[German]On January 12, 2019, Microsoft released a fix for affected Windows 7 systems to fix the issue caused by the January 2019 update when accessing network shares. 

What’s the problem?

Microsoft released security updates KB4480970 (Monthly Rollup) and KB4480960 (Security only) on January 8, 2018 for Windows 7 SP1 and Windows Server 2008 R2 SP1, that ends with some collateral damage.

• Many users were unable to access network shares after the update was installed. 
• The network issue also affects SMBv1 shares used by scanners or fax machines.
• Also users of client server software (like German DATEV customers) suffered from network errors accessing shares. 

I’ve addressed the topic within my blog post Network issues with updates KB4480970 and KB4480960. In this context, the article also includes a workaround (other than Uninstall Update) to allow access by changing the LocalAccountTokenFilterPolicy in the registry. 

The network issue occurred with users who belong to the group of administrators on the machine providing the network sharing. A configuration, you should avoid – but on most Windows computers people work with administrator accounts (default after installing Windows).

That would also be the reason why I wouldn’t have noticed the bug if I had installed the patch. Since Windows Vista I work with standard accounts. Only the use of the Media Creation Tool requires the login to the administrator account (Run as administrator is not enough). Under Windows 10 this method of working with standard accounts becomes more critical for admins. The reason: In the settings page administrative options are only visible if the user belongs to the group of administrators. A User Account Control to enable administrator features for standard users, like offered within the Control Panel, is not provided in the Settings app. 

Microsoft has confirmed the issue within the KB article and proposes to remove the user from the group of administrators as a workaround. Not a bad solution – but not everyone will be able or willing to follow this suggestion.

Microsoft provides a fix

German blog reader riedenthied pointed within this comment to Microsoft’s fix. Also some Readers commented here and here within my English blog, pointing to the fix (thanks for that). Within kb article 4487345 (Description of the update for Windows 7 SP1 and Windows Server 2008 R2: January 11, 2019) Microsoft released a fix for this issue.

This update resolves the issue where local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows 7 SP1 and Windows Server 2008 R2 machines after installing the January 8^th, 2019 security updates. This does not affect domain accounts in the local “Administrators” group.

The fix can be downloaded as a standalone update from Microsoft Update Catalog and must be installed manually.

Important: Undo your registry fix!

Within my blog post Network issues with updates KB4480970 and KB4480960 I had described a workaround that manipulates the LocalAccountTokenFilterPolicy in the registry so that access to network shares is also allowed for users of the Administrators group.

A short-term workaround, but with the disadvantage that the access to the network shares get an administrative token. This is clumsy from a security point of view (keyword: Ransomware accesses to shares). Whoever installs the above fix or removes the users from the administrator group should therefore undo a change made in LocalAccountTokenFilterPolicy.

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 0 /f

To do this, execute the above command in an administrative prompt. This command deactivates the policy again.

BTW: See also Susan Bradley`s article Patch Lady – That SMB issue isn’t SMB at askwoody.com.

Similar articles:
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Update KB971033/KB4480960/KB4480970 bricks Windows 7 Genuine (0xc004f200)Microsoft explains the Windows 7 KMS activation issue
Network issues with updates KB4480970 and KB4480960
Windows January 2019 Updates breaks access to Access DBs

[German]The updates Microsoft released on January 8, 2019, are causing major issues with Windows and other applications. Here’s a summary of what I’ve seen over the last few days.

The issue with the lost Windows 7 KMS activation was not a patchday problem by the way. It was caused by changes to the KMS activation scheme in connection with another installed update (see Microsoft explains the Windows 7 KMS activation issue).

I can’t judge it – but on German site heise.de I found this comment. There, a user complains that the eLicense client “eLicenser Control Center” from Steinberg suddenly no longer displays license keys on a Windows 7 computer.

Windows 7 network share issues

The two security updates KB4480970/KB4480960 for Windows 7 SP1 and Windows Server 2008 R2 prevented users from accessing network shares. I had discussed this within my blog post Network issues with updates KB4480970 and KB4480960.

This post were called up more than 20,000 times within a few hours. This issue is a clear sign, that many user accounts on the share server machines running Windows 7 SP1 or Windows Server 2008 R2 are in the group of administrator accounts.

This even affected normal users who use a all-in-one devices with scan feature. An error occurred as soon as the device tried to save scans or faxes via SMBv1 to a network share on a Windows 7 computer. The bug was not an SMB problem, as assumed, but was caused by the NTLM.

In the meantime, Microsoft has released a fix that must be manually downloaded and installed from the Microsoft Update Catalog. I have published details in the blog post Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960.

RDP is broken in Windows?

Within the last few days I have seen several posts reporting problems with RDP connections. No matter if it’s related to the update or not: Here’s a post at German site administrator.de that refers to Windows 10 V1709.

Within this comment, a German blog reader describes his RDP problems that showed an LSA error when attempting to connect to a remote system. He also describes how he got on the system without having to be physically present. Further sources like the comments here, here, here, here and here deal also with the RDP topic. The workaround described in the section Network issues with updates KB4480970 and KB4480960 should solve this problem. The better approach is, to apply patch mentioned within my blog post Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960.

Jet Database Engine Access 97 bug

Another problem that runs through all versions of Windows and was caused by the security updates of January 8, 2019, is access to databases in Access 97 .mdb format. When opening such a database, an error may occur indicating that the database has an incorrect format.

I’ve described the problem within the blog post Windows January 2019 Updates breaks access to Access DBs and outlined workarounds there. Meanwhile Microsoft has confirmed the bug in the known-issues of all KB articles and provided it its own workaround. I have summarized some information and considerations within the blog post Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates.

Further issues (Office, Windows)

Within this comment at German site heise.de a user complains that his Office 365 no longer wants to work with SharePoint 2016 (OnPremise). Whether it is an update bug or a misconfiguration, I cannot judge.

Update KB4468742 (Update Rollup 25 For Exchange 2010 SP3) appears to cause collateral damage to Exchange 2010. Blog reader Lothar referred to this Spiceworks post (thank you). The update causes installation issues (extremely slow installation, rollbacks etc.).

Also Windows 10 users seem to be plagued by a number of bugs. MSPowerUser has an article here, in which a number of messages from Twitter and forums about problems have been collected.

If you have more bugs, you can leave a comment. Admins and service providers should be kissing Microsoft’s feet, your job is secured – isn’t it?

Similar articles:
Microsoft Office Patchday (January 2, 2019)
Office 2010 Updates for January 2019 has been pulled
Microsoft Security Update Summary (January 8, 2019)
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Patchday Microsoft Office Updates (January 8, 2019)
Microsoft Patchday: Other Updates January 8, 2019

Update KB971033/KB4480960/KB4480970 bricks Windows 7 Genuine (0xc004f200)
Microsoft explains the Windows 7 KMS activation issue
Network issues with updates KB4480970 and KB4480960
Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960

Windows January 2019 Updates breaks access to Access DBs
Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates

A short note for people who using PowerShell. On January 8, 2019, Microsoft also closed a vulnerability in PowerShell with security updates. This affects the loopback behavior of the PowerShell. 

