[German]Windows has an unpatched zero-day local privilege escalation vulnerability, which allows unprivileged users to extend rights to the SYSTEM level. Here is some information about the facts.

First notes on Twitter

The first messages reached me the night via Twitter (see here), whereby the Twitter channel of the person @sandboxescapter, who originally posted it, has been deleted in the meantime. The original tweet read as follows:

Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don’t fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit.

— SandboxEscaper (@SandboxEscaper) August 27, 2018

Note: A German blog reader pointed to this reddit.com thread where some attempt was made, to sell 0-day-exploits. There the name SandboxEscaper also occurs on deleted posts.

Kevin Beaumont (@GossiTheDog) has shared later this information within the following Tweet:

The account got pulled, but the PoC is at https://t.co/JqX4ueHorZ

— Kevin Beaumont (@GossiTheDog) 28. August 2018

and linked to GitHub, where a Proof of Concept may be found. CERT/CC vulnerability analyst Will Dormann verified the error. In a Tweet, he confirmed the vulnerability.

I’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system.
LPE right to SYSTEM! https://t.co/My1IevbWbz

— Will Dormann (@wdormann) 27. August 2018

It is a Local Privilege Escalation vulnerability that allows rights to be extended to SYSTEM. Will Dormann then issued a CERT warning (VU#906424 Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface).

Vulnerability in Task-Scheduler

The zero-day vulnerability is in the Windows task scheduler in the ALPC interface. The abbreviation ALPC stands for Advanced Local Procedure Call. The Microsoft Windows Task Scheduler contains a vulnerability in ALPC call handling that allows a local user to gain SYSTEM privileges.

Limited usability?

Addendum: However, the vulnerability requires that the account has the permissions to create a hardlink (which, in my opinion, only works with administrator accounts). Quote from the description of the PoC (Proof of Concept).

Tasks created by the task scheduler will create a corresponding folder/file in c:\windows\system32\tasks. This function seems to be designed to write the DACL of tasks located there, and will do so while impersonating. However, for some reason it will also check if a .job file exists under c:\windows\tasks and try to set the DACL while not impersonating. Since a user, and even a user belonging to the guests group can create files in this folder, we can simply create a hardlink to another file (all we need is read access). Because of the hardlink, we can let the task scheduler write an arbitrary DACL (see second parameter of SchRpcSetSecurity) to a file of our choosing.

So any file that we have read access over as a user and that system has the write DACL permission for, we can pivot into full control and overwrite it.

Even read access to the folder c:\windows\system32\tasks is not possible for a standard users (just explicitly tested again). However, since some users work under administrator accounts, the hardlinks should be created. Then SYSTEM rights could be obtained. For a standard account with limited rights this does not work (because of the lack of rights to create hardlinks or to access the tasks folder).

The author of the PoC writes that the charm of the exploit is that you can now manipulate a lot of files that normally only the trusted installer has access to. In fact, this is (under normal circumstances) only possible under administrator accounts if you take over the file’s ownership.

I tried to use the commands, the author of the PoC demonstrated within it’s video. Maybe I made a fault, but I wasn’t able to grant a process (notebook.exe for instance) SYSTEM rights under a standard user account. From a standard user account I’m also wasn’t able to read the folder c:\windows\system32\tasks. But there are comments within my German blog, that this may be bypassed in certain scenarios (hardlink to a file in this folder for instance, that may be created w/o admin credentials). But at this point I stopped further investigations – hadn’t the time for that.

Luckily this means that the previously unpatched vulnerability can only be exploited locally, but not remotely via the Internet, and only. However, this opens a familiar attack vector: If an attacker can trick a user (with admin rights) into downloading and running malware from the Internet, the malware can use the exploit to extend the rights (from the local administrator context) to system privileges.

The Register has asked Microsoft for a statement. A Microsoft spokesman replied it will “proactively update impacted advices as soon as possible”. The spokesman referred to the schedule for the update on patch Tuesday. Let’s see if there’s a patch in September 2018. In the meantime, several articles have appeared here, here and here. Addendum: ZDnet.com has also an article with a statement from Microsoft.

[German]Does Microsoft withdraw or replace Intel Microcode updates for Windows released in July/August 2018? Here are a few things I’ve compiled with the request for feedback, maybe there is an explanation.

Chaos at the July/August Microcode Updates

First some background information on the topic. In August 2018 Microsoft released Intel microcode updates Spectre and Spectre-like vulnerabilities (Foreshadow, L1TF) for Windows. I had written about about these updates provided for Windows 10 within my blog post Intel Microcode Updates KB4346084, KB4346085, KB4346086, KB4346087, KB4346088 (August 20/21, 2018). For Windows 7 SP1 and Windows 8.1 and the server counterparts, the updates are listed in the blog post Patchday: Updates for Windows 7/8.1/Server (August 14, 2018). Also in July 2018 Microsoft has released such updates.

After publishing the German edition of the Windows 10 blog article linked above I got feedback from reader’s that also the Intel Microcode Update KB4100347 is offered again on their machines (had already been released in the previous months). And some users are reporting, that this Intel microcode update has been offered on systems with AMD CPUs.

Then I got hints that the Intel Microcode Update KB4100347 probably causes boot issues on some Windows 10 machines. I collected the information within the blog post Microsoft: Issues with Updates KB4456688/KB4100347? – and added more information today. There’s something in stock.

Furthermore, German blog reader Karl Wester-Ebbinghaus informed me in a comment to that the registry entries, which are necessary to activate the Spectre patches, are incorrectly documented by Microsoft. I added this within my blog post Security Advisory-Update ADV180018 and informed Microsoft employee Michael Niehaus via Twitter – let’s see what happens.

Overall, I’d say there’s some chaos right now. It reminds me of the first Intel microcode updates Microsoft released for Spectre and Meltdown in early January 2018. These had to be pulled shortly afterwards.

Are updates revised/blocked in WSUS?

At least under WSUS something strange thins are happening at the moment – the updates seem to be withdrawn or revised. Today I received two reader mails (thanks to Axel and Markus for the hints) on that topic.

WSUS: Microcode updates set to rejected

The first information by Swiss blog reader Markus B. refers to an observation under WSUS. Markus wrote:

On the WSUS tonight the microcode updates from last week were set to rejected.

(Click to zoom)

Do you have any other reports?

I noticed it while viewing the mails from WSUS. 

Then Markus sent me the following text excerpts of the updated WSUS update notification. 

New Update Alert

The following 15 new updates have been synchronized to WUS-V301 since Monday, August 27, 2018 22:36 (GMT).

Critical and Security Updates

No new critical or security updates were synchronized.

Other Updates

Definition update for Windows Defender Antivirus – KB2267602 (Definition 1.275.237.0)

To resolve problems in Windows, install this update. For a complete list of the fixes in this update, see the corresponding Microsoft Knowledge Base article for more information. After you install this component, you may need to restart your computer.

