10 April Update (V1803). Here are a few hints what to do.

Microsoft removed the homegroup from Windows 10 V1803 (see Windows 10 V1803: Removed features, planned replacements). But users of Windows 10 are also plagued by further inequities in their network environment when switching to the April Update (V1803).

Error description

I had this topic in mind but again became aware of the problem through a German comment by Michael. Here is the translated description: 

I’m dealing with a curious issue I didn’t notice until after 1803. Two machines, 1 x [Win 10] home a the box from HP with nothing on it, a “workstation” that also ran until then. 

The network [environment is] empty except for printer / FRITZ!Box, all other machines [within the network] are no longer visible.

Using a machines name to access the shares works. Using results in:

Net view := Error
System error 1231

The network address cannot be reached. For more information about troubleshooting network problems, see Windows Help.

The network machine isn’t reachable. Automatic troubleshooting, of course, doesn’t produce any result.

To make a long story short, there is no longer a network browser service, the network environment in explorer seems to be empty. Why, I have no idea; LanmanWkst & Server are intact. .

The SMBv1 problem

On Windows 10 V1803, the SMBv1 protocol is no longer installed by default. Microsoft provides the support article SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions, which describes the topic in more detail.

• In Windows 10 Home and Windows 10 Professional, the SMBv1 server is no longer included by default after reinstallation. 
• In Windows 10 Home and Windows 10 Professional, the SMBv1 client is still included by default after reinstallation. If the SMBv1 client is not used for a total of 15 days (except when the computer is turned off), the client is automatically uninstalled. 
• Direct upgrades from Windows 10 Home and Windows 10 Professional do not automatically remove SMB1 at first. If the SMBv1 client or server is not used for a total of 15 days (except when the computer is turned off), it is automatically uninstalled.

The automatic removal of SMB1 after 15 days is a one-time process. If an administrator reinstalls SMB1, the log is not uninstalled.

The Microsoft support article linked above contains the following hint: Since the computer search service relies on SMBv1, the service will be uninstalled when the SMBv1 client or server is uninstalled. This means that the Explorer node “Network” can no longer display Windows computers via the legacy method for browsing NetBIOS datagrams.

(Source: SuperUser-Forum)

In this scenario, Windows 10 will display various errors such as’The specified network name is no longer available.’ etc. 

A fix for this issue

At superuser.com there is the forum post Did Windows 10 April Update break network discovery and Samba support?, where someone also describes the above error picture. It can no longer access NAS shares. I would look for the cause in the uninstalled SMBv1 protocol.

The first impulse would be to reinstall the SMBv1 protocol to fix the problem. For security reasons, however, this should be avoided. There must be another way to reactivate the network browser function. And in the superuser.com forum post contains the advice to activate the WS-DISCOVERY protocol for search. 

• Find the Function Discovery Provider Host and Function Discovery Resource Publicationservices and set their startup types to Automatic (Delayed Start).
• The next time you start network browsing, follow the prompts to enable Network discovery.

Microsoft explains the whole thing in this support article. On the Windows-based computers on which SMBv1 is no longer used, follow these steps:

1. Start the “Function Discovery Provider Host” and “Function Discovery Resource Publication” services, and then set them to Automatic (Delayed Start)..

2. When you open Explorer Network, enable network discovery when you are prompted.

All Windows devices in this subnet that have these settings are now displayed in “Network” and can be searched. The WS search protocol is used. Maybe this fixes the issue that the network search can’t find anything anymore.

Similar articles
Win10 Wiki
Windows 10 April Update (Version 1803): Upgrade FAQ
Activate Build-in Administrator account in Windows – I
Activate Build-in Administrator account in Windows – II
Microsoft plans a Windows 10 V1803 SMBv1 fix on June 2018
Windows 10 V1803: Update KB4100403 (with SSD fix)
Windows 10: Scanner fails after update

[German]Microsoft claims, that 250 Million systems are upgraded to Windows 10 V1803. And as a consequence, Microsoft has declared Windows 10 April Update (V1803) as ‘semi-annual’ ready. So this build is now being rolled out in the business environment. There is also an article from Microsoft that explains how Windows 10 deployment can be ‘accelerated’ by integrating Windows Insider Previews.

