[German]New information for users and interested parties of the Windows tool Classic Shell: The follow-up project has already been renamed again and is now called Open Shell Menu. Here’s some information and a hint why I (currently) would say ‘be careful’’.

There is software that keeps itself in the focus of attention through renaming. I would classify the Classic Shell project in this category, because this project has been renamed again.

Some Background

The developer of the Classic Shell, Ivo Beltchev, stopped developing the software some time ago. But he gave the source code to the community for further maintenance. I’ve blogged about that within my German blog.

But what is not so nice for my taste: At the moment the project produce currently just headlines due to multiple renamings. For a short time the tool was called Classic Start. Then the community decided to rename it end of July 2018 to NeoClassic-UI/Menu. Maybe there are good reasons, I don’t know, they have never been mentioned.

The next new name …

And now the project has been renamed to Open-Shell-Menu. The current installation file is now called OpenShellSetup_4_4_126.exe, but the functionality has probably not changed. The project is available on GitHub, but not all links are functional yet. The current Nightly Build is available here, which expires after 6 months.

The dark side of this project: Security

Beside the ‘a sack rice fell over in China, please continue, nothing to see’, I would like to point out that you should keep your hands away from this tool (at least, until the developers has fixed a few fundamental things). Why this warning?

I’m in touch with white hat hacker Stefan Kanthak (see) since a while (Microsoft enlists him in the Top 100 MSRC 2017 and also in other lists, like top 100 Finders in 2015). researcher in 2015 (see).

Stefan Kanthak has posted a German comment, outlining some critical issues. Here is a brief excerpt:

• For convenience, the developers deliver an .exe installer (instead of an .msi file). This installer need to be executed with administrative privileges to install the software. The installer unpacks the required files into an (unprotected) TEMP directory. Problem: If there is malware on the system that currently only runs with the rights of a restricted user account, the trap is activated.
• This malware may notice the unpacking process (there are Windows APIs that can report this and call a ‘hook function’ of the malware). Then it is sufficient to copy a DLL file with a certain name into the TEMP folder (since this is unprotected, this is possible with limited user rights).
• During the installation process, the installer tries to load the supposed Windows DLL, but accesses the DLL placed by the malware due to Windows characteristics. And the malware promptly receives administrative rights via the DLL.

This is known since long time as DLL search order hijacking, a potential security risk and should be absolutely avoided. Stefan Kanthak has posted some links and further details in his German comment. As a conclusion: As long as the project didn’t address these issues, I would avoid/be careful using such software.

Addendum: At this point I have to pull back a little bit. I took a look at the installer (under Windows 7). Interesting observation: German reader Martin Feuerstein had pointed out in a comment, that the .exe installer has a switch for extracting the .msi installers – can be displayed with /? So you can unpack the .msi and install the 32-/64-bit version via .msi installer.

There is another observation: Apparently the .exe installer runs during unpacking only with standard user rights, unpacks the .msi files and calls the appropriate one. The .msi installer activates the UAC prompt due to settings within it’s manifest and installs the tool. This eliminate the attack vector as described above according to my current knowledge (whether the right msi calls the UAC can be checked in the UAC prompt). If there are new findings, I will add them.

Addendum 2: According to Stefan Kanthak the installer ClassicStartSetup_4_4_109.exe has the following dependencies – may be obtained with:

LINK.exe /DUMP /DEPENDENTS ClassicStartSetup_4_4_109.exe

COMCTL32.dll
VERSION.dll
KERNEL32.dll
USER32.dll
ADVAPI32.dll
SHELL32.dll

And the above DLLs depends on GDI32.dll, MSVCRT.dll, RPCRT4.dll, SECUR32.dll and
SHLWAPI.dll. Since Windows Vista VERSION.dll isn’t a “known DLL” and any file with that name will be loaded from the application’s directory, if present. Same applies to SECUR32.dll and RPCRT4.dll.

Stefan Kanthak let me use some of his test DLLs to run ClassicStartSetup_4_4_109.exe in a test environment. Here is the result:

(Click to zoom)

An attempt to display the options resulted in a warning, that a malware could have manipulated the files (dialog box in front). Afterwards I let the .exe installer just extract the .msi installers. When I executed the 64 bit msi installer, no more warnings are issued.

But the .msi files included in the .exe installer file are currently not digitally signed. The reason: They are nightly builds. At that point I stopped any further investigations. The nightly builds are not for end user systems. Let’s wait, how the final version of that tool looks like and if it has the same vulnerabilities as outlined above.

[German]Owners of Windows 10 version 1803 who try to perform the onboard system image backup end with an error. The function fails, at least in the 32-bit versions of Windows 10 V1803, with error 0x800706BA

German blog reader Volker E. informed me about this issue at the end of July 2018 by mail (thanks for the hint).

The error description

If you are searching the Internet for ‘Windows 10 V1803 Backup error 0x800706BA’, you will find at least a hit within the English Technet forum. Here the error description

After the Windows 10 version 1803 upgrade on April 30, 2018, my System Image Backup keeps failing withe two messages. “The backup failed” “The RPC server is unavailable (0x800706BA)”.

Note that the System Image Backup worked before the upgrade. The upgrade completed OK and I have not found any other issues.

I checked that =1= The RPC (Remote Procedure Call) service in Services is active and running and =2= the DCOM (Distributed COM) is enabled. There used to be a SYSTEM disk when I did the defrag, the defrag does not show the SYSTEM disk in version 1803.

Is it a bug, or is there a fix or should I try the Image Recovery (that might fail as well).

After upgrading to Windows 10 V1803 (April 30, 2018), system image backup with the build-in Windows 7 backup fails. The above error message occurs and the error code indicates that the Remote Procedure Call (RPC) server is not available. It should be added that it is a 32-bit Windows. This is not an isolated case, also in the English Tens forumthe error is reported. It occurs in the 32-bit version V1803 of Windows 10. 