2018-07 Update for Windows 10 Version 1507 for x86-based systems (KB4091666)

2018-07 Update for Windows Server 2016 for x64-based systems (KB4091664)

2018-07 Update for Windows 10 Version 1803 for x86-based systems (KB4100347)

2018-07 Update for Windows 10 Version 1607 for x86-based systems (KB4091664)

2018-07 Update für Windows 10 Version 1607 für x64-basierte Systeme (KB4091664)

Definitionsupdate für Windows Defender Antivirus – KB2267602 (Definition 1.275.263.0)

2018-07 Update for Windows 10 Version 1507 for x64-based systems (KB4091666)

….

The above messages also include Intel Microcode updates (e.g. for July 2018), which I have discussed in the articles linked below.

Second mail about microcode updates

Also German blog-reader Axel H. has contacted me twice by e-mail today. He wrote me this:

Hello Günter,

in July/August several microcode updates from Microsoft appeared in WSUS, some with known numbers.

According to the description they are from July, but I could swear I didn’t receive them until August… 

These are the ones: 
– 2018-07 Update for Windows 10 Version 1607 for x86-based Systems (KB4091664)
– 2018-07 Update for Windows 10 Version 1607 for x64-based Systems (KB4091664)
– 2018-07 Update for Windows 10 Version 1703 for x86-based Systems (KB4091663)
– 2018-07 Update for Windows 10 Version 1703 for x64-based Systems (KB4091663)
– 2018-07 Update for Windows 10 Version 1709 for x64-based Systems (KB4090007)
– 2018-07 Update for Windows 10 Version 1709 for x86-based Systems (KB4090007)
– 2018-07 Update for Windows 10 Version 1803 for x64-based Systems (KB4100347)
– 2018-07 Update for Windows 10 Version 1803 for x86-based Systems (KB4100347)

Somehow I had a bad feeling and haven’t released it yet. Today they were suddenly no longer in the list of not yet released updates. Since I didn’t declined it must have been Microsoft.

As I understand it, this is exactly what blog reader Markus told me above. Axel continued:

At least I found out that KB4091664 has been replaced by KB4346087.

Source: https://social.technet.microsoft.com/Forums/windowsserver/en-US/4db3848d-ba93-4338-aafa-16ea65d48305/kb4091664?forum=winserverTS

I have found an article written by you that deals with the new updates, but not that it will replace others.

I have not yet researched whether any KB article in English contains a revision. Actually, it is Microsoft’s task to document all this in a timely manner. Axel told me in another mail an additional observation: 

I don’t have the new, so replacing updates in WSUS. At least not yet.

These are the information I collected from my blog posts and received from my two blog readers. Perhaps one of you has made similar observations and can confirm that. Or you know sources at Microsoft where microcode update revisions are documented. At the moment I can only classify it as a ‘bit of chaos in the microcode updates’. Or how do you see it?

Addendum: Same questions at askwoody.com

Seems to be an incident, seconds after I published the above article, Susan Bradley posted this article on askwoody.com with some additional information. It seems that Microsoft withdraw several updates.

Similar articles
Foreshadow (L1TF) Intel CPU vulnerabilities
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)
Microsoft: Issues with Updates KB4456688/KB4100347?
Security Advisory-Update ADV180018
Trend Micro WFBS: issues with update KB4100347
Intel Microcode Updates KB4100347, KB4090007 (July 2018)
Windows 10 V1803: Microcode update KB4100347 (05/15/2018)
Intel Microcode Updates KB4346084, KB4346085, KB4346086, KB4346087, KB4346088 (August 20/21, 2018)

Microsoft has provided an ISO file for creating an installation disc for Windows 10 Insider Preview Build 17738, which was released in mid-August 2018. The download is possible for Windows Insider after logging in on this website. (via)

[German]Another short topic that has already been circulated and cheered on in blogs last week. It is now possible to run Windows 95 as an app on other operating systems such as Linux, macOS and Windows. I took a quick look at the project to see if it was worth of.

A fun project by Felix Rieseberg

Slack developer Felix Rieseberg has packed a version of Windows 95 so that it can run as an electron app under Windows, Linux or macOS. In a tweet he writes:

I put Windows 95 into an Electron app that now runs on macOS, Windows, and Linux. It’s a terrible idea that works shockingly well. I’m so sorry.

Go grab it here: https://t.co/MIoFpezuFi pic.twitter.com/YquOnOGrSz

— Felix Rieseberg (@felixrieseberg) 23. August 2018

I have briefly tried the 32-bit standalone version under Windows 7. At least this version is (in my hardware environment) virtually unusable. It runs slow, if you release the mouse from the captured window via ESC, then two mouse pointers appeared on my screen. The mouse pointer is also no longer captured, when the window is clicked. The mouse pointer, which was active in the window, reacted strongly delayed and cannot be positioned completely in the window (as soon as the second mouse pointer of the host is visible).

Still open questions

I would also say, that the ‘Windows 95 licensing issue’ haven’t been resolved – I’m not aware about Microsoft’s position of distributing Windows 95 to the public – but maybe I’ve overlooked something.

Since a while I use a test bed under Windows, where I can check if a program is vulnerable to DLL hijacking or security issues. In this test environment there are modules by Stefan Kanthak, which may triggers an alarm if something is not properly programmed (see also my article here). Right after the start of Windows95.exe the test environment reports that an entry point is not found (see following screenshot).

Then the app is closing. The other file Updater.exe created more than a dozen warning dialogs in the test environment. So the programs are vulnerable to DLL hijacking. Although Windows95.exe and Updater.exe executables do not require administrative privileges, it’s not a good idea to have an app with that behavior (dependencies) on a machine. Felix Rieseberg also offers .exe files with installers for Windows, where administrative rights may be required. In the light of the limited benefits and the problems mentioned above, I personally would suggest ‘don’t use this app’.

[German]Just a brief addendum to the August 14, 2018 patchday: Updates KB4343205 and KB4343900 blocks Single sign-on (SSO) and causes trouble even with terminal servers.

A comment within my German blog

The information can already be found implicitly in the form of a comment from blog reader doc within my German blog. He wrote (I translated the comment):

KB4343205 & KB4343900 causes that SSO applications and the use of our proxy via terminal servers no longer work (cleanly).

A workaround would be to disable the “protected mode” on IE, but this should generally be avoided…

The abbreviation SSO stands here for Single sign-on. As it seems to affect a lot of users, I decided to wrote a separate blog post covering the details.

Found more hits within the Internet

Searching the Internet for KB4343205 and SSO will result in several hits. At reddit.com I found this thread, where a user described the problem and referenced a forum thread in Technet. It was this thread in Technet-Forum, I previously found. Within this thread a user wrote.

