In spring 2019 Microsoft will release a new Windows 10 version in the 19H1 development branch. What will be the name of this Windows 19H1 version?

The current best guess was, that his version will be called Windows 10 V1903. And: After we have an Windows 10 October 2019 Update (version 1809), I guessed, that we will have an Windows 10 April 2019 Update for version 1903.

Windows 10 April 2019 Update pic.twitter.com/MLltZct3Fh

— Tero Alhonen (@teroalhonen) 25. Januar 2019

Tero Alhonen has now posted a screenshot on Twitter that contains version information from the PowerShell Get-VMHostSupportedVersion statement. That’s where this name first appears.

[German]Brief information for administrators of Windows 10 v1809 clients or Windows Server 2019 instances. There is an issue with the Security Baseline where a newly introduced SystemGuard Launch option can cause to a blank screen when booting a UEFI system.

To sort it a little: This does not affect any user with Windows 10 Home (and no Windows 10 Pro users who run this operating system without Security Baseline). The scenario occurs when the Microsoft Security Compliance Toolkit 1.0 is installed on Windows 10 version 1809 or Windows Server 2019 and the SystemGuard Launch policy is configured.

What is the Security Baseline?

It is a security policy that Microsoft provides for hardening systems against security threats. The Security Baseline package consists of documentation and group policies, as well as PowerShell scripts that can be used to provide basic protection against specific settings.

Microsoft has published this document, titled Windows security baselines, with more details. At the end of November 2018, Microsoft then released theWindows-10-1809-Security-Baseline-FINAL package for Windows 10 V1809 and Windows Server 2019. This downloadable package includes importable GPOs, a PowerShell script for applying the GPOs to local policies, custom ADMX files for Group Policy settings, tabular documentation, and a set of Policy Analyzer files. I reported in the blog post Security baseline for Windows 10 Version 1809 and Windows Server 2019 released.

Issues with SystemGuard Launch policy

Crysta T. Lacey (@PhantomofMobile) has alerted me via Twitter and in an email about an issue related to the SystemGuard launch guidelines of the Security Baseline settings (thanks for that). 

FROM AN EMAIL from @AaronMargosis ABOUT ISSUES with SYSTEM GUARD LAUNCH:

ICYMI: @SBSDiva @AskWoody @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @SwiftOnSecurity @pcper @MalwareJake @GossiTheDog @tweet_alqamar @JobCacka @etguennihttps://t.co/pICaUzkRpO

1/3

— Crysta T. Lacey (@PhantomofMobile) 25. Januar 2019

Microsoft’s Aaron Margosis posted on January 25, 2019 a blog post Issue with SystemGuard Launch setting in Windows 10 v1809 and Windows Server 2019 on Technet, describing a know issue.

The issue

Customers who have deployed the Microsoft Security Baseline for Windows 10 v1809 and Windows Server 2019 on systems with UEFI Secure Boot enabled may experience issues during booting devices. 

The Device Guard GPO is responsible for enabling virtualization-based security in the Windows security configuration baselines. This policy includes enabling the System Guard Secure Launch setting (“ConfigureSystemGuardLaunch”). On supported hardware, this is intended to protect the virtualization-based security environment from exploitable vulnerabilities in the device firmware.

This policy was introduced in Windows 10 version 1809 and is therefore only included in the recommended baselines for Windows 10 v1809 and Windows Server 2019. Now Microsoft has discovered that this policy can cause a boot problem. The problem occurs on systems where System Guard Secure Launch was set to Enabled, regardless of whether the underlying hardware support for the function exists.

If the device restarts after an update, only an empty screen is displayed. A problem with the validation of catalog files has been identified as the cause. According to Microsoft, whether this scenario occurs depends heavily on the number and order of the signed components in the boot path. So it’s a pretty exotic bug and it’s unpredictable if and when a system has this problem.

Solution in progress, workaround possible

Microsoft is currently actively working to publish a solution to this problem through a Windows Update. Affected customers on Windows 10 V1809 and Windows Server 2019 can reset the ConfigureSystemGuardLaunch Group Policy setting to Not Configured or Disabled to resolve this issue. This should be a temporary workaround until this problem is resolved in a Windows update.

Microsoft writes that so far no devices have been shipped that include hardware support for Secure Launch. This applies to all Microsoft Surface devices and all other OEM devices. The first devices with this support are not expected to be available until the second quarter of calendar year 2019. Removing this policy setting does not adversely affect systems that do not have hardware support to safely start System Guard Secure, according to Microsoft.

Just a small tip for administrators in SCCM environments. Microsoft has released the ConfigMgr Client Health Toolset to simplify troubleshooting issues in System Center Configuration Manager (SCCM).

System Center Configuration Manager (SCCM) is a systems management software product developed by Microsoft for managing large groups of computers running Windows. Configuration Manager provides remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory.

Reduce the time spent manually troubleshooting agents. Quickly and automatically remediate issues. Introducing the #ConfigMgr Client Health Toolset. Details here: https://t.co/2p20XOIdQn pic.twitter.com/ZcRQzr90YL

— Windows IT Pro (@MSWindowsITPro) 17. Januar 2019

According to the tweet above, Microsoft has released a Client Health Toolset for ConfigMgr. The Toolset is introducted within this Technet blog post. 

[German]Users of Windows Media Player (WMP) and/or Windows Media Center (WMC) will facing a reduction in functionality soon. Microsoft will discontinue the metadata service used by Windows Media Player and Windows Media Center for certain versions of Windows in the future.

What’s the metadata service is for?

Both the Windows Media Center included with Windows 7 (upgradeable in Windows 8.1) and Windows Media Player use metadata to display additional information such as title, genre, and artist for songs, as well as director, actor, cover art, and TV guide for movies. The Windows Media Center (WMC) and Windows Media Player (WMP) obtain this information through a Microsoft-operated metadata service.

The metadata service will be discontinued

Within the document Changes in metadata service affecting Windows Media Center and Windows Media Player, published on January 25, 2019, Microsoft announced that the metadata service will be discontinued:

Going forward, you may be unable to view information (metadata) such as the title, genre, and artist for songs, and the director, actors, cover art, and TV guide for movies in Windows Media Center and Windows Media Player.

