[German]Here’s a blog post about upgrade  upgrade errors and issues with Windows 10 May 2019 update caused by AMD’s software “Adrenalin 20xyz”. Older versions of this software can cause upgrade errors with the code 0xC1900…. And also a blog reader got a broken start menu.

The information was kindly sent to me by a German blog reader. There are still some details open which the reader has not yet answered. However, I will post the information in the blog anyway – they will certainly help those affected. Blog reader Olaf E. wrote me under the title ‘Update error 0xC190020XYZ – May-Update 2019 – missing start menu …”:

I had the experience last WE, that two laptops upgrading to May 2019 Update failed with this error message. But I quickly discovered the root cause. Both were AMD laptops.

Then he describes two different error images, which I reproduce in the following in the best possible way.

Upgrade error 0xC1900… due to “Adrenalin 20xyz”

When upgrading, i.e. installing a feature update, to version 1903, there can be all sorts of errors with a termination of the process. Many aborts return an error code 0xC1900xxx, where the placeholders xxx stand for the last three digits and provide the exact cause. In the current case, the blog reader got such an error code, but didn’t give me the xxx values. But he quickly identified the root cause of the error on the two AMD notebooks and writes:

The AMD software “Adrenalin 20xyz” was or is installed on both [AMD laptops]. It has to be completely updated to 2019. If you are unsure which AMD hardware is installed in your laptop/PC (see Radeon selection menu: https://www.amd.com/de/support), you should click on the “Automatic detection and installation” button. A very small web installer package is downloaded, which hopefully correctly detects the installed AMD components and updates them accordingly. Radeon Adrenalin Software is currently available in version 16.5 (16.6beta).

I interpret it as meaning that the feature update to Windows 10 V1903 ended with an error code 0xC1900xxx.

• Olaf has therefore had the AMD Radeon adrenaline software updated according to his statements above.
• After that he had the May 2918 update installed. He writes ‘I start it without update search(!)’ and had to restart the machine.

Subsequently the AMD notebooks were updated to Windows 10 May 2019 Update. But there were more issues.

Broken start menu after upgrade to Windows 10 V1903

Olaf writes: After a successful update to May 2019, the start menu was gone. Again, I identified the roout cause of the bugs very quickly. It was due to very strange folder and file permissions of the “Packages folders”. On both notebooks this was the reason for a ‘broken’ start menu. For the folder:

C:\ProgramData\Packages

nobody had access rights. Olaf changed the file access permissions according to the screen shot below.

(Click to zoom)

He also had to change the access rights for the packages folders listed below:

C:\ProgramData\Microsoft\Windows\AppRepository
C:\Windows\InfusedApps
C:\Windows\SystemApps

It could still be that Olaf has now forgotten a folder (the mail was created after the upgrade from memory). He writes about it:

Forgot a folder? In any case, the change was immediately noticeable, because even with the ‘normal’ user all start menu entries and the start menu itself worked without errors.

Olaf wrote, that he had the hope, that his hints helps other people affected by this issues during upgrading to Windows 10 May 2019 update. Thanks to Olaf for sharing.

Similar articles
Windows 10 Update error 0xC1900208
Windows 10: A Feature Upgrade drops error 0xC1900209
Windows 10: Upgrade error 0xC1900101 – 0x20003
Windows 10: Upgrade error 0xC1900101-0x2000C
Windows 10: Upgrade error 0xC1900101-0×20017/0x30017
Windows 10: Upgrade error 0xC1900101-0x2000A
Windows 10: Upgrade error 0xC1900101 – 0x20004
Windows 10: Upgrade to v1903 end with error 0xc190012e

[German]After the updates KB4501375, KB4504360 and KB4506933 were tested in the release preview ring (see Windows 10: Update KB4509479, KB4509478, KB4509477, KB4509476 (06/26/2019)), the updates have now been generally released. 

Update KB4501375 for Windows 10 V1903

Cumulative Update KB4501375 for Windows 10 V1903 is now generally available. After installing KB4501375, the OS build is increased to 18362.207. The following items are addressed.

• Addresses an issue that fails to display the cursor when you hover over the keyboard magnifier. 
• Addresses an issue with looping redirects between Microsoft Edge and Internet Explorer 11. 
• Addresses an issue with Scalable Vector Graphics (SVG) marker display. 
• Addresses an issue with programmatic scrolling in Internet Explorer 11. 
• Addresses an issue with displaying portions of a webpage that has many elements and multiple nesting levels under certain conditions in Internet Explorer. 
• Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi or .msp files on a virtual drive. 
• Addresses an issue that may cause Night light, Color Management profiles, or gamma correction to stop working after shutting down a device. 
• Addresses an issue that only shows grey scale in the camera during Windows Hello enrollment. 
• Addresses an issue that may cause playback of some video content generated by iOS devices to fail. 
• Addresses a desktop and taskbar flickering issue on Windows Server 2019 Terminal Server that occurs when using User Profile Disks. 
• Addresses an issue that allows users to disable the sign-in background image when the “Computer\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image” policy is enabled. 
• Addresses a disconnection issue when using fitness software on an Android phone that has the Your Phone application installed. 
• Addresses an issue that prevents the Windows Event Log service from processing notifications that the log is full. This makes event log behaviors, such as archiving the log when it reaches a maximum file size, impossible. Additionally, the Local Security Authority (LSA) cannot handle CrashOnAuditFail scenarios when the Security log is full, and events cannot be written. 
• Addresses an issue that causes Office 365 applications to stop working after opening when they are deployed as App-V packages. 
• Addresses an issue that may prevent Container Hosts from receiving an address from a Dynamic Host Configuration Protocol (DHCP) server. 
• Addresses an issue that may prevent some upgrades from Windows 7 from completing successfully when third-party antivirus software is installed. 
• Reinforces the Certificate Revocation List (CRL) on Internet Key Exchange version 2 (IKEv2) machines for certificate-based virtual private network (VPN) connections, such as Device Tunnel, in an Always On VPN deployment. 
• Addresses an issue that triggers a Group Policy update even when there are no policy changes. This issue occurs when using the client-side extension (CSE) for folder redirection. 
• Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
• Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.