We use Okta in our environment (Windows 7) for SSO.  After Windows updates ran this week, SSO no longer works in Internet Explorer.  It still works perfectly in Chrome and Firefox.  I’ve already contacted Okta and we’ve been able to prove that it is not an issue on their end.

We’ve tried the usual fixes…deleting browser history, ensuring that our local intranet sites are set properly, making sure that TLS 1.2 is enabled.

Other users in the thread also confirm the problem. Uninstalling updates KB4343205 and KB4343900 is described there as a solution. The above-mentioned deactivation of the protected mode in IE is specified as the workaround. However, this is undesirable for security reasons.

What are KB4343205 and KB4343900 updates for?

I’ve addressed update KB4343205 within my blog post Microsoft Patchday: Other Updates (August 14, 2018). This is the cumulative security update for Internet Explorer for Windows 7 to Windows 10 and the server counterparts. This security update fixes several reported vulnerabilities in Internet Explorer.

The biggest of these vulnerabilities could allow remote code execution if a user views a specially crafted Web page in Internet Explorer. These vulnerabilities are probably already being exploited. Microsoft has now added a hint of a known problem in the KB article.

In Internet Explorer 11, a blank page may appear for some redirects. Additionally, if you open a site that uses Active Directory Federation Services (AD FS) or Single sign-on (SSO), the site may be unresponsive.

Update KB44343900 has been addressed within my blog post Patchday: Updates for Windows 7/8.1/Server (August 14, 2018). It is the Monthly Update Rollup for Windows 7 Service Pack 1 and for Windows Server 2008 R2 Service Pack 1, which is an update to close several variants of Spectre vulnerabilities, but also includes patches for Internet Explorer. Microsoft has also added a reference to the known problem (see above) in the KB article. .

A workaround for the issue

The above mentioned deactivation of the protected mode in IE is undesirable as a workaround for security reasons. A better solution is outlined in the Technet forum thread linked above and on reddit.com. An affected user wrote:

Found a workaround for this. If you turn off protected mode, it fixes the issue. I don’t want to turn protect mode off (and i dont suggest you do that) but “trusted zone” has protected mode off by default. This means if you add the sites (your SSO sites and all the redirects) to the trusted zone, it will resolve the issue. I pushed this out through group policy.

Maybe this will help some blog readers who don’t know this yet.

Similar articles:
Security update for Adobe Acrobat/Reader
Microsoft Office Patchday (August 7, 2018)
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Microsoft Security Update Summary August 14, 2018
Patchday Windows 10-Updates (August 14, 2018)
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)
Patchday Microsoft Office Updates (August 14, 2018)
Microsoft Patchday: Other Updates (August 14, 2018)
Windows 10 V1709/1803: Issues (also August Patchday)
August patchday: Confusion over SQL Server 2014 SP2

Microsoft has released the Insider Preview Build 17744 of Windows 10 (Redstone 5) for testers in the Slow Ring. This build was released on August 20, 2018 in the Fast Ring (see Windows 10 Version 1809: Insider Preview 17744 released).

The announcement of the new build was made in the Windows Blog. Dona Sarkar has also announced it on Twitter.

Hi #WindowsInsiders we have released Windows 10 Insider Preview Build 17744 (RS5) + KB4459375 to Windows Insiders in the Slow ring. Check out the blog for the details! https://t.co/0W7J3r2Ivx

— Dona Sarkar (@donasarkar) 30. August 2018

The Windows blog post mentions also that the update KB4459375 has been released. KB4459375 contains as a fix for the problem that causes PCs to throw a Blue Screen (BSOD) when logging off from the user profile or shutting down the PC. In addition, the KB4459375 update is already packed with a new design so that Windows Insiders Preview builds can be downloaded and installed more efficiently (see Microsoft announced the end of Windows 10 Delta Updates).

Intel has updated its graphics driver for Windows 10 to version 24.20.100.6286. This update brings some bug fixes, including a fix for YouTube video playback issues.

You can download the drivers (the 64-bit package contains a bold 367.13 MByte) on this Intel web page. Intel writes that this driver has performance enhancements and optimizations for World of Warcraft: Battle for Azeroth* (for DirectX* 11 and 12 versions) and Jurassic World Evolution* on Intel® Core 6th generation or higher processors. The new driver supports the following operating systems:

• Microsoft Windows* 10-64 – Creators Update
• Microsoft Windows* 10-64 – Fall Creators Update
• Microsoft Windows* 10-64 – April 2018 Update

The driver update is available for the following platforms:

• 6th Gen Intel(R) Core(TM) processor family (Codename Skylake)
• 7th Gen Intel(R) Core(TM) processor family (Codename Kaby Lake)
• 8th Gen Intel(R) Core(TM) processor family (Codename Kaby Lake-R, Coffee Lake-R)   
• Apollo Lake
• Gemini Lake
• Intel(R) Xeon(R) Processor E3 v5

A detailed list of supported processors can be found on the Intel download page. The Release Notes (PDF) contain information on the improvements and fixes provided by the driver update. (via)

[German]Currently, two security issues are on the agenda. Meanwhile, an approach is known to get full access to the Intel Management Engine (Intel ME). And two attack methods on TPM chips from computers have become known.

Full access to Intel ME possible

German blog reader Rudi K. already pointed me yesterday by email to a German article dealing with that matter. At the same time I received a tweet about the topic via my Twitter channels.

Ready to uncover Intel ME background? Use our PoC to activate JTAG and dump ME ROM https://t.co/PXDCrssolB

— Mark Ermolov (@_markel___) 27. August 2018

There is a Proof of Concept (PoC) to enable JTAG mode to dump the contents of the Intel ME firmware.

(Source: Pexels Fancycrave CC0 License)

Brief details about Intel ME

Intel Management Engine (short Intel ME) is, according to Wikipedia, is an autonomous subsystem that has been incorporated in virtually all of Intel’s processor chipsets since 2008. The subsystem consists mainly of proprietary firmware running on a separate microprocessor during the boot process, while the computer is running and while it is idle.  As long as the chipset or SoC is connected to power (via battery or power supply), it will continue to run even if the system is off. The exact functionality is largely undocumented and the firmware code is obscured by confidential Huffman tables (stored directly in the hardware).

The IntelTXE Proof of Concept (PoC)

However, the Intel ME has attracted attention in the past due to serious security issues/vulnerabilities. One of these vulnerabilities (INTEL-SA-00086) allowed hackers to to turn off the Intel ME at least on certain devices (see Hack: Disable Intel’s Management Engine). This vulnerability led to the development of a proof of concept (PoC) to activate the JTAG mode for the Intel ME. This is a standard for testing and debugging integrated circuits after production.