That is a bug

This can be described as a bug in Windows 10 version 1803. Attempts to repair something is useless. If you go back to Windows 10 version 1709, the system image backup works. The bug has not been fixed (as far as I know) with any of the cumulative updates till yet.

However, there is hope for the upcoming Windows 10 V1809. Within this forum thread somebody wrote:

Here is the fix.
Windows 10 Insider Preview Build 17711
We fixed an issue where creating a system image from backup and restore in control panel would fail on x86 machines.

But I should note, that you should no more trust on Windows system backup. The reason: The backup function is still from Windows 7 and has not been made progress since then. Microsoft has declared the Windows system backup as deprecated and intends to omit the system image backup in newer builds sometime (see also Windows 10 Fall Creators Update (V1709): Things removed/deprecated).

There are workarounds

There is a workaround for people who depends to continue using the system’s backup function. You have to use wbengine.exe from a backup of Windows 10 version 1709 and copy this file to the system with Windows 10 version 1803, which was mentioned by blog reader Volker E. in his mail, but is also mentioned in the English Technet forum thread:

I talked to tech support (Ticket #1424749859) about this for over 3 hours while watching a tech on my laptop remotely, until he finally admitted defeat. (“Wait for an update that fixes the problem.”)

After all was said and done, i replaced the x86 1803 version of wbengine.exe with the 1709 version through the recovery command prompt.

After that the image backup worked and a recovery disc PRIOR to 1803 successfully restored it.

While I wouldn’t propose this as a solution, it certainly defines the problem.

wbengine.exe (x86) is the problem. RPC is merely a symptom.

The x64 version of wbengine.exe in 1803 is not a problem.

I reported this back to tech support under the same ticket number. Apparently you have to tell them from 4 different directions before someone notices.

I gather from the forum post that the 64-bit version of wbengine.exe in Windows 10 V1803 is probably not affected (this is also explicitly written here, and can be implicitly derived from this CNet forum discussion). However, given the many errors with Windows Backup, I recommend using third-party backup software.

Similar articles:
Windows 10 Fall Creators Update (V1709): Things removed/deprecated
Windows 10 Version 1709: ReFS will be removed (partially)
Microsoft plans to deactivate SMBv1 in Windows 10 V1709

[German]Another brief information for administrators of Clusters made of Windows Server 2012 R2, Windows Server 2016. In Windows cluster environments with Windows Server 2012 R2 and Windows Server 2016, there may be issues since the July 2018 patchday.

On Twitter @PhantomofMobile pointed my attention to th this topic. 

HEY FOLKS: ENTERPRISE #2 FOR AUGUST.

First AUGUST History:https://t.co/XJxuy8J4Tl

— Crysta T. Lacey (@PhantomofMobile) 6. August 2018

Microsoft confirmed some issues with security updates from July 10, 2018 within this blog post (dated August 3, 2018). Some Windows clusters may have issues due to the following updates:

Application crashes occur when they open HTTP or TCP connections, access can be denied, and more (see blog post for details).

For clusters running Windows Server 2016, installing the latest version of the updates should mitigate the problem. If the Patch Orchestration Application (POA) is running in the cluster, it may already have updated the cluster’s machines. Please make sure that the updates mentioned above has been updated..

For clusters running Windows Server 2012R2, there is an additional upgrade to the version released in July as Fix. If the cluster nodes were not updated before July 10, you may need to apply the July 10 update first, and then run the Windows update again to fix the problem. Details can be found in the blog post of August 3, 2018.

[German]Good news for users of HP and Samsung All-in-one printers. A bug in the Easy Document Creator software that prevents scanning under Windows 10 V1803 has now been fixed with an update.

Problem: Scanner fails after Windows 10 upgrade

In early May 2018 Microsoft started the rollout of Windows 10 version 1803 (April update). As a result, users of HP and Samsung All-in-one printers made the unpleasant experience, that the scan function was no longer available. Under Windows 10 version 1803 it was no longer possible to scan using Easy Document Creator. Messages such as ‘The current process has failed’ appeared in “Scan to PC”.  Or an error message as shown below has been displayed.

Fix in several steps

I had addressed this issue within my blog post Windows 10: Scanner fails after update. Within this blog post I mentioned the workaround using the software NAPS2 (Not Another PDF Scanner 2) to continue with scanning.

Then some readers informed me, that HP / Samsung released a hotfix for the I/O error in their All-in-on printers. I’ve reported more details within my blog post Windows 10 V1803: Hotfix for Easy Document Creator Scan.

Final fix: An update for Easy Dokument Creator

A comment from a German blog reader (thanks) informed me, that HP/Samsung has updated the Easy Dokument Creator. They offers a new version V2.02.53 dated August 3, 2018, which works with Windows 10 V1803.

(Click to zoom)

Go to HP’s support site for Samsung Poxpress SL M3875 Laser-Multifunktionsdrucker  (it’s a German web site, or navigate to any other HP All-in-one printer support page). Select Windows 10 as operating system withint the page header. Then search under ‘Software’ for an Easy Document Creator version V2.02.53 download dated August 3, 2018. Then install the 17.8 MB file WIN_EDC_V2.02.53.exe and test, whether the scan feature in Easy Document Creator is back to operation now.

Similar articles:
Windows 10: Scanner fails after update
Windows 10 V1803: Hotfix for Easy Document Creator Scan

[German]On August Patchday (August 14, 2018) Microsoft has again released numerous security updates for Windows clients and servers, for Office, Visual Study etc..

Here is an overview of the individual updates. A list of updates can be found on this Microsoft page. Details about the update packages for Windows, Office etc. will be available in the coming hours.