Windows 10 V1803 as ‘Semi-annual’ ready

MVP colleague Susan Bradley points out in this article at askwoody.com that Microsoft considers Windows 10 V1803 to be ready for business use.

Microsoft today declared 1803 as “ready for business” and is flipping from the Semi-annual targeted (the old CB) to Semi-annual (the old CBB).

This information has been published from Microsoft in this blog post on June 14, 2018. Microsoft explains there that the rollout of Windows 10 April Update could be completed much faster with the help of Artificial Intelligence (AI) than in previous builds.

250 Million systems on Windows 10 V1803

Microsoft says within the blog post linked above, that more than 250 million machines have already been updated to Windows 10 V1803. Based on the AI data, these Windows 10 versions have been released for all compatible devices worldwide.

So Microsoft claims Enterprise customers can follow the same approach for the Semi-Annual Channel and roll out Windows 10, version 1803.

Windows 10 V1803 business ready? Seriously?

After reading Microsoft’s blog post, I was wondering what they are smoking. Susan Bradley expresses what went through my mind: “It’s a little early to roll out this build in companies”. There are simply still too many bugs (Susan Bradley has summarized some things here – and I have blog posts about many of these topics – see link list at the article’s end).

After posting the German version of this article a few hours ago, I received a couple of comments, where administrators from business environments are making a fuss about Windows 10. One admins wrote, that the Bitlocker AD backup issue hasn’t been fixed – so a rollout is not an option. Luckily IT administrators can decide when to deploy the new operating system build in their organization on a broad basis.

Microsoft: Integrate Insider Preview Builds

When the following tweet came to my attention, I involuntarily looked at the calendar and searched for April 1 as the current date.

Want to accelerate the deployment of Windows 10 releases? Here’s how to integrate Windows Insider Preview builds. https://t.co/2bsmyYyeex pic.twitter.com/e6edwLSdbZ

— Windows IT Pro (@MSWindowsITPro) 13. Juni 2018

Under the premise of speeding up the rollout of Windows 10 releases, an IT Pro article explains how to roll out Windows Insider Preview builds in enterprise environments. That’s because you have a Windows Insider Program for Business. But I can’t help, what stuff they are smoking at Redmond? What does an Insider Preview Build have to do with the deployment of Windows 10? What’s your opinion? Is Windows 10 V1803 business ready? Is it a good idea to deploy Windows 10 Insider Preview builds?

Similar articles
Win10 Wiki
Windows 10 April Update (Version 1803): Upgrade FAQ
Microsoft plans a Windows 10 V1803 SMBv1 fix on June 2018
Windows 10: Scanner fails after update
Windows 10 V1803: Update KB4100403 (with SSD fix)
Windows 10: Scanner fails after update
Windows 10 Version 1803: Network environment empty
Windows 10 V1803: Hotfix for Easy Document Creator Scan
Stuipd idea using Windows 10 LTSC or tinkering with V1607

[German]Cumulative update KB4230450 for Internet Explorer seems to cause some issues. Microsoft had to make improvements in WSUS detection. And there is a message that suddenly old updates are offered..

I mentioned the cumulative update KB4230450 for Internet Explorer in the blog post Microsoft patchday: More updates (June 12, 2018). Installation is required, if administrators install security-only updates for Windows 7 or Windows 8.1 (including server counterparts). The security rollups of June 2018 for Windows 7/8.1, however, contain the patches. 

Issues with WSUS detection are fixed

Blog reader Martin B. informed me by mail that there are problems under WSUS to detect update KB4230450 for Internet Explorer. In the Technet forum there is this discussion thread where someone reports massive issues.

Has anyone noticed this month the ‘Cumulative Security Update for Internet Explorer 11 for Windows 2012 R2 (KB4230450)’ is not downloaded by clients if the the ‘2018-06 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4284815)’ is also approved ?

Also this Technet forum thread deals with the same issue. Update KB4230450 for Internet Explorer is not downloaded to clients via WSUS.

Is anybody else seeing KB4230450 (Cumulative security update for Internet Explorer for Windows 7 x86/x64 and Windows Server 2008 R2), released Tuesday, not being detected as needed through WSUS? This KB also applies to Windows 8.1 and Server 2012, but we don’t have either, therefore I don’t know if this problem applies to them as well.