The INTEL-SA-00086 vulnerability contains a buffer overflow when handling a file stored on MFS (the internal ME file system). Building on this vulnerability, the Positive Technologies team developed a PoC for the Gigabyte Brix GP-BPCE-3350C platform to enable JTAG mode and released it on GitHub. This enables full access to the Intel ME via USB and JTAG mode.

This allows not only the Intel ME firmware to be read (dumped) but also its function to be manipulated. Maxim Goryachy, who is involved in this work, then also reported:

Game over! We (I and @_markel___ ) have obtained fully functional JTAG for Intel CSME via USB DCI. #intelme #jtag #inteldci pic.twitter.com/cRPuO8J0oG

— Maxim Goryachy (@h0t_max) 8. November 2017

That’s all there is to say – even though it’s not a general PoC for Intel ME, I think this feature is now being free ‘to shot down’. Further details can be found in the articles linked above.

Attacks on TPM modules

The second security message also came to my attention on Twitter a few hours ago. Catalin Cimpanu refers to article Researchers Detail Two New Attacks on TPM Chips at Bleeping Computer.

Some PC owners may need to search for and apply motherboard firmware updates in the near future to address two attacks on TPM chips detailed earlier this month by four researchers from the National Security Research Institute of South Korea.https://t.co/akWWdN5ZRh pic.twitter.com/mu1Odfqkcw

— Catalin Cimpanu (@campuscodi) 29. August 2018

Some background to TMP

The task of the Trusted Platform Module (TPM) is to ensure the authenticity of the hardware. A TPM uses RSA encryption keys to authenticate the hardware components involved in a computer’s boot process, as well as its normal operation. The functionality of TPM and the integration of TPM components in the boot chain is specified in the TPM 2.0 specification published in 2013. Microsoft in particular uses TPM chips for Windows 10 in addition to UEFI, e.g. to secure the boot process and bitlocker encryption.

Attacks on TMP-Chips

In early August 2018, two attacks on TPM chips were described by four researchers from the National Security Research Institute of South Korea. These attacks allow an attacker to manipulate the boot process.

The attacks are possible thanks to power suspension mechanism, because modern motherboards do not supply power to all their components constantly and simultaneously. Mainboards provides a special APIs to power a component only when it is needed to perform an operation. The TPM chips also support ACPI (Advanced Configuration and Power Interface) to allow the operating system to control and optimize the power consumption of peripheral devices.

Security researchers discovered two problems that affect the way TPM chips are sent and awakened to suspended energy states. These problems allow an attacker to reset TPMs. As a result, a fake boot component can be introduced into the boot process of the device, which is then classified as trustworthy by the operating system (e.g. Windows 10). In other words, securing the boot process using the keys stored in the TMP chip is not guaranteed.

This means that users of appropriate hardware must check whether the board manufacturers provide appropriate firmware updates to iron out the vulnerabilities. Overall, TPM (and also UEFI 2.x) is now proving to be a source of problems, at least in the Microsoft world. Further information on this topic can be found at Bleeping Computer.

[German]Microsoft has released the updates KB4346783, KB4343893, KB4343889 and KB4343884 for various Windows 10 builds as of August 30, 2018. Here is an overview.

A list of released updates for Windows 10 can be obtained from Microsoft’s Update history page.

Update KB4346783 for Windows 10 Version 1803

Cumulative Update KB4346783 for Windows 10 Version 1803 raises the build number to 17134.254. This is a maintenance update that addresses the following issues.

• Addresses an issue in Microsoft Foundation Class applications that may cause applications to flicker.
• Addresses an issue where touch and mouse events were handled differently in Windows Presentation Foundation (WPF) applications that have a transparent overlay window.
• Addresses a reliability issue in applications that have extensive window nesting.
• Addresses an issue in the Universal CRT that sometimes causes the AMD64 FMOD to return an incorrect result when given very large inputs.
• Addresses an issue in the Universal CRT that causes the _get_pgmptr() function to return an empty string.
• Addresses an issue in the Universal CRT that causes isprint() to return TRUE for a tab when using the C locale.
• Addresses an issue where Microsoft Edge or other UWP applications can’t perform client authentication when the private key is stored on a TPM 2.0 device.
• Addresses an issue that causes computer certificate enrollment or renewal to fail with an “Access denied” error after installing the April 2018 update. This issue occurs when the registry process has a lower process ID (PID) than all other processes except SYSTEM.
• Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
• Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
• Addresses an issue where not all network printers are connected after a user signs in. The HKEY_USERS\User\Printers\Connections key shows the correct network printers for the affected user; however, the missing list for network printers from this registry key isn’t populated in any app, including Microsoft Notepad, or in Devices and Printers. Printers may disappear or stop functioning.
• Addresses an issue that prevents printing on a 64-bit OS when 32-bit applications impersonate other users (typically by calling LogonUser). This issue occurs after installing monthly updates starting with KB4034681, released in August 2017. To resolve the issue for the affected applications, install this update, and then do one of the following:
  • Use Microsoft Application Compatibility Toolkit to globally enable the Splwow64Compat App Compat Shim
  • Use the following registry setting, and then restart the 32-bit application:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print
    Setting: Splwow64Compat, Type: DWORD Value1: 1
• Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
• Addresses an issue that causes devices that have 802.1x Extensible Authentication Protocol (EAP) enabled to randomly stop working with the stop code ”0xD1 DRIVER_IRQL_NOT_LESS_OR_EQUAL”. The issue occurs when the kernel memory pool becomes corrupted. Crashes will generally occur in nwifi.sys.
• Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
• Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.

Unfortunately, this update does not fix the problem that the Edge browser fixes an error in the Application Guard (see my blog post Windows 10 V1709/1803: Issues (also August). Microsoft proposes to uninstall the KB4343909 update and then install the KB4346783 update as a workaround. The update is automatically distributed via Windows Update (if necessary, check for updates in Settings under Update & Security – Windows Update). It can also be downloaded for manual installation from Microsoft Update Catalog.

Update KB4346793 foür Windows 10 Version 1709

Cumulative Update KB4343893 for Windows 10 Version 1709 raises the build number to 16299.637. This is a maintenance update that addresses similar issues to the update described in the previous section.

This cumulative update has the same known issues as the corresponding August 14, 2018 update (see). Some non-English platforms can display the following string in English instead of the localized language: “Reading scheduled jobs from file is not supported in this language mode.” This error is displayed when Device Guard is enabled and you are trying to read the scheduled jobs you have created. In addition, there are other known issues with Device Guard activated (e.g. no & or . operator etc., see kb article) Microsoft is working on solving the problems.

The update is automatically distributed via Windows Update (if necessary, check for updates in Settings under Update& Security – Windows Update). It can also be downloaded for manual installation from Microsoft Update Catalog.