Critical Security Updates
============================

ChakraCore
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 23
Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft Exchange Server 2013 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 9
Microsoft Exchange Server 2016 Cumulative Update 10
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU)
Microsoft SQL Server 2017 for x64-based Systems
Microsoft SQL Server 2017 for x64-based Systems (CU)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)
Microsoft Edge
Internet Explorer 11

Important Security Updates
============================
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1
Microsoft Office Word Viewer
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Outlook 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017
Microsoft Visual Studio 2017 Version 15.8
Word Automation Services

Moderate Security Updates
============================
Microsoft Exchange Server 2016 Cumulative Update 9
Microsoft Exchange Server 2016 Cumulative Update 10
Internet Explorer 9
Internet Explorer 10

Similar articles:
Security update for Adobe Acrobat/Reader
Microsoft Office Patchday (August 7, 2018)
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Microsoft Security Update Summary August 14, 2018
Patchday Windows 10-Updates (August 14, 2018)
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)

[German]On August 14, 2018 (second Tuesday of the month, patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds. Here are some details about the updates.

A list of updates can be found on this Microsoft website. In August 2018, Microsoft revised the display format so that the information can be called up more easily. I have pulled out the details below.

Spectre vulnerabilities are closed in all updates – details can be found in the individual sections.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 April Update (version 1803).

Update KB4343909 for Windows 10 Version 1803

Cumulativ Update KB4343909 contains quality improvements but no new operating system functions and raises the OS build to 17134.228. The update also includes an update for Microsoft HoloLens (OS Build 17134.228). Here is the list of fixes:

• Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
• Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
• Addresses an issue that prevents apps from receiving mesh updates after resuming. This issue occurs for apps that use Spatial Mapping mesh data and participate in the Sleep or Resume cycle.
• Ensures that Internet Explorer and Microsoft Edge support the preload=”none” tag.
• Addresses an issue that prevents some applications running on HoloLens, such as Remote Assistance, from authenticating after upgrading from Windows 10, version 1607, to Windows 10, version 1803.
• Addresses an issue that significantly reduced battery life after upgrading to Windows 10, version 1803.
• Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after installing the May 2018 Cumulative Update.
• Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement.” For more information, see CVE-2018-8200 and PSModuleFunctionExport.
• Addresses an issue that was introduced in the July 2018 .NET Framework update. Applications that rely on COM components were failing to load or run correctly because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.
• Security updates to Windows Server.

he update is distributed via Windows Update, but should also be available via WSUS or the Microsoft Update. Microsoft (currently) is not aware of any problems with the update.

Updates foür Windows 10 Version 1709

he following updates are available for Windows 10 Fall Creators Update (version 1709).

Update KB4343897 for Windows 10 Version 1709

Cumulativ Update KB4343897 for Windows 10 Version 1709 (Fall Creators Update) raises the OS build to 16299.611 and includes quality improvements and the following fixes:

• Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
• Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
• Updates support for the draft version of the Token Binding protocol v0.16.
• Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after the May 2018 Cumulative Update is installed.
• Ensures that Internet Explorer and Microsoft Edge support the preload=”none” tag.
• Addresses an issue that displays “AzureAD” as the default domain on the sign-in screen after installing the July 24, 2018 update on a Hybrid Azure AD-joined machine. As a result, users may fail to sign in in Hybrid Azure AD-joined scenarios when users provide only their username and password.
• Addresses an issue that adds additional spaces to content that’s copied from Internet Explorer to other apps.
• Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement”. For more information, see CVE-2018-8200 and PSModuleFunctionExport.
• Addresses an issue that was introduced in the July 2018 .NET Framework update. Applications that rely on COM components were failing to load or run correctly because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.
• Security updates to Windows Server.

The update is distributed via Windows Update, but can also be downloaded via Microsoft Update Catalog.

This cumulative update has the same known issues as the previous month’s patch. Some non-English platforms can display the following string in English instead of the localized language: “Reading scheduled jobs from file is not supported in this language mode.” This error is displayed when Device Guard is enabled and you are trying to read the scheduled jobs you have created. In addition, there are other known bugs with Device Guard activated (e.g. no & or . operator etc., see) Microsoft is working on solving the problems.

Updates for Windows 10 Version 1703

The following updates are available for Windows 10 Creators Update (version 1703).

Update KB4343885 for Windows 10 Version 1703

Cumulative Update KB4343885 for Windows 10 Version 1703 (Creators Update) raises the OS build to 15063.1266 and contains quality improvements. The update is also available for Windows 10 Mobile (OS Build 15063.1266). It addresses the following vulnerabilities and issues:

• Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
• Addresses an issue that causes Internet Explorer to stop working for certain websites.
• Updates support for the draft version of the Token Binding protocol v0.16.
• Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after installing the May 2018 Cumulative Update.
• Ensures that Internet Explorer and Microsoft Edge support the preload=”none” tag.
• Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement”. For more information, see CVE-2018-8200 and PSModuleFunctionExport.
• Addresses an issue that was introduced in the July 2018 .NET Framework update. Applications that rely on COM components were failing to load or run correctly because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.
• Security updates to Windows Server.

The update is distributed via Windows Update, but is also available in the Microsoft Update Catalog. There are no known issues.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.

Updates for Windows 10 Version 1507 bis 1603

Various updates are available for Windows 10 RTM to Windows 10 Creators Update (version 1703). Here is a short overview.

• Windows 10 Version 1607: Update KB4343887 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to 14393.2430. It also contains the spectre fixes mentioned above for other updates. This update is automatically downloaded and installed from Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the Servicing Stack Update (SSU) (KB4132216) must be installed. Details can be found in the KB article.
• Windows 10 Version 1507: Update KB4343892 is available for the RTM version (LTSC). The update raises the OS build to 10240.17946 and includes the spectre fixes mentioned above for other updates. This update is automatically downloaded and installed from Windows Update, but is available for download from the Microsoft Update Catalog. Similar to Windows 10 version 1703, there are also improvements to Windows Update (see note above). Details can be found in the KB article.

