[German] Microsoft has just announced that it will soon deactivates (or already has deactivated) the execution of VBscript in Internet Explorer for untrusted Internet zones, as a security measure.

VBScript is the script language developed by Microsoft and based on Basic, which was supported in Windows Script Host and since 1996 in Internet Explorer. Other browsers, on the other hand, have used JavaScript for something like this, which is available in IE as JScript. VBScript has therefore always been limited to special cases.

Windows 10 Insider Preview: IE w/o VBScript

Now the end of VBscript in the browser is sealed, because Microsoft turns off the light step by step. I didn’t notice it, but at the beginning of July 2017 there were reports that Microsoft disabled VBScript in Internet Explorer 11 under Windows 10 in the Insider Previews. You can find more details in this Microsoft blog post. There it was announced, that support for VBScpt would be phased out.

But it is also known that Internet Explorer will die in the long run and that the Microsoft Edge browser will be the successor. This article recently described that Microsoft would release the Internet Explorer mode in the Edge browser.

Windows: End of VBScript in IE

In a blog post Microsoft announced the next changes for the upcoming patchday (August 13, 2019):

The change to disable VBScript will take effect in the upcoming cumulative updates for Windows 7, 8, and 8.1 on August 13^th, 2019. VBScript will be disabled by default for Internet Explorer 11 and WebOCs for Internet and Untrusted zones on all platforms running Internet Explorer 11.

This change is effective for Internet Explorer 11 on Windows 10 as of the July 9^th, 2019 cumulative updates.

Note: WebOCs are applications that use a Web browser control (see this article).

VBScript will be disabled for the Internet zones ‘Untrusted Sites’ and ‘Internet’, but it will be disabled for ‘Trusted Sites’ (Intranets). The settings to enable or disable VBScript execution in Internet Explorer 11 remain configurable per site security zone, via registry, or via Group Policy if you need to continue using this old scripting language. Microsoft has provided the required information in this document. (via)

Intel has released an update of its DCH graphics driver for Windows 10 to version 26.20.100.7000. The download is possible on this website. There you can also find some hints for optimizations. The release notes can be found here – neowin.net has published a summary of the new features here.

[German]Microsoft has updates the list of ‘known issues’ for Windows 10 May 2019 Update (Version 1903). Some bugs has been mentioned since May 2019. But there is also good news, because some problems can now be fixed or have been corrected by updates. Here is a rough overview of what has changed. 

When upgrading a Windows 10 system to the new version 1903 (May 2019 Update) there may be several issues. Microsoft has set upgrade stopper for several known issues. I had already reported about such problems in a series of articles (see Windows 10 V1903: Known Issues – Part 1). Similar to Windows 10 V1809, Microsoft has published a list of Known Issues for the Windows 10 May 2019 Update (Version 1903). This list is available here.

Intermittent loss of Wi-Fi connectivity

Some older computers may lose Wi-Fi connectivity due to an outdated Qualcomm driver. A remedy is an updated Wi-Fi driver from the device manufacturer (OEM), if available and if this driver works. Microsoft has therefore blocked the feature update to Windows 10 version 1903 for these machines with an older Windows 10. To upgrade these machines to version 1903, an updated Wi-Fi driver from the device manufacturer (OEM) must first be installed.

Microsoft does not recommend users of these systems to attempt an upgrade via the Windows Update page and the Update Now button (if the blockage does not occur). It is also not recommended to use the Windows Media Creation Tool to create an installation media and then try an upgrade with the old driver.

This was already mentioned in May 2019 (see this article – part 2). However, Microsoft updated the status page entry on August 1, 2019, as updated drivers from Qualcomm are now apparently being distributed to OEMs.

The German comment here I notice that users with Ralink/Mediatek and Realtek network cards also have issues with the WLAN connection. And in this comment someone mentions an Intel AC 8265 device with issues.  

Gamma ramps, color profiles, and night light settings

The problems with gamma ramps, colour profiles and night light mode are still unsolved. Microsoft writes that some scenarios have been identified in which gamma ramps, color profiles and night light settings no longer work. Redmond gives the following scenarios where problems can occur:

• Connecting to (or disconnecting from) an external monitor, dock, or projector
• Rotating the screen
• Updating display drivers or making other display mode changes
• Closing full screen applications
• Applying custom color profiles
• Running applications that rely on custom gamma ramps

This applies to Windows 10 V1903 client. If the night light mode no longer works, Microsoft suggests a restart. These bugs were also mentioned in part 2 of my article series. Microsoft has been working since May 2019 (unsuccessfully) to fix these problems. At the moment, a manual upgrade to Windows 10 V1903 is not recommended – but an upgrade stop has not been set. 

But there are fixed issues too

Microsoft was able to resolve some issues reported since May 2019. Microsoft lists the fixed bugs on this status page.

Fixed screen brightness control

The first fix concerns the problem that the brightness of the screen display could not be adjusted or changed. Microsoft and Intel had identified a problem with driver compatibility on devices configured with certain Intel display drivers. After upgrading to Windows 10, version 1903, the system allowed the brightness settings to be adjusted. But the actual screen brightness does not change.