Update KB4343889 for Windows 10 Version 1703

Cumulative Update KB4343889 for Windows 10 Version 1703raises the build number to 15063.1292. This is a maintenance update that addresses almost identical issues to the update described in the previous section (see kb article). Additional an issue that causes win32kfull.sys to stop working (Stop 3B) when cancelling journal hook operations or disconnecting a remote session has been addressed.

Microsoft is currently not aware of any problems with the update. The update is automatically distributed via Windows Update (if necessary, check for updates in Settings under Update and Security – Windows Update). It can also be downloaded for manual installation from Microsoft Update Catalog.

Windows update improvements

Microsoft has released an update directly to the Windows Update Client to increase reliability. Each device with Windows 10, which is configured for automatic updates via Windows Update, receives the function update (to V1803). Windows 10 Enterprise and Pro Edition also receive the feature update (to V1803) based on device compatibility and the update delay (Defer) set in Windows Update for Business Deferral Policy. This does not apply to LTSC versions.

Update KB4343884 for Windows 10 Version 1607

Cumulative Update KB4343884 for Windows 10 Version 1607 (only available for Enterprise and Education and Windows Server 2016) raises the build number to 14393.2457. This is a maintenance update that addresses this issues.

• Updates the music metadata service provider used by Windows Media Player.

Addresses an issue from the March 2018 update that prevents the correct lock screen image from appearing when the following GPO policies are enabled:

• Computer Configuration\Administrative Templates\Control Panel\Personalization\Force a specific default lock screen and logon image
• Computer Configuration\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image
• Addresses an issue that prevents users of PIV/CAC smart cards from authenticating to use enterprise resources or prevents Windows Hello for Business from configuring on first logon.
• Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
• Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
• Addresses an issue that causes PowerShell scripts to stop working when attempting operations such as Get-Credentials.
• Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
• Addresses a Windows Task Scheduler issue that occurs when setting up an event to start on a specific day of the month. Instead of starting on the specific day of the month you selected, the event starts one week ahead of schedule. For example, if you set an event to start on the third Tuesday of August 2018, instead of starting on 08/21/18, the event starts on 08/14/18.
• Addresses an issue that prevents Hypervisor from automatically launching on restart when running a nested or non-nested virtualization scenario after enabling Device Guard.
• Addresses an issue that causes the event viewer for Microsoft-Windows-Hyper-V-VMMS-Admin to receive excessive Event ID 12660 “Cannot open handle to Hyper-V storage provider” messages. This issue occurs when performing migration testing on a Windows Server 2016 S2D Cluster Platform. As a result, events are deleted after three hours when the event log size reaches 1 MB.
• Addresses an issue that causes virtual functions (VF) to be unintentionally removed when a virtual machine (VM) is saved in Hyper-V Manager. This issue occurs when assigning and loading multiple virtual functions to a single VM during live migration on Windows Server 2016. Saving the VM doesn’t result in a normal shutdown of the virtual functions and doesn’t allow the VF driver to have backchannel communication with the physical function (PF).
• Addresses an issue that causes an Azure to on-premise failback operation to fail and puts the virtual machine (VM) into an unresponsive state. This issue occurs if the failback is interrupted by an event such as restarting the Virtual Machine Management Service (VMMS) or restarting the host machine. The failback operation then continues to fail even when the VMMS is running.
• Addresses an Active Directory Federation Services (AD FS) issue where Multi-Factor Authentication does not work correctly with mobile devices that use custom culture definitions.
• Addresses an issue in Windows Hello for Business that causes a significant delay (15 seconds) in new user enrollment. This issue occurs when a hardware security module is used to store an ADFS Registration Authority (RA) certificate.
• Addresses an Active Directory Domain Services (AD DS) issue that causes Local Security Authority Subsystem Service (LSASS) to stop working intermittently. This issue occurs when a custom component binds over Transport Layer Security (TLS) to a Domain Controller using Simple Authentication and Security Layer (SASL) EXTERNAL authentication.
• Addresses an issue that generates Event ID 2006 and prevents the Windows Performance counter from reading Server Message Block (SMB) performance counters. This issue occurs when Hot-Plug is enabled for CPUs on Windows 2016 virtual machines.
• Addresses an issue that causes users to disconnect from a remote session when the Remote Desktop Gateway service stops working.
• Addresses an issue that causes svchost.exe to stop working intermittently. This issue occurs when the SessionEnv service is running, which causes a partial load of the user’s configuration during a Remote Desktop session.
• Addresses an issue that may cause the server to be restarted because the system nonpaged pool consumes too much memory.
• Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
• Addresses an issue that prevents a drive from being made writable even after BitLocker encryption has completed. This issue occurs when using the FDVDenyWriteAccess policy.
• Addresses an issue that occasionally displays a blue screen instead of the lock screen when a device wakes up from sleep.
• Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.

Microsoft is currently not aware of any problems with the update. The update is automatically distributed via Windows Update (if necessary, check for updates in Settings under Update and Security – Windows Update). It can also be downloaded for manual installation from Microsoft Update Catalog.

Please note that the Servicing Stack Update (SSU) (KB4132216) must be installed before installing the KB4343884 update. Without this SSU, the cumulative update is not offered.

Windows update improvements

Microsoft has released an update directly to the Windows Update Client to increase reliability. Each device with Windows 10, which is configured for automatic updates via Windows Update, receives the function update (to V1803). Windows 10 Enterprise and Pro Edition also receive the feature update (to V1803) based on device compatibility and the update delay (Defer) set in Windows Update for Business Deferral Policy. This does not apply to LTSC versions.

Similar articles:
Security update for Adobe Acrobat/Reader
Microsoft Office Patchday (August 7, 2018)
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Microsoft Security Update Summary August 14, 2018
Patchday Windows 10-Updates (August 14, 2018)
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)
Patchday Microsoft Office Updates (August 14, 2018)
Microsoft Patchday: Other Updates (August 14, 2018)
Windows 10 V1709/1803: Issues (also August Patchday)
Windows 7/8.1 Preview Rollup Updates KB4343894, KB4343891 (August 30, 2018)

[German]Microsoft has released the preview rollups KB4343894 for Windows 7 SP1 and KB4343891 for Windows 8.1 as of August 30, 2018. Here is an overview of these updates.

The updates are listed on this website (Windows 7) and on this website (Windows 8.1).

KB4343894 for Windows 7/Windows Server 2008 R2

Update KB4343894 (Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems) is available for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1. This is not a security update. The preview rollup contains the patches from the monthly rollups and also addresses the following item:

Addresses an issue in Internet Explorer 11 that may cause a blank page to appear for some redirects. Additionally, if you open a site that uses Active Directory Federation Services (AD FS) or Single sign-on (SSO), the site may be unresponsive.

I’ve addressed the Single sign-on (SSO) issue within my blog post Updates KB4343205 and KB4343900 blocks Single sign-on. Whoever is affected by this problem can test whether the preview rollup fixes the bug. The update is offered via Windows Update, but can be downloaded manually via Microsoft Update Catalog.