The reason for this ‘you may be unable’: WMP and WMC store already queried metadata. Only when the user needs the metadata for a new media file, he will notice that it is no longer displayed. Ergo: If this data doesn’t come sometime in the future, nothing is broken in your Windows system, Microsoft has simply discontinued the required service. Microsoft writes as reason for this:

After looking at customer feedback and usage data, Microsoft decided to discontinue this service. This means that new metadata won’t be updated on media players that are installed on your Windows device.

However, any information that’s already been downloaded will still be available.

This change doesn’t affect any major media player functionality such as playback, navigating collections, media streaming, and so forth. Only secondary features that require downloading of new metadata are potentially affected.

Although they wrote, that any information already been downloaded will still be available, that doesn’t help, if you need to re-install your Windows.

I’ve read similar reasons give be Microsoft in the past, when they removed WMC in Windows 10 or the MPEG-2 decoder support in WMP.

What exactly is affected?

Microsoft has published a table in the article that shows exactly which operating systems are affected by WMP and WMC.

Windows Media Center is affected in Windows 7 and Windows 8.1. For Windows Media Player, however, the metadata distribution setting is scheduled for Windows 7 only. (via, via)

Similar articles:
Windows 10: Infrared IrDA-Stack is removed
Windows 10 V1607: Update KB4478877, WMP fix is coming
Microsoft explains the ‘missing’ WMP in Windows 10 V1709
Windows 10: iCloud install Media Feature Pack is missing
Windows 10 V1709: Update KB4046355 removes Windows Media Player

[German]A few days ago, a German blog reader sent me a mail about an issue he was facing. After migrating from Windows 7 clients to Windows 10 V1809, the clients could not logon to a domain because the user profile service could not be loaded.

The error description

Blog reader Holger K. wrote that he has switched for one of his customers some clients from Windows 7 to Windows 10 1809. Afterward he wasn’t able to log in the Windows 10 clients to a domain controller (DC) running with Windows 2016. He received the following message on the clients:

“Error logging in with the user profile service. The user profile cannot be loaded”

He checked the clients, but all upgraded Windows 10 1809 systems are providing this message for the user account selected. Microsoft has already posted this article, but for Windows Vista and Windows 7 and for local clients.

The solution (workaround)

While searching the net for the root cause, blog reader Holger came across this Technet forum post. There a user describes the same scenario outlined above:

Some domain users get “user profile service failed” when trying to login after October Windows update

Some of my domain users can’t logon on any upgraded Win10 pro machine, whilst other users can logon to the upgraded machine fine. they see the error – windows couldn’t connect to the user profile service service.

There accounts can also not logon to other upgraded machines – they see the same error on other machines too.

The ‘fix’ seem to be rebuild their machine then stop the update happening – but what is the rel cause and proper fix?

i also on one occasion on one machine saw windows couldn’t connect to the System Event notification Service service

A user confirmed the issues with Windows 10 V1809 and rolled his clients back to Windows 10 version 1803. But user Gov PC Guy also provided a solution for a workaround:

found something, clearing the home drive path on the active directory user object. It allowed me to login. I then home drive mapping back on the object (it complains that the directory already exists, but I said ok) logged user off and back on again and it seems fine.

Blog reader Holger wrote, that user Gov PC Guy has reset the profile in the server’s AD to local and back again immediately. Windows will informed you, that the directory already exists. But then it asks, if you want to grant the user full access to the profile path. If this is confirmed, the profile path is set again.

According to blog reader Holger, afterward the user can then log in on any Win10 1809 client again. When comparing what’s different about this and another user profile, Holger noticed that the other user profiles have no “full access” for the user. The newly assigned user, on the other hand, already has this full access.

Holger suspects that Windows 10 intents to write new entries that did not exist before. He doesn’t know why the DC is acting now this differently, because he doesn’t know the history of this customer environment. Possibly the Domain Controller (DC) was migrated in the past. Maybe it has something to do with the issue I describe within my blog post Windows 10 V1803: Roaming profile not fully synchronized – I don’t know. Holger says: “It can be assumed that this problem will occur more frequently in the near future”. At this point thanks for the information, maybe the info will help others.

Similar articles:
Windows 10 V1809: Continous Warnings (Event ID 1534)
Windows 10 V1803: Roaming profile not fully synchronized
Temporary profile in Windows caused by Windows Defender?
Windows: Yes button in user account controls is disabled
Windows 10 V1607: Update KB4467684 kills Outlook search in Terminal Server

[German]Just a brief notification for users of Windows Defender. It’ve seen independant reports, that Windows Defender has issues and can’t update since today.

A first error mentions

During surfing the web I came across a tweet from Barb Bowman mentions issues with Windows Defender updates.

I have 4 machines stuck on RETRY and 1 stuck on 0 percent downloading defender update. restarts of BITS/WU don’t help. restrtng pcs+’s don’t help. Can’t check for updates in Windows Store either. Hit get updates buttn & spins 1 sec &then returns 2 blue button. any1 have idea? pic.twitter.com/MubEakrc4f

— Barb Bowman (@barbbowman) 30. Januar 2019

This draw my attention, because Barb mentioned four machines affected with Windows Defender update issues – can’t check for updates. Trying things like reset BITS and Windows Update or restarting Windows doesn’t helps.

There was something …

Something rang within my head, because I just recognized two minutes before (was still in the short-term memory) I had seen a similar message at German site Dr. Windows. Had I ignored and not read it – so I quickly navigated back and took a closer look. There a user started a thread on 01/30/2019 shortly after midnight with the following error description:

Today, around midnight, I almost had a heart attack. When updating the Defender to version 1.285.440.0, he first hung himself up and later asked for the process to be repeated.

Sounds similar: Windows Defender does not get an update here either and hangs up. When checking the Defender status, the user was informed that he was up to date with Defender. The Security Center’s Protection Updates page displays version 1.285.440.0 for the affected user. The user also states that Windows Defender is suddenly suspecting apps, which was not the case before.

There is no solution mentioned within the thread. You could try to try the actions given within my German blog post Windows Defender: Keine Signatur-Updates mehr (8.11.2018) to delete the threat definitions. I don’t know, if that helps. Anyone else affected?

More issues since last Update?

But during my short research I came across two tweets that suggest that maybe January 2019 updates could have some impact.

since the last major update, @microsoft‘s windows defender just eats up cpu non-stop.

what is it even doing? there’s no scheduled scan. there are no vulnerabilities being detected. all it does is annoy me by making my laptop fan run at 100% 24/7. killing it in group policy. pic.twitter.com/WOM3joCJHb

— Alex Katayama (@vexedalex) 23. Januar 2019

In the above tweet, a user complains that Defender has been consuming quite some CPU power since the last update. And another user reports that the update KB4052623 for the Windows Defender antimalware platform (KB contribution has been updated on 28.1.2019) is causing trouble.