As a precaution, Microsoft had blocked the upgrade to Windows 10 Version 1903 and recommended not to upgrade manually until the problem was resolved. The issue was fixed with the July 2019 update KB4505903 (see also Windows 10 V1903 Update KB4505903 (07/26/2019)). Just for the the records: Microsoft lists a bunch of known issues with this update. Not every user will be able to install this update.

Fixed blank screen issue with Microsoft Store

Furthermore, Microsoft states on this Messages page that the issue ‘Microsoft Store users can see an empty window when clicking certain buttons’ has been fixed since August 1, 2019. The company writes about it:

Some customers running the version of the Microsoft Store app released on July 29, 2019 encountered a blank screen when selecting “Switch out of S mode,” “Get Genuine,” or some “Upgrade to [version]” OS upgrade options. This issue has now been resolved and a new version of the Microsoft Store app has been released. Users who encountered this issue will need to update the Microsoft Store app on their device. If you are still encountering an issue, please see Fix problems with apps from Microsoft Store.

I had addressed this topic only within my German blog post Windows 10 S-Klippe: Plötzlich gefangen im S-Mode …?

Articles
Windows 10 V1903: Known Issues – Part 1
Windows 10 V1903: Known Issues – Part 2
Windows 10 V1903: Known Issues – Part 3

Similar articles
Windows 10 Mai 2019 Update released
Windows 10 N: Media Feature Pack for Version 1903 released
Windows 10 V1803 threatens a forced update as of July 2019
Windows 10 V1903 Update KB4505903 (07/26/2019)
Windows 10 V1903: Upgrade blocker Intel RST & MIT Kerberos
Windows 10 V1903: Updates KB4505903 / KB4508433

[German]A German blog reader already informed me in mid-June 2019 about a stupid bug in winevtutil to me. Here I outline a few details about this behavior within this blog post.

What is winevtutil?

Winevtutil is a command line tool for Windows that can be used to retrieve information about event logs. This command is also used to install and uninstall event manifests to run queries and to export, archive and delete logs. Microsoft has documented the tool in this article.

Problem report of the blog reader

Blog reader Dalai contacted me by mail in mid-June 2019 to point out a bug in the command.

I recently came across a bug in a Windows tool, and I can’t find any other evidence on the net that someone else has noticed this bug within the past 12 years, and made it public. Since you need a Microsoft account for the feedback hub, but I don’t have one (and don’t want one), I hope you could somehow bring the problem to Microsoft. Maybe you can blog about it.

Specifically it is about the console tool wevtutil.exe. Its long parameter reversedirection does not work, and has never worked since the tool was introduced with Vista.

I have tested it under Vista, Win7, Server 2012 R2 and Win10 1809 –
Nowhere is the parameter accepted. A concrete example of a command that anyone can test themselves:

wevtutil qe Application /c:1 /f:text /reversedirection:true

ends with the following error message:

> Invalid option reversedirection. Option is not supported. The parameter
> is incorrect.

And this although the parameter is exactly the same in the help, see wevtutil qe /?

The short form of the parameter works perfectly:Die kurze Form des Parameters funktioniert einwandfrei:

wevtutil qe Application /c:1 /f:text /rd:true

Now I have inspected the EXE file with Sysinternals Strings – and found that the parameter appears twice, once as reversedirection and once as reversdirection (i.e. without second e).

If you use the parameter in the form without e, there will be no Error message, but the parameter has no effect, i.e. the oldest event instead of the newest one.

Fun fact: In an example code uploaded by Microsoft itself for a slimmed down program called ReadEvents it looks correct (lines 97/98)

If you’re wondering why the blog reader is addressing this, the blog reader wrote to me: “I prefer to use the long forms of parameters (if available) in scripts, since these are very often allow a clear statement about what a parameter does without having to look into the help first. He also thinks that every bug has to lie around for 20 years before it can be fixed ….

I then asked if the English version of the tool was also affected. He answered:

I have also tested it in an English Windows 7, the problem is
is also available there. More or less logical, because the EXE is the same, only the language files (*.exe.mui) are different. And the cause of the problem probably lies in the EXE, as the investigation of the EXE showed. The problem is therefore language-independent and affects all languages.

In addition, on 64-bit Windows both EXEn are affected, i.e. the EXEs specified in 64-bit EXE in \Windows\System32 and the 32-bit EXE in \Windows\SysWOW64.

At this point my thanks to the blog reader for the hint. I have to see how I can transport this to Microsoft now.

[German]On August 6, 2019, Microsoft released updated security information on the CVE-2019-1125 (Windows Kernel Information Disclosure Vulnerability) vulnerability.

***************************************************************************
Title: Microsoft Security Update Releases
Issued: August 6, 2019
***************************************************************************

The following CVE has undergone a major revision increment: CVE-2019-1125

Revision Information:

– CVE-2019-1125
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: August 6, 2019
– Updated: N/A
– Aggregate CVE Severity Rating: Important

What is CVE-2019-1125?