In the known issues section, Microsoft states that the network controller may fail at certain third-party drivers after installation. The remedy is to reinstall the network driver. But I’m not sure if this bug has already been fixed – the note was also posted on August 14, 2018 and then removed after a few hours.

KB4343891 for Windows 8.1/Windows Server 2012 R2

Update KB4343891 is available for Windows 8.1 and Windows Server 2012 R2 as Preview of Monthly Rollup. This is not a security update. The preview rollup addresses the following problems: 

• Addresses encoding issues with the Bitcoin symbol. 
• Addresses an issue that causes TPM certificate enrollment to fail with application event log entries for the Microsoft-Windows-CertificateServicesClient-CertEnroll source. The two events reported are Event ID 85 and Event ID 13. 
• Addresses an issue that causes svchost.exe to stop working intermittently. This issue occurs when the SessionEnv service is running, which causes a partial load of the user’s configuration during a Remote Desktop session.
• Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075. 
• Addresses an issue in Internet Explorer 11 that may cause a blank page to appear for some redirects. Additionally, if you open a site that uses Active Directory Federation Services (AD FS) or Single sign-on (SSO), the site may be unresponsive.

There is also a mention of the Single sign-on (SSO) issue I’ve addressed within my blog post Updates KB4343205 and KB4343900 blocks Single sign-on. There are no known issues. The update is offered via Windows Update, but can be downloaded manually via Microsoft Update Catalog.

Similar articles:
Security update for Adobe Acrobat/Reader
Microsoft Office Patchday (August 7, 2018)
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Microsoft Security Update Summary August 14, 2018
Patchday Windows 10-Updates (August 14, 2018)
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)
Patchday Microsoft Office Updates (August 14, 2018)
Microsoft Patchday: Other Updates (August 14, 2018)
Windows 10 V1709/1803: Issues (also August Patchday)
Windows 10: Update KB4346783, KB4343893, KB4343889, KB4343884 (08/30/2018)

[German]The upcoming Windows 10 build (expected to be released this fall) is and currently be developed under the code name ‘Redstone 5’ . So far it is known that this Windows 10 will be version 1809. Now also the official name for this new version has been announced from Microsoft.

The International Consumer Electronics Fair IFA 2018 is currently taking place in Berlin. Microsoft is also represented there. Nick Parker from Microsoft has now announced the official name for the upcoming Windows 10 build as part of his keynote at IFA 2018. Big surprise, or not, the new version will be called ‘Windows 10 October 2018 Update’ (but had been speculated longer than name, e.g. here).

Windows Central quotes Microsoft Corporate Vice President Roanne Sones hier with the following statement:

I’m pleased to announce that our next feature update to Windows will be called the Windows 10 October 2018 Update. With this update, we’ll be bringing new features and enhancements to the nearly 700 million devices running Windows 10 that help people make the most of their time. We’ll share more details about the update over the coming weeks

However, I need to confess, whenever in forums or blog post the name ‘Windows 10 April 2018 Update’ is used, I get a twitch. Because in the first moment the thought ‘which cumulative update from April 2018 is meant’ comes to my mind. And then do I remember: Okay, it means Windows 10 V1803.

All in all I would be much happier with names like Windows 10 V1803, V1809 etc.. You know immediately which version it means. Also Microsoft uses exactly this nomenclature within it kb articles describing monthly updates.

By the way: Microsoft has not revealed exactly when this new Windows 10 will be released. Probably in October 2018 – an escrow build for this release date does not seem to exist in development yet.

The 700 Millionen ‘Windows 10 systems’ hoax

As part of the IFA coverage (here is the English-language blog post where the announcement can be found), Microsoft also announced the number of 700 million active Windows 10 users. Anyone who follows Microsoft’s Windows 10 figures knows, that this figure isn’t new. This 700 Million Windows 10 users/systems has been mentioned at the departure of Microsoft VP, Terry Myerson, end of March 2017. Microsoft also mentioned this figure at BUILD 2018 conference.

This raises questions about the reliability of Microsoft’s figures. There could be several scenarios that explains that.

• The value mentioned in March 2017 was to high.
• The value of 700 Million Windows 10 users indicates, that Windows 10 market share stagnate since months.

Mary Foley speculates at ZDNet, that Microsoft holds back better figures for a bigger event (Ignite IT Pro conference end of September 2018). But I just say: What, if the figure of 700 million Windows 10 active user is true? Don’t know how many visitors populates the ‘panic room’ in Microsoft’s head quarter.

[German]On August 31, 2018, Microsoft not only revealed the new name for the Windows 10 V1809, but also released the Insider Preview Build 17751 of Windows 10. Now we have the 1st release candidate.

New Redstone 5 preview in Fast Ring

In addition to the following tweet with the announcement, Microsoft has traditionally announced details of the new Insider Preview Build 17751, which is available in the Redstone 5 branch for Insiders in the Fast Ring, in Windows Blog and also mentioned within this Tweet.

Announcing Windows 10 Insider Preview Build 17751 https://t.co/y5O9OILhgt

— Windows Blogs (@windowsblog) August 31, 2018

Without watermark, without expiration date

The change log mentiones that the watermark in the lower right corner of the desktop has been removed. People who downloaded and installed the new version reported that Winver no longer displays an expiration date for this build 17751.1 either. So this is like the first release candidate for ‘Windows 10 October 2018 Update’, but not yet a final build for version 1809.

The list of fixed problems in this build is quite extensive – from fixed blue screen to fixed explorer crashes in tablet mode. However, there are still problems, such as a non-opening browser in the Twitter PWA app or display problems with functions for easier operation. You can read all this here.

A brief information for administrators in enterprise environments. How to monitor the crash history of a large number of devices running Windows 10? Microsoft has an answer: Windows Analytics.

I came across this information via Twitter reading a post in Microsoft’s  Windows IT Pro channel.

#WindowsAnalytics Wednesday: How to quickly identify frequently crashing devices in your ecosystem with Device Health https://t.co/Ngj6xhLzs3 pic.twitter.com/fVEzelrZ93

— Windows IT Pro (@MSWindowsITPro) 29. August 2018

The keyword here is Device Healt (i.e. the device reliability), which can be displayed and evaluated with Windows Analytics. Device Health offers the following benefits:

• Identification of devices that frequently crash and may therefore need to be rebuilt or replaced.
• Identify device drivers that cause device crashes, with suggestions for alternative versions of these drivers that could reduce the number of crashes.
• Notification of Windows Information Protection misconfigurations that send notifications to end users.

Details may be found on the relevant Microsoft pages.

[German]A little tip for IT professionals who creates Windows reference install images with preinstalled software, using the Microsoft Deployment Tool (MDT). How to check whether all applications are included in the install image in an easy way?