WSUS: Windows 2012 R2 (fully patched with all updates except for ones released Tuesday)

Windows 7: Professional, x64/x86 OEM (fully patched with all updates before or after Patch Tuesday are affected)

This detection problem resembles the problem Microsoft had in May for Windows 10 Professional clients using WSUS, which didn’t affect Enterprise editions of Windows 10.

In May 2018 there seems to have been similar problems. Users rightly suspected that there was a bug in the Microsoft detection routine. Microsoft found the error quickly and released the cumulative security update KB4230450 in a new version. Microsoft Update Catalog now contains a release date of June 14, 2018, as a user points out:

The flaw in detection routine of KB4230450 was fixed by Microsoft last night (see date 2018-06-14 in catalog). So client systems of WSUS detects this update now as “needed”.

You should be able to distribute the IE update KB4230450 on WSUS without any problems. Or are there still problems? Thanks at this point to Martin B., who informed me about the fix.

After installing KB4230450, old updates are offered

In my German blog post Microsoft Patchday: Weitere Updates zum 12. Juni 2018 , German blog reader Hans Thölen has reported.

Windows 7 Home Premium 32 Bit SP1
After installing KB4284826 and KB4230450,
I received a lot of cumulative security
updates for Internet Explorer 11 from
2016. What could this mean?
I’ve hidden all the old updates.

Hans send me the above screenshot, where the updates in questions are marked. I tried the the same on a machine with Windows 7 SP1 and installed security-only update KB4284867. Then I installed the IE 11 update KB4230450. But I could not observe this behavior, described by Hans. Maybe there was something broken on his machine, because Windows 7 was on update level December 2017, before Hans installed the June 2018 updates. Do you have install issues with update KB4230450?

[German]It seems that some users worldwide are running into install issues with cumulative update KB4284835 for Windows 10 V1803. Here is an overview of what I have found so far.

Cumulative update KB4284835 rolled out on June 12, 2018 for Windows 10 April Update (V1803) fixes a number of issues. Among other things, it contains patches against the spectre vulnerability. I’ve described the details in my blog post Patchday: Windows 10 updates June 12, 2018. The ‘Know issues’ officially admitted by Microsoft at SMBv1 and Edge are also listed there.

Update KB4284835 is causing an endless install loop

The first message about an installation problem reached me in the morning after the update was released. On my system the installation went through, but blog reader Karl wrote:

Hello Günter, have you heard about installation loops caused by KB4284835?

Install and Shutdown will be displayed,but the update will not be installed. After startup the update will be installed again.

A quick research at this time did not give me any results. At reddit is this thread with a similar statement. Yesterday I received another feedback from Karl:

Hello Günter, got it solved and was probably a single point of failure with me. The Windows Troubleshooter of Windows 10 has fixed it.

That was, what I would have recommended to try in a first step.

WiFi adapter may cause install issue

Within this MS Answers forum thread also an install loop is mentioned. There is a hint, that an Anatel Wi-Fi network card may be the root cause for install loops. So try to remove the network card and repeat the update install via a manually downloaded update package.

More issues found within the internet

Meanwhile I came across several articles like this one, which deals with installation problems with the cumulative update KB4284835 for Windows 10 V1803.

Install error 0x800f0900

At Microsoft Answers I found this thread (where we may forget the recommendation of the ‘experts’, except the suggestions to use the update troubleshooter and reset the update store).

Error code 0x800f0900 stands for CBS_E_XML_PARSER_FAILURE. An error occurred while parsing the Component-Based Servicing store (CBS). This means that simply broken update files are found. Normally, running the update troubleshooter and reset the update store should help. Checking the system for corrupted files according to my blog post Check and repair Windows system files and component store might also help.

In the MS-Answers forum post referenced above, however, these measures did not continue – damaged files were probably detected, but DISM could not completely restore the CBS content. If external virus scanners may be excluded as a root cause, I suspect that the damage has something to do with SSDs.

In most cases, a clean install of Windows 10 is required, to fix this install issues. If Media Creation Tool fails to downloading the installation image, you can follow the tips in my article Tip: Windows 10 ISO direct download from MS via Chrome.