The Windows security patch CVE-2019-0543 closed an Elevation of Privilege vulnerability in PowerShell. This occurred because Windows handled authentication requests improperly. An attacker could exploit this vulnerability by running a specially developed application on the affected system. The update fixed the vulnerability by correcting the way Windows handles authentication requests.

This security patch affects local loopback remoting when a PowerShell remote connection is made to the same machine and no administrator credentials are used. By default, PowerShell remoting endpoints do not allow access to non-administrator accounts. However, you can change endpoint configurations or create new custom endpoint configurations that allow access to non-administrator accounts. 

So you are not affected by this change unless you explicitly set up loopback endpoints on your computer to allow access to non-administrator accounts. What there is to know is collected by Microsoft in the MSDN blog post Windows Security change affecting PowerShell.

[German]On January 15, 2018, Microsoft released a Preview Rollup Update KB4480969 for Windows 8.1 and Windows Server 2012 R2. Here is some information.

The updates for Windows 7 are listed on this website, while the updates for Windows 8.1 are listed on this website. There was no Preview Rollup Update for Windows 7 SP1 until this article was written. 

KB4480969 for Windows 8.1/Windows Server 2012 R2

Update KB4480969 is available for Windows 8.1 and Windows Server 2012 R2 as Preview of Monthly Rollup. This is not a security update. The preview rollup addresses the following issues:

• Addresses an issue that may prevent some applications from displaying the Help (F1) window correctly. 
• Addresses an issue in the Universal CRT that sometimes causes the AMD64-specific implementation of FMOD to return an incorrect result when given very large inputs. FMOD is frequently used to implement the modulo operator in JavaScript and Python implementations that use the Universal C runtime.
• Addresses an issue that may cause third-party applications to have difficulty authenticating hotspots.

In addition to a bug that prevented F1 from calling help in various applications, the hotspot logon problem for third party logons has also been fixed. The update is offered via Windows Update, but can be downloaded manually via Microsoft Update Catalog.

Access database bug unfixed

My hope that the access problem to Access 97 MDB databases in the Jet Database Engine (see Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates and article links at the end of this article) was fixed did not prove to be true. Microsoft still lists the following passage in the ‘known issue’ section of the KB article:

Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. he database will fail to open with the error, “Unrecognized Database Format”.

Microsoft promises a fix until the beginning of February 2019, but I am not sure whether it will come to the February 2019 patchday. Some workarounds are suggested in the KB article. What to think about it, I had discussed in the article Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates.

Similar articles:
Microsoft Office Patchday (January 2, 2019)
Office 2010 Updates for January 2019 has been pulled
Microsoft Security Update Summary (January 8, 2019)
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Patchday Microsoft Office Updates (January 8, 2019)
Microsoft Patchday: Other Updates January 8, 2019

January 2019 patchday issues
Update KB971033/KB4480960/KB4480970 bricks Windows 7 Genuine (0xc004f200)
Microsoft explains the Windows 7 KMS activation issue
Network issues with updates KB4480970 and KB4480960
Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960

Windows January 2019 Updates breaks access to Access DBs
Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates

[German]Another little conspiracy theory about the forced upgrade from Windows 7 systems to Windows 10. I just read a report that someone found GWX on a Windows 7 system. GWX doesn’t upgrade this time, but some old GWX tasks are still running.

Some GWX background

In the period from July 2015 to July 2016, Windows 7 and Windows 8.1 were upgraded to Windows 10 free of charge. Microsoft delivered the GWX program as part of updates to this system. With the GWX app, the user could then upgrade from Windows 7/8.1 to Windows 10 free of charge.

The way Microsoft tried to lure users to upgrade to Windows 10 led to a lot of trouble, problems and a some lawsuits. Meanwhile, several lawsuits have come to an end claiming damages from affected users. At the end of the free upgrade period, Microsoft shipped an update to Windows 7/8.1 machines that disabled the GWX app. I had reported in the 2016 blog post Windows 7/8.1: Update KB3184143 removes Get Windows 10 app.

Although there was always the suspicion that the GWX app was back – see my article Some confusion about Updates KB2952664/KB2976978  from 2016,. It turned out that the GWX app came to the systems as part of reliability updates. The functionality for the ‘forced upgrade’ to Windows 10 was no longer included. A Microsoft spokesperson told InfoWorld that the updates in question did not include code to upgrade to Windows 10.

There is no Get Windows 10 or upgrade functionality contained in this update. This KB article is related to the Windows Update and the appraiser systems that enables us to continue to deliver servicing updates to Windows 7 and Windows 8.1 devices, as well as ensure device and application compatibility.

However, the question arises why GWX is still rolled out with updates for Windows 7 and 8.1. Because Microsoft distributes the nice reliability updates KB2952664/KB2976978 with nice regularity.

Keep reliability updates away

Many users therefore try to keep Windows 7 SP1 systems ‘clean’ and block reliability updates (for upgrading to Windows 10). However, it doesn’t seem that easy, since Microsoft uses many ways to get the updates to the system. A few days ago I blogged about a user experience, that Updates KB2952664/KB2976978 has been blocked but have been installed even though (see my German blog post Zwangsinstallation der Windows 7/8.1 Updates KB2952664/KB2976978 (Januar 2019)?). It became clear that it might be a wrong update setting (it’s required to set Windows 7 update that updates are downloaded and installed, only if the user accept that). A blog reader pointed within a comment to a statement from askwoody.com.

“As of the 2018-09 Preview Rollup, and continuing with the monthly Rollups from 2018-10 Monthly Rollup onward, Microsoft has included the functionality of KB2952664 in the Rollups. It is no longer a separate patch and cannot be uninstalled separately from the Rollup. “CompatTelRunner.exe” is a part of this functionality.”

In other words: As soon as someone installs Rollups or Preview Rollup Updates, the respective routines are applied to the system.

GWX found on a Windows 7 system

Yesterday I stumbled uppon the article I found a Windows 7 PC still infected with GWX (Get Windows 10) software, dated January 14, 2019, from Michael Horowitz. Michael wrote that he just found a Windows 7 PC, which was still trying to upgrade to Windows 10. He found some attempts in the Event Viewer logs.

Bugfixes were last installed on the affected computer on December 3, 2018, i.e. the system was at the patch level of November 2018. The machine’s event log indicated that GWX (Get Windows 10) tasks were scheduled. Michael then looked at the Task Scheduler’s entries using NirSoft’s TaskSchedulerView program.

(Source: Michael Horowitz)

Sorting the list to display the most recently executed tasks produced a task called Time-5d, which executed the GWX.exe program in the C:\Windows\system32\GWX folder. The program runs every day and Horowitz could not disable the task, not even as an admin user.

There was another task (refreshgwxconfig-B) that is executed every day. The program schtasks.exe is running and cannot be deactivated. A third GWX task, Logon-5d, was executed at user logon. This also executes the GWX.exe program and, like the others, could not be deactivated.