• Addresses an issue with WinHTTP registrations that increase the registry size and delay the operating system’s startup. This occurs on devices that use proxy auto-config (PAC) files to define how web browsers and agents select an appropriate proxy server. To stop the incremental growth of the registry, update the following:

Path: HKEY_CURRENTUSER\”Software\Classes\Localettings\Software\Microsoft\Windows
\CurrentVersion\AppContainer\Mappings”

Setting: CleanupLeakedContainerRegistrations

Type: DWORD

Value: 1

A value of 1 removes existing registrations; a value of 0 (default) retains existing registrations. Users must check Windows Update for updates to see the package. The update is also available for download in the Microsoft Update Catalog. The current Servicing Stack Update (SSU) must be installed before installation.

There is one known issue: The bug in the sandbox is not fixed. Microsoft writes: Windows Sandbox may cause the error “ERROR_FILE_NOT_FOUND (0x80070002)” and cannot start on devices where the operating system language is changed during the upgrade process when installing Windows 10, version 1903.  

Servicing Stack Update (SSU) KB4506933

Along with the update KB4501375 for Windows 10 V1903, Microsoft has also released the Servicing Stack Update (SSU) KB4506933. This SSU must be installed before installing the KB4501375 cumulative update. There are some fixes on the update client. 

Dynamic (compatibility) Update KB4504360

Update KB4504360 is a dynamic update (compatibility update). This can be dynamically downloaded from the Internet during the setup (new installation or reset) of Windows 10 Version 1903. The aim of the update is to correct errors during setup. (via)

[German]Microsoft has released several Windows updates over the past 10 days to fix the bug in the Event Viewer that occurred after installing the June 11, 2019 security updates. Here is a brief overview.

I have mentioned these individual updates in the respective blog posts, but there has not been a comprehensive listing so far. Some blog readers have pointed out in comments for certain Windows versions that there is a bug fix for the event viewer (e.g. thanks to Dekre). Others had asked where updates could be found.

I had it all on the radar, but as long as Windows versions were still unconsidered, a separate blog post didn’t make sense. Today the last fix for Windows 10 version 1903 came with update KB4501375 (see Windows 10: Updates KB4501375, KB4504360, KB4506933 released). So I decided to create a separate blog post for my readers.

Some Background about the issue

Windows security updates released from Microsoft in June 2019 are closing numerous vulnerabilities, but also causing headache for administrators. As soon as the updates have been installed, the Event Viewer crashes, if custom views are selected..

(Click to zoom)

As soon as the error has occurred once, the event viewer can no longer be used. The reason for this is that the Event viewer snap-in automatically tried to load the last custom view selected during the next start.

I’ve discussed that issue in detail within my German blog post Windows 7-10: Ereignisanzeige hängt nach Juni 2019-Update (KB4503293/KB4503327 etc.) – a shorter English version is Windows 10: Updates KB4503293/KB4503327 kills event viewer. The article explains which Windows versions and updates are affected (virtually all). And I had sketched a workaround how to fix the Event Viewer at least (but no custom views can be used afterward).

A somewhat more in-depth approach can be found in the blog post Tip: PowerShell workarounds for June bug in Windows Event Viewer. Microsoft had confirmed the bug quite quickly and promised to fix it by July 2019.

Which updates do I need for which Windows?

The updates to fix the relevant bug in the Event Viewer trickled in between June 18 and June 28, 2019. The following list provides an overview of the relevant updates:

• Windows 10 Version 1903, Windows Server Version 1903: KB44501375, 27. Juni 2019
• Windows 10 Version 1809, Windows Server Version 1809, Windows Server 2019: KB4501371, 18. Juni 2019
• Windows 10 Version 1803: KB4503288|, 18. Juni 2019
• Windows 10 Version 1709, Windows Server Version 1709: KB4503281, 18. Juni 2019
• Windows 10 Version 1703: KB44503289, 18. Juni 2019
• Windows 10 Version 1607, Windows Server 2016: KB4503294, 18. Juni 2019
• Windows 8.1,  Windows Server 2012 R2: KB4503283, 20. Juni 2019 (Preview Rollup), or use update KB4508773.
• Windows Server 2012: KB4503295, 21. Juni 2019 (Preview Rollup)
• Windows 7 SP1,  Windows Server 202008 SP1: KB4503277, 20. Juni 2019 (Preview Rollup), or use update KB4508772.

All updates are optional and are offered via Windows Update. If you want to install these updates under Windows 10, you must actively search for the updates in the update page. The updates should also be offered on WSUS or SCCM. For a manual installation, the packages can be downloaded from the Microsoft Update Catalog via the above KB numbers.

A fix for Windows 10 LTSC V1507 (RTM) hasn’t been released yet.

What else should I keep in mind?

My tip would be to read the ‘known issues’ section within linked KB articles. Most updates mentioned above comes with serious side effects. If you decide, you can’t install an updates, use the hints given within my blog post Tip: PowerShell workarounds for June bug in Windows Event Viewer.

Similar articles:
Windows 10: Updates KB4503293/KB4503327 kills event viewer
Tip: PowerShell workarounds for June bug in Windows Event Viewer

Small reminder for users of Windows Phone 8.x devices: Tomorrow, July 1, 2019, Microsoft will cut off the possibility for app developers to post updates to these apps in the store (see Store Apps for Windows 8.x – important EOL dates). So you won’t get any more app updates. (via)

[German]Brief information for Windows Media Player and Windows Media Center users. The service required for these programs is down. It looks like Microsoft has shut down the servers.

I found this information within the US Microsoft Answers forum on the entry fai.music.metaservices.microsoft.com is down … and is likely to stay that way posted by a moderator. The post indicates that the service:

fai.music.metaservices.microsoft.com

is down right now. He has then posted the following status page, which confirms the failure of the service. 

The service is required by Windows Media Player and Windows Media Center to search for albums (title, cover, tracks etc.).

Microsoft has shut down this service

In the Microsoft Answers forum post, the moderator points out that this is not a temporary problem, but that Microsoft has completely switched off this service. Microsoft has described it in KB4488539.