For Windows 10 V1511 there was no update that this version has fallen on the support. Details on the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Security update for Adobe Acrobat/Reader
Microsoft Office Patchday (August 7, 2018)
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Microsoft Security Update Summary August 14, 2018
Patchday Windows 10-Updates (August 14, 2018)
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)

[German]On August 14, 2018 Microsoft released several (security) updates (KB4343900, KB4343899) for Windows 7 SP1 and other updates (KB4343898, KB4343888 ) for Windows 8.1 and the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.

KB4343900 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB44343900 (August 14, 2018, Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in the previous month’s update. The update addresses the following:

• Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
• Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
• Provides protections against an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 32-Bit (x86) versions of Windows.

These are updates that are intended to close Spectre vulnerabilities or cure the consequences of such updates. Note the notes on turning Windows Client and Windows Server registry settings on or off.

The update is automatically downloaded and installed by Windows Update. It can also be downloaded from the Microsoft Update Catalog.

Note: The original article sayed: This update has (since many months) a known issue. The NIC (network interface controller) no longer works due to a missing third-party.inf file. The remedy is to reinstall the NIC via the device manager. Hours after publishing, Microsoft has removed that known issue, so it seems to be fixed.

KB4343899 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4343899 (Security-only update) steht is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the same points as the KB4343900 update above.

The update is available via WSUS or in the Microsoft Update Catalog. There are no known problems. When installing the Security Only Update you must also install KB4343205 for IE.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4343898 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4343898 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the rollup for the previous month. It also addresses the following items.

• Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS Editions.)
• Ensures that Internet Explorer and Microsoft Edge support the preload=”none” tag.
• Addresses an issue that may prevent your device from starting up properly if you install KB3033055 (released September 2015) after installing any Monthly Rollup dated November 2017 or later.

This update is automatically downloaded and installed from Windows Update, but is also available in the Microsoft Update Catalog. No issues are known.

KB4343888 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4343888 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following item.

Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS Editions.)

The update is available via WSUS or in the Microsoft Update Catalog. Microsoft is currently not aware of any errors. When installing the Security Only Update you also need to install KB4339093 for IE.

Similar articles:
Security update for Adobe Acrobat/Reader
Microsoft Office Patchday (August 7, 2018)
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Microsoft Security Update Summary August 14, 2018
Patchday Windows 10-Updates (August 14, 2018)
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)

Microsoft has released the Windows 10 Insider Preview Build 17738 (Redstone 5) in the Fast Ring. The announcement was made as usual in the Windows blog, where you may find further details. This build is also part of the RS5_RELEASE fork, which is to open in Windows 10 V1809 (or v1810) in fall 2018. Microsoft has fixed more bugs within this build.

[German]Since a few hours details about the next vulnerabilities in Intel CPUs from the Next Generation Spectre series are public. Details on the Foreshadow (aka L1 Terminal Fault) vulnerability and the other L1 Terminal Fault variants were published on Usenix Security ’18, as well as in announcements from Intel and Google.

Intel released a statement about L1 Terminal Fault

Intel released some hours ago some information with industry partners about the recently identified speculative side channel method (vulnerability) called L1 Terminal Fault (L1TF). This vulnerability affects selected microprocessor products that support Intel® Software Guard Extensions (Intel® SGX).

(Source: Pexels Fancycrave CC0 License)

The vulnerability was first reported to Intel by researchers at KU Leuven University*, Technion – Israel Institute of Technology*, University of Michigan*, University of Adelaide* and Data61*1. Further research by the Intel security team identified two related applications of L1TF with the potential to affect other microprocessors, operating systems and virtualization software.

All three variants of L1TF are speculative execution side-channel cache timing vulnerabilities. They are similar to the previously reported Spectre variants. These require special attack methods that target access to the L1 data cache. This is a small memory pool within each processor core that stores information about what the processor core will do next.

(Source: YouTube)

The microcode updates released by Intel in early 2018 offer system software a way to clear this shared cache. Intel created the video above, which L1TF is supposed to explain.

Intel sees low risks with patched bare-metal systems

The processor manufacturer writes: “Once the systems are updated, we expect the risk to be low for consumers and businesses using non-virtualized operating systems. These include most installed data centers and the vast majority of PC clients. In these cases, we did not see any significant impact on performance due to the benchmarks we performed on our test systems.”

Virtualization environments are more critical

However, there are scenarios where traditional virtualization technology is used, especially in the data center. According to Intel, it may be advisable for customers or partners to take additional measures to protect their systems. This is primarily for protection against situations where the IT administrator or cloud provider cannot guarantee that all virtualized operating systems have been updated.

These actions can include enabling certain hypervisor kernel planning functions or not using hyper-threading in certain scenarios. In these special cases, performance or resource utilization can be affected for certain workloads and may vary accordingly.

Intel has developed a method with industry partners to detect L1TF-based exploits during system operation. Intel has provided some of its partners with this evaluation opportunity and hopes to expand this offering over time. For more information on L1TF, including detailed instructions for IT professionals, please refer to the Security Center Notes. Intel has also produced a vulnerability whitepaper and offers FAQs on this security page.

Google’s vulnerability information

The Google Project Zero was also involved in the investigation of the Next Generation Spectre vulnerabilities. This document tells you that the vulnerabilities have been assigned the following:

• CVE-2018-3615 (for SGX, Software Guard Extension)
• CVE-2018-3620 (for Betriebssysteme and SMM, Hyperthreading)
• CVE-2018-3646 (for Virtualisierung)

The direct exploitation of these vulnerabilities requires control of hardware resources, which can only be accessed by controlling the underlying physical or virtual processors at the operating system level. Unpatched operating systems can also allow indirect exploitation, depending on their handling of operations that manipulate memory allocations.

In the document, Google explains the L1TF vulnerability and outlines what Google has done in its cloud solutions to mitigate this vulnerability..

Windows- and Linux patches

Microsoft released on August 14, 2018 updates for Windows to close these vulnerabilities (see my blog posts Patchday: Updates for Windows 7/8.1/Server (August 14, 2018) and Patchday Windows 10-Updates (August 14, 2018)). Linux kernel and Linux distributions also offer protection against Foreshadow/L1TF vulnerabilities. A list of affected Intel products may be obtained from the links of the tweet below.