BSOD and other issues

At reddit.com I found this thread, where somebody observed a blue screen during install. But the discussion of this issue isn’t that deep. There is also an 2nd reddit.com post claiming that the update has killed the system during install. But no more details yet. So both posts are not too helpful. A post in Microsoft Answers forum reports an install loop, but didn’t provide details. In this MS Answers forum thread, the update installation causes a reboot that ends with a black screen and shutdown – the root cause is unknown. Are you experiencing problems installing update KB4284835? Are causes and solutions known?

Similar articles:
Tip: Windows 10 ISO direct download from MS via Chrome
Issues with cumulative update KB4230450 for IE
Windows 10 Version 1803: Network environment empty
Windows 10 V1803 is ‘Semi-annual’ ready – seriously?

[German]A short information for administrators: Microsoft has plans to switch Windows Server 2008 SP2 to monthly rollup updates. All of this is to take place from September 2018. 

For Windows 7 and Windows 8.1 this switch to monthly rollups was already made in autumn 2016. Microsoft has outlined details within the article More on Windows 7 and Windows 8.1 servicing changes.

Switching Windows Server 2008 SP2 to Monthly Update Rollup Model at @Microsoft starting in September.

By Kurt Mackie 06/13/2018https://t.co/JHrUAEv7jRhttps://t.co/42YmykZlHq

— Crysta T. Lacey (@PhantomofMobile) 14. Juni 2018

On Twitter I became aware of the explicit change for Windows Server 2008 SP2 via the above tweet. The Redmond magazine takes up the whole in this article. Microsoft has published a blog post on the topic with further details.

A brief information for administrators. Blog reader Markus K. informed me that 45 updates for Windows, Office etc. were re-synchronized in WSUS on Saturday, June 16, 2018..

Here is an overview of the relevant list. I do not know what caused the synchronization. Perhaps one of you knows the background. Thanks to Markus for the advice.

New Update Alert

The following 45 new updates have been synchronized to WSUSSV10 since Saturday, June 16, 2018 3:13 AM (GMT).

Critical and Security Updates

Security Update for Microsoft Office 2013 (KB4022182) 64-Bit Edition
A security vulnerability exists in Microsoft Office 2013 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft Excel 2016 (KB4022174) 64-Bit Edition
A security vulnerability exists in Microsoft Excel 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft Office Web Apps Server 2013 (KB4022183) farm-deployment
A security vulnerability exists in Microsoft Office Web Apps Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4022173) farm-deployment
A security vulnerability exists in Microsoft SharePoint Enterprise Server 2016 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft Office 2013 (KB4018387) 64-Bit Edition
A security vulnerability exists in Microsoft Office 2013 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft Outlook 2013 (KB4022169) 64-Bit Edition
A security vulnerability exists in Microsoft Outlook 2013 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft SharePoint Foundation 2013 (KB4022190)
A security vulnerability exists in Microsoft SharePoint Foundation 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

2018-06 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4284819)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-06 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4284880)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-06 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4284835)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-06 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4284819)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

Update for Microsoft OneDrive for Business (KB3178712) 64-Bit Edition
Microsoft has released an update for Microsoft OneDrive for Business 64-Bit Edition. This update provides the latest fixes to Microsoft OneDrive for Business 64-Bit Edition. Additionally, this update contains stability and performance improvements.

2018-06 Dynamic Update for Windows 10 Version 1803 for x86-based Systems (KB4293701)
SetupUpdate:

2018-06 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4284874)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-06 Dynamic Update for Windows 10 Version 1803 for x64-based Systems (KB4293701)
SetupUpdate:

2018-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4284880)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

Update for Skype for Business 2015 (KB4022170) 64-Bit Edition
Microsoft has released an update for Skype for Business 2015 64-Bit Edition. This update provides the latest fixes to Skype for Business 2015 64-Bit Edition. Additionally, this update contains stability and performance improvements.