Changes in metadata service affecting Windows Media Center and Windows Media Player

Applies to: Windows Media Player Windows Media Windows 8.1  Windows 7

Going forward, you may be unable to view information (metadata) such as the title, genre, and artist for songs, and the director, actors, and cover art for movies in Windows Media Center and Windows Media Player. After looking at customer feedback and usage data, Microsoft decided to discontinue this service. This means that new metadata won’t be updated on media players that are installed on your Windows device. However, any information that’s already been downloaded will still be available. 

This change doesn’t affect any major media player functionality such as playback, navigating collections, media streaming, and so forth. Only secondary features that require downloading of new metadata are potentially affected.

In short: Microsoft took a look at the user statistics and decided to switch off the metadata services for Windows Media Player and the Media Center. So users won’t recognize it for old albums. But it is possible that information (metadata) such as title, genre, and artist for songs, as well as director, actor, and cover artwork for movies, cannot be displayed in Windows Media Center and Windows Media Player for new titles. Existing entries are preserved, but new information is no longer available. The following programs and Windows versions are affected. 

[German]Users of the Windows Sandbox included in the Windows 10 May 2019 Update now get the error code 0xc0370106 displayed when calling it. Microsoft seems to have broken this feature again.

Windows 10 Sandbox mode

Last year, in December, Microsoft introduced Windows Sandbox, an isolated, temporary, desktop environment where users can run untrusted software without the fear of lasting impact to the system. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect the host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

Windows Sandbox is part of Windows 10 Pro and Enterprise and may be installed as a feature. Every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows. Windows Sandbox has been introduced in Windows 10 Pro or Enterprise Insider build 18305 or later – so it’s also part of Windows 10 Mai 2019 Update (version 1903).

Windows Sandbox uses Hyper-V, which will be activated. So enabling the Sandbox mode will prevent VirtualBox and VMWare from running on the same computer.

No luck with Windows Sandbox

For users of a non-English Windows 10 V1903 the Windows Sandbox is a mirage. After the release of the Windows 10 May 2019 update (version 1903) German users found out that the Windows Sandbox crashed with the error 0x80070002 (a file could not be found).

The issue was caused by the KB4497936 cumulative update that Microsoft released for this version of Windows. More details on this topic I had gathered in the blog post Windows Windows 10 V1903: Update KB4497936 breaks Sandbox. Until July 1, 2019) there is no fix from Microsoft, which is why I could not use this feature.

Windows Sandbox crashes with error 0xc0370106

Today I got this comment from a German blog reader who has become aware of another problem in connection with the Windows Sandbox. The user wrote:

I now get since 07/01/2019 the following: Error 0xc0370106. the computer or container was terminated unexpectedly.

The blog reader asks if there is more information. Yes, there is – briefly compiled together turned what I know so far. Error 0xc0370106 isn’t new, 2017 it hit users of docker containers when they installed Windows 10 Creators Update (V1703). But now we are talking about Windows 10 May 2019 Update (version 1903) and the Windows Sandbox, a completely different thing.

But searching the internet shows that the bug seems to hit some people who are experimenting with the Sandbox in Windows 10 V1903. A search on the Internet for error 0xc0370106 showed me, that this error has been reported since the end of June 2019 (June 27-30, 2019) (here, here and here). Also on reddit.com there is this contribution to the error since some days.

The error code 0xc0370106 stands for ERROR_VMCOMPUTE_UNEXPECTED_EXIT, i.e. the virtual Hyper-V machine of the Windows sandbox is supported by an unexpected error. This is in accordance with the German error description that the user left as a comment.

The usual repair mechanisms like dism /scanhealth etc. doesn’t help. But since it is noticeable that this error code was reported at the end of the month, I guess that the cumulative update KB4501375 released on June 28, 2019 may causes this crash. I can’t judge finally about that, because I fired up my German test machine within Windows 10 V1903, which has not been booted for a long time, I just activated and tested the sandbox again. There it crashed with the error 0x8007000002 described above (a file could not be found).

I found this forum entry from end of May 2019/Anfang Juni, who is claiming Microcode Update KB4497165 is causing this issue. The user noted, that the Windows Sandbox is crashing with error 0xc0370106 since than. The user was running OS bild 18362.145 of Windows 10 V1903. This cumulative update KB4497935 has been announced on May 24,  2019 within Windows-Blog for Preview Build 18362.

I then let the machine search for updates and was offered a .NET Framework 3.5 update KB4502584 and the cumulative update KB4501375. For further update searches the cumulative update KB4503293 was offered. But at the end of the day, after installing all updates, my machine drops error 0x80007057 “wrong parameter” – if I try to launch the Windows Sandbox.

In an additional step I change the machine’s language to English, uninstalled the sandbox and installed it again. Then I ended with 0x80070002. I haven’t the nerve to do a clean install with an English Windows 10 V1903. Software as a service, and I’m asking who is testing that stuff at Microsoft. It doesn’t make really fun to use Windows 10.

Addendum: It seems, that Microsofts Intel Microcode Updates for several CPUs is causing that crash in Windows Sandbox. That makes sense (my machine did not get such updates).

Similar articles
Windows 10 V1903: Update KB4497936 breaks Sandbox
Windows 10: Update KB4483214 breaks Sandbox mode
Windows 10 gets Sandbox for applications

[German]Malwarebytes has updated its software to fix the deactivation of Windows Defender under the Windows 10 May 2019 Update (V1903). That’s the good news. The bad news: This issue has been reported in April 2019 – it took until July 2019 to fix that.

Malwarebytes improved for Windows 10 V1903

Users of Windows 10 version 1903 found that Malwarebytes (Premium) was not compatible. I wrote about it in the German blog post Windows 10 V1903: Malwarebytes deaktiviert den Defender. Normally, Malwarebytes works well alongside Windows Defender – even though the software can act as a virus protection.

When upgrading to Windows 10 version 1903, Malwarebytes’ security software suddenly deactivates Windows Defender. Since the first week in June 2019, the Malwarebytes forum has had the article MBAM disables Windows Defender after WinUpdate 1903 installed, which addresses this issue.

Malwarebytes had only suggested a workaround (in the Malwarebytes settings the option Change Malwarebytes to never register should be set in the Action Center). However, Malwarebytes had also released Beta 3.8 to fix the issue.