The list of affected Intel productshttps://t.co/rkKFURf2VG pic.twitter.com/1FE0rulE5m

— Catalin Cimpanu (@campuscodi) 14. August 2018

Wired has also published an article with an overview about that vulnerabilities.

[German]A brief message for Windows 10 users and administrators. Although Microsoft has declared Windows 10 V1803 as ‘business-ready’ (in the SAC), the rollout on certain machines has been stopped.

Issues with TLS 1.2

In Windows 10 there are serious issues, when using TLS 1.2 transport encryption in applications. User @Abbodi86, who is very active at askwoody.com, has come across this information. Microsoft has published an KB article Applications that rely on TLS 1.2 strong encryption experience connectivity failures after a Windows upgrade after a Windows upgrade dated August 15, 2018, which states:

Customers who run .NET Framework applications that rely on Transport Layer Security (TLS) 1.2, such as Intuit QuickBooks Desktop, may experience connectivity failures after they upgrade their system to a newer version of Windows.

So there are problems with systems that depend on TLS 1.2 transport encryption in applications. According to KB articles, these are mainly applications based on Microsoft.NET Framework 3.5. Within the kb article Microsoft gives some hints for workarounds to be able to establish the TLS 1.2 connection after all. As problems arise, Microsoft stopped the rollout of Windows 10 version 1803 on some machines, Microsoft writes:

Microsoft is working on a resolution, and will provide an update in an upcoming release. We have temporarily suspended offering the Windows 10, version 1803 update to customer systems that run applications for which this is known to be an active problem.

(via)

[German]A brief information for administrators in the Microsoft Azure environment who use the Azure File Sync Agent. Microsoft has released an update rollup on August 14, 2018 that fixes the memory leak in the agent.

Update KB4456224 (Update Rollup for Azure File Sync Agent: August 2018) fixes a memory leak that caused an error 0x8007000E. Microsoft writes.

Fixes an issue that causes sync sessions to fail and return an “out of memory error (0x8007000e)” error message because of a memory leak.

This update is available for Windows Server 2012 R2 and Windows Server 2016 installations where the Azure File Sync General Availability Agent (3.1.0.0) is installed.

Update rollup packages for the Azure File Sync Agent are available via Microsoft Update or manual download (Update Rollup for Azure File Sync Agent – August 2018 (KB 4456224)).

After installing this update rollup, the agent version is 3.2.0.0. If files are used during the update rollup installation, a restart may be required.

[German]Short question about whether blog readers have been getting the message Your system is low on virtual memory’ in Windows since the July 2018 patchday?

A short description

German blog reader Steve M. contacted me at the end of July 2018 and pointed out the following facts to me:

Since we currently have an increased number of issues with various Windows clients at different customers, we wanted to ask you whether you already have similar reports and at the same time also inform you of our previous findings with this problem.

Also, we have already learned that we are apparently not the only ones with this problem. A software company from one of our customers has also already complained about this problem and stated that the only solution was to reinstall the affected computers.

Problem: The Windows client displays the error message: “Your system is low on virtual memory” “Please close the following programs to free memory again”. At the same time many programs hang up and the computer reacts very slowly.

After a restart, the issue is usually solved for a few hours. However, it has happened also, that the problem recurred immediately.

The programs shown [in Task-Manager] are those which occupy the most memory, but when adding up the used main memory you only get a fraction of the built-in memory.

This indicates that the programs themselves are not to blame. But something in the background occupies the memory.

Findings: During the analysis – which programs occupies the memory – I recognized, as already described above, that the memory is currently occupied perhaps only to approx. 20 % by active services and programs.

In the Resource Monitor on the Memory tab, however, you can see that the “changed memory” in the bar chart occupies the memory massively and is apparently the trigger for the error message.

However, reading the changed memory only reveals small amounts of insignificant services but no information about the remaining “changed” memory.

Here you can see the changed memory. This PC has a total of 8 GB RAM and the second picture clearly shows that this is not nearly used (approx. 650 MB of 8 GB).

You can also see that not all of the memory used can be allocated to the programs or services. (2329 MB are occupied according to the resource monitor and only about 650 MB are effectively displayed in the task manager)

Additional information:

1. It affects both Windows 7 and Windows 10
2. No connection can be seen on the computers so far (on the part of software and hardware)
3. According to our considerations, this error could be caused by a Windows update or even a virus.

Attempts so far:

1. Physical expansion of the main memory
2. Paging file enlarged
3. Paging file completely deactivated

However, all these attempts brought only short lasting success. After some time, the problem reoccurs.

Today we get one of these computers to our company and will scan it for malware and try to find out what occupies the changed memory. I will then report to you on our further findings.

Steve then added in another mail that this problem only occurs since July 16, 2018. He wrote:

We’ve never had problems like this before. Currently we have the problem with 6 customers and a total of 7 computers. All customers have different environments.

I had pointed out memory wasters like Google Chrome, but got feedback that ‘the affected computer was equipped with 16 GB RAM and a relatively large swap file. Even here, the memory was completely full.’ All in all, a strange behavior. Hence the question: Has anyone else observed this behavior?

Microsoft today released the Windows 10 Insider Preview Build 18219 for the testers in the Skip Ahead-Ring. This is the version coming as 19H1 in spring 2019 as a featurel update. The announcement was made in the Windows Blog, where you can also read details.

[German]Sometimes Windows 7 to Windows 10 is causing serious trouble an drops the error code 0xC000007F . The blog post discusses, what’s the reason for this error code and what you can do.

Some cases with Error 0xC000007F

If you search the Internet for the error code 0xC000007F, you will notice two things. It affects both Windows 7 and subsequent versions up to Windows 10.

• Here is a hit from 2013 in the Microsoft Answers forum, where a user complains that after a RAM upgrade no more sleep mode is available.
• Here is a similar thread from the year 2015 at reddit.com, which refers to Windows 7.