2018-06 Dynamic Update for Windows 10 Version 1709 for ARM64-based Systems (KB4293700)
ComponentUpdate:

2018-06 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4284835)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-05 Update for Windows 10 Version 1607 for x86-based Systems (KB4132216)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

Security Update for Microsoft SharePoint Foundation 2013 (KB4022190) farm-deployment
A security vulnerability exists in Microsoft SharePoint Foundation 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

2018-05 Update for Windows 10 Version 1607 for x64-based Systems (KB4132216)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

Security Update for Microsoft Excel 2013 (KB4022191) 64-Bit Edition
A security vulnerability exists in Microsoft Excel 2013 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft Office Online Server (KB4011026) farm-deployment
A security vulnerability exists in Microsoft Office Online Server that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4018391) farm-deployment
A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4018391)
A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4022179) farm-deployment
A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4022179)
A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

2018-06 Cumulative Update for Windows 10 Version 1703 for x86-based Systems (KB4284874)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-06 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4284835)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-06 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4284835)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

Update for Microsoft Project 2013 (KB4022171) 64-Bit Edition
Microsoft has released an update for Microsoft Project 2013 64-Bit Edition. This update provides the latest fixes to Microsoft Project 2013 64-Bit Edition. Additionally, this update contains stability and performance improvements.

2018-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4284835)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-06 Cumulative Update for Windows 10 Version 1703 for x86-based Systems (KB4284874)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-06 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4284819)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-06 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4284819)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4284880)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-06 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4284819)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

Security Update for Microsoft Office Web Apps Server 2013 (KB4022183)
A security vulnerability exists in Microsoft Office Web Apps Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

2018-06 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4284880)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

Update for Microsoft Word 2013 (KB4022186) 64-Bit Edition
Microsoft has released an update for Microsoft Word 2013 64-Bit Edition. This update provides the latest fixes to Microsoft Word 2013 64-Bit Edition. Additionally, this update contains stability and performance improvements.

2018-06 Dynamic Update for Windows 10 Version 1709 for x86-based Systems (KB4293700)
ComponentUpdate:

2018-06 Dynamic Update for Windows 10 Version 1803 for ARM64-based Systems (KB4293701)
SetupUpdate:

Update for Microsoft Office 2016 Language Interface Pack (KB4018370) 32-Bit Edition
Microsoft has released an update for Microsoft Office 2016 Language Interface Pack 32-Bit Edition. This update provides the latest fixes to Microsoft Office 2016 Language Interface Pack 32-Bit Edition. Additionally, this update contains stability and performance improvements.

Update for Microsoft Office 2016 Language Interface Pack (KB4018370) 64-Bit Edition
Microsoft has released an update for Microsoft Office 2016 Language Interface Pack 64-Bit Edition. This update provides the latest fixes to Microsoft Office 2016 Language Interface Pack 64-Bit Edition. Additionally, this update contains stability and performance improvements.

Other Updates

No new non-critical and non-security updates were synchronized.

[German]Microsoft provides another new Update Facilitation Service for Windows 10 Home and Pro. Here’s some information on this obscure update, that Microsoft provides for Windows 10 versions that are ‘out of support’ since months.

Windows 10 is broken! At least if you look at the whistles and bells, Microsoft’s developers have added to the update process (see my article Windows 10 Reliability Update KB4023057 (8.2.2018) and this comment). Beside Windows Update there are other task scheduling mechanisms that are designed to ensure that an update, disabled by a user can still be flushed onto the machine. Here’s the ‘next innovation’ from this category.

Update Facilitation Service for Home und Pro

Susan Bradley recognized during browsing some update the new Update KB4056254 (Windows 10 update facilitation service) for Windows 10. Microsoft says:

This update includes a background service to facilitate Windows Update service on devices running Home or Pro editions of Windows 10 Versions 1507, 1511, 1607, and 1703.

This means: Since Windows 10 Version 1709 (Fall Creators Update) this service or feature is already a board. KB article for Update KB4056254 says:

This update includes files and resources to address issues affecting background update processes in the Windows Update servicing stack. Maintaining Window Update service health and performance helps ensure that quality updates are installed seamlessly on your device and help to improve the reliability and security of devices running Windows 10.

That makes me wonder, what Microsoft has in stock. Because the explanation above is a bit ‘windy’ (see below).

These machines get the update

Microsoft writes that only certain builds of Windows 10 versions 1507, 1511, 1607 and 1703 require this update. These are systems on which these builds run on home or pro editions. These devices may not belong to a Windows domain. In other words, it affects the home users and users who run Windows 10 Pro in smaller installations. These systems receive the update automatically via Windows Update downloaded and installed.