Malwarebytes fixes Windows Defender deactivation bug in Windows 10 1903 #malwarebytes #windows10 #securityhttps://t.co/QUKEcIXQiL pic.twitter.com/YtYDva08H7

— ghacksnews (@ghacksnews) 1. Juli 2019

Now Martin Brinkmann reports on ghacks.net (see tweet above) that this fix is apparently present as Malwarebytes 3.8.3 and should solve the problem of the deactivated Windows Defender under Windows 10 V1903.

Are Microsoft and Malwarebytes are stubborn?

While the issue with Malwarebytes 3.8.3 is fixed, German blog reader Karl comes up with massive criticism of Malwarebytes. 

@etguenni das nennt man verbohrt #Malwarebytes schon vor dem Release reported auch an Microsoft und jetzt hat man es analysiert. Ich habe Stunden mit dem Forum Support verbracht.https://t.co/5Ox7VmNdIs

— al Qamar (Karl Wester-Ebbinghaus) (@tweet_alqamar) 29. Juni 2019

The tweet above says:

@etguenni this is called stubborn #Malwarebytes even before the release reported to Microsoft and now it has been analyzed. I spent hours with the forum support.https://t.co/5Ox7VmNdIs

The above issues were apparently reported by Karl to Malwarebytes / Microsoft early before the release of Windows 10 V1903. The Malwarebytes forum entry here is dated from April 25, 2019 and deals with the issues of Malwarebytes 3.7.1 in connection with Windows 10 1903 (Release Preview) 18362.52. I would say: You users are still the guinea pigs who have to pay for this.

[German]Last Wednesday, Microsoft announced the backport of Microsoft Defender ATP automation and cloud app detection on older Windows 10 versions. 

General information and review

Microsoft is expanding Windows Defender to protect against threats to corporate environments. Windows Defender Advanced Thread Protection (Windows Defender ATP) provides an advanced (paid) protection solution for Windows 10 in enterprise environments. In February 2019, it became known that Microsoft had ported Windows Defender ATP to Windows 7 SP1 and Windows 8.1 (see Windows Defender ATP EDR for Windows 7/8.1 available).

Windows Defender Advanced Thread Protection (ATP) has renamed into Microsoft Defender ATP, a comprehensive protection solution for Windows 10 and macOS in enterprise environments (see Windows Defender ATP is now Microsoft Defender ATP).

(Source: YouTube)

Backport for older Windows 10 versions

Last Wednesday (June 26, 2019) Heike Ritter pointed out in a tech community article that Microsoft Defender ATP automation and cloud app detection are now also available on older Windows 10 machines.

We are pleased to announce that we’ve backported key Microsoft Defender ATP capabilities to earlier versions of Windows 10 so you can have the time you need to stay secure while testing and implementing updates https://t.co/DkPukRpxUt

— Microsoft Defender ATP (@WindowsATP) 26. Juni 2019

I became aware of it through the above tweet, but first had to research what was new about it. Because I still had the blog posts mentioned above in mind.

What is the article about?

Microsoft Defender ATP automation uses state-of-the-art AI technology to resolve incidents by automatically scanning alerts, applying AIs to determine if a threat is real, and determining what action to take – from alerting to resolution in minutes. However, this automation was limited to the latest version of Windows 10. 

Microsoft writes that ‘many’ enterprise customers on the semi-annual channel (SAC) are taking the feature updates to the latest version of Windows 10 twice a year. But Microsoft also had to learn that the rest of the total – ‘many’ – was significant – because these customers don’t switch to the latest version of Windows 10 with all its bugs every 6 months.

From this group of corporate customers came the feedback that more time and flexibility was needed to plan, test and provide updates. Microsoft has responded by making changes to the Windows service and support lifecycle. The next step that was announced: Redmond is making the latest Microsoft Defender ATP features available for older versions of Windows 10.

Which Windows 10 versions get the backport?

One of the biggest requirements was to provide Microsoft Defender ATP automation for earlier Windows 10 versions. It was designed to help security teams on these versions to automatically scan and fix threats on their network.

Automation is now available with Windows 10, version 1709 and later. This service also includes automated investigation and remediation of memory-based (file-free) attacks. This means that the system can use automated storage forensics to load malicious storage areas and perform necessary in-memory cleanup actions.

What an administrator need to do?

To benefit from these backported functions, all you have to do is install a Windows Update. For Windows 10 Fall Creators Update (version 1709), you must install KB4493441 or later, and for Windows 10 Spring 2018 Update (version 1803), it is KB4493464 or later. Once this is done, security teams can benefit from these features on these machines.

Explanation of the terms

One of the big problems with all this stuff is that Microsoft Marketing is making up more and more sounding names. Therefore I have extracted some information below.

Microsoft Defender ATP Automation

Microsoft Defender ATP service provides features to display security incidents on systems in a dashboard. As I pointed out in the above articles, these are displayed in the Windows Defender Security Center along with data from other endpoints. This gave security teams a single place to get an overview of security incidents. The data can be used to investigate and respond to incidents across the Windows environment.

Click to zoom

The problem is that the Microsoft Defender ATP service offers a wide range of transparency regarding security incidents on the monitored computers (endpoints). But the service generates a variety of alerts, the amount of which can be challenging for a typical security operations team, as Microsoft says here.

After Microsoft gained this insight, they began to to develop some automation. To meet this challenge, Microsoft Defender ATP uses automated research. The goal is to significantly reduce the volume of alerts that need to be individually investigated.

The automated investigation uses various algorithms and processes used by analysts (e.g. Playbooks) to investigate alerts and take immediate corrective action to correct violations. This significantly reduces alert volume, allowing security operations experts to focus on more complex threats and other high-value initiatives.

The list of automated scans shows all automatically initiated scans and other details such as status, detection source, and date the scan was initiated. The details are described in the document Overview of Automated investigations.

Microsoft Cloud App Security

Let’s briefly come to the term ‘Microsoft Cloud App Security’, which is described in the document Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security. Microsoft Cloud App Security integrates natively with Microsoft Defender Advanced Threat Protection (ATP).

Once a risky user has been identified, all computers that the user has accessed can be scanned to identify potential risks. Once a risky machine has been identified, all users who have used that machine can be scanned to identify potential risks. So the Microsoft Cloud App Security is a powerful tool for evaluating the logs of endpoints that are forwarded to Cloud App Security.