(Source: Michael Horowitz)

A quick look at the folder C:\Windows\system32\GWX showed that the program GWX.exe was created on May 7, 2015. The same applied to the other GWX-related programs. A check of various task scheduler entries revealed that none of the tasks from the Microsoft\Windows\Setup\GWXTriggers group had been executed. Since he could not disable the tasks and rename the GWX.exe, he renamed the parent folder. More details can be found within the article from Michael Horowitz.

The reason still unclear

For me it is unclear why the files and tasks are still on the Windows 7 system. Maybe it’s old remnants from 2015 – that’s also, what Michael Horowitz suppose (something went wrong during uninstalling).

[German]On January 15, 2019, Microsoft released several cumulative updates for the supported Windows 10 builds. Here are some details about each update and the known issues.

For a list of updates, visit this Microsoft Web page. I’ve pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 October 2018 Update (Version 1803). 

Update KB4480976 for Windows 10 Version 1803

Cumulative update KB4480976 raises the OS build to 17134.556 and contains quality improvements but no new operating system functions. Here is the list of fixes: 

• Addresses an issue in Microsoft Edge that fails to trigger the focusin event if the focus event listener of an element shifts focus to another element. 
• Addresses an issue that prevents sharing and timeline features and roaming settings from working for accounts that use Chinese, Japanese, and Korean languages. 
• Addresses an issue that may prevent some applications from displaying the Help (F1) window correctly. 
• Addresses an issue that causes power options to appear on the Windows security screen when the per user group policy to hide power options is set. 
• Addresses an issue that prevents links for certain compressed file formats from resolving.
• Addresses an issue that causes BitLocker Network Unlock to fail on generation 2 virtual machines when it’s used in a network that only supports IPv4. 
• Addresses a privacy issue with apps that obtain the BroadFileSystemAccess capability without a user’s consent. 
• Addresses an issue in which WAM logging causes some applications such as Microsoft Office to stop working. 
• Addresses an issue that causes catalog signed scripts, including those shipped as part of Windows, to incorrectly generate a Windows Defender Application Control (WDAC) failure audit event. 
• Addresses an issue in which Windows Driver Frameworks causes high CPU utilization. As a result, the user-mode driver stops working when the device resumes from Hibernate (S4). 
• Addresses an issue that may cause a 30-second delay when deleting or renaming a link in a Distributed File System (DFS) Namespace. Additionally, renaming a folder may take 30 seconds when multiple users work in a group share simultaneously, and File Explorer stops responding. 
• Addresses an issue that prevents you from overwriting a file in a shared folder because of an Access Denied error when a filter driver is loaded.
• Addresses an issue that may cause third-party applications to have difficulty authenticating hotspots. 
• Addresses an issue that may cause a blue screen to appear when a Thunderbolt storage device is attached.

The update is distributed via Windows Update, but should also be available via WSUS or the Microsoft Update Catalog. Manual installation of the update requires the current Servicing Stack Update (SSU) KB4477137 (Microsoft Update Catalog) to be installed. This is ensured when installing via Windows Update. 

Known issue with this update

Microsoft is aware of the following issues with this update: An installed .NET Framework Preview des Quality Rollup dated September 11, 2018 causes problems. It may raise an exception when instantiating SqlConnection. For more information about this issue, visit the Microsoft Knowledge Base.

After installing this update, some users will no longer be able to place a web link in the Start menu or taskbar. Microsoft has been working on a solution to this problem since December and will release a fix in upcoming updates.

Furthermore, the bug when accessing Access 97 MDB databases in the Jet Database Engine is unfixed. 

Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. he database will fail to open with the error, “Unrecognized Database Format”.

Microsoft promises a fix until the beginning of February 2019, but I am not sure whether an update will be come to the February 2019 patchday. Some workarounds are suggested in the KB article. What to think about it, I had discussed in the article Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates.  

Updates for Windows 10 Version 1709

The following updates are available for Windows 10 Fall Creators Update (version 1709).

Update KB4480967 for Windows 10 Version 1709

Cumulative update KB4480967 for Windows 10 Version 1709 (Fall Creators Update) raises the OS build to 16299.936 and contains quality improvements as well as the following problem fixes: 

• Addresses an issue in Microsoft Edge that fails to trigger the focusin event if the focus event listener of an element shifts focus to another element. 
• Addresses an issue that may prevent some applications from displaying the Help (F1) window correctly. 
• Addresses an issue that may cause an application to stop working when converting long Kana to Kanji using a combination of predictive and non-predictive input. 
• Addresses an issue in a multi-monitor configuration that causes a window to unexpectedly move to a different monitor when reconnecting to an existing user session. 
• Addresses an issue in which the desktop wallpaper image set by a group policy will not update if it has the same name as the previous image.
• Addresses an issue that causes BitLocker Network Unlock to fail on generation 2 virtual machines when it’s used in a network that only supports IPv4. 
• Addresses an issue that causes catalog signed scripts, including those shipped as part of Windows, to incorrectly generate a Windows Defender Application Control (WDAC) failure audit event.
• Addresses an issue that causes Scheduled Tasks created in a disabled state to not run. 
• Addresses an issue that prevents you from overwriting a file in a shared folder because of an Access Denied error when a filter driver is loaded.
• Addresses an issue that may cause third-party applications to have difficulty authenticating hotspots. 
• Addresses an issue that may cause a blue screen to appear when a Thunderbolt storage device is attached.

• Addresses an issue that may display the error code “0x139” for the RNDISMP6!KeepAliveTimerHandler when connecting to a Remote Network Driver Interface Specification (RNDIS) device.

The update is distributed via Windows Update, but can also be downloaded via Microsoft Update Catalog. Manual installation of the update requires the current Servicing Stack Update (SSU) KB4477136 to be installed. This is ensured when installing via Windows Update.

Microsoft is aware of the following issues with this update: An installed .NET Framework Preview des Quality Rollup dated September 11, 2018 causes problems. It may raise an exception when instantiating SqlConnection. For more information about this issue, visit the Microsoft Knowledge Base.

Furthermore, the bug mentioned in the previous section is unfixed when accessing Access 97 MDB databases in the Jet Database Engine. 

Updates for Windows 10 Version 1703

For Windows 10 Version 1703 there is the update KB480959, which is only available for Enterprise and Education. The update raises the OS build to 15063.1596. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed before manual installation. Details, including known issues, can be found in the KB article.

Similar articles:
Microsoft Office Patchday (January 2, 2019)
Office 2010 Updates for January 2019 has been pulled
Microsoft Security Update Summary (January 8, 2019)
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Patchday Microsoft Office Updates (January 8, 2019)
Microsoft Patchday: Other Updates January 8, 2019

Windows 8.1 Preview Rollup Update KB4480969 (01/15/2019)

January 2019 patchday issues
Update KB971033/KB4480960/KB4480970 bricks Windows 7 Genuine (0xc004f200)
Microsoft explains the Windows 7 KMS activation issue
Network issues with updates KB4480970 and KB4480960
Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960

Windows January 2019 Updates breaks access to Access DBs
Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates

[German]Microsoft also released the update KB4487181 for the Windows 10 Insider Preview Build 18312 in Fast Ring on January 15, 2018. Here is some more information about this update.