And there are pages (e.g. here and here) that are at the top of the hits for every error code search on Google, but only tell crap. Usually a tool for automatic repair is offered in this articles. So keep away from that crap.

An error case in Windows 8.1/10

The blog post was triggered by this comment to my German blog post about the Medion Akoya P2214T device. The device has 64 GB internal eMMC memory and was originally shipped with Windows 8.1. However, I assume that most device owners are now running Windows 10 (thanks to an upgrade offer in 2015-2016). The affected user has encountered a serious problem with the device:

what must I do, becaus my PC must have hung up somehow… When switching off (shutdown) the message about shutdown and updating has been shown. And since then, the display reports some errors and serious errors. An automatic repair failed also with an error code: C000007F Update 123 of 62785/Regis – I am speechless I would be grateful for a little help

I’ve translated the German text into the above description. I don’t know, whether Windows 8.1 or Windows 10 is installed. But it’s clear, that something went wrong during update install. Windows tried to install some updates during shutdown, but failed with error 0xC000007F.

What does error 0xC000007F stands for?

Error 0xC000007F provides us with the required information about what is wrong. Error code 0xC000007F stands for:

Error 0xC000007F STATUS_DISK_FULL

An operation was not performed due to insufficient storage space on the data carrier.

And that is the root cause. The device is shipped with 64 GB eMMC, which is divided into several partitions. In addition to partitions such as System Reserved, an OEM partition with the Windows recovery image (for recovery), drivers and the Windows system partition are set up. Usually there is still about 56 GB of memory left for the Windows partition. And this drive doesn’t have enough free space to execute the necessary operations.

This is the crux of the great Windows 8.1/Windows 10 systems – for cost reasons they are sold with 64 GB eMMC or SSD memory, which is too small to work successfully. I often have had the problem with this test device, that I was in need to clean up the system drive and free up memory before issuing a Windows 10 feature update.

By the way, such a lack of memory does not come out of the blue and happens from here to now. Windows must have displayed a toast notification with a warning long time before. And when opening an Explorer window, the boot drive is marked with a red bar (see following picture).

What can I do?

If Windows is still booting, call Disk Cleanup. To do this, right-click the drive C: in Explorer window and select the context menu command Properties.

On the General tab, select the button for cleanup. In the tabs that are then displayed, you can delete old Windows installation files (Windows.old) and more, for example. This must be continued until there is enough free space on the system drive C:.

If Windows doesn’t start anymore, you can try at least, if automatic repair still works. If automatic repair runs, it means at least Windows PE is still running. You can try to get the Windows troubleshooter (see also Windows 10: October Update KB3105208 causing BSOD PROCESS_INITIALIZATION_FAILED).

If this doesn’t work, boot the machine from a Windows installation media carrier (DVD or USB stick) and then switched to Windows PE. In Windows PE open the command prompt windows and try to delete files with DOS commands or with the Windows editor.

At the command prompt windows you can launch the Windows editor via the command Notepad.exe, select its Open command from the File menu and then set the file type to All files (*.*). Then you get a mini file manager.

Similar articles
Windows 10 Wiki
Windows 10: Open command prompt window as administrator
Stop Windows from installing updates over and over again
Windows 10 V1803 update creates a new OEM Partition

Microsoft has released Insider Preview Build 17741 in the Fast Ring and confirmed the version 1809 for this Windows 10 Build. The announcement has been made as usual in Windows blog, where you can read more details. That the upcoming Windows 10 build will be version 1809 is shown within the version dialog box of this Windows 10 Insider Preview. The notation V1809 I’ve used already within in the blog, has been confirmed – I assume that the feature update will come at the beginning of October 2018.

When switching to transport encryption TLS 1.2, the Windows Error Reporting Service may stop working and dops some errorss in event log. Here are a few details about that topic.

Recently the transport encryption TLS 1.3 was officially approved by the IETF as RFC 8446. It occurred to me that blog reader Thomas B. pointed out an issue with TLS 1.2 to me at the end of July 2018. Thomas wrote

During hardening our systems (RDP, Exchange, SQL, Server 2008R2/2012R2) with TLS 1.2, I noticed the following.

After only TLS 1.2 is allowed, the Windows Error Reporting Service no longer works and triggers an Event Id 36871 channel error in the event log / system log. At least under Windows Server 2008 R2 SP1.

There has several articles on TLS 1.2 Hardening been published. Microsoft has published articles like TLS/SSL Settings or Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2, andTLS 1.2 support for Microsoft SQL Server (thanks to Thomas for the links). Thomas writes:

If you select Control Panel – Maintenance – Check for solutions and want to connect to the Windows Error Reporting Service, the error mentioned above occurs.

his problem has also been noticed by other administrators. On Microsoft Answers you can find this English forum thread, which also deals with the event ID 36871 with the TLS-Error 10013.

SChannel Error 36871:
“A fatal error occurred while creating a TLS client credential. The internal error state is 10013.”

Within the forum thread the affected person writes that reactivating SSLv3.0 in IISCrypto fixed the SChannel error. Perhaps helpful as a hint to administrators in this area – thanks to Thomas for the tip.

Within my blog post Windows 10 V1803 rollout stopped due to TLS 1.2 issues I reported a specific issue with Windows 10 V1803 and applications that require TLS 1.2 (mostly on Intuit books). Microsoft has even suspended the rollout of this version of Windows 10 because of the error on these machines. Apparently KB4458166 update is now available to fix this problem. I have added details within the linked article.

[German]After the Microsoft patchday disaster of July 2018, August updates seems to be mostly flawless. But there are some minor issues with Windows 10 V1803 (independent from August patchday). Here is an overview about some (minor) issues in Windows 10 V1803 (and minor patchday issues in V1709/V1803).

Thanks to Woody Leonhard, who has collected most stuff at askwoody.com. Perhaps it’s worth reading for administrators, it may save a few hours of troubleshooting. 