Similar articles:
Windows Defender ATP EDR for Windows 7/8.1 available
Windows Defender ATP is now Microsoft Defender ATP

[German]has released the first preview build 18362.10000 of Windows 10 version 1909 (19H2 development branch) for Windows Insider in the Slow Ring. The feature update is expected for fall 2019 (October).

It had long been speculated if and when Microsoft would provide the first insider preview builds from the 19H2 development branch for Windows Insider. Because the Fast Ring is blocked by the builds of the 20H1 development branch. And in the Slow Ring, Microsoft tested the preview updates for Windows 10 V1903.

For #WindowsInsiders wanting some details on 19H2 – see this blog post: https://t.co/cfxnwPQiQY. And Slow ring gets first 19H2 build today: https://t.co/8PcjXpx5JK

— Windows Insider (@windowsinsider) 1. Juli 2019

Now Microsoft has commented on the upcoming function update version 1909 in a blog post Evolving Windows 10 servicing and quality: the next steps.

Improvements for business users

The next feature update for Windows 10 (known as 19H2 in the Windows Insider program) will include a select set of features for performance enhancements, enterprise features, and quality improvements. What that exactly means, however, remains in the nebulous.

Users from the Insider Program who are using Windows 10 Version 1903 can switch to the new 19H2 version of Windows 10 via the Slow Ring. Microsoft is currently testing the provision of the feature update there in a new way (quote: to deliver these updates in a less disruptive fashion, we will deliver this feature update in a new way, using servicing technology – like the monthly update process).

It means: This feature update will be delivered like a cumulative update – just patching, and not exchanging the whole operating system (as feature updates will do).

More information

Jon Wilcox has published an article in the tech community Moving to the next Windows 10 feature update for commercial customers. He wrote about the delivery process for this feature update:

1. If devices in your environment are running Windows 10, version 1903, you can take advantage of this new servicing option to update from Windows 10, version 1903 to 19H2 and benefit from a reduced file size and faster installation time.
2. For those devices in your environment running Windows 10, version 1809 or earlier versions of Windows 10, the update process will remain unchanged. You will have the option to update to 19H2 just as you did with previous releases.
3. As a September-targeted release, 19H2 will be serviced for 30 months for those devices running Windows 10 Enterprise or Windows 10 Education editions.

Somewhere I read that the feature update should only bring improvements for OEMs.

Available in Slow Ring

The feature update is now rolled out in the Slow Ring for Windows Insiders. Microsoft plans to offer new functions in future insider builds of this development branch as soon as they are ready. And after the release of Windows 10 Version 1909, business customers should switch to this version, because only this version receives 30 months of support (Version 1903 has only 18 months of support for business customers, just as long as for consumers).

Some insiders may not see the new features immediately because Microsoft uses a Controlled Feature Rollout (CFR). Not all insiders get the builds there, so Microsoft can get better feedback about the overall quality of the build. See the Microsoft article for details. All in all, this raises more questions for me than the articles from Microsoft answer. For me, it seems that this is the end of Windows as a Services (WaaS) with semi annual feature updates. I guess, we will have one feature update per year in spring with 18 months support, and a ‘stability update’ with 30 months support for business environments.

[German]A few days ago Creative released an updated driver package ‘Sound Blaster X-Fi Series Software Pack’ for Windows 10 for download. The driver package fixes some bugs and also supports Windows 10 V1903.

Colleagues at deskmodder.de have noticed a few days ago that a driver update for Creative X-Fi has been available since June 24, 2019. On this Creative website you can download the file SBXF_PCDRV_L11_2_30_0012.exe. This download includes the driver and application(s) for use with your Sound Blaster® X-Fi audio devices. The download only supports the following devices:

• Sound Blaster X-Fi XtremeGamer Fatal1ty® Professional Series
• Sound Blaster X-Fi Platinum Fatal1ty Champion Series
• Sound Blaster X-Fi XtremeMusic
• Sound Blaster X-Fi XtremeGamer
• Sound Blaster X-Fi Platinum
• Sound Blaster X-Fi Fatal1ty
• Sound Blaster X-Fi Elite Pro
• Sound Blaster X-Fi Elite
• Sound Blaster X-Fi

The driver fixes the error that the audio output remains mute or the error “Unable to find audio device” is reported in Windows 10 Version 1803 and higher. The driver requires the following for installation:

• Microsoft® Windows® 10 32-Bit oder 64-Bit
• Sound Blaster X-Fi Soudkarte gemäß obiger Liste

To install, simply double-click the downloaded installation file to start it. Further details can be found in the Release Notes.

[German]Windows 10 May 2019 update does not install on Macs that were introduced before 2012. The same applies to newer Apple Macs that have older versions of Apple’s Boot Camp software or Windows Support software drivers installed.

Boot Camp is Apple’s software that lets you install and boot Windows on a Mac. Apple describes the requirements for installing Windows 10 on Boot Camp in this document. This Apple document provides more information on this topic. Experience from the past shows that there are always compatibility issues, when a new version of Windows is released that cannot be installed under Boot Camp. This is exactly what happened again with the Windows 10 May 2019 update.

Microsoft has documented an issue

Microsoft released the support document Updating to Windows 10, version 1903 on Apple Mac devices introduced before 2012 or newer Mac devices with older versions Apple Boot Camp or Windows Support Software drivers installed, describing issues with Macs during updating to Windows 10 V1903. If users attempt to install the Windows 10 May 2019 Update feature update on Apple Mac computers, this may cause an error in the upgrade wizard. The Upgrade Wizard detects a compatibility issue and reports it:

“Mac HAL Driver – machaldriver.sys: Your PC has a driver or service that isn’t ready for this version of Windows 10.”

(Source: Microsoft)

The picture above shows the English message of the setup wizard. The wizard reports issues with the Mac HAL driver (HAL = Hardware Abstraction Layer) machaldriver.sys on the Mac and aborts the upgrade.

Which devices and drivers are affected?

Mac devices prior to 2012 or newer Mac devices with the older Apple Boot Camp or Windows Support Software drivers have a compatibilty hold in place and are unable to update to Windows 10, version 1903.  Specifically, devices with MacHALDriver.sys dated September 24, 2011 01:57:09 or older in Windows\system32\drivers are affected.