I became aware of this update via Twitter the night before – Jen Gentleman from Microsoft announced this.

Hey #WindowsInsiders – we’re sending out a small update to Fast to address a few things with 18312. The update will be KB4487181 (18312.1007) – staggered rollout, if you don’t see it yet hold tight

Details here: https://t.co/5hvEvwcakv pic.twitter.com/yRvC1cvcym

— Jen Gentleman (@JenMsft) 15. Januar 2019

Details about that update may be read within the Windows Blog, where Windows 10 Insider Preview Build 18312 has been announded. Here are the fixes:

• We fixed an issue resulting in File Explorer unexpectedly having a lock on USBs when trying to safely eject them.
• We fixed an issue resulting in frequent bugchecks (GSODs) in the last two flights, citing an error with bindflt.sys.
• We fixed an issue where a password change can result in the next unlock hanging for AD users.

Cumulative update KB4487181 will raise the OS build to 18312.1007.

Microsoft just released Windows 10 Insider Preview Build 18317 in Fast Ring. This is the 19H1 development branch, which will be released in spring 2019. This release will separate Search and Cortana.

The announcement and a description of the new features can be found in the Windows Blog. There are some new features that Microsoft lists for the new build.

Separating Search and Cortana

Microsoft announce, they will decoupling Search and Cortana in the taskbar. This will enable differenc each experiences. Clicking the search box in the taskbar now launches the search. Clicking the Cortana icon will launch Microsoft’s voice-first digital assistant experience.

Improving Start reliability

Up until now Start in Windows 10 has been hosted by something called ShellExperienceHost.exe. Microsoft ist separating Start experience into its own process, called StartMenuExperienceHost.exe. This has a number of benefits, including simplifying debugging and insulating Start from potential issues impacting other surfaces.

A Better Font management experience in Settings

Insiders can now drag and drop font files from File Explorer into the modern Settings > Fonts page to install them. After installation, click on the font in the Font page, to view the different font faces associated with the font and all the details of the font. You can also uninstall the font from this font details page. Drag and drop font installation by default is installed as a per-user font which does not require elevation, hence it will not be available for other users. To install the font for all users in the device, use the “Install for all Users” option by right clicking the font on file explorer.

A simpler Windows Insider Program Settings page

Microsoft introduces a simplified Windows Insider Program Settings page via Settings > Update & Security > Windows Insider Program with Build 18317. The goal is to make the end-to-end experience of signing up for the Windows Insider Program and setting up your PC to take new builds much easier by simplifying the experience and removing some of the clutter. You’ll find that all the same functionality is still there.

Under “Pick your Insider settings” is where you can change your Insider ring on your PC.

Windows Console Updates and general improvments

Microsoft made several fixes & improvements in Windows Console in and leading up to build 18317. Beside this, there are many improvents and fixes enlisted within this blog post.

[German]Microsoft has announced the start of the general rollout of Windows 10 October 2018 Update (Version 1809). This build has been made available again since November 2018. Any user can now install this version, as long as the target hardware is compatible.

The rocky road of the Windows 10 V1809 release

Windows 10 V1809 (October 2018 update) was the version, which was released on October 2, 2018.  Advanced users has been able to install this feature upgrade manually (via Update search or via Media Creation Tool). 

However, Microsoft has to stop this rollout due to major issues (see Windows 10 V1809: Rollout stopped). After updating some users discovered in certain scenarios that user data had been completely deleted. It only affected a few users, according to Microsoft. But the manufacturer decided to withdraw this feature update on October 6, 2018. It took a few days for Microsoft to explain the cause of this fatal error.

Then more and more issues has been uncovered, so Microsoft added a longer list of upgrade blocker conditions to it’s Windows 10 update history page (see also the links at my article’s end). On November 13, 2018, Microsoft re-released Windows 10 V1809 for advanced users (see Windows 10 V1809: Re-release on Nov. 13/14, 2018?), and begun to fix the reasons for upgrade blockers step by step. Mid December 2018 Microsoft announced, that Windows 10 V1809 may be upgraded via Windows Update search (see my blog post Windows 10 V1809: Available via update search).

Windows 10 V1809 stable enough for rollout

On January 16, 2019 Microsoft has updated the rollout status of Windows 10 V1809 within the Windows 10 Update History page. The rollout status is now indicated as:

Windows 10, Version 1809 Rollout Status as of January 16, 2019

• We are now starting our phased rollout to users via Windows Update, initially offering the update to devices we believe will have the best update experience based on our next generation machine learning model. 
• Fully available for advanced users who manually select “Check for updates” via Windows Update.

But this rollout is done in waves, first on machines that Microsoft assumes are compatible with the new version. The rollout will then be successively expanded on the basis of machine learning models. Users who can’t wait any longer can do a Update search on the settings page and should then be offered the feature update to Windows 10 V1809.

The background for the announcement on the Windows 10 Update History page is probably the cicumstance that Microsoft and Morphisec announced that they solved the issue with the Morphisec Protector as of January 15, 2019. Software created with older versions of the Morphisec Software Development Kit (SDK) (e.g. Cisco AMP for terminals) caused problems. This protection software may have caused trouble saving documents via Save As in Microsoft Office applications.

Similar articles:
Windows 10 V1809: Rollout stopped
Windows 10 October Update (Version 1809): (Upgrade-) FAQ
Windows 10 V1809: Unicode font fallback bug
Windows 10 V1809: Re-release on Nov. 13/14, 2018?
Windows 10 V1809: Write bug in ZIP feature
Windows 10 V1809: ZIP bug confirmed
Windows 10 V1809: Update KB4464455 fixes ZIP bug
Windows 10 V1803: File type association broken?
Windows 10 V1809: Intel graphic drivers as upgrade blocker
Windows 10 V1809: Network mapping broken
Windows 10 V1809: Upgrade deactivates Build-In Administrator
Windows 10 V1809: NVidia hibernation issue & Edge bug
Windows 10 V1809: Available via update search
Windows 10 V1809: Developer mode blocks Feature Upgrade
Windows 10 V1809: Morphisec Protector blocks upgrade
Windows 10 V1809: Morphisec Protector is compatible

[German]Brief information for Windows 10 users: Microsoft has re-released its KB4023057 reliability update for Windows 10 (versions 1507 through 1803) on January 16/17, 2018. Some users are receiving an update error code 0x80070643.

I suppose, the re-release of the update KB4023057 should have to do with the resumption of the rollout (see Windows 10 V1809 announced as ‘general available’). At the moment the KB4023057 article hasn’t been changed – I got aware of the re-release via the hint at deskmodder.de. Here is some more information, what you should know.