Windows Defender update (KB4052623) psbly causing problem with Boot Manager/Boot Loader startup on Server 2019. Repro’d in two Hyper-V environments. Only occurs after Start > Restart. Start > Shut down or Hyper-V Shut Down button no problem @mikael_nystrom @jarwidmark @NerdPyle pic.twitter.com/IFGQt7bLbV

— Troy L. Martin (@TroyMartinNet) 22. Januar 2019

But there are issues with bootmanager/loader under Windows Server 2019. Addendum: I got a feedback to the feed above.

I believe I know the reason behind: https://t.co/bhx5N9mL6D We had approx. 100 clients that have not booted afterwards. #secureboot

— Schaetzer (@schaetzer) 30. Januar 2019

If you affected, check this hint. More details at Windows Defender Update KB4052623 is causing Secure Boot issues (01/28/2019).

Similar articles:
Windows 7 Defender won’t receive updates (June 2018)
Windows 10 V1809: Defender shows wrong time
Windows Defender reports osk.exe as malware
Wrong language in Windows Defender Application Guard
Windows Defender in a sandbox

Microsoft has just opened the Skip Ahead-Ring for Windows Insiders interested to test the upcoming Windows 10 19H2 Windows Insider Builds. But there is a limited number of test seats.

It has been announced from Microsoft within the following tweet for instance.

Hello #WindowsInsiders, have opened up Skip Ahead again so those Insiders interested in trying out super-early builds from our dev branch. Note opt-in’s are limited and once Skip Ahead is full, you will no longer be able to opt-in. pic.twitter.com/Vy1J2bqakv

— Windows Insider (@windowsinsider) 30. Januar 2019

[German]Windows Defender anti-malware platform update KB4052623 from January 2019 prevents Windows 10 systems from starting with Secure Boot. In addition, an activated AppLocker blocks downloads. But there are workarounds for both issues .

First notifications of the issue

A few hours ago I posted the blog post Windows Defender with Update issues (01/30/2019)? on update issues with Windows Defender. These could have performance issues of the update servers as a root cause (I’m not sure). But within this article I also mentioned that another user reported boot issues with the update KB4052623. 

Windows Defender update (KB4052623) psbly causing problem with Boot Manager/Boot Loader startup on Server 2019. Repro’d in two Hyper-V environments. Only occurs after Start > Restart. Start > Shut down or Hyper-V Shut Down button no problem @mikael_nystrom @jarwidmark @NerdPyle pic.twitter.com/IFGQt7bLbV

— Troy L. Martin (@TroyMartinNet) 22. Januar 2019

This is an update for the Windows Defender antimalware platform, which was probably released on 28.1.2019. The user then noticed issues with the boot manager in a Hyper-V environment on Windows Server 2019.

A second confirmation by a reader

As a reaction to my blog post in English, a German user with the Twitter name @schätzer told me the following.

I believe I know the reason behind: https://t.co/bhx5N9mL6D We had approx. 100 clients that have not booted afterwards. #secureboot

— Schaetzer (@schaetzer) 30. Januar 2019

This user has about 100 clients that have ‘died’ due to the update and could not start after update install if Secure Boot is activated.

Microsoft confirms the issue

The user referred to the KB article KB4052623, which refers to Windows Defender on Windows 10 and Windows Server 2016 and discusses the update for the Windows Defender antimalware platform. The update is available since January 28, 2019 for:

• Windows 10 (Enterprise, Pro, and Home)
• Windows Server 2016

Within the KB article Microsoft meanwhile confirms a ‘know issue’ for this update. As soon as module version 4.18.1901.7 has been installed, Windows 10 clients no longer start when Secure Boot is activated. Microsoft is working on solving this problem and wants to release a fix in the future. 

A Workaround

If you are hit with this issue, try to deactivate secure boot on your Windows 10 clients an proceed the steps below.

1. On startup, invoke the BIOS/UEFI settings, disable the secure boot, and reboot the machine.

2. Once Windows 10 has been successfully restarted, switch to an administrative prompt and use the following command to remove the module version:

%programdata%\Microsoft\Windows Defender\Platform\4.18.1901-7\MpCmdRun.exe” -revertplatform

After that, wait a minute and then execute the following instructions in the administrative prompt. 

sc query windefend
sc qc windefend

The first command ensures that the Windows Defender service is running. The second command checks that Windows Defender no longer uses module version 4.18.1901.7. The machine must then be rebooted and the secure boot can be reactivated in the BIOS/UEFI. 

New path is causing AppLocker issues

Microsoft has changed the path to the updated Windows Defender module. This changed path blocks many downloads when AppLocker is enabled. To fix this issue,Microsoft suggests that you open the appropriate Group Policy. Then allow the setting of policies for the following path:

%OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*

This information can be found in KB Article 4052623.

Similar articles:
Windows Defender with Update issues (01/30/2019)?
Windows 7 Defender won’t receive updates (June 2018)
Windows 10 V1809: Defender shows wrong time
Windows Defender reports osk.exe as malware
Wrong language in Windows Defender Application Guard
Windows Defender in a sandbox

[German]Currently it seems, that Microsoft’s Update Services are globally disturbed. Users around the world are reporting, that Windows Update can’t reach Microsoft’s update servers. I’ve a Windows 10 test machine, where I confirmed this issue.

I stumbled upon this issue during blogging about the Windows Defender update issues (Windows Defender with Update issues (01/30/2019)? and Windows Defender Update KB4052623 is causing Secure Boot issues (01/28/2019)). My attempt to verify some things for articles on a Windows 10 V1809 test machine ended with a bad surprise. 

(Click to zoom)

Windows Defender has not been updated since December 25, 2018 on that machine (well, I doesn’t use it on a daily base). The Defender update search, I triggered, fails with the Defender update error -2147012867. I converted the decimal value to a hexadecimal error code (0x80072EFD).

What does error 0x80072EFD mean?

Error code 0x80072EFD helped, because I wrote in 2016 the German blog post Windows Update-Fehler 0x80072EFD and in Summer 2018 the blog post Windows 7 Defender won’t receive updates (June 2018). Error 0x80072EFD simply stands for ERROR_INTERNET_CANNOT_CONNECT, the server connection could not be established.