The CVE-2019-1125 vulnerability allows disclosure of Windows kernel information. The Spectre vulnerability can be exploited when certain central processing units (CPUs) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.

However, the vulnerability can only be exploited locally. To exploit this vulnerability, an attacker must log on to an affected system and run a specially developed application. The vulnerability would not allow an attacker to directly increase user privileges. But the vulnerability could be used to obtain information that could be used to attempt to further compromise the affected system.

History

On January 3, 2018, Microsoft released consulting and security updates related to a newly discovered class of hardware vulnerabilities (known as Spectre) affecting speculative subchannels for execution that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the speculative side-channel vulnerability Spectre Variant 1 and has been marked CVE-2019-1125.

Microsoft released security updates for Windows on July 9, 2019 that fix the vulnerability through a software change.  The update changes the way the CPU speculatively accesses memory and mitigates the vulnerability. Note that this vulnerability does not require a microcode update from your device OEM.

[German]Microsoft has released the ISO installation image files for the Windows 10 Insider Preview Build 18950. This build refers to the Windows 10 feature update expected in spring 2020. And there are new ADK and SDK releases.

The Windows 10 Insider Preview Build 18950 was released at the end of July 2019 (see Windows 10 Insider Preview Build 18950 (20H1) released). Now Microsoft has published the first ISO image file for this build. The recognized the announcement came on Twitter.

We have released the ISOs for 20H1 Build 18950! Download here: https://t.co/fbbsZPkmZN pic.twitter.com/q8Kscc4A07

— Windows Insider (@windowsinsider) August 6, 2019

As usual the download is only possible for Windows insiders after login on the page To access this page, you need to be a member of the Windows Insider program. The colleagues at deskmodder.de have published some direct download links on this website, also for the new SDK and the ADK versions.

Microsoft has released Windows 10 Insider Preview Build 18956(from development branch 20H1) for Windows Insider in the Fast Ring. The announcement with details about new features/changes and bugs can be found in the Windows Blog.

[German]In Windows 10 Mai 2019 Update there is an issue with outdated Intel® Rapid Storage Technology (Intel® RST) drivers. Microsoft has blocked the upgrade to Windows 10 V1903. People who installed new Intel RST drivers report that the upgrade is still being blocked. In addition, the upgrade blockade also was observed on systems where no Intel RST driver is installed. However, there is a workaround that may work in such cases.

What’s the Intel RST driver issue?

Systems that have certain versions of the Intel® Rapid Storage Technology (Intel® RST) drivers installed cannot be updated to the Windows 10 May 2019 Update. Microsoft has set an upgrade blockade. I had already reported the issue at the end of July 2019 in the blog post Windows 10 V1903: Upgrade blocker Intel RST & MIT Kerberos. Microsoft has confirmed the problem in this article and documented it in KB4514156. 

(Source: Microsoft)

If the user receives the above message during the upgrade, the Intel RST drivers are obsolete. The Intel® RST drivers versions 15.1.0.1002 to 15.5.2.1053 are not compatible, the upgrade to V1903 is blocked.

Versions 15.5.2.1054 or higher are compatible, and a device on which these drivers are installed can install the Windows 10 May 2019 Update. For affected devices, Microsoft recommends version 15.9.6.6.1044 of the Intel Rapid Store driver.

However, users must check whether the version of the Intel RST driver to be installed actually supports their chipset. That’s not always the case according to what I read on the internet – things are a bit chaotic at Intel. At askwoody.com someone points out special issues. Microsoft recommends to check with the OEM if there are updated drivers available. Intel has set up the website Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver for driver downloads. Intel has published this readme text file with information about supported chipsets.

First steps when the upgrade is blocked

If Windows Update or the Upgrade Assistant refuses to install Windows 10 Version 1903 with the above error message, you can wait, or you can check if there are workarounds. The obvious thing to do is to install an updated driver.

If no driver is available, you should check whether an Intel RST driver is required at all. For example, the Intel® Rapid Storage Technology (Intel® RST) driver supports configuration and maintenance of RAID 0/1/5/10 configurations. If no RAID is used, an AHCI driver is sufficient and the Intel RST driver can be uninstalled.

No or new driver installed, and upgrade rejected?

If users need the Intel RST driver and have the latest version installed, they should be able to upgrade. Woody Leonhard points out in this posting that some users still receive a warning that the upgrade will be blocked.

And there are systems where the upgrade to Windows 10 V1903 is blockeds, although no Intel RST drivers have been installed (see this Lenovo support forum thread, so pay close attention to the following information). Such threads can also be found in Acer forums, TenForums and SuperUser. On askwoody.com a user posted a workaround on how to update his system, which needs Intel RST drivers.

1. Create a restore point and uninstall the Intel RST drivers from the old Windows 10 system.

This step may not be necessary if you perform step 2 (required in the Lenovo scenario, where no Intel RST drivers can be uninstalled).

2. Then restart and rename the (four) remaining files iaStor*.sys to .old in C:\Windows\System32\Drivers. 

3. Do not reboot now, otherwise you will get a BlueScreen. Lenovo devices would then be bricked. Rather, the feature update should now be installed on Windows 10 Version 1903.