What is Update KB4023057 for?

Update KB4023057, titled ‘Update to Windows 10, versions 1507, 1511, 1607, 1703, and 1709 for update reliability’, is cyclically rolled out by Microsoft. It is available for Windows 10 V1507 (RTM version) up to version 1803 (but not for the current version 1809). Microsoft writes within the KB article on the update that this brings improvements in the reliability of the Windows Update service.

This update includes reliability improvements to Windows Update Service components in Windows 10, versions 1507, 1511, 1607, 1703, 1709, and 1803. It may also take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

This update includes files and resources that address issues that affect the update processes in Windows 10 that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows 10.

This is in fact the same text as for the September and December 2018 releases. So Microsoft leaves its users pretty much in the dark as to what exactly is to be improved in reliability

Available via Windows Update

The update is only available via Windows Update, i.e. no download from the Microsoft Update Catalog or distribution via WSUS. Can also be interpreted in this way: Business users with WSUS & Co. won’t get this update – Windows 10 Home users are ‘guinea pigs’. Microsoft is testing the stuff on private customers and in small companies with individual Windows 10 Pro computers. Woody Leonhard also has a few words on the update at askwoody.com.

The update is causing issues

The update deeply interferes with the existing Windows 10 installation, cleans user-set update blockers, creates free disk space on the system drive if necessary, resets the network connection and more. More details may be found in my blog post Windows 10: Update KB4023057 released (Sept. 6, 2018). Within my blog post Windows 10: Update KB4023057 released (Dec. 7, 2018) I also gave some hints that this update (at least in some variants) will be installed as an app.

Among other things, it causes people who have blocked the update to get it anyway – see my article for more details. In this article I also touched on some of the problems that users have experienced in the past when installing the update.

Update drops error 0x80070643

The colleagues from deskmodder.der mention in the article here that users who have already installed older versions of the update may receive the error code 0x80070643 (ERROR_INSTALL_FAILURE, Serious installation error) when reinstalling. The error also occurs in previous releases of this update in the forums (e.g. here and here). Remedy should be to uninstall the existing update and restart the system. Addendum: Within my German blog I got some user feedback, that uninstalling the update and rebooting fixed error 0x80070643 .

Similar articles:
Windows 10: Update KB4023057 released (Dec. 7, 2018)
Windows 10 reliability update KB4023057 (02/08/2018)
Windows 10: Update KB4023057 re-released
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Windows 10: Update KB4023057
Windows 10: What is REMSH.exe for?
Windows 10: Update KB4023057 released (Sept. 6, 2018)
Windows 10: What are Rempl.exe, Remsh.exe, WaaSMedic.exe?
Windows 10 V1809 announced as ‘general available’

[German]Microsoft has released the night (17.1.2019) a cumulative update KB4480977 for Windows 10 V1607 and Windows Server 2016. This is supposed to fix some bugs, but it has a whole latte of known issues.

The information can be found in the Windows 10 Update History page. Note that support for Windows 10 version 1607 expired on April 10, 2018. Windows 10 Home and Windows 10 Pro do not get this update anymore. However, the LTSC versions are still supported until October 2026. Additionally, Microsoft has promised updates for systems with Intel “Clovertrail” chipset until January 2023.

Update KB4480977 for Windows 10 V1607

Update KB4480977 is available for the above mentioned Windows 10 V1607 variants and for Windows Server 2016. The January 17, 2019 update raises the OS build to 14393.2759 and includes the following improvements and fixes:

• Addresses an issue in Microsoft Edge that fails to trigger the focusin event if the focus event listener of an element shifts focus to another element. 
• Addresses an issue in which the desktop lock screen image set by a group policy will not update if the image is older than or has the same name as the previous image. 
• Addresses a reliability issue during which File Explorer stops working without self-recovery after at least several days of uptime. 
• Addresses an issue that causes BitLocker Network Unlock to fail on generation 2 virtual machines when it’s used in a network that only supports IPv4. 
• Addresses an issue that causes catalog signed scripts, including those shipped as part of Windows, to incorrectly generate a Windows Defender Application Control (WDAC) failure audit event. 
• Addresses boot failure issues that occur when you restart certain hyperconverged infrastructure (HCI) virtual machines. 
• Addresses issues with taking snapshots on hyperconverged Storage Spaces Direct (S2D) cluster nodes. 
• Addresses an issue that causes Scheduled Tasks created in a disabled state to not run. 
• Addresses an issue that prevents volumes from going online as expected when you add back drain nodes during maintenance. 
• Addresses an issue that prevents you from overwriting a file in a shared folder because of an Access Denied error when a filter driver is loaded.
• Addresses an issue that may cause third-party applications to have difficulty authenticating hotspots. 
• Addresses an issue that fails to decrement the dirty region tracking reference count when a storage repair job is running on hyperconverged Storage Spaces Direct (S2D) cluster nodes.
• Addresses an issue that causes the PowerShell Desired State Configuration (DSC) pull server to return “ResourceNotFound (404)” after the Internet Information Services (IIS) application pool is recycled. The Application Log contains Extensible Storage Engine (ESENT) Event ID 623, which indicates that the store version is incorrect. This update adds functionality to configure the version store size to resolve this issue. For more information, see KB4487527.
• Addresses an issue that causes RemoteApp windows to disappear and reappear intermittently on Windows Server 2016.
• Addresses an issue that throws an exception when instantiating SqlConnection after you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update.

In addition, improvements to Windows Update are made through a direct update to improve the reliability of the Windows Update Client. The update is offered as soon as the settings are checked for updates. It is also available for download via the Microsoft Update Catalog installation requires the presence of the latest SSU (KB4465659, Microsoft Update Catalog).

Known issues …

The KB article lists a whole bunch of know issues, caused by this update. Here is a rough overview:

• System Center Virtual Machine Manager (SCVMM) managed workloads are noticing infrastructure management issues after VMM refresh as the Windows Management Instrumentation (WMI) class around network port is being unregistered on Hyper-V hosts.
• After installing this update on Windows Server 2016, instant search in Microsoft Outlook clients fail with the error, “Outlook cannot perform the search”.
• After installing KB4467691, Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM.
• After changing file association defaults, some icons in the taskbar appear incorrectly.
• Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Some of these known issues were already mentioned in the previous update or were discussed in separate articles here within my blog. Microsoft suggests various workarounds for the isses, which are described in the kb articles.

Similar articles:
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Network issues with updates KB4480970 and KB4480960
Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960
January 2019 patchday issues
Windows 10 Network bug in all versions, fix are planned

Microsoft has released version 2 of the cumulative update KB4476976 in the Release Preview Ring for Insiders for Windows 10 V1809. Version 1 of the update KB4476976 was released by Microsoft in the Release Preview Ring a few days ago (see my article Windows 10 V1809: Update KB4476976 in Release Preview Ring). Version 2 of the update raises the build to 17763.292. There are no details about changes to version 2 available yet. Colleagues from German site deskmodder.de have provided the download links here.