So this is an error pattern that can have many different causes. The problem areas, from antivirus solutions to incorrect time settings, are covered in the blog posts above. I was able to exclude third-party antivirus solutions, checked the time and date, and perform Internet time synchronization – all without success.

My guess: Either a service is broken or Microsoft has an update server down. Checking the Windows Defender update service showed that it is running. So it might be something with Microsoft’s update servers. 

Checking Windows Update?

I then tried to start a Windows Update search and I immediately got the following message.

(Click to zoom)

This means: The update service at Microsoft cannot be reached. You may check your Internet connection (which won’t help) or just wait and try later. 

progress? pic.twitter.com/TStHpBkU2o

— Barb Bowman (@barbbowman) 31. Januar 2019

Barb Bowman reported on Twitter about issues – so I wasn’t alone. Then I found This article at Bleeping Computer, who confirmed the issue. 

Definitely a Comcast issue…I changed DNS servers and now I can update.

— Mase123987 (@mase123987) 31. Januar 2019

On Twitter, a user then gives a hint that Comcast probably has problems with a DNS server (see above tweet), which means that the requests to the Microsoft update service cannot be resolved. The suggestion is to use an alternative DNS server (e.g. Google 8.8.8.8). This hint can also be found at Bleeping Computer and Softpedia, but that didn’t help here. This fix also would have surprised me, as I am not routed via Comcast DNS servers. Addition: At askwoody.com there is a discussion that supports my assumptions.

I’m currently guessing that the people who succeeded in changing the DNS server were simply victims of coincidence. If the Microsoft update service has hiccups (we could observe this on a number of Microsoft services during the week), some client will get a short connection to the Microsoft server from time to time. If the update is successful and the DNS server has just been changed, the person assumes ‘it was the DNS server’, but did a wrong assumption. I think it only remains to wait until this has been fixed by Microsoft – or do you have other insights?

Similar articles:
Windows Defender with Update issues (01/30/2019)? 
Windows Defender Update KB4052623 is causing Secure Boot issues (01/28/2019)

Microsoft published yesterday Windows 10 Insider Preview Build 18329 for Windows Insider in Fast Ring. This is the version in the 19H1 development branch that we expect to arrive in April 2019 as Windows 10 V1903.

The announcement and a description of the new features can be found in the Windows Blog. As a new feature, Microsoft has announced quick access to the top apps during the search. As soon as you open the search, the top apps are displayed, no typing is required!

(Source: Microsoft)

In addition, desktop applications (Win32 apps) can be run on the desktop in Windows Mixed Reality – although I don’t have the fantasy to imagine who needs something like this. This Windows 10 build doesn’t has a watermark nor a expiration date. More details may be read within this Microsoft blog post.

The figures for desktop operating system and Windows distribution at the end of January 2018 show: Windows 10 has overtaken Windows 7 in the ‘market share’ of Windows desktop systems. 

Looking at the latest figures from netmarketshare.com (until the end of January 2019), Windows is still running at 86.23 (Dec. 2018: 87.71%) of desktop systems (the share has been declining steadily since April 2018, while macOS and Linux are rising). Mac OS comes to 10.59% (Dec. 2018: 9.61%), while Linux runs 2.45% (Jan 2018: 2.09%) of the system. 

(netmarketshare.com OS-Market-Share 1.2019, Click to zoom)

NetMarketShare list at the end of January 2019 the following figures for individual desktop operating system versions:

• Windows 10 40,90 %,
• Windows 7 37,19 %,
• Windows 8.1 4,34 %
• macOS 10.13 2,73 %.

So Windows 10 ‘End of January 2017’ is now clearly ahead of Windows 7. The coming months will probably be exciting because support for Windows 7 will end in January 2020. I don’t think we will see Windows 7 at 5% in December 2019 and Windows 10 has 95% of the market. For me, the question is: How will Linux and macOS be positioned by the end of 2019?

[German]Microsoft  is working step by step through the known issues in Windows 10 October 2018 Update (Version 1809). An AMD issue has now been fixed and the upgrade blocker for iCloud should be removed soon. But now users are facing update issues.

Windows 10 Update issues

At the end of January 2019 some users worldwide had massive problems with Windows Update, Defender and Store Updates. The update service was not available. I had addressed this within my blog post Windows Update Service globally disturbed? (01/31/2019).

This issues disappeared at my test system. In the Windows 10 update history, however, Microsoft reports a malfunction in Windows update as of February 4, 2019.

February 4, 2019

“We are aware of a service side issue where somecustomers are still unable to connect or download updates from the Windows Update service. We are actively investigating this issue. Thank you for your patience.”

Also Bleeping Computer reported that issue within this article.

iCloud block will be lifted soon

The Windows 10 October 2018 Update (V1809) was on release not compatible withiCloud 7.7.027 for Windows. Users who tried to install iCloud for Windows (version 7.7.0.27) on Windows 10, version 1809 received a message that this version of iCloud for Windows is not supported and the installation fails.

So Microsoft blocked the feature upgrade to such machines. Later, Apple shipped an updated version of iCloud for Windows that was compatible with the Windows 10 October 2018 Update (V1809). I had reported it within the blog post Windows 10 V1803: iCloud now supported. Now Microsoft has announced in the Windows 10 update history that it will unblock the Windows 10 upgrade to version 1809 in mid-February:

The upgrade block will be removed mid-February, after which these devices will be offered Windows 10, version 1809 automatically.

In other words, as soon as this blockade is lifted, existing Windows 10 machines with iCloud for Windows installed will be offered the function update to version 1809.

AMD HD2000/HD4000 GPU issues fixed

Windows 10 October 2018 Update (V1809) had also an know issue, that this version was not compatible with systems that had AMD HD2000 or HD4000 graphics units installed. The error 

INVALID_POINTER_READ_c0000005_atidxx64.dll

and other issues occurs. The reason for this issue was that AMD had discontinued support for this graphics unit with new drivers. Microsoft has now created a fix for the operating system, as they announced within the Windows 10 update history. This also removes the upgrade blocker for these systems. 

Now the issues with F5 VPN clients and with new Intel graphics drivers are still unfixed.