After this installation, which also requires restarts, you can subsequently install the missing but updated Intel RST driver. The steps are described in this Microsoft Answers forum post. A discussion with experiences can be found at askwoody.com in this thread. Perhaps it will help those affected.

Similar articles
Windows 10 Mai 2019 Update released
Windows 10 N: Media Feature Pack for Version 1903 released
Windows 10 V1803 threatens a forced update as of July 2019
Windows 10 V1903: Known Issues – Part 1
Windows 10 V1903: Known Issues – Part 2

Microsoft has released the Windows 10 Insider Preview Build 18362.10012 and Build 18362.10013 in Slow Ring. Both builds belong to the 19H2 development branch, which will lead to a new Windows feature update in autumn. The announcement has been made within the Windows-Blog. There you will find more details, why we have two builds and who will recieve which build.

[German]Within the blog post I will cover a question, which was brought to me a while ago by a blog reader. What happens to the cyclic license check (genuine check) in Windows 7 if the machine is running without Internet?

On January 14, 2020 the extended support of Windows 7 SP1 by Microsoft expires. Then there will be no more new security updates available via Windows Update. If you are still dependent on Windows 7, you could cut off your Internet connection and run your software without Internet access. But in this scenario the question arises whether Windows 7 will stop its service at some point because the cyclic license check (Windows Genuine Check) can then no longer be performed.

A reader inquiry

I confess, I haven’t thought about the question of a license exam yet. But a blog reader wrote to me many months ago about the subject.

Windows 7 PC without Internet – License check?

the upcoming end of support of Windows 7 raises the question for me (certainly also other readers), can I use a Windows 7 PC (or even multiple, as in my case) permanently in a in an isolated environment, so WITHOUT an Internet connection?

Background is, I use software, which mostly only runs under Windows.
is executable and performance-dependent, such as a DAW with many music libraries.

In my case, I use 2 desktop PCs (Win7 Pro x64) for different
productive tasks. One for music production only, the other for 3D, graphics and video editing. Other computers, also Win 7, for various other “normal” tasks.

These two productive PCs run without issues and the installed software was expensive, so there was no reason to change anything, not even after the end of support!

[…]

After the end of Windows 7 support, I would like to continue using the two productive computers in the same way, but disconnected from the network, i.e. isolated from each other.

Now, however, the cyclic Windows license check (genuine check) comes into play! Are there any other possibilities besides MAK & KMS?
During my research I unfortunately only found something about Microsoft’s MAK and KMS. (Must read me in this regard still)

Meanwhile, I thought I’d ask you this question, maybe a topic for your blog? With my neighbors I have already had many a discussion about the end of Win7 support. Surprisingly, I often heard the answer, “…just pull the network cable and you’re done…”! But it’s not that trivial!

This outlines what is bothering the blog reader. Does Windows 7 SP1 stop operating when there is no longer a cyclic license check?

Ask the Internet

I searched the Internet and found this Microsoft forum post addressing the same question of a user in 2013.

Is it possible to disable Windows 7 Validation on a standalone PC?

I’d like to configure Windows 7 on a standalone PC that will be used in an industrial environment and won’t be connected to the Internet (or any network). The Windows 7 installation will be activated in the usual way, but once the application software has been installed, the PC will be “locked down” and the configuration will be frozen.

Is it possible to disable Windows 7 Validation so that the PC doesn’t attempt to contact Microsoft every 90 days? What happens if the PC is unable to contact Microsoft? According to the Genuine Microsoft software privacy statement, “these tools are designed to be a permanent part of the Microsoft software”, so it’s not clear if they can be disabled without causing problems – hence, my question.

He wants to run a Windows 7 system in an industrial environment without an Internet connection and is worried that the 90-day license check (Genuine Check) will cause issues. The background is that Windows 7 performs a license (genuine) check cyclically. If this cannot be confirmed, that Windows 7 is genuine, it goes into a reduced notification mode in which a black background appears with the message that Windows 7 is not genuine/not activated. And after some time, the system starts rebooting every hour. Of course, this would be the end of the Windows 7 system. However, there is a clear statement in the Microsoft forum:

Windows 7 will only perform a validation check if it senses an activate internet or network connection.  If none exists, there will be no check.

And a 2nd poster wrote:

Is it possible to disable Windows 7 Validation so that the PC doesn’t attempt to contact Microsoft every 90 days – the WAT update kb971033 is what contacts Microsoft every 90 days. it is an optional update so you can uninstall it. But as Cary says, if there is no internet connection there is no check.

Microsoft’s document About Genuine Windows describes also the genuine check. The document says for validation check:

Validation is an online process. It verifies that your copy of Windows is genuine and that critical Windows licensing files haven’t been damaged, deleted, or removed. It takes only a few moments and lets Microsoft create a match between your PC’s hardware profile and your 25-character product key or digital entitlement.

Your copy of Windows may need to be validated before you can get downloads and the updates which are reserved for PCs that are running genuine Windows. Windows might also prompt you to run genuine validation if activation isn’t properly completed.