Are there workarounds? What can I do?

Microsoft proposes to update the Apple Boot Camp Windows Support Software driver. Then you may be able to upgrade to Windows 10 version 1903. The support document states that you may be able to search for updated Windows support software under macOS. This should be possible in the Apple menu under App Store. If something is found, then install all available updates.

You can also try the instructions in the Apple Support article here to fix existing installation issues. If that doesn’t help, just wait and see. Microsoft is working on solving the problem. (via)

[German]Windows 10 stops to auto back up copies of the registry into the RegBack folder since version 1803. Microsoft recently announced this within a support article. 

This is a supplement to a topic I thought was generally known. I remember my blog post Windows 10: No RegBack backup in V1803/1809 of November 5, 2018 where I described that issue. Here are some excerpts from my older post an an explanation provided by Microsoft including a workaround on how to get back the old behavior.

Some Background

Windows contains a feature that creates a backup copy of the registry files at regular intervals. Windows uses a folder C:\Windows\System32\config\RegBack in which the operating system can cyclically store copies of its registry files. There is a task in the branch Microsoft -> Windows -> Registry in the task planner for this purpose.

This task cyclically creates various files in the RegBack folder. I checked this under Windows 7 times in an administrative command prompt. This looks like this:

The system-wide valid structure files of the registry (hives) can be found. In SOFTWARE, for example, all installed programs can be found and under SYSTEM the registration keys for the system are stored.

This feature should allow you to repair a Windows that is no longer starting due to damaged registry hives. In the past, however, there have been problems with the feature from time to time.

RegBack is missing since Windows 10 V1803

In Windows 10 Version 1803/1809 the registry backup task doesn’t work anymore. If you inspect the RegBack folder, you will see, it is empty, although there is a backup task.

Even a manual execution of the task to backup the registry hive files does not change this. I then searched the Internet – this forum entry in MS Answers from June 7, 2018 complains about this effect already on Windows 10 V1803. A user writes that the files would have a size of 0 kb. Other users confirm these observations. It is assumed that Microsoft silently ‘killed’ the registry backup from Windows 10 V1803. In version 1809 the folder is even completely empty.

This tweet from Vadim Sterkin @vsterkin also already discussed this observation for Windows 10 V1803, and some people try to bring it to the attention of the Microsoft developers in the feedback hub or via Twitter.

#Windows10 1803+ no longer creates backup copies of the registry

Major blow to the Windows emergency restore abilities (forum support).

Plz RT & in #feedbackhub

Insiders on 1809: https://t.co/juah6C3Mk4
Non-insiders on 1803: https://t.co/CsX0FLHWS4

cc @WithinRafael @rlinev pic.twitter.com/xrStdXzLxE

— Vadim Sterkin (@vsterkin) 30. Oktober 2018

Microsoft finally delivers an explanation

The last days I have seen on several websites the reference to the Microsoft support document The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803, dated June 29, 2019. The document refers to Windows 10 version 1803 and higher. It confirms that from Windows 10 version 1803, Windows no longer automatically backs up the system registry in the RegBack folder. If you control the folder \Windows\System32\config\RegBack with Windows Explorer, the registry hive will appear, but each file is 0 kb in size.

This change is intended by Microsoft and is intended to reduce the footprint of Windows 10 with respect to the total size of the occupied disk space. To restore a system with a corrupted registry hive, Microsoft recommends that you use a System Restore Point.

However, I consider this advice to be a joke of history and wonder what kind of weed they smoke in Redmond. First of all, the ‘footprint’ caused by the hive files is small compared to the bloatware that Microsoft pumps onto the systems with useless apps and features. But the kidding can be increased – because for quite some time each feature update deactivates during the system recovery feature including automatic creation of recovery points.

How to force legacy Registry backups

If you want to reactivate the behavior of the legacy backups from older versions of Windows 10, you can configure this via the following registry entry: :

HKLM\System\CurrentControlSet\Control\Session Manager\Configuration Manager\EnablePeriodicBackup
Typ: REG_DWORD Wert: 1

Set the DWORD value EnablePeriodicBackup to 1 and restart the computer. Windows saves the registry in the RegBack folder when the computer is restarted and creates a RegIdleBackup task to manage subsequent backups. Windows stores the task information in the Scheduled Task Library in the Microsoft\Windows\Registry folder. The task has the properties shown in the following figure:

(Source: Microsoft)

Similar articles:
Windows 10 Mai 2019 Update released
Windows 10 N: Media Feature Pack for Version 1903 released
Windows 10 V1803 threatens a forced update as of July 2019
Windows 10 V1903: Known Issues – Part 1
Windows 10 V1903: Known Issues – Part 2
Windows 10 V1803: Force update to V1903 – Part 1

[German]Microsoft has just announced it will officially support Office 365 ProPlus on Windows Server 2019. In addition, FSLogix is now available to all authorized users and OneDrive Files On-Demand is also coming to this platform.

The information reached me in a somewhat cryptic way via this tweet from blog reader Karl.

Anyone that choose this buggy Server 2016 over 2019 for the #Office365 stuff can now elaborate this, when not running Citrix LTS and having all lics on SA:
Mount Server 2019 (updated May 2019) ISO
Setup /auto upgrade /dynamicupdate enable /priority high

The Gods heared us. https://t.co/ncjK7gNz5l

— al Qamar (Karl Wester-Ebbinghaus) (@tweet_alqamar) 1. Juli 2019

Karl struggles with the slow update installations under Windows Server 2016 and various bugs. He gives the tip, that if you don’t depend on Citrix LTS and have the necessary Software Assurance (SA) for the license change, you can simply install from a Windows Server 2016 the newer Windows Server 2019 (from an ISO-DVD) via the command

Setup /auto upgrade /dynamicupdate enable /priority high

But the more interesting part was the blog post by Marco Hofmann, who responded to this announcement by Scott Manchester (Group Manager, WVD and RDS,) of Microsoft.

You asked and we delivered. Office ProPlus on 2019, files on demand, FSLogix entitlements. So much more to share at #MSIgnite #WVD Improving the Office app experience in virtual environments https://t.co/34Xm93EIY4

— Scott Manchester (@RDS4U) 1. Juli 2019

That’s news

Within the article Improving the Office app experience in virtual environments Microsoft introduces a few new details what they are planning for Windows Server 2019.