[German]Microsoft recently released Fix KB4487345 to fix the network bug in Windows 7 Service Pack 1 and Windows Server 2008 R2. Now there are users claiming, that this fix should not work on Windows Server 2008 R2.

What is the network bug about?

The KB4480970 (Monthly Rollup) and KB4480960 (Security only) updates released on January 8, 2018 for Windows 7 SP1 and Windows Server 2008 R2 SP1 caused collateral damage.

• Many users were unable to access (administrative) network shares after the update was installed.
• The network problem also affects SMBv1 shares used by scanners or fax machines.
• DATEV users also suffered from the fact that access to network shares no longer worked. And I’ve has some Feedback, about connection issues to Exchange Server.

I had described the problem regarding network access in more detail in the blog post Network issues with updates KB4480970 and KB4480960. A workaround was also posted there: Changing the LocalAccountTokenFilterPolicy in the registry allowed access network shares again.

Microsoft delivers the Fix KB4487345

Microsoft released the KB article Description of the update for Windows 7 SP1 and Windows Server 2008 R2: January 11, 2019 and provided a fix (KB4487345) for the issue in 2019.

This update resolves the issue where local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows 7 SP1 and Windows Server 2008 R2 machines after installing the January 8^th, 2019 security updates. This does not affect domain accounts in the local “Administrators” group.

The fix can be downloaded as a standalone update from the Microsoft Update Catalog, but must be installed manually. I’ve covered this within the article Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960. I assumed that the fix would solve the problems of accessing shares of administrative accounts. In other words, the LocalAccountTokenFilterPolicy change in the registry mentioned above is no longer required. For security reasons you should disable this policy again.

At AskWoody a user mentioned, that update KB4487345 from Microsoft Update Catalog substitutes:

• Update für Windows 7 (KB3121255)
• Update für Windows 7 (KB3156417)

Also two readers gave me feedback, that KB4487345 solved the All-in-one device network issue (scan to SMBv1 shares) and also the Exchange Server access issues.

Isn’t the fix working?

However, I have now received two feedback in the blog about the following comments that the Microsoft fix KB4487345 does not solve the problem of blocked access to network shares. In this comment blog reader Sebastian writes:

we have two computers in an external administration that had the problem.

Unfortunately the patch of MS didn’t solve the problem?
It was installed, “Client” and “Server” were restarted but access was not possible. – has anyone else experienced this?

Only after setting the RegKey – we could access the shares.

As a ‘single incident, I didn’t discuss it any further at first. Now a second comment arrived a few hours ago:

KB4487345 doesn’t fix the problem of the share access contrary to the KB article description. This requires the registry entry. Tested here on several 2008R2 servers.

This is the point where I put the topic up for discussion in a separate blog post here. I can’t test it currently (and I don’t have any servers running anyway). Did the fix (without changing the LocalAccountTokenFilterPolicy in the registry) fix your access problems to network shares? Or was the adjustment of the registration entry still necessary? In this case the fix is pretty useless.

Similar articles
Network issues with updates KB4480970 and KB4480960
Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960

[German]Under Windows 10, several users seem to have problems installing HIDClass driver updates for HP devices. HID stands for Human Interface Device.

On Windows Latest there is this article reporting the problem. Apparently HP-HID drivers are rolled out via Windows Update for Windows 10. But their installation leads to the update error 0x800703e3.

HP HIDClass fails to install with error 0x800703e3 on Windows 10? Here’s the fix https://t.co/I8NWD7abKw pic.twitter.com/f6PFBi2zZs

— Windows Latest (@WindowsLatest) 18. Januar 2019

The above tweet is from Windows Latest and contains a screenshot of the issue. Here is another tweet. You can find this post in the HP-Forum:

Updating Error 0x800703e3

Product: HP Pavilion Laptop 14-Ce0xxx

Operating System: Microsoft Windows 10 (64-Bit)

I received some updates this morning but the HP Inc. – HIDClass – 10/30/2018 12:00:00 AM – 2.1.8.1 fails to update due to error 0x800703e3,

So I downloaded the file manually from http://www.catalog.update.microsoft.com/Search.aspx?q=hp+wireless+button but I don’t know how to install it.

Also on Twitter, users (mostly Asian sites) report installation problems and the update install error

HP Inc. – HIDClass – 10/30/2018 12:00:00 AM – 2.1.8.1 – Error 0x800703e3

Affects Windows 10 V1803 and also V1809 as far as I have seen.

Workaround: Install driver manually

If you have downloaded the desired driver manually (see the link above in the forum post quote), you can process the steps below.

1. Go to the Microsoft Update Catalog and look for the ‘hp wireless button’ update. You can also access the page from here.

2. On the page, locate the driver supported by your Windows 10 installation. You can download the driver as a .cab file.

3. Create a folder and double-click the .cab file. Then copy the three files from the .cab archive into the newly created working folder.

4. Right-click the .inf file and select the Install command from the context menu.

Follow the advices to install the driver. Afterward let Windows Update search for updates. Now you should be able to install the latest HP driver updates without an error. Maybe it will help.  (via)

Microsoft’s CEO Satya Nadella indicated last week in an interview with journalists that Microsoft 365 will also be available for consumers (i.e. outside corporate environments).

Microsoft introduced Microsoft 365 for corporate environments in mid-2017. It is a subscription based model in which companies can rent Windows 10, the Office 365 portfolio and Enterprise Mobility + Security (a collection of functions equipped with identity and device management tools) for their employees. 

The rumor that Microsoft is planning a Microsoft 365 product has been around for quite some time. In an interview with CNBC, Mr. Satya Nadella announced Microsoft’s plans. According to Nadella, Microsoft is carefully tracking the number of devices running Windows 10 and the number of people who have subscribed to Office 365. According to Nadella, it is conceivable that one or both of them could be part of Microsoft 365, which is aimed at end users.

But Mr. Nadella didn’t want to reveal any further details. Neither was there a release date, nor were there any details about the products included in Microsoft 365 or even a price for the subscription. Would you would rent Microsoft 365 on a monthly basis?

In Windows there is a Zero-Day-Exploit, which allows you to overwrite files without permission. 0patch provides a temporary micro-patch for this bug after Microsoft did not patch it in January 2019.

At the end of the year a new 0-Day bug in Windows has became known by a hacker using the alias SandboxEscaper. The vulnerability allows attackers to overwrite files (see my blog post Windows 10: 0-day bug enabled file overwrite).

We have just issued a micropatch for SandboxEscaper’s #angrypolarbearbug 0day. The vulnerability allows a low-privileged user to have any file overwritten with the content of a Windows Error Reporting XML file. This could potentially lead to arbitrary code execution as SYSTEM. pic.twitter.com/KWzJ1nUNIo

— 0patch (@0patch) 17. Januar 2019

Now the provider 0patch has announced the availability of a micro-patch for Windows on Twitter. These micro patches can be downloaded from this website by registered users. (via)

[German]Does the cumulative update KB4480977 dated January 17, 2019 for Windows 10 V1607 and Windows Server 2016 forces the TiWorker process to cause a high CPU load? 