If there is no online connection and Windows 7 is activated, there is no authentication. Or did I miss something and there is other information?

[German]There is a vulnerability in Microsoft’s Remote Desktop Protocol (RDP) that can be exploited to break out of guest VMs running on Hyper-V in Windows 10/Azure.

As early as February 2019, Check Point’s Eyal Itkin published the technical details of the bug as part of a larger study covering several RDP vulnerabilities (Bleeping Computer had reported here).

RDP server accepts client’s clipboard

The focus of the study was on a reverse RDP attack. The server of a remote connection takes control of the client. This was possible because two machines connected via RDP share the clipboard. This allows everything copied on the remote server to be pasted on the local client.

Microsoft delays the patch

The error allows a path traversal approach leading to remote execution. The vulnerability was reported to Microsoft almost a year ago. Initially, Microsoft confirmed the vulnerability, but refused to fix it. Reason: The vulnerability is not serious enough to require an immediate response.

Bleeping Computer reports here, that this decision catched Microsoft on the wrong foot. A connection between virtualization and remote desktop technology is not obvious. But Hyper-V has a connection. 

Hyper-V also affected

When Advanced Session Mode is enabled, the same settings window becomes available for both a Hyper-V virtual machine and a remote connection through Microsoft’s RDP client (mstsc.exe).

(Source: Microsoft)

The settings window is also used to synchronize the clipboard and is turned on by default.

Escape from the Hyper-V Guest

Itkin therefore used the same script he had written for attacks on the RDP vulnerabilities. The researcher managed an escape from the Hyper-V guest to the host.

(Source: YouTube)

The PoC video above shows how easy an attack is. By inserting a file on the host of the Hyper-V machine, the attacker can add a malicious file to the host’s startup folder to ensure execution at the next reboot.

After Itkin told Microsoft of its new findings about the vulnerability (CVE-2019-0887), the fix began with July 2019 updates. If the update cannot be installed immediately, clipboard activity monitoring should be disabled. See at Bleeping Computer for details. Security researchers from CheckPoint has also published an article Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V about that topic.

[German]Security researchers have found in an analysis of legitimate device drivers that more than 40 drivers from at least 20 hardware vendors are vulnerable to privilege escalation.

Device drivers are located between the operating system and the UEFI/BIOS as well as the hardware. This means that the driver runs with higher privileges than standard users’ and administrators’ software. Some drivers are also used to update the firmware. Drivers in Windows are therefore digitally signed by Microsoft. And Windows 10 now only allows signed drivers. If malware succeeds in exploiting weak points in drivers, the door is open to manipulate the system and the firmware (via these drivers for firmware updates).

Security researchers at firmware and hardware security firm Eclypsium have found that common design flaw in dozens of device drivers allows widespread Windows compromise. More than 40 drivers are vulnerable to privilege escalation. User programs can use the drivers to get kernel permissions. Bleeping Computer has published the information in this article. Eclypsium writes about its findings:

All these vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory.

This isn’t a theoretical risk. It is precisely these scenarios that have been used in cyber espionage operations in the past. According to Bleeping Computer, the Slingshot APT group used older vulnerable drivers to increase permissions on infected computers. The Lojax rootkit of APT28 (alias Sednit, Fancy Bear, Strontium Sofacy) was stored in the UEFI firmware via a signed driver. Eclypsium has so far published the following list of hardware vendors that provide vulnerable drivers for Windows.

American Megatrends International (AMI)
ASRock
ASUSTeK Computer
ATI Technologies (AMD)
Biostar
EVGA
Getac
GIGABYTE
Huawei
Insyde
Intel
Micro-Star International (MSI)
NVIDIA
Phoenix Technologies
Realtek Semiconductor
SuperMicro
Toshiba

According to the article, this list is incomplete, as some information is still under embargo and unpublished. You can read the DEF CON presentation here.

[German]Since Microsoft released update KB4503276 of June 2019, users of macOS have had problems accessing shares on Windows machines (clients and servers). SMB1 and LTLM are causing problems. Apple has now published a KB article on this topic.

Update KB4503276 for Windows Server 2012 R2

Update KB4503276  is the June 2019 rollup update for Windows 8.1 and Windows Server 2012 R2 that was released on June 11, 2019. I introduced the update in the blog post Patchday: Updates for Windows 7/8.1/Server (June 11, 2019).

A user feedback about Windows 10

I had noticed that there were issues. German blog reader Steffen had reported issues accessing Windows 10 shares from Mavericks (macOS 10.9.5) mid-June 2019:

Macs with Mavericks 10.9.5 can no longer access SMB shares.

What could I do? Enabling the SMB v1 protocol didn’t help.

I had already pointed out in a replay to the comment that SMBv1 is actually a constant trouble maker in macOS. Steffen’s feedback was that he uninstalled the Windows update and the accesses are working again. He hadn’t revealed any further details.

Apple has published a support article

I became aware of this topic again at the weekend via the following tweet by Ned Pyle (Microsoft).