Windows 10 V1803 installation loop?

I’ve had seen some vague references (on reddit.com) about an installation loop regarding the patchday update for Windows 10 V1803. Woody Leonhard has picked a case of user Uroboros4 on askwoody.com. The update cannot be installed successfully, the system enters an update loop. 

I have Win10 1803 genuine. None of the cumulative updates can be applied(for example KB4343909, kb4284835, kb4103721). It reaches 100% and says ” Update couldn’t apply, reverting changes”. I have tried a lot of stuff (pausing win update and manually installing them, scan windows for corrupted files to no avail). Anyone has the same problem?

But it seems to be an isolated case, I found no further reports. I had written the blog post Fix: Windows 10 hangs in the update installation loop as a solution to this issue.

Windows 10 V1803: Bitlocker pauses during update

Patch Diva Susan Bradley spottet a specific issue in Windows 10 version 1803. This is described in a Technet forum thread and applies to machines with Windows 10 version 1803 that do not have a TPM module. If the hard disk encryption with Bitlocker is activated on such a machine, Windows deactivates bitlocker during the installation of an update. The thread creator describes this as follows:

I have a machine with Bitlocker enabled, no TPM, Windows 10 1803.

For the last month or so, whenever a Windows system update is applied, Bitlocker is automatically suspended upon first login after the machine restarts. Case in point: the latest Windows 10 cumulative update was applied this morning, only for the machine to restart with Bitlocker suspended on the OS drive. Interestingly, there is also some dubious behaviour in terms of the initial Bitlocker password entry screen. Not having a TPM, the user must enter a password to boot. On at least 2 occasions, after applying an update, the system does not present the Bitlocker password entry screen and progresses all the way to the user login screen. However, this morning the Bitlocker password entry screen was presented correctly but after entering the correct password and then logging in to Windows, Bitlocker was suspended.

This is the state of the OS drive after logging in:

Volume C: [System]
[OS Volume]

Size:                 59.07 GB
BitLocker Version:    2.0
Conversion Status:    Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method:    XTS-AES 128
Protection Status:    Protection Off (1 reboots left)   <——
Lock Status:          Unlocked
Identification Field: Unknown
Key Protectors:
Password
Numerical Password

Now, I realise that Bitlocker is temporarily suspended – restarting the machine again will enable it without any action from the user. However, this is a security risk for the time between restarting after an update and the next restart and severely undermines our trust in Bitlocker. I would expect that Bitlocker should NEVER be suspended unless initiated by a user/admin.

If the machine is restarted, Bitlocker is activated again. It only occurs on Windows 10 V1803 machines without a TMP chip. If people install updates and only send the machine into sleep mode, Bitlocker may remain disabled for a long time. 

Windows Server 2016: sysvol sync bug back?

It is more a question Woody Leonhard asks in this article. A user asked whether a GPO synchronization problem from July 2018 still exists. Here is his error description:

Has anyone else experienced their GPOs not syncing permissions after applying KB4338814 to Server 2016?

We were getting the ACL error

“The sysvol permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain”.

Went through an Non-authoritative SYSVOL restore, demoting and promoting a domain controller, and finally uninstalled patch KB4338814 to resolve the issue.

This problem existed on our test domain (two DCs 2012 and 2016) and our production (three DCs 1-2012 and 2-2016) The ACL sync issues only happened on one of the production 2016 DCs which was strange. Once we removed the patch we had to go to any GPOs still showing ACL errors and restore the delegation permissions to defaults in order for it to start syncing.

I have blocked patch KB4338814 from July in WSUS but the issue is now happening again in our test Active Directory after applying the August cumulative updates. I’d love to know if anyone else is seeing this issue and if Microsoft has reported it as a problem.

He has blocked the July 2018 update KB4338814 in the WSUS, but is now confronted with the problem again in August 2018. This is not an isolated case, because Technet forum has the thread KB4284833 Group Policy Sync issue with a similar issue. 

Windows 10 V1803 Boot loop ‘bootres.dll is corrupt’

This too is an error reported by Woody Leonhard, which is independent of the August 2018 updates. A user describes the error as follows: 

There is recurring issue reported online where Win10 gets stuck in a repair loop. The Win10 Recovery Environment (RE) option Startup Repair fails to correct the problem. The Startup Repair log c:\windows\system32\logfiles\srt\SrtTrail.txt reports a fault:

Root cause found:
—————————
Boot critical file c:\efi\microsoft\boot\resources\custom\bootres.dll is corrupt.

Repair action: File repair
Result: Failed. Error code = 0x57

The odd part of this error is the “Custom” folder location – this is not part of the normal folder structure. The bootres.dll file normally resides in the “Resources” folder with the BCD file in the folder above (Boot).

What the error is reporting is that the bootres.dll file is missing (rather than corrupted) On the systems I have checked the “Custom” folder does NOT even exist – thus the bootres.dll cannot be present at this location and is declared “corrupt” by the Startup Repair utility.

The bigger mystery is why the System thinks the file should be located in a “Custom” sub-folder in the first place. (Also I think the c: drive letter shown is an artifact – most likely it refers to the first partition – not the actual main C: drive – but that is a whole different can of worms)

I am currently working on two HP laptops with this exact problem – both went down within an hour of each other. At first I though it must be a virus or malware attack gone wrong – but could find no evidence to support this idea.

Having read multiple postings and responses across many different online forums: The evidence suggests this is a Microsoft bug that affects a limited number of Win10 systems. The problem appears to affect systems recently upgraded to version 1803 (only one case listed 1709 on a Surface device) – but only occurs after further updates (as yet unidentified) and then a full restart.

I am exploring BCD repair and rebuild options with some success – but have no clean fix as yet (the standard RE repair options get lost)

Anyone have any experience of this problem or ideas as to what causes this error?