• FSLogix technology, which improves the performance of Office 365 ProPlus in multi-user virtual environments, is now available to Microsoft 365 customers at no additional cost.
• will receive support for OneDrive Files On-Demand in the coming months. 
• Office 365 ProPlus is officially supported on Windows Server 2019.
• And Microsoft developers have added new features to Outlook, OneDrive and Microsoft teams in Office 365 ProPlus to improve usability in a virtualized environment.

These are some of the new features in the Windows Server 2019 environment.

FSLogix technology

FSLogix container technology improves the speed and reliability of virtualized office applications. Users feel like they are running Office applications on a dedicated computer. Microsoft bought the vendor last year. Now the FSLogix container technology is fully integrated into office applications in virtual environments.

The FSLogix containers work in virtualized environments, including those provided by Microsoft, Citrix and VMWare. This technology is now included at no additional cost to customers licensed to one of the following Microsoft solutions:

Microsoft 365 E3/E5/A3/A3/A5/Student Use Benefits/F1/Business
Windows 10 Enterprise E3/E5 for Enterprise
Windows 10 Training A3/A5
Windows 10 VDA per user
Remote Desktop Services (RDS) Client Access License (CAL) and Subscriber Access License (SAL)

OneDrive Files On-Demand for Windows Server 2019

With OneDrive Files On-Demand, users can access all of their files in OneDrive while downloading only the files they use to save disk space on their devices. The feature has been available for some time on Windows 10.

In the coming months, Windows Server 2019 will support OneDrive Files On-Demand for users of virtualized office applications. This support combines fast access to files with reduced storage requirements.

Office 365 ProPlus supported on Windows Server 2019

Office 365 ProPlus typically runs on Windows 10. But in enterprises, virtual desktop services are provided to users on Windows servers. For those who still need to migrate from Windows Server 2008/R2 (end of support in January 2020) or want to migrate from Windows Server 2012/R2 before the end of support, there is an innovation. Microsoft wants to support Office 365 ProPlus on Windows Server 2019. This will allow you to take advantage of Files On-Demand for Windows Server 2019 features on the Windows Server platform. See this article for more details.

AMD released its Radeon Adrenalin 19.6.3 driver for Windows. These drivers fixes some bugs of previous versions. A list of fixes and changes can be found in the Release Notes.

[English]Another small addition: Microsoft has already released various Intel Microcode Updates for Windows 10 Version 1507, 1607, 1703, 1709, 1803 and 1809 in an updated version on 26 June 2019.

I haven’t documented these updates since May 2019. Since that time Intel has released patches for several CPUs, but there can be collateral damage, like I discussed it at Windows 10 V1903: Sandbox fails with error 0xc0370106. Microsoft has documented the microcode updates for Windows 10 on this page.

Spectre Variante 2

Microcode update for Windows 10 in conjunction with Spectre variant 2 (CVE 2017-5715 [“Branch Target Injection”])

Microsoft Intel Microcode Updates are provided via Windows Update, Windows Server Update Services (WSUS), and Microsoft Update Catalog

Spectre Variante 3a, 4 and L1TF

Microsoft provides Intel-proven microcode updates for Spectre variant 3a (CVE-2018-3640: “Rogue System Register Read (RSRE)”), Spectre variant 4 (CVE-2018-3639: “Speculative Store Bypass (SSB)”) and L1TF (CVE-2018-3620, CVE-2018-3646: “L1 Terminal Fault”).

These Intel Microcode updates are only available for download in the Microsoft Update Catalog.

Microarchitectural Data Sampling

Microsoft provides Intel-proven microcode updates related to Microarchitectural Data Sampling (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). The following table lists specific Knowledge Base articles by Windows version. Each article contains links to the available Intel microcode updates based on the CPU.

These Intel Microcode updates are only available for download in the Microsoft Update Catalog.

The latest Microsoft update is dated June 21, 2019. Further information can be obtained from device manufacturers and Intel at Intel Microcode Revision Guidance (April 2, 2018), Intel Microcode Revision Guidance (August 8, 2018), and Intel Microcode Revision Guidance (May 14, 2019). In the article Microsoft Security Advisories/Notifications June 2019 I also recently published a list of the relevant patches.

Microsoft has released Windows 10 Insider Preview Build 18932 (from development branch 20H1) for Windows Insider in the Fast Ring and Skip Ahead Ring.

The announcement with details about new features/changes and bugs can be found in the Windows Blog. This build offers improvements in mouse eye control, ease of use and settings. The features of the Your Phone app have also been enhanced. 

(Source: Microsoft)

The new version fixes a number of bugs, but has a lot of known bugs itself. See the Windows Blog for details.

[German]If you are using Windows 10 clients to access any servers via VPN connection, be careful. Windows 10 May 2019 update has issues with Microsoft Edge using SSL VPN connections.

This information should only be relevant to administrators who use Windows 10 clients in corporate environments and rely on Microsoft Edge as their browser. German blog reader Thomas B. told me about his observation a few days ago.

Edge no access to Citrix Farm via SSL VPN

Thomas has a number of customers who run a Citrix farm. He accesses this infrastructure via an SSL VPN connection over the Internet. All he needs is a browser and an Internet connection. But with the change to the Windows 10 May 2019 update he experienced an unpleasant surprise. He writes about it:

I connect to the infrastructure of many customers via their Citrix Farm using SSL VPN.

Since the last upgrade Win10 build 1903 the Microsoft Edge is no longer usable. The page with the Xen Apps selection still loads, but I can’t open the apps (Outlook, Microsoft Apps and other providers) there in the Edge anymore. I used to be able to do that. Now I have to use Firefox, IE or other browsers.

I tried everything, but the Edge blocks the start of all apps.

Winfuture reported here that this bug was introduced with cumulative update KB4497935 – Microsoft lists there a known issue for Remote Access Connection Manager (RASMAN) service. I just post the info here in the blog. Maybe someone else has had this experience and can this confirm it or even knows a workaround.

[German]A brief information for administrators and users. Trend Micro released Patch 1559 for its Worry-Free Business Security 10 for Windows security solution on June 28, 2019.