For MacOS users seeing problems connecting to Windows Servers over SMB1 and NTLM after applying MS June Update KB4503276, Apple has a KB now:https://t.co/0qyfAhYTRv

— Ned Pyle (@NerdPyle) August 9, 2019

Apple has released on August 9, 2019 the support article your Mac can’t use NTLM to connect to a Windows server. They are addressing that macOS has issues when connecting to Windows Server, if NLTM credentials are used. The problem: macOS Mojave and earlier macOS versions may not be able to use NTLM credentials to connect to CIFS or SMB1 shares on a server that received Microsoft Windows Server updates dated June 11, 2019 or later.

After entering the user name and password, a warning message appears indicating that a problem has occurred with the connection to the server. It is suggested to check the server name or IP address and then try again. If this information is correct, Apple suggests the following:

• Use Kerberos authentication to connect to the server. This requires the share DNS name to be used instead of the IP address.
• Under macOS Mojave, High Sierra, Sierra, El Capitan or Yosemite, users should use SMB 2 or SMB 3 as protocols to connect to the server.
• Enable signing of the Server Message Block (SMB) on the server. On an SMB1 server, enabling signing can affect performance.

The connection can be established with SMBv2/v3, for example, by selecting Go > Connect to Server in the menu bar of the Finder. Then enter an smb:// address for the server.

[German]As of August 13, 2019, Microsoft released security updates for Windows clients and servers, Office, etc. Here is a compact overview of these updates.

A list of the updates can be found on this Microsoft page. Details about the update packages for Windows, Office, etc. can be found in separate blog posts.

Servicing Stack Updates

Microsoft now publishes an overview of all current Servicing Stack Updates (SSUs). The list of SSUs can be found at ADV990001.

Notes on updates

All Windows 10 updates are cumulative. The monthly Patchday update includes all security fixes for Windows 10 and all non-security fixes up to Patchday.

Updates can also be downloaded from the Microsoft Update Catalog. Die Updates for Windows RT 8.1 and Microsoft Office RT are only available via Windows Update. Information about the support period for Windows 10 can be found in the Windows Lifecycle Facts Sheet.

From March 2017 a Delta package is available for Windows 10 Version 1607 and newer in the Microsoft Update Catalog. This delta package contains only the delta changes between the previous month and the current version.

In addition to the security patches for the vulnerabilities, the updates include defense-in-depth updates to improve security.

Internet Explorer 11 will be available on Windows Serverv2012 from May 2019. This configuration is only available through the cumulative update for IE.

Critical Security Updates

Internet Explorer 11
ChakraCore
Microsoft Edge
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server
Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core Installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office Online Server
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Outlook for IoS
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2019
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems

Important Security Updates

Windows Defender
Microsoft Forefront Endpoint Protection 2010
Microsoft Security Essentials
Microsoft System Center 2012 Endpoint Protection
Microsoft System Center 2012 R2 Endpoint Protection
Microsoft System Center Endpoint Protection
Microsoft Visual Studio 2017
Microsoft Visual Studio 2017 version 15.9
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2019 version 16.2
Microsoft Dynamics 365 (on-premises) version 9.0

Moderate Security Updates

Internet Explorer 9
Internet Explorer 10

Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
Patchday Microsoft Office Updates (August 13, 2019)

[German]On August 13, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page.

KB4512506 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4512506 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that were already included in last month’s update. The update addresses the following:

Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Datacenter Networking, Microsoft Scripting Engine, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, and Windows Server.

This update is automatically downloaded and installed by Windows Update. The package is also available via Microsoft Update Catalog. Installation requires that the latest SSU is already installed. If you install it using Windows Update, it will be installed automatically.

This update comes with some known issues that are listed in the details in support article KB4512506. For example, Microsoft explicitly mentions issues related to Norton antivirus software (Symantec Antivirus or Norton Antivirus). These are updates that are signed only by SHA2 and are not available for Symantec Endpoint Protection (see this article)

KB4512486 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4512486 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues.

Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Datacenter Networking, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, and Windows Server.

The update is available via WSUS or in the Microsoft Update Catalog. If you install the update, you must first install the latest Servicing Stack Update (SSU). If you install the Security Only Update, you must also install KB4511872 for IE. For this update, Microsoft lists the same issues as for update KB4512506.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4512488 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4512488 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes that were included in the previous month’s rollup. It also addresses the following issues.

Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Wireless Networking, Windows Virtualization, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Microsoft Scripting Engine, Windows MSXML, Internet Explorer, and Windows Server.

This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog. For manual installation, the latest Servicing Stack Update (SSU) must be installed first. The update has several known issues. See the KB article for details.

KB4512489 (Security-only update) foür Windows 8.1/Server 2012 R2

Update KB4512489 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.

Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Wireless Networking, Windows Virtualization, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows MSXML, and Windows Server.

The update is available via WSUS or in the Microsoft Update Catalog. The update also has known issues that are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed first. If you install this update, you must also install the Security Only Update KB4511872 for IE. With this update, Microsoft lists the same issues as for update KB4512488.

Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
Patchday Microsoft Office Updates (August 13, 2019)

[German]On August 13, 2019 (second Tuesday of the month, patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds. Here are some details about each update.