This is not an isolated case, because I found the bug description in several German forums (here, here). At MS Answers forum there is this english thread (May 2018), or also here is another case. The solution will be a clean install in most cases, since a file in the EFI boot directory is corrupted. And most users cannot replace it with an undamaged file. However, there is this English-language MS Answers forum thread, where a user has described a solution that works for him. GDATA antivirus is suspected of being the cause in the German administrator.de forum. In other threads I found Norton AV solution be suspected as a root cause, but everything is only a suspicion.

Win 10 V1803: Update KB4343909 kills Application Guard

On Facebook I got the feedback from a German consultant that three of his systems (probably Windows 10 V1803 Enterprise) had a broken  ‘Windows Defender Application Guard’ (WDAG) after installing the August 2018 update. The Windows Defender Application Guard reports the error code 0xC0370106 and the window need to be closed. 

He then confirmed that it is probably the ‘known issue’ that Microsoft has added to KBb4343909.

Launching Microsoft Edge using the New Application Guard Window may fail; normal Microsoft Edge instances are not affected.

The workaround specified by Microsoft is to uninstall the KB4343909 update. Then install updates KB4340917 and KB4343909. Microsoft intends to deliver a fix in the next release. This error is also mentioned here on askwoody.com.

By the way, error code 0xC0370106 is an ‘old friend’. If you work under Windows 10/Server 2016 with Docker, the error code may be displayed. This GitHub article discusses this for example – a search with the error code, however, brings further hits.

Hypervisor Error from KB4343897 for Windows 10 V1709?

It’s a bit out of line, since it does not refer to Windows 10 V1803 – and it is only one case I’m aware. On Twitter Tero Alhonen (@teroalhonen) reports a problem with the cumulative August 2018 update KB4343897 for Windows 10 V1709.

3rd time after August Cumulative Update KB4343897 for Windows 10 version 1709 pic.twitter.com/swx6AstGka

— Tero Alhonen (@teroalhonen) 18. August 2018

After the cumulative update KB4343897 he had his third Blue Screen ‘HYPERVISOR ERROR’. The BSOD stop code 0x00020001 is documented here from Microsoft.

Similar articles:
Windows 10 WikiWindows streikt mit Fehler 0xC000007F
Windows 10 V1803: Update KB4458166 fixes TLS 1.2 issue
Windows 10 V1803 rollout stopped due to TLS 1.2 issues
TLS 1.2: Windows Error Reporting Service drops an error
Windows error 0xC000007F
Patchday Windows 10-Updates (August 14, 2018)

[German]Users of Windows 10 systems may run into a stupid problem. Windows 10 often requires to have to fix the Microsoft account. Here are a few hints.

Error description

Windows 10 suddenly detects an problem with the Microsoft account an reports “You need to fix your Microsoft account”. Then a fix (automatic repair) via the settings app is suggested. This fix is successful in most times.

I have had this occasionally on my Windows 10 test machines where Windows Insider previews are tested. But what’s the reason for this message on normal Windows 10 systems?

Antivirus software as a root cause

If you search the Internet for the error term, there are a lot of hits (see here, here, or here), so this issue isn’t so rare.

However, there are probably different reasons for the repair (password changed etc.). In some threads, the suspicion that third-party components such as antivirus software might be involved in cross-reading is also raised.

Another case

Recently I found this German Microsoft Answers forum post. The user wrote:

when I log on to my computer, I sometimes get the following message:

Microsoft account problem

Your Microsoft account must be repaired before you can share it. 

Select this message to resolve the problem in the settings.

When I click on the message, “Settings > System > Sharing” opens and I have to enter my Windows password (although I am already logged on to the computer).

This seems to be a different cause, because there is no Windows Insider-Build mentioned.

Another reason: Network name changed

Within the MS Answers forum thread another cause for the request to fix the Microsoft account has been mentions. If the administrator changes the network name used by the Windows 10 client to enter a (workgroup) network, this triggers the “You need to fix your Microsoft account” message. Windows 10 will then attempt to repair the account. One of the affected users wrote:

I was able to track the error down to the root cause and now know that the problem occurs when renaming the computer (Settings > System > Info > Rename PC).

As soon as you have renamed the computer, this problem appears.

Maybe it will help you if this message occurs. But you can’t disable this message to fix the Microsoft account (it’s only possible to disable toast notifications, see here).

Similar articles:
Windows 10 Wiki

[German]Short question to owners of an AMD system with Windows 10. Have you been offered obscure Intel driver updates for AMD systems in the last few days?

It’s a strange story that I received by e-mail. German blog reader Ingenieur contacted me by email and described an observation he made with Windows Update. I can’t really make sense of it ad hoc. The blog reader wrote (I translated his text:

today (17.08.2018) I received a message in the Info Center that new devices should be configured.

But since I haven’t connected a new device etc., I was surprised to see what Windows Update looks like there.

There I was offered lots of Intel drivers. Among others the Intel C230 Server chipset from 2015!!

I have no idea how Windows got the idea to load these drivers. I have attached my hardware configuration as an image.

(Click to zoom)

The screenshot shows (in background) the Intel drivers mentioned above, including the Intel C230 Server chipset from 2015, are offered via Windows Update. Well, apart from the date 2015, I wouldn’t have found it particularly strange.

But the system should probably not be able to do so much with the drivers. Intel drivers are offered via Windows Update, although an AMD Ryzen CPU is installed in the system. This is not the first case where Windows Update offers quite strange device drivers (see following link list).

Microsoft Answers has this forum thread from November 2017, where users complain about AMD driver updates for Surfaces with Intel CPUs. The driver names are simply assumed to be renamed there. There may be a logical explanation for this process. The question remains whether any of you have made similar observations?

Similar articles:
Windows: optional update ‘Intel – System – 6/28/2016’
Windows: optional update ‘Intel – System – 8/19/2016’
Windows 7/8.1: Optional INTEL System driver updates
Intel Bluetooth driver released via Windows Update (02/15/2017)?