Similar articles:
Windows Update Service globally disturbed? (01/31/2019).
Windows Defender with Update issues (01/30/2019)?
Windows Defender Update KB4052623 is causing Secure Boot issues (01/28/2019)
Windows 10 V1803: iCloud now supported

[German]Microsoft offers Extended Security Updates for Windows 7 SP1 for companies until January 2023. This program is subject to a fee and conditions. Now the prices that companies have to pay for extended support have become public.

Extended Security Update for Windows 7

On January 14, 2020, Windows 7 SP1 will receive security updates for the last time and reached End of Support (EOS). The Extended Support ends after 10 years for normal users and customers.

But since there will still be a lot of Windows 7 systems in companies, Microsoft offers Extended Security Updates until 2023. The program is intended for companies using Windows 7 Professional and Windows 7 Enterprise. The paid Windows 7 Extended Security Updates (ESU) are available only to companies that have a volume license agreement (get a discount with Software Assurance). I had reported that within the blog post Wow! Windows 7 get extended support until January 2023.

Prices for Extended Security Updates for Windows 7

Till now the price for these extended updates was unknown. At the time I had written the blog post, it was only known, that the billing is per device and the price increases every year. Now Mary Foley has published prices for the USA on ZDNet.com. According to Foley, Microsoft informed its partners about prices for Extended Security Updates (ESUs) until January 2023.

• Annual price allows access to cumulative security update for 12 months
• The Extended Support in the 2nd and 3rd year requires that the support was also purchased in the previous year. 
• The Extended Security Updates are available in all programs and channels (VL, CSP)..

There is no minimum order value. For Windows 10 Enterprise and Microsoft 365 customers, Microsoft will offer Windows 7 ESUs as an add-on. At least according to the information Microsoft has shared with partners and field representatives.

• In the first year (January 2020 to 2021), this add-on will cost $25 per device for this group of users.
• In the second year (January 2021 to 2022) this price increases to 50 US dollars per device.
• And in the third year (January 2022 to January 2023), it rises to up to $100 per device.

These reduced prices apply to customers who use Windows 7 Pro and are also “active customers” of Windows Enterprise for volume licensing. For customers outside this group, the higher prices in the above table apply to Windows 7 Pro systems.

Mary Foley could not find out whether there are discounts for large contingents with Windows 7 machines. Microsoft did not respond to inquiries. However, I assume that major customers will make their special agreements with Microsoft.

[German]There is an issue with Hyper-V on Windows Server 2019 (and possibly Windows Server 2016). The Hyper-V platform cannot shut down virtual machines properly.

German blog reader Oli has informed me about the issue by mail a few days ago (thanks for that). Since it might be of interest to other administrators, here are some details. Oli wrote:

Windows Hyper-V Server 2019 – Shutdown issues with VMs

Since I just have this issue myself, here is a hint about a but in Hyper-V Server 2019 (and possibly Hyper-V Server 2016 as well?):

VMs, if you set them to “Shutdown” instead of “Save” (aka Snapshot, which is not a good idea e.g. for virtualized domain controllers), will not be shut down properly. After booting you will be greeted with the “Windows wasn’t shut down properly” message.

The joke is that this issue with Windows Hyper-V Server 2012R2/8.1 AND Windows Server Hyper-V 2016 also already occurred in the past, or occurs with Windows Hyper-V Server 2016 now again.

I didn’t have had this issue because I’m coming from Windows Hyper-V Server 2012 and the problem never occurred in 6 years. Maybe this is interesting for one or the other admin.

Oli sent the link to this Technet forum thread, where the problem has also been discussed.

Hyper-V 2019 – Guest VM’s shutdown unexpectedly

Since upgrading my Hyper-V servers to Windows Server 2019, including KB4471332 from last night, my guest VM’s do not power down on restart of the 2019 host.

I can confirm integration components are as up to date as possible, and each guest is configured to shutdown when the host restarts.

Each guest gets the “Why did I shutdown unexpectedly message”.

The even viewer yields the following all within 30 seconds of restarting the host: Shut down physical computer. Stopping/saving all virtual machines…

‘ADFS’ failed to perform the ‘Shutting Down’ operation. The virtual machine is currently performing the following operation: ‘Shutting Down’. (Virtual machine ID 0CFDF648-EE9D-4141-9EBD-9A6D911C3442)
‘ADFS’ failed to shut down. (Virtual machine ID 0CFDF648-EE9D-4141-9EBD-9A6D911C3442)

The Update Orchestrator Service service terminated with the following error: This operation returned because the timeout period expired.

Failed to restore configuration for port 59229EE2-C880-4BF2-9849-89A21EC17772 (Friendly Name: ) on switch 300C0E17-E123-4182-BE62-AAD1860BE841 (Friendly Name: ), status = Object Name not found..

Everything is configured as it was on the 2016 Hyper-V host.

The message ADFS failed to shut down because it is shutting down seems terribly odd to me.  Of course its shutting down, just need the host to wait. (Yes the registry is set to 120 as the default time for the host….)

Fairly simple to recreate….just spin up a 2019 server, install Hyper-V role, throw in a VM and test.

There the issue has been discussed since December 2018, with users confirming the issue. It’s unpleasant that this bug has been reported earlier within the support article KB289680 from Microsoft. In my view it’s stupid what the Microsoft employees posting within the Technet tread. A user wrote ‘posting a bug here in the forum is like discussing with a wall’. In any case, the hope of those affected that a fix would come in January 2019 was disappointed. Whether an update in February will solve the issue will have to be seen. Maybe it will help you if someone is affected.

[German]Microsoft recently announced that the Desktop App Assure program, to improve the compatibility of old applications for Windows 10, is now finally available. Here is some information about the topic. 

Microsoft had already announced Desktop App Assure at the end of September 2018. It’s an offer from Microsoft FastTrack with the aim of implementing the promise of application compatibility of old applications under Windows 10. Microsoft’s statement and promise was:

99% of applications will work on Windows 10 and Office 365 ProPlus. If you run into any issues, we will help you fix them at no additional cost.

In tests with large customers, compatibility issues were found in only 0.1% of applications. If a user does run into compatibility problems with an app, Microsoft wants to use FastTrack to help fix it, but it’s free. This is what the Desktop App Assure program is for. 

The Desktop App Assure program is a shared risk program. Your organization still bears the risk of validating that applications work, but if something fails, then we accept the risk of finding a way to remediate the app! We could fix Windows itself, work with the vendor who wrote the app, or suggest a code change.