A list of the updates can be found on this Microsoft Web page. I’ve pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Updates for Windows 10 Version 1903

The following updates are available for Windows 10 May 2019 Update (Version 1903).

Update KB4512508 for Windows 10 Version 1903

Cumulative Update KB4512508 raises the OS build to 18362.295 and is available for Windows 10 Version 1903 and Windows Server Version 1903. It includes quality improvements but no new operating system features. Here is the list of improvements, called highlights and security fixes by Microsoft:

• Updates to improve security when using Internet Explorer, Microsoft Edge, Bluetooth, networking technologies, and input devices such as a mouse, keyboard, or stylus.
• Security updates to Windows App Platform and Frameworks, Windows Storage and Filesystems, Microsoft Scripting Engine, Windows Input and Composition, Windows Wireless Networking, Windows Cryptography, Windows Datacenter Networking, Windows Virtualization, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Linux, Windows Kernel, Windows Server, Windows MSXML, Internet Explorer, and Microsoft Edge.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). The update has a number of known issues that are documented in KB4512508.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (version 1809) and Windows Server 2019.

Update KB4511553 for Windows 10 Version 1809

Cumulative Update KB4511553 raises the OS build to 17763.678 and includes quality improvements but no new operating system features. Here is the list of improvements, this time called highlights by Microsoft:

• Updates to improve security when using Internet Explorer, Microsoft Edge, Bluetooth, networking technologies, and input devices such as a mouse, keyboard, or stylus.

There are also the following security fixes:

• Addresses an issue that may prevent devices from starting up or cause them to continue restarting if they are connected to a domain that is configured to use MIT Kerberos realms. Domain controllers and domain members are both affected.
• Addresses an issue with a Windows Server Update Services (WSUS) console user interface (UI) exception that occurs when you expand the Computers directory.
• Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Scripting Engine, Internet Explorer, Windows Input and Composition, Windows Cryptography, Windows Virtualization, Windows Datacenter Networking, the Microsoft JET Database Engine, Windows Server, Windows Kernel, Windows MSXML, and Microsoft Edge.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available from the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists several known issues that the update causes. See the KB article for details.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 April Update (version 1803). .

Update KB4512501 for Windows 10 Version 1803

Cumulative Update KB4512501 contains quality improvements but no new operating system functions and raises the OS build to 17134.950. Here is the list of improvements, this time described by Microsoft as highlights: 

• Updates to improve security when using Internet Explorer, Microsoft Edge, Bluetooth, networking technologies, and input devices such as a mouse, keyboard, or stylus.

And here is the list of fixes and changes: 

• Addresses an issue that may prevent devices from starting up or cause them to continue restarting if they are connected to a domain that is configured to use MIT Kerberos realms. Domain controllers and domain members are both affected.
• Security updates to Windows Wireless Networking, Windows Storage and Filesystems, Windows App Platform and Frameworks, Windows Datacenter Networking, Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, Windows Server, Microsoft Scripting Engine, Windows Cryptography, Windows Server, Windows Virtualization, Microsoft Edge, and Windows Shell.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists a longer latte of known issues that the update causes in the KB article. 

Updates for Windows 10 Version 1507 bis 1709

For Windows 10 RTM up to version 1709 different updates are available for the LTSC versions and Enterprise versions. Here is a short overview

• Windows 10 Version 1709: Update KB4512516 is only available for Enterprise and Education. The update raises the OS build to 16299.1331. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1703: Update KB4512507 is only available for Enterprise and Education. The update raises the OS build to 15063.1988. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article. 
• Windows 10 Version 1607: Update KB4512517 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to 14393.3144 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed before manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1507: Update KB4512497 is available for the RTM version (LTSC). The update raises the OS build to 10240.18305 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from Microsoft Update Catalog.

The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, also on known problems, can be found in the KB article. Details can be found in the KB article.

There was no update for Windows 10 V1511, because this version was dropped from support. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
Patchday Microsoft Office Updates (August 13, 2019)

[German]As of August 13, 2019 (2nd Tuesday of the month, Patchday) Microsoft has released a series of security updates. These include extremely critical updates that close vulnerabilities exploitable by computer worms (CVE-2019-1181/CVE-2019-1182).

A rough overview of the security updates can be found in the previously posted blog post Microsoft Security Update Summary (August 13, 2019). More details can be found in the blog posts, which are linked at the end of the article. In the Microsoft Security Response Center , Microsoft has given an overview of what is particularly critical about the patchday. 

CVE-2019-1181/1182 in Remote Desktop Services

Windows Remote Desktop Services seems to be a problematic component. In May 2019, Microsoft had already released critical security updates for the so-called BlueKeep vulnerability CVE-2019-0708. An explanation of the vulnerabilities can be found in the blog post Critical update for Windows XP up to Windows 7 (May 2019). There are also several blog posts about the BlueKeep vulnerability CVE-2019-0708 (see links at the end of this article).