Update KB4480977 for Windows 10 V1607/Server 2016

Microsoft released a KB4480977 cumulative update for Windows 10 V1607 and Windows Server 2016 on January 17, 2019. So not too many machines are receiving this update anymore. I reported about this within my blog post Windows 10 V1607: Update KB4480977 (01/17/2019). The update is supposed to fix some bugs, but causes a long list of known issues.

What is TiWorker?

TiWorker is the Windows Modules Installer Worker process of the Trusted Installer that is used by Windows Update. This process has been noticing for years that it runs amok after updates and suddenly causes high CPU load. If you search for ‘TiWorker process site:microsoft.com’ using a search engine, you will find many hits. All hits have one thing in common: Suddenly TiWorker consumes all CPU power and the machine is no longer usable.

After KB4480977 TiWorker causes high CPU load

German blog H. M. contacted me by e-mail and pointed out a problem he was running into. He runs a virtualized instance of Windows Server 2016. He told me:

since a few days an old problem occurs again:  after installing Windows update (KB4480977) the TiWorker process causes a very high CPU load.

In my case, I currently have this with a virtual server 2016 which became almost unusable as a result.

The blog reader found some hits within the Internet resulting from the last days. He posted the link to this MS Answers forum post from 19 January 2019, where the problem is also confirmed.

TiWorker.exe

Hi ! I have a very interesting problem, here it is: when I simply do my work on my computer, this program named TiWorker.exe pops out of nowhere and uses ~50%  of my CPU for absolutely nothing. I heard it’s a part of a windows update installation program, but I really don’t think so. If so, then why it suddenly disappears when I open the task manager? Is my computer playing jokes on me ? Do I really have play this hide-and-seek game with this program? I hope to find some kind of solution to this problem. I’ve tried everything that I could find online: turn off windows update from services.msc and so. Temporarily, it seems that I’ve found some kind of bridge, if I keep the task manager opened, it would literally “scare” TiWorkes.exe and prevent it from happening. Although it may seem funny, trust me, it isn’t ! Thanks for reading this and trying to help, I really appreciate all of that.

Within the MS Answers forum thread there are then the usual hints to tame the Trusted Installer with the standard methods. This includes checking Windows for damage and repairing it if necessary (see Check and repair Windows system files and component store). Further hints are pointing into the direction of emptying the download database for updates with various commands from the command prompt (to exclude defective files as a cause).

This MS Answers forum thread, dated January 11, 2018, also deals with high CPU load by the TiWorker, but cannot refer to update KB4480977. Another thread about the error image can be found here. At this point the question: Has anyone still noticed a high CPU load due to the TiWorker process after installing the update KB4480977?

Similar articles:
Windows 10 V1607: Update KB4480977 (01/17/2019)
Windows 10 Network bug in all versions, fix are planned

[German]Microsoft released the KB4476976 Cumulative Update for Windows 10 Version 1809 and Windows Server 2019 on January 22, 2019. Here is a brief overview of what’s new.

An overview of Windows 10 updates can be found in the Windows 10 Update History.

Update KB4476976 for Windows 10 V1809

Cumulative Update KB4476976 for Windows 10 V1809 and Windows Server 2019 raises the OS Build to 17763.292. The update contains quality improvements, but no new operating system functions. Here is the list of changes:

• Addresses an issue that may cause Microsoft Edge to stop working with certain display drivers.  
• Addresses an issue that may cause third-party applications to have difficulty authenticating hotspots.
• Addresses an issue that causes promotions of non-root domains to fail with the error, “The replication operation encountered a database error.” The issue occurs in Active Directory forests in which optional features like Active Directory recycle have been enabled. 
• Addresses an issue related to the date format for the Japanese era calendar. For more information, see KB4469068.
• Addresses a compatibility issue with AMD R600 and R700 display chipsets. 
• Addresses an audio compatibility issue when playing newer games with 3D Spatial Audio mode enabled through multichannel audio devices or Windows Sonic for Headphones.
• Addresses an issue that may cause audio playback to stop responding when playing Free Lossless Audio Codec (FLAC) audio content after using a Seek operation such as rewind. 
• Addresses an issue that allows users to uninstall apps from the Start menu when the “Prevent users from uninstalling applications from Start menu” group policy is set. 
• Addresses an issue that causes File Explorer to stop working when you click the Turn On button for the timeline feature. This issue occurs when the “Allow upload of user activities” group policy is disabled. 
• Addresses an issue that prevents users from installing a Local Experience Pack from the Microsoft Store when that language is already set as the active Windows display language.
• Addresses an issue that causes some symbols to appear in a square box on a text control. 
• Addresses an issue with two-way audio that occurs during phone calls for some Bluetooth headsets. 
• Addresses an issue that may turn off TCP Fast Open by default on some systems. 
• Addresses an issue that may cause applications to lose IPv4 connectivity when IPv6 is unbound. 
• Addresses an issue on Windows Server 2019 that may break connectivity on guest virtual machines (VMs) when applications inject the low-resource flag on packets. 
• Addresses an issue that occurs if you create a page file on a drive with FILE_PORTABLE_DEVICE characteristics. The “Windows created a temporary warning” message appears. 
• Addresses an issue that causes Remote Desktop Services to stop accepting connections after accepting several connections. 
• Addresses an issue in Windows Server 2019 that causes a Hyper-V VM to remain at the bootloader screen for OS selection when restarting the machine. This issue occurs when Virtual Machine Connection (VMConnect) is attached. 
• Addresses an issue with rendering of end-user-defined characters (EUDC) in Microsoft Edge.

The update is optional and will only be offered if the user explicitly requests the search for updates in the settings page. The update can also be downloaded and installed from the Microsoft Update Catalog. Please make sure that the latest Servicing Stack Update (SSU) KB4470788 is installed.

The update has known issues, such as the Access 97 access error when using the Jet Database Engine, or the network error in Edge. I had described these bugs in blog posts (see links below).

Similar articles:
Windows 10 Network bug in all versions, fix are planned
Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates

[German]A quick tip for admins who use Sysmon from the Sysinternals system monitoring tools. There is a memory leak in version 8.0.0, which has been fixed in the updated version 8.0.4.

A quick look at Sysmon

Sysmon is part of the free Sysinternals tools from Microsoft. The tool is very helpful for system analysis. According to the description it provides the following functionality:

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor system activity and log it to the Windows Event Log. 

Sysmon provides detailed information about network connections, process creation and file creation time changes. By collecting and analyzing the events generated by Sysmon using Windows Event Collection or SIEM agents, malicious or abnormal activities can be identified to understand how intruders and malware work on the network.

However, Sysmon cannot perform an analysis of the events it generates, nor can it protect itself from attackers or hide itself.