In a blog post last Friday (Feb. 2, 2019), Microsoft announced the general availability of Desktop App Assure. Desktop App Assure is now available to authorized customers in all time zones. It supports English, Japanese, Chinese (Simplified), Chinese (Traditional), German, Spanish, Korean, French, Portuguese (BR) and Italian. Customers who are allowed to use the FastTrack Center are eligible. This probably applies to corporate customers who manage more than 150 systems (via a license agreement). (via)

[German]Microsoft believes that the DNS issues that caused failures at various services, including Windows Update, in January/February 2019 have now been finally fixed. Meanwhile all Microsoft services should be usable again.

Service outages in Jan./Feb. 2019

At the end of January, beginning of February 2019, there were numerous failures in Microsoft services, from Microsoft Azure to Office365 to the fact that Defender or Windows no longer received updates. Here is a corresponding tweet:

progress? pic.twitter.com/TStHpBkU2o

— Barb Bowman (@barbbowman) 31. Januar 2019

It didn’t hit every user, some were able to use the services, others were affected from time to time. I had reported that within my blog post Windows Update Service globally disturbed? (01/31/2019). Later, Microsoft cited a malfunction of a DNS provider as one of the causes. Here is Microsoft’s statement:

Root Cause: An external DNS service provider experienced a global outage after rolling out a software update which exposed a data corruption issue in their primary servers and affected their secondary servers, impacting network traffic.

A subset of Azure services, including Azure Active Directory were leveraging the external DNS provider at the time of the incident and subsequently experienced a downstream service impact as a result of the external DNS provider incident.

Azure services that leverage Azure DNS were not impacted, however, customers may have been unable to access these services because of an inability to authenticate through Azure Active Directory.

See also the details outlined within my blog post Azure Active Directory outage & RCA for Azure Cloud hicups.

Microsoft believes the issue is fixed

Microsoft had already reported at the beginning of February 2019 that the DNS issues had been fixed. But apparently it took days until the fixed DNS records on all DNS servers worldwide were updated. Now Microsoft has updated its Windows 10 and Windows Server 2019 update history page. There you will find the following text:

February 11, 2019 12:45 PM PST

Windows Update customers were recently affected by a network infrastructure event caused by an external DNS service provider’s global outage. A software update to the external provider’s DNS servers resulted in the distribution of corrupted DNS records that affected connectivity to the Windows Update service. The DNS records were restored by January 30, 2019 (00:10 UTC), but downstream effects continued. We believe the issue to be fully mitigated because the majority of local Internet Service Providers (ISP) have refreshed their DNS servers and customer services have been restored. If you are still encountering download failures, please contact your local ISP.

While this was not an issue with Microsoft’s services, we take any service disruption for our customers seriously. We will work with partners to better understand this so we can provide higher quality service in the future even across diverse global network providers.

Now Microsoft believes that the DNS issue has been finally fixed, and I haven’t seen complains about that within the last days. (via)

Similar articles:
Windows Defender with Update issues (01/30/2019)?
Windows Update Service globally disturbed? (01/31/2019)
Office365 outage: a status update (01/26/2019)
Office365.com outage fixed, Microsoft 365 facing now new issues 01/29/2019)
Ups, Microsoft deleted Azure Cloud data bases
Office 365 down (January 24, 2019)?
Azure Active Directory outage & RCA for Azure Cloud hicups

[German]As of February 12, 2019, Microsoft released numerous security updates for Windows clients and servers, Office, etc. Here is a compact overview about these update.

A list of the updates can be found on this Microsoft page. Details about the update packages for Windows, Office etc. can be found in separate blog posts.

Servicing Stack Updates

Microsoft now publishes an overview of all current Servicing Stack Updates (SSUs). The list of SSUs can be found at ADV990001.

Notes on updates

All Windows 10 updates are cumulative. The monthly Patchday update includes all security fixes for Windows 10 and all non-security fixes until Patchday.

Updates can also be downloaded from Microsoft Update Catalog. Since March 2017 Microsoft offers Delta Update packages for Windows 10 version 1607 and newer in the Microsoft Update Catalog. Delta updates contain only the changes between the update of the previous month and the current update.

Updates for Windows RT 8.1 and Microsoft Office RT are only available through Windows Update. For information about the support period for Windows 10, see the Windows Lifecycle Facts Sheet.

Critical Security Updates

Internet Explorer 11
ChakraCore
Microsoft Edge
Adobe Flash Player
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server
Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel Viewer
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Word Viewer
Microsoft PowerPoint Viewer
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2019
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems

Important Security Updates

Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
.NET Core 2.1
.NET Core 2.2
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26
Microsoft Exchange Server 2013 Cumulative Update 22
Microsoft Exchange Server 2016 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 1
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017
Microsoft Visual Studio 2017 version 15.9
Visual Studio Code
Team Foundation Server 2018 Update 3.2
Java SDK for Azure IoT

Moderate Security Updates

Internet Explorer 10

Low Security Updates

Internet Explorer 9

Similar articles:
Microsoft Office Patchday (February 5, 2019)
Flash Player 32.0.0.142 released
Microsoft Security Update Summary (February 12, 2019)
Patchday: Updates for Windows 7/8.1/Server 12. Feb. 2019
Patchday Windows 10 Updates (February 12, 2019)
Patchday Microsoft Office Updates ( February 12, 2019)
Microsoft Patchday: Other Updates February 12, 2019

[German]On February 12, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.

KB4486563 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4486563 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in last month’s update. The update addresses the following:

• Addresses an issue that may prevent applications that use a Microsoft Jet database with the Microsoft Access 97 file format from opening. This issue occurs if the database has column names greater than 32 characters. The database fails to open with the error, “Unrecognized Database Format”.
• Adds top-level domain support to HTTP Strict Transport Security (HSTS) Preload for Microsoft Edge and Internet Explorer 11.
• Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine.

It fixes the Microsoft Jet Database Engine access bug on Access 97 databases from January 2019. This update is automatically downloaded and installed by Windows Update. The package is also available through Microsoft Update Catalog. Installation requires that the latest SSU is already installed.

As a known issue, Microsoft states, “After you install this update, virtual machines (VMs) may not be successfully restored if the VM was previously saved and restored. The error message is: “The virtual machine state could not be restored: This virtual machine cannot be restored because the stored state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027)”.