MVP colleague Mick Pletcher have had this problem and searched for a simple solution. He wrote:

While building a new reference image, I always want to make sure every application got installed before the WIM is generated. I have done this in the past by placing a pause in the build immediately after the windows update post-application installation is completed. It definitely takes time for me to go through the list of apps and verify they are there.

During his search he found the file ZTIApplication.log, which is created during building the install image. This file contains the list of all applications and the return value after installation.

(Source: mickitblog.blogspot.com)

He then wrote himself a PowerShell script that queries this file and reports on all installations. All he has to do is look through the list to make sure everything is there. How he proceeded exactly and which command he uses is described here. Maybe it’s helpful to some of my blog readers.

[German]Short question to Windows 10 owners: Have the Windows 10 August 2018 updates appeared twice and with the text ‘Internal – Corpnet required’ within the list of upcoming updates?

The error description

Susan Bradley, who is engaged as moderator at patchmanagement.org, has recognized frequent reports of duplicate August 2018 updates on Windows 10. The duplicate updates are displayed on affected systems with the addition ‘Internal – Corpnet required’. If you search for the term ‘internal – corpnet required 2018-08 cumulative update’, there are many hits (1, 2, 3, 4, 5).

The above screenshot is from a Chinese version of Windows 10 V1803 and was posted in the Microsoft Answers forum. On superuser.com you can find the following screenshot of an English Windows with the same entry:

The affected person tried a fresh installation there, and the error was gone. According to what I saw during a web search, the problem has been occurring since August 2018 Patchday – first hits are from August 15, 2018.

In tensforum.com there is this entry, in which the whole thing is discussed. Internal – Corpnet Required] indicates that this update is intended as a test version for internal use at Microsoft.

Microsoft seems to have some problems with shipping updates to the right machines. Over the weekend, I reported in the German blog post Ups: Insider Build regulären Windows 10-Nutzern angeboten that Windows Insider Previews were offered to regular Windows 10 users. 

Is Microsoft aware of this issues?

I guess, Microsoft might be aware of this issue, because this article was published in the Microsoft Answers forum on August 17, 2018: 

internal corpnet required

Windows 10 1803 update 8 says [Internal – Corpnet Required] 2018-08 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4343909)

Volunteer Zackary Vanosdol writes that the error is known and gives hints for solving the problem. 

Hello! Sorry you are having this issue. Hopefully we can fix it.
Go to PC settings > update & Security > troubleshoot > windows update

Run the update troubleshooter here
Run a SFC scan

The affected user confirms that a multiple execution (3 – 4 times) of the update problem handling has eliminated the duplicate entry. Later on I found that this hint has also been given in local Microsoft Answers forums (spanish for instance) by Microsoft moderators.

Note: I like to mention, that the sfc command has been broken in Windows Server 2016 for months (see my old blog post Windows Server 2016: May 2018 Update bricks sfc).

Similar articles:
Win10 Wiki
Check and repair Windows system files and component store
Windows 10: Open command prompt window as administrator
Windows Server 2016: May 2018 Update bricks sfc
How to block Windows 10 updates
Windows: optional update ‘Intel – System – 8/19/2016’

[German]Users of Avast antivirus solutions seem to have been experiencing issues on Windows since late August 2018. This is probably due to an update to version 18.6.2349, which was released for Avast on August 28/29, 2018.

Bleeping Computer reports here that Avast and malware bytes are coming into the enclosure after the last Avast update.

Avast V18.6.2349 is causing issues

Since August 2018, some users have reported issues in the Avast support forum. Here is the text of the thread starter:

latest update causes avast to become unresponsive

update 18.6.2349, since this update avast randomly becomes unresponsive and causes my whole computer to do the same all programs hang and computer has to be force closed. I am not convinced that my computer is being protected whilst this is happening. you guys broke it when are you going to fix it or can I have a link to the previous version which gave me 0 problems.

I am using avast I.S  on windows 7 pro  and runs alongside malwarebytes.

I have done a repair and reinstalled avast to no avail. Been using avast for a number of years now but will most likely by changing when subscription runs out as this is unacceptable.

So this is about the update v18.6.2349 of the Avast Internet Security Suite. Under Windows 7 Pro Avast hangs sporadically after installing this update. The user writes that he is simultaneously using malware bytes as virus protection. 

In this Avast forum post a user reports that Avast’s v18.6.2349 update blocks access to the Internet. Neither Firefox nor Microsoft Edge could open web pages under Windows 10. Could be eliminated by disabling Avast Web Shield.

Collision with Malwarebytes

Another user has even set up a fresh installation of Windows 7 Ultimate with Avast Internet Security. The scanner already freezes during Smart Scan of the current Avast version. A user then indicates a conflict with malware bytes:

I have been reading numerous posts regarding Avast issues with users that also run Mbam (malwarebytes) along side. It may be worth your while to completely uninstall malwarebytes with their uninstall utility (mb-clean)
Reboot and see if your PC runs smoother.

Although Avast and Malware bytes could be run in parallel until now, problems seem to have occurred since the last Avast update. This thread in the Malwarebytes forum also points to a conflict – although it was already started on August 22, 2018. 

Well, it turns out that today there was an update of my Avast antivirus which I did and everything seemed perfect. Until recently I had to disable the “Web Protection” of Malwarebytes and there my problem arose.

When trying to reactivate the “Web Protection” does not work and if that was not enough, the Malwarebytes user interface does not respond. I tried to finish the process through the task manager and it does not work either, and doing it instantly also hangs the latter. Which leads me to do a manual shutdown of my pc.

This happens in my 2 pc. My questions are … Is there a list of exclusions for both Malwarebytes and Avast? o What is the cause of this serious problem? Attaching the respective registers of both Windows 8.1 and Windows 10

There, the user could no longer activate the web protection of malware bytes after the protection was switched off. The thread starter writes that he went back to a previous avast version and fixed the problem. As the thread progresses, it becomes apparent that the Real Site Protection avast function collides with Web Protection malware bytes. Avast developer Asyn tries a technical explanation and writes the following in Avast forum: 

Dev-Info: Hallo, I’m responsible for Real Site protection in the Avast product. I have tested both products several minutes ago, and problem is only in MalwareBytes Web Protection activation process. It hangs the MB product completely.

If I disable Real Site, enable MB WebProtection and then enable Real Site again, everything works well.

Some more technical pieces of information:
Malware Bytes is trying to filter the UDP traffic (probably DNS). It’s same as Real site does. If two products try to capture UDP traffic by Windows WFP technology, a UDP packet loop can occurs if it’s not implemented correctly. We found this problem with several other products. It’s caused by two WFP drivers, when each capture UDP packet generated by other, drop it and generate new one. But this new one is presented to first driver, captured, dropped, generated again and it can continue indefinitely.