(Install dialogs, Source: Microsoft)

Microsoft says: Devices not connected to Windows Update may see a User Account Control (UAC) prompt during installation. Microsoft published the two dialog boxes shown above on their KB article. The left dialog box is always displayed. If something like that appeared on my desktop, I would immediately think of a virus.

It doesn’t make sense at all …

In a business environment with domains, this update is not (yet) used, Microsoft probably doesn’t dare to do that. In best case we may assume, that Microsoft’s developers try to improve the reliability of old systems that somehow have update problems. But looking under the hood, this update and Microsoft’s explanation doesn’t makes sense to me. Thinking about that thing, i stumbled upon the following things that contradict each other.

• Microsoft writes within the KB article about ‘Maintaining Window Update service health and performance helps ensure that quality updates are installed seamlessly on your device and help to improve the reliability and security of devices running Windows 10.’ So not security updates but quality updates should be rolled out to make Windows 10 more reliable.
• But the versions that are receiving this update are out of support! I had recently compiled the details in my blog post Windows 10: End of Life for several builds. Only Windows 10 V1703 is still in regular support and gets updates in the Home and Pro version. All other Windows 10 versions mentioned above are ‘out of support’ for Home and Pro (see my ). Only Windows 10 Enterprise LTSC-SKUs like V1507, V1607 etc. are still supported, but these machines are not covered within this update scheme. 
• Having a look at the AdDuplex Windows 10 version distribution, this update addresses Windows versions, which are hardly available anymore.

(Windows 10: Distribution May 2018, Source: AdDuplex)

If I consider that this update is not applied to the Enterprise versions running in business environments, possibly in the LTSC, but only on Windows 10 Home and Pro systems running in private and small businesses (without domains), an assumption is made. It seems to me as an attempt, to use home and small business users as a guinea pigs, to test how for force install of reliability updates, before it will be rolled out to business environments. What’s your opinion?

[German]Users of Excel 2013 and Excel 2016 have been suffering since April 2018 patchday from a bug that crashed the program when accessing charts . But there are hotfixes to fix the problem.

History: The Excel security update April 2018

In April 2018 Microsoft released the security updates KB4018319 and KB4018288 for patchday.

• Office 2016: Description of the security update for Office 2016: April 10, 2018 (KB4018319) 
• Office 2013: Description of the security update for Office 2013: April 10, 2018 (KB4018288)

Both security updates fix vulnerabilities in Microsoft Office that could allow remote code execution when a user opens a specially crafted Office file. I mentioned the updates in the blog post Patchday Microsoft Office Updates (April 10, 2018). There is a similar security update for Office 2010, which is not discussed here.

Excel crashes after April 2018 update

However, after installing these two security updates, the MSI installer versions of Microsoft Excel 2013 and Excel 2016 (probably also under Excel 2010) experienced crashes. German blog reader Tobias L. informed me about the problem by mail (see blog post Troubleshooting Microsoft April 2018 Updates). When opening Excel workbooks that contain a diagram, an access error 0xc0000005 (Access denied) occurs in the chart.dll module for some documents. At reddit.com there is this thread that describes the problem. Here is an excerpt of the text:

unable to determine so far what it is about the specific chart in our workbook that is causing the recently updated chart.dll and oart.dll files to crash excel, but it looks like the recent office updates are to blame. uninstalling KB4018319 for Office 2016 and KB4018288 for Office 2013 resolves the issue.

posting here in case anyone else runs into this.

crash events are slightly different between office 2016 and 2013. Office 2016 references chart.dll and 2013 references oart.dll.

The crash occurs when accessing the library files chart.dll and oart.dll. The error is described in the Technet in this thread. Here is the (still German) error text of the crash log:

Name der fehlerhaften Anwendung: EXCEL.EXE,
Version: 16.0.4678.1000, Zeitstempel: 0x5aa7e7ca
Name des fehlerhaften Moduls: chart.dll,
Version: 16.0.4678.1000, Zeitstempel: 0x5aa7e891
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025399e
ID des fehlerhaften Prozesses: 0x14d0
Startzeit der fehlerhaften Anwendung: 0x01d3d722a5bc6843
Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Microsoft Office\Office16\chart.dll
Berichtskennung: 651c98b9-242b-492c-be9d-0c4d3eb838c1
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:  …

Within this thread other users confirmed the bug. However, not every workbook with a diagram crashes and it seems to spare the click-to-run installations (they don’t get the updates). After uninstalling updates KB4018319 and KB4018288 the problem is gone.