This concerns the AMD Bulldozer Family 15h, the AMD Jaguar Family 16h and the AMD Puma Family 16h (second generation) microarchitectures. After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a solution and estimates that a solution will be available by mid-February 2019..

KB4486564 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4486564 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues.

• Addresses an issue that may prevent applications that use a Microsoft Jet database with the Microsoft Access 97 file format from opening. This issue occurs if the database has column names greater than 32 characters. The database fails to open with the error, “Unrecognized Database Format”.
• Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine

The update is available via WSUS or in the Microsoft Update Catalog. If you install the update, you must first install the latest Servicing Stack Update (SSU). If you install the Security Only Update, you must also install KB4486474 for IE.

This update also causes issues with virtual machines – see above note.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4487000 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4487000 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the previous month’s rollup. It also addresses the following issues.

• Addresses an issue that may prevent applications that use a Microsoft Jet database with the Microsoft Access 97 file format from opening. This issue occurs if the database has column names greater than 32 characters. The database fails to open with the error, “Unrecognized Database Format”.
• Adds top-level domain support to HTTP Strict Transport Security (HSTS) Preload for Microsoft Edge and Internet Explorer 11.
• Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Windows Wireless Networking, Internet Explorer, Windows Server, and the Microsoft JET Database Engine.

This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog.

This update also causes issues with virtual machines – see above note.

KB4487028 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4487028 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same issues as Update KB4487000 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2). The update is available via WSUS or via Microsoft Update Catalog. When installing the Security Only Update, you must also install KB4486474 for IE.

This update also causes issues with virtual machines – see above note.

Similar articles:
Microsoft Office Patchday (February 5, 2019)
Flash Player 32.0.0.142 released
Microsoft Security Update Summary (February 12, 2019)
Patchday: Updates for Windows 7/8.1/Server 12. Feb. 2019
Patchday Windows 10 Updates (February 12, 2019)
Patchday Microsoft Office Updates ( February 12, 2019)
Microsoft Patchday: Other Updates February 12, 2019

[German]February 12, 2019 (second Tuesday of the month, Patchday at Microsoft) released several cumulative updates for the supported Windows 10 builds. Here are some details about each update.

For a list of updates, visit this Microsoft Web page. I’ve pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Addendum: Known issues

When I wrote this article, there were no known issues mentioned with the updates. A few hours ago, Microsoft made an addition to the Know Issues section of all Windows 10 February 2019 updates.

After installing this update, previously abbreviated Japanese date and time strings no longer parse.

They propose a workaround to fix this issue until a patch is available. Details may be found within the kb articles linked below.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (Version 1809).

Update KB4487044 for Windows 10 Version 1809

Cumulative Update KB4487044 raises the OS build to 17763.316 and includes quality improvements but no new operating system features. Here is the list of fixes:

• Addresses an issue that fails to set the LmCompatibilityLevel value correctly. LmCompatibilityLevel specifies the authentication mode and session security.
• Addresses an issue that may prevent applications that use a Microsoft Jet database with the Microsoft Access 97 file format from opening. This issue occurs if the database has column names greater than 32 characters. The database fails to open with the error, “Unrecognized Database Format”.
• Addresses an issue that prevents Microsoft Edge from connecting using an IP address.
• Addresses an issue that causes the Windows Hello for Business Hybrid Key Trust deployment sign-in to fail if Windows 2019 Server domain controllers (DC) are used for authentication. The error is, “That option is temporarily unavailable. For now, please use a different method to sign in”. If Active Directory (AD) activity tracing is enabled, a Local Security Authority Subsystem Service (LSASS) exception may occur in the Windows 2019 DC when processing a user’s sign in.NoteThe AD Data Collector Set and Microsoft Azure Advanced Threat Protection (AATP) enable Active Directory activity tracing by default.
• Addresses an issue in Microsoft HoloLens that allows users to bypass the lock screen sign in process in some work flows.
• Security updates to Microsoft Scripting Engine, Microsoft Edge, Windows Server, the Microsoft JET Database Engine, Internet Explorer, Windows Wireless Networking, Windows Storage and Filesystems, Windows Input and Composition, Windows Graphics, and Windows App Platform and Frameworks.

The update is automatically distributed via Windows Update, no update search is necessary anymore. The update can also be downloaded and installed from the Microsoft Update Catalog. The manual installation of the update requires that the Servicing Stack Update (SSU) KB4470788 (Microsoft Update Catalog, WSUS) is installed. This is ensured when installing via Windows Update. There are no known issues with this update.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 April Update (version 1803). .

Update KB4487017 for Windows 10 Version 1803

Cumulative Update KB4487017 contains quality improvements but no new operating system functions and raises the OS build to 17134.590. Here is the list of fixes:

• Addresses an issue that fails to set the LmCompatibilityLevel value correctly. LmCompatibilityLevel specifies the authentication mode and session security.
• Addresses an issue that may prevent applications that use a Microsoft Jet database with the Microsoft Access 97 file format from opening. This issue occurs if the database has column names greater than 32 characters. The database fails to open with the error, “Unrecognized Database Format”.
• Adds top-level domain support to HTTP Strict Transport Security (HSTS) Preload for Microsoft Edge and Internet Explorer 11.
• Addresses an issue that prevents Microsoft Edge from connecting using an IP address.
• Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Microsoft Edge, Microsoft Scripting Engine, Windows Storage and Filesystems, Windows Server, and the Microsoft JET Database Engine.

The update is distributed via Windows Update, but should also be available via WSUS or Microsoft Update Catalog.  Manual installation of the update requires the current Servicing Stack Update (SSU) KB4485449 (Microsoft Update Catalog) to be installed. This is ensured when installing via Windows Update.

Microsoft is aware of the following issues with this update: After you install this update, some users may no longer be able to place a Web link in the Start menu or taskbar. Microsoft is working on a solution and will release an update in a future release.

Updates for Windows 10 Version 1709

The following updates are available for Windows 10 Fall Creators Update (version 1709).