We discussed the problem with Microsoft WFP developers, to try to find solution for the problem. Avast had some protection against this before, but it doesn’t work every time. Then we implemented new solution recommended by Microsoft.

I can see from driver debugging, that it works, when both components are active (as described above). Problem is just in WebProtection activation process (not under my control, no time for reverse engineering). Seems that the MB UDP filtering solution is not compatible with MS recommended solution, but anyway, if you use capture, drop, create and inject new packet scenario for the UDP traffic, it’s completely wrong and can cause conflicts with many products.

Disable real-time protection or remove Malwarebytes

The solution is to disable the Real Site Protection avast function or to disable real-time protection of malware bytes. In this post, a user suspects that the update results in an incorrect registration entry. He then listed the exceptions he defined in Avast in terms of malware bytes for the story to run again.

The other option would be to completely do without malware bytes. In the Avast forum thread linked above, someone posted a link to the Malwarebyte Clean Tool. This allows malware bytes to be removed in the hope that Avast will be able to fix this.

The Bleeping Computer article contains some hints to deactivate options. The case shows once again how unstable the whole topic of foreign virus scanners and Internet protection solutions, especially under Windows 10, have become. Under Windows 8.1 to Windows 10, Windows Defender virus protection is usually sufficient. Final question: Anyone affected by this problem?

Microsoft had released the Windows 10 Insider Preview Build 17744 for testers in the Slow Ring at the end of August (see Windows 10 Insider Preview Build 17744 in Slow Ring). Now Redmond has released an ISO installation file of this build. The download is possible for Windows Insiders after registering on this website.

Microsoft has released insider preview build 17754 for Windows 10 V1809 in Fast Ring. There has also been an update for build 17751.

he announcement was made on the Windows Blog, where you learn that this build no longer contains a watermark (and there is no expiration date). Microsoft says however, that it is not the final version of V1803 yet, as they have just started to check the final code for the release of Windows 10 V1803. The build seems to have been created last Friday, but may have been postponed in release to this week due to the Labor Day. Details about fixed bugs and known issues may be found within the blog post linked above.

German blog reader Christian also informed me yesterday afternoon by mail about an update for build 17751 (thanks for that).

Die Windows 10 Insider Preview 177

[German]Hey, I feel just Wow! Because Microsoft just announced, that Windows 7 will be supported until 2023. Isn’t that a good news for admins in enterprise environments?

Most of us was aware, that Windows 7 should reach end of life at January 14, 2020. After this day, no further security updates are available. That’s what Microsoft told us since years. But in a Monthy Python style, we have to say ‘Don’t mention the Windows XP disaster’.

End of Life: Windows 7 is resilent

Having a look at the figures, from netmarketshare.com for instance, shows, that Windows 7 still is used on 40.27 % of all desktop systems.

(Source: NetMarketShare)

Windows 10 is bobbing at 37,8 %, the remaining operating system variants for the desktop, from Windows 8.1 to Linux to macOS, are all under 10%. You don’t need rocket since to figure out, that Windows 7 will be fading out in January 2020, if the Windows 10 adoption rate stays that slow.

Microsoft has a hearth for enterprises – and their money

Within the blog post Helping customers shift to a modern desktop Microsoft places the bomb. Within a section titled ‘Windows 7 Extended Security Updates’, they write:

As previously announced, Windows 7 extended support is ending January 14, 2020. While many of you are already well on your way in deploying Windows 10, we understand that everyone is at a different point in the upgrade process.

With that in mind, today we are announcing that we will offer paid Windows 7 Extended Security Updates (ESU) through January 2023. The Windows 7 ESU will be sold on a per-device basis and the price will increase each year. Windows 7 ESUs will be available to all Windows 7 Professional and Windows 7 Enterprise customers in Volume Licensing, with a discount to customers with Windows software assurance, Windows 10 Enterprise or Windows 10 Education subscriptions. In addition, Office 365 ProPlus will be supported on devices with active Windows 7 Extended Security Updates (ESU) through January 2023. This means that customers who purchase the Windows 7 ESU will be able to continue to run Office 365 ProPlus.

Ok, support until January 2023 isn’t granted to all of us Windows 7 users. It’s only for companies, that accept to pay for Windows 7 Extended Security Updates (ESU), and it’s limited to Windows 7 Professional and Windows 7 Enterprise customers in Volume Licensing.

[German]In addition to extended (paid) support for Windows 7 until January 2023 (see Wow! Windows 7 get extended support until January 2023), Microsoft announced a change in the Windows 10 support model. There is now 30 months of support for new Windows 10 Autumn builds. For all other new Windows 10 builds there is 18 months support – except for the old builds (and a few other limitations). 

Old: Windows as a service with 18 months support

Till now, Microsoft has granted 18 months of support for Windows 10 builds. Exceptions are the LTSC variants of Windows 10 with 10 years support. Exceptions were also granted to various builds of Windows 10, whose support cycle had to be extended by Microsoft. I would like to remind you here of the article Windows 10 support for Clover Trail machines till 2023  – and my blog post Windows EOL dates differs for clients and servers.

Already in February 2018 Microsoft announced the extension of the support for Windows 10. The Windows 10 builds should get 24 months support (see the German article by Martin Geuß).

New: Windows as a service with 30 month support

In the blog post Helping customers shift to a modern desktop Microsoft announced its new support model for Windows 10:

• All currently supported feature updates of Windows 10 Enterprise and Education editions (versions 1607, 1703, 1709, and 1803) will be supported for 30 months from their original release date. This will give customers on those versions more time for change management as they move to a faster update cycle.
• All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of September (starting with 1809) will be supported for 30 months from their release date. This will give customers with longer deployment cycles the time they need to plan, test, and deploy.
• All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of March (starting with 1903) will continue to be supported for 18 months from their release date. This maintains the semi-annual update cadence as our north star and retains the option for customers that want to update twice a year.
• All feature releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (this applies to feature updates targeting both March and September).

Future spring feature updates fall back from 24 months support (announced in February 2018) to 18 months. The following picture with the support table shows an overview of this support model.

(Source: Microsoft)

German blogger Martin Geuß from Dr. Windows assumes that Microsoft will integrate the new features into new builds in the spring, while stability will be improved in the autumn builds. Addition: Meanwhile Microsoft has also updated the Life Cycle Fact Sheet.

The new ‘simplified’ model does not meet with enthusiasm everywhere. Susan Bradley expressed some thoughts at askwoody.com. And the following tweet says it all:

this is them trying to force everyone to a fall update pattern…it is dumb

— Brad Sams (@bdsams) 6. September 2018

Let’s see what else Microsoft comes up with and how the practice, i.e. the customers, will handle that. 

Similar articles:
Wow! Windows 7 get extended support until January 2023
Windows 10 support for Clover Trail machines till 2023
Windows EOL dates differs for clients and servers