There is a post in the Technet forum thread where a Microsoft moderator reports that Microsoft has investigated the problem and found a cause. 

Now we can confirm that this problem is because the chart would have a date axis which is filtered, for example the blank items are unselected in this chart:

(Error in Excel charts, Source: Microsoft)

The issue occurs, according to the above screenshot, if the legends of axis entries in the graphic have empty values. A user describes a workaround on the Internet:

• Uninstall and then reinstall the affected Office installation, but allow updates only until before the update.
• Once you have a working state again, save copies of the above DLL files to a safe place.
• Then install the April 2018 security update. As soon as the error returns, copy the backed up copies of the DLL files back.

In other words, the vulnerability fixed with the update is back – and simply uninstalling the security updates also helps. That all happened in April 2018, so it was the hope that the May or June patchday would fix the bug. 

Just a hotfix for the issue

However, Microsoft did not release a bug fix update via Windows Update for Office on patchday in May or June 2018 (at least I did not find any accommodation). On May 23rd 2018, Microsoft published two KB articles about that issue and a fix which you can download for the affected Office versions. Here are the links to the KB articles with the fixes and download links. 

• May 23, 2018, update for Office 2016 (KB4011128)
• May 23, 2018, update for Office 2013 (KB2986229)

Bot kb articles describes the fixes as: When you work with charts that contain filtered content in an Office 2016/2013 document, the Office application crashes. This issue occurs after you install update [mentioned above]. During last weekend, somebody mentioned the fixes within the forum posts mentioned above. I did not recognize that, because I’m not using these Office versions. But German blog reader Tobi L. contacted me today via mail an pointed that out. Tobi wrote:

on the topic with the Excel crash for sheets with diagrams (see mail history) I have now been informed about these KBs, which are already one month old:

https://support.microsoft.com/en-us/help/4011128/may-23-2018-update-for-office-2016-kb4011128

https://support.microsoft.com/en-us/help/2986229/may-23-2018-update-for-office-2013-kb2986229

For Office 2010 there is probably nothing, the problem also exists there, but the creators of the bug don’t care.

Unfortunately, the solution is only offered as a hotfix, i.e. although every Office 2016 MSI installation (click to run probably doesn’t have the problem) might be affected by the bug, Microsoft doesn’t see itself providing this fix via the update catalog, let alone pushing it directly to the WSUS.

In other words, the admins of this world who stupidly chose the MSI version of Office 2016 at that time (I’m ashamed to raise my hand) are now waddled off by being allowed to take care of how they deploy the hotfix on their computers and then report or monitor it.

Unfortunately I haven’t found more detailed information about the KBs, which was released right now to fix the problem. Unfortunately, I fear that the affected chart.dll will simply be replaced with an old, insecure one, which would explain why the fix is not released globally, but only for people who are really bothered by this problem, but that is just an assumption on my part ;-)

The origin of the diagram issue at that time was security update KB4018319 for Excel, where also only the DLL was exchanged and which led to the mentioned Excel app crashes, as soon as diagrams with certain conditions were in the Excel document.

Tobi L. then expresses the hope that I can find out something else about the hotfix. This is too much of an honor, I no longer have contacts to the Microsoft product groups. And what comes across in the Microsoft Answers forums can be classified as ‘for the wast paper basked’. But maybe it helps the one or other affected person who hasn’t noticed about the hotfixes yet. 

Similar articles:
Patchday Microsoft Office Updates (April 10, 2018)
Troubleshooting Microsoft April 2018 Updates
Windows 10 April Update: Bugs and Issues
Nice? Microsoft fixes an old Excel select issue
Security-Update KB3191855 fixes Excel bug
Security Update KB 3178690 crashes Excel 2010
December Update blocks ActiveX/Macro execution in Excel 2013