Update KB4486996 for Windows 10 Version 1709

Cumulative Update KB4486996 for Windows 10 Version 1709 (Fall Creators Update) raises the OS build to 16299.967 and includes quality improvements and the following fixes:

• Addresses an issue that fails to set the LmCompatibilityLevel value correctly. LmCompatibilityLevel specifies the authentication mode and session security.
• Addresses an issue that may prevent applications that use a Microsoft Jet database with the Microsoft Access 97 file format from opening. This issue occurs if the database has column names greater than 32 characters. The database fails to open with the error, “Unrecognized Database Format”.
• Adds top-level domain support to HTTP Strict Transport Security (HSTS) Preload for Microsoft Edge and Internet Explorer 11.
• Addresses an issue that prevents Microsoft Edge from connecting using an IP address.
• Security updates to Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Graphics, Windows Input and Composition, Microsoft Edge, Windows Wireless Networking, Windows Server, and the Microsoft JET Database Engine.

The update is distributed via Windows Update, but can also be downloaded via Microsoft Update Catalog. Manual installation of the update requires the current Servicing Stack Update (SSU) KB4485448 to be installed. This is ensured when installing via Windows Update. There are no known issues with this update.

Updates for Windows 10 Version 1507 bis 1703

or Windows 10 RTM up to version 1703 different updates are available for the LTSC versions and Enterprise versions. Here is a short overview.

• Windows 10 Version 1703: Update KB4487020 is only available for Enterprise and Education. The update raises the OS build to 15063.1631. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from automatisch von Windows Update heruntergeladen und installiert, steht aber im Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4487026 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to 14393.2791 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1507: Update KB4487018 steht is available for the RTM version (LTSC). The update lifts the OS build to 10240.180132 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, also on known issues, can be found in the KB article. Details can be found in the KB article.

There was no update for Windows 10 V1511, because this version was dropped from support. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Microsoft Office Patchday (February 5, 2019)
Flash Player 32.0.0.142 released
Microsoft Security Update Summary (February 12, 2019)
Patchday: Updates for Windows 7/8.1/Server 12. Feb. 2019
Patchday Windows 10 Updates (February 12, 2019)
Patchday Microsoft Office Updates ( February 12, 2019)
Microsoft Patchday: Other Updates February 12, 2019

[German]On February 12, 2019 (Patchday), Microsoft has released additional updates for Internet Explorer, Windows Server, etc. In this blog post the respective patches are added, which are not contained in the remaining articles linked at the end of the article.

General information

Microsoft closes 20 critical vulnerabilities in its products. In addition there are patches for Office and other Microsoft products. You will find an overview of the critical vulnerabilities at Talos. The complete overview of all Microsoft updates can be found on this website. Some of the updates mentioned there are described in separate blog posts (see link list at the end of article).

Security updates

Also this month there was a momentum of updates for the various .NET frameworks, which increasingly turn out to be a security risk and have to be patched. The following security updates have been released.

• KB4483449: 2019-02 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
• KB4483450: 2019-02 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2
• KB4483453: 2019-02 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2
• KB4483454: 2019-02 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012
• KB4483455: 2019-02 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
• KB4483456: 2019-02 Security and Quality Rollup for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012
• KB4483457: 2019-02 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008
• KB4483458: 2019-02 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
• KB4483459: 2019-02 Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2
• KB4483468: 2019-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
• KB4483469: 2019-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2
• KB4483470: 2019-02 Security Only Update for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
• KB4483472: 2019-02 Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2
• KB4483473: 2019-02 Security Only Update for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012
• KB4483474: 2019-02 Security Only Update for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
• KB4483475: 2019-02 Security Only Update for .NET Framework 4.0 on WES09 and POSReady 2009
• KB4483481: 2019-02 Security Only Update for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012
• KB4483482: 2019-02 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008
• KB4483483: 2019-02 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
• KB4483484: 2019-02 Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2
• KB4483485: 2019-02 Security Only Update for .NET Framework 2.0 SP2 on WES09 and POSReady 2009
• KB4483495: 2019-02 Security Only Update for .NET Framework 3.0 SP2 on WES09 and POSReady 2009
• KB4487078: 2019-02 Security and Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
• KB4487079: 2019-02 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
• KB4487080: 2019-02 Security and Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
• KB4487081: 2019-02 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008
• KB4487121: 2019-02 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
• KB4487122: 2019-02 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
• KB4487123: 2019-02 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2
• KB4487124: 2019-02 Security Only Update for .NET Framework 2.0 for Windows Server 2008
• KB4483452: 2019-02 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809, Windows 10 Version 1803, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, and Windows 10

Note, that Microsoft ships security only and cumulative updates for .NET Framework. Below are other updates beside .NET Framework.

• KB4486463: 2019-02 Security Update for WES09 and POSReady 2009
• KB4486464: 2019-02 Security Update for WES09 and POSReady 2009
• KB4486465: 2019-02 Security Update for WES09 and POSReady 2009
• KB4486924: 2019-02 Security Update for WES09 and POSReady 2009
• KB4487085: 2019-02 Security Update for WES09 and POSReady 2009 for x86-based Systems
• KB4487086: 2019-02 Security Update for WES09 and POSReady 2009
• KB4487385: 2019-02 Security Update for WES09 and POSReady 2009
• KB4487396: 2019-02 Security Update for WES09 and POSReady 2009
• KB4486993: 2019-02 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
• KB4487019: 2019-02 Security Only Quality Update for Windows Server 2008
• KB4487023: 2019-02 Security Monthly Quality Rollup for Windows Server 2008
• KB4487025: 2019-02 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
• KB4486474: 2019-02 Cumulative Security Update for Internet Explorer
• KB4487038: 2019-02 Security Update for Adobe Flash Player for Windows Server 2019, Windows 10 Version 1809, Windows Server Version 1803, Windows 10 Version 1803, Windows Server 2016, Windows Server Version 1709, Windows 10 Version 1709, Windows 10 Version 1703, Windows 10 Version 1607, Windows 10 Version 1511, Windows 10 Version 1507, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

Non-security updates

• KB4486557: 2019-02 Dynamic Update for Windows 10 Version 1507, wird bei der Installation von Windows 10 V1507 angefordert.
• KB890830: Windows Malicious Software Removal Tool – February 2019

There are also some Windows 10 updates where Microsoft has changed the metadata (see Changes to existing nonsecurity content section).

Similar articles:
Microsoft Office Patchday (February 5, 2019)
Flash Player 32.0.0.142 released
Microsoft Security Update Summary (February 12, 2019)
Patchday: Updates for Windows 7/8.1/Server 12. Feb. 2019
Patchday Windows 10 Updates (February 12, 2019)
Patchday Microsoft Office Updates ( February 12, 2019)
Microsoft Patchday: Other Updates February 12, 2019