However, it took several days for Readme & Co. to be added to the Trend Micro website. I became aware of this topic at German site administrator.de via this post. According to the release notes, only bugs are fixed.

2.2 Resolved Known Issues
     ===================================================================
     This patch resolves the following issues:

     Issue 1:    (SEG-48748)
                 The URL filtering feature may not be able to block 
                 certain URLs.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: This patch updates the UMH module to ensure that the URL 
                 filtering feature works normally.
     -------------------------------------------------------------------
     Issue 2:    (SEG-47383)
                 An error occurs when users save changes to the Scheduled 
                 Scan settings.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: This patch updates the information in the database to 
                 resolve this issue.
     -------------------------------------------------------------------
     Issue 3:    (SEG-47596)
                 Microsoft(TM) Windows(TM) Server 2019 appears as "Windows 
                 Server 2016" on the Worry-Free Business Security web 
                 console.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: This patch adds Windows Server 2019 to the mapping list.
     -------------------------------------------------------------------
     Issue 4:    (SEG-47699)
                 There is a typographical error on the "LiveStatus" page 
                 of the Worry-Free Business Security web console.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 4: This patch corrects the typographical error on the 
                 "LiveStatus" page.
     -------------------------------------------------------------------
     Issue 5:    (SEG-49559)
                 An error occurs during Remote Installation.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 5: This patch prevents the error so Remote Installation 
                 proceeds normally.
     -------------------------------------------------------------------
     Issue 6:    (SEG-49803)
                 The Device Control feature may not work under certain 
                 conditions.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 6: This patch updates the Behavior Monitoring module to 
                 ensure that the Device Control feature works normally.

You can download the file WFBS-100-WIN-ALL-Patch-1559.exe here from the tab Product Patch. At administrator.de it is also discussed whether this version of TM is compatible with Windows 10 V1903. The manufacturer remains silent about this. A user has tried it out and successfully installed TM WFBS 10 under this operating system version.

[German]Microsoft intends to move its DirectX Runtime to the Microsoft Store. This means that DirectX will probably also be supplied with updates in future via the store.

DirectX is a collection of COM-based Application Programming Interfaces (API) for multimedia-intensive applications (especially games) on the Windows platform and is also used on the game console Xbox.

Until now the DirectX runtime was included in Windows and was updated via Windows Update if necessary. Currently there are Windows 10 DirectX 11.3 and 12. The colleagues from deskmodder.de mentioned a few days ago that Microsoft intends to offer DirectX in the Microsoft Store in the future.

DirectX Runtime in the @MicrosoftStore https://t.co/pFQPzrsuKR pic.twitter.com/jvd2izLnwI

— Aggiornamenti Lumia (@ALumia_Italia) 25. Juni 2019

t was noticed by the Italian site Aggiornamenti Lumia (@ALumia_Italia) who announced it in the above tweet.

I just checked, there is an entry for DirectX in the Microsoft Store. But there is still the note ‘DirectX Runtime is currently not available’ on the page. im Microsoft Store.

[German]A brief note for corporate administrators who distribute updates using WSUS. Microsoft shuts down an endpoint before the next patchday. I would also like to remind you of the SHA2 migration issue.

WSUS: Synchronization endpoint is decommissioned

Windows Server Update Services (WSUS) uses certain server URLs to synchronize updates. Now I have been alerted by the following tweet that Microsoft will disable such a synchronization endpoint for the upcoming patchday.

HEADS UP ENTERPRISE FOLKS, using SCCM & WSUS:
EP SYNC being Decommissioned.

Thank You: @MPECSInc

ICYMI: @SBSDiva @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @SwiftOnSecurity @pcper @MalwareJake @JobCacka @etguennihttps://t.co/2BEArylkU7

1/3

— Crysta T. Lacey (@PhantomofMobile) 3. Juli 2019

Microsoft announced within the Techcommunity articleWSUS synchronization endpoint being decommissioned on Monday, July 8, that the endpoint:

fe2.update.microsoft.com

will be decommissioned (shut down) next Monday, July 8, 2019. This URL will no longer be available for WSUS. For WSUS servers that are still configured for the old endpoint, this change should result in a one-time slow synchronization (typically only a few minutes), since the WSUS server automatically switches to the new endpoint.

Although the change should take place automatically, it is recommended to keep an eye on it as an administrator. If synchronization errors occur after Monday, those affected will find hints in KB article 4482416 – WSUS synchronization fails with SoapException to check whether they are affected by the problem. If this is the case, there are also instructions to fix it.

Note the mandatory SHA2 update for Win 7/Server 2008

Microsoft had announced in 2018 that it would only add SHA-2 signatures to its Windows updates from mid-2019 onwards – signing with SHA-1 would then no longer be necessary for security reasons. I had in the article Windows 7: From April 2019 ‘SHA-2-Support’ is required is needed and reported in further blog posts (see article end) about it.

Users of Windows 7 SP1 (as well as its server counterparts) and WSUS will need a special update from April 2019, which upgrades the machine for SHA2 code signatures. Without this update, these machines will not be able to process new updates in the future. As of March 12, 2019, Microsoft provided the required updates for Windows 7 SP1 and Server 2008/R2 as part of the patchday.

For Windows Server Update Services, Microsoft provided the standalone update KB4484071 for WSUS 3.0 SP2 (SHA-2 Support for Windows Server Update Services 3.0 SP2), according to this support article. This upgrades the SHA-2 support for WSUS 3.0 SP2. Administrators using WSUS 3.0 SP2 must manually install this update by June 18, 2019. Now it is ensured that updates for Windows 7 and Windows Server 2008/R2 can be distributed via WSUS 3.0 SP2. The prerequisite for manual installation of update KB4484071 is that the following updates:

• Windows Monthly Rollup KB4489880 (or later) for Windows Server 2008 SP2
• KB4489878 (or later) for Windows Server 2008 R2 SP1
• and .NET 3.5 were previously installed.

If this is ignored, errors may occur during installation. Microsoft also recommends backing up the WSUS database before installing these updates. If you have considered this, you can look forward to the July patchday on Tuesday, July 9, 2019.

Similar articles:
SHA-2 patch for Windows 7 arrives on March 2019
Windows 7: From April 2019 ‘SHA-2-Support’ is required