A memory leak in Sysmon 8.0.0/8.0.2

Bleeping Computer reported here about an issuenin Sysmon 8.x. There is a memory leak in Sysmon 8.0.0 utility (and probably in 8.0.2) that could cause a computer to run out of memory. Then the computer crashes when it routinely updates its configuration file with a scheduled task or otherwise. The bug has been discussed within this forum thread since summer 2018. It is only noticed when Sysmon runs for a very long time (30 days) in server environments.

Heads up admins if you still run sysmon 8.0.0 and you run a scheduled task to update the sysmon config each reload will use approximately 15mb of ram, after 30 days it will max out memory on your servers if they dont reboot. Memory is locked in non-paged pool. 8.0.4 resolves

— ɯɹoʇsuoı (@ionstorm) 23. Januar 2019

User @iostorrm points out the memory leak in Sysmon 8.0.0 and possibly 8.0.2 in the tweet above. He recommends upgrading to Sysmon 8.0.4, and Marc Russinovich wrote on December 19, 2018 that the memory leak has been fixed in this release. The new version was released on 27.12.2018 and can be downloaded from the following linked website.

Download Sysinternals Tools

[German]Microsoft released the Windows 10 Insider Preview Build 18323 in Fast Ring. This is the version in the 19H1 development branch, and it is now anticipates as feature complete for the final release espected in April 2019. 

The announcement and a description of the new features can be found in the Windows Blog. I noticed the announcement on Twitter.

Heads up #WindowsInsiders we have published the blog post for Build 18323 that went to WIP Fast however note that availability of the flight will be spotty while we work out some issues with the build publishing systems. https://t.co/Fq2LSJa8nB https://t.co/zY4Vs094Un

— Brandon LeBlanc (@brandonleblanc) 24. Januar 2019

There are some new features that Microsoft lists for the new build. For example, support for the raw format has been improved for digital camera photo files.

(Source: Microsoft)

You can download a Raw Image Extension as Beta from Store and then view Raw files in Explorer. Furthermore the ‘Light Theme’ has been improved. The list of improvements is quite long:

• REMINDER: The new tamper protection setting in the Windows Security app protects your device by helping to prevent bad actors from tampering with the most important security settings. You may see a new recommendation in the Windows Security app suggesting you turn this setting on.
• We fixed an issue causing Update Orchestrator Service to stop working periodically. As a result of this issue, you might have seen an error on Windows Update Settings saying that the update failed to restart. This issue also resulted in restart using Update and Restart to sometimes just restart you back into the base OS.
• [UPDATED] We fixed an issue where clicking your account in Cortana Permissions didn’t bring up the UI to sign out from Cortana (if you were already signed in). This issue also impacted the Change My Name button.
• We fixed an issue resulting in night light not working recently.
• We fixed an issue where the quick actions section of Action Center would be missing sometimes recently.
• We fixed an issue where closing an open Excel window from the taskbar might cause Excel to go non-responsive.
• We fixed an issue an issue where the WIN + Ctrl + <number> hotkey wasn’t working.
• When using your accent color on the taskbar has been enabled, the taskbar and start jump lists will now also be accent-themed.
• For the time being we’re returning the Volume Mixer link in the volume button context menu to its October 2018 behavior while we look at improving the experience based on feedback.
• We fixed an issue where themes and Microsoft Edge extensions downloaded from Microsoft Store wouldn’t appear in their respective locations after the download finished.
• We fixed an issue impacting Action Center reliability in recent builds.
• We fixed an issue where you might see multiple Focus Assist notifications in the Action Center at a particular time.
• We’re adding Nearby Sharing to the list of default Focus Assist exceptions.
• We fixed a recent issue where if you used the screen snip quick action in the Action Center then the resulting screenshot would have the Action Center in it.
• We fixed a recent issue that could result in not being able to launch UWP apps from the Start menu sometimes.
• We fixed a recent regression resulting in File Explorer sometimes hanging when interacting with MP4s and folders that had MP4s in them.
• We fixed an issue where Cortana would close immediately if opened from the Start screen when using tablet mode.
• We fixed an issue impacting Snipping Tool reliability.
• We fixed an issue resulting in Ctrl + P not activating the Print command in Snip & Sketch in recent flights.
• We fixed an issue resulting in Snip & Sketch potentially crashing when closing many Snip & Sketch windows in a row.
• We fixed an issue where rebooting would set Nearby Sharing back to an off state if it had been turned on.
• We fixed an issue where the lock screen preview in Lock Screen Settings wasn’t showing in recent builds.
• We fixed an issue where the scrollbar in Settings was overlapping the text fields when manually configuring your IP address.
• We fixed a rare issue that could result in the screen locking up when using the Surface Dial.
• We fixed an issue where the tooltips in the Emoji Panel were truncated on the bottom.
• We fixed an issue where the Windows feature update might fail but would still be listed as a successful update in Windows Update history page.
• We fixed an issue where you might see a Windows Update icon in the notification area saying there was an update when no update was available.
• We fixed an issue where you couldn’t type on the touch keyboard when “Turn on Activate a window by hovering over it with the mouse” since focus would move away from the text field and set to the keyboard itself.
• We fixed an issue on certain devices that could sometimes result in the screen staying black on boot until CTRL + Alt + Del was pressed.
• We fixed an issue resulting in certain devices experience increased battery drain on the last few flights when in Disconnected Standby Mode.
• We fixed an issue for devices with multiple monitors resulting in Task View (WIN + Tab) sometimes showing UWP app thumbnails on the primary monitor rather than the monitor where the app was open.
• We fixed an issue where some key labels were cut off in Armenian full touch keyboard layout.
• We fixed an issue when using the full touch keyboard layout in Korean where pressing the FN key unexpectedly highlighted the IME ON/OFF key. We also fixed an issue for this language where tapping the tab key wouldn’t insert a tab.
• Thanks everyone who shared feedback about the new Japanese Microsoft IME we’ve been working on. With today’s build the IME and settings pages are returning to the ones that we shipped with the October 2018 Update, while we take your feedback into consideration.
• We fixed an issue where Narrator sometimes did not say anything when reopening Action Center after it was dismissed using the Esc key.
• We fixed an issue where Narrator did not speak the volume level value when using the hardware volume button to change the volume setting.
• We fixed an issue where Narrator command read from current location did not work when on a heading in Wikipedia.
• We fixed an issue where Narrator announced read-only at the end for links.
• We fixed an issue where Narrator continuous reading command read the last word of a sentence twice on a web page in Microsoft Edge.
• We fixed an issue impacting a small number of users enrolled in Microsoft Intune where they might not receive policies.
• We fixed an issue where signing out from inside Windows Sandbox resulted in a blank white window.
• We fixed an issue resulting in running c:\windows\syswow64\regedit.exe not launching regedit in recent builds.
• Settings header rollout update: This is now available across most regions for Insiders in Fast using Home edition and Pro editions of Windows that are not domain joined.
• Small app update: Thanks everyone who reached out about the grid alignment issue in the Calculator – this has been fixed with the 1812 version of the app.

But also the list of know issues is rather long. Happy testing.