New vulnerabilities found

During the ‘hardening’ of Remote Desktop Services (formerly known as Terminal Services) with respect to the BlueKeep vulnerability, Microsoft discovered two additional vulnerabilities in these services.

An unauthenticated attacker can connect to the target system via RDP and send specially developed requests. The vulnerability does not require authentication by the attacker and exploitation does not require user interaction. An attacker who has successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs, view, modify, or delete data, or create new accounts with full user privileges.

Like the BlueKeep (CVE-2019-0708) vulnerability previously addressed, these two vulnerabilities are wormable, meaning that any future malware that exploits them could spread from a vulnerable computer to a vulnerable computer without user interaction.

Security updates (August 13, 2019)

Now Microsoft has released a series of further corrections (security update) for Remote Desktop Services as of August 13, 2019. These address two critical vulnerabilities in Remote Code Execution (RCE). These are the vulnerabilities designated CVE-2019-1181 and CVE-2019-1182.

The updates fix the vulnerabilities by correcting the way Remote Desktop Services handles connection requests. Microsoft currently has no evidence that these vulnerabilities were known to third parties.

Updates should be installed immediately

Microsoft considers it important that affected systems are patched as quickly as possible. The reason: The vulnerabilities exploitable by computer worms are associated with high risks.

As a problem I consider that the updates for Windows 7 SP1, Windows 8.1 as well as Windows 10 and their server counterparts have some serious known issues. There are also problems installing SHA2-only signed Windows 7 updates, if Norton antivirus products are installed (the Norton blocks these updates). More information can be found in the blog posts linked at the end of this article.

However, you should know that the Remote Desktop is not automatically activated on clients like Windows 10. The risk lurks more in corporate environments where remote desktop services are used via servers.

Which Windows systems are affected?

The Windows versions affected by the RCE vulnerability are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself.

Downloads für CVE-2019-1181
Downloads für CVE-2019-1182

Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)

BlueKeep: Windows Remote Desktop Services vulnerability exploits status
Critical update for Windows XP up to Windows 7 (May 2019)
Nearly 1 million Windows machines with BlueKeep vulnerability
BlueKeep vulnerability: Microsoft warns about a wormable malware epedemia
BlueKeep: Patch for pirated copies; SSL tunnel as a risk factor
How To: BlueKeep-Check for Windows

[German]Users of Windows systems that have Symantec Antivirus or Norton Antivirus installed are running into trouble as of August 2019-Patchday. These antivirus solutions are blocking the delivery of security updates signed with SHA-2 only, at least on Windows 7 SP1 and Windows Server 2008 R2.

SHA-2 signing, some details

Windows 7 SP1 (and its Windows Server 2008/2008 R2 counterparts) does not provide factory support for SHA-2 only signing of updates. Windows Update uses the SHA-1 signature that was previously included in the update packages.

I’ve addressed this, among other things, in the blog post Windows 7: From April 2019 ‘SHA-2-Support’ is required. This is not a problem, because Microsoft has provided the relevant updates to SHA-2 support since months. So far, Microsoft has also provided dual-signed update packages signed with SHA-1 as well as SHA-2.

As of August 2019, however, the SHA-1 signature in the Windows 7 updates has been completely removed. These can only be installed if Windows 7 SP1, Windows Server 2008, Windows Server 2008 R2 and WSUS have been upgraded accordingly (see also WSUS: Endpoint decommissioned; SHA2 update required).

Symantec blocks SHA-2 only signed updates

Unfortunately there is a problem with the Windows updates for Windows 7 SP1 (and Windows Server 2008 R2) that have been exclusively signed by SHA-2 since August 2019. If Symantec Antivirus or Norton Antivirus is installed on these systems, Windows updates will no longer arrive. In August, this affects the security updates KB4512486 (Security Only) and KB4512506 (Monthly Rollup) for Windows 7/Windows Server 2008 R2.

Symantec has published the kb article Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed. Also Microsoft mentioned that issue within the ‘known issues’ of the Windows 7 SP1 updates support articles.

As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, Microsoft has released an update to Windows 7 SP1 and Windows Server 2008 R2 SP1 on August 13th, 2019 where the Microsoft Windows Updates are now SHA-2 signed instead of SHA-1 signed.. 

Updates that are only SHA-2 signed are not visible as an available download when certain versions of Symantec Endpoint Protection are installed.

The Symantec/Norton security solutions mentioned above probably identifies the new updates signed with SHA-2 only (due to the missing SHA1 signature) as malware and blocks these updates. As a result, the Windows systems will no longer be offered the required August 2019 security updates.

Microsoft and Symantec have identified the issue for Symantec Endpoint Protection. Symantec is currently working to provide an update to its security solutions so that SHA2-signed Windows updates can be reinstalled in Windows 7 / Windows 2008 R2. Also Norton antivirus products are affected in the same way.

Similar articles:
Microsoft Office Patchday (6. August 2019)
Microsoft Security Update Summary (13. August 2019)
Patchday: Updates für Windows 7/8.1/Server (13. August 2019)
Patchday Windows 10-Updates (13. August 2019)

Windows: Critical Patches (CVE-2019-1181/CVE-2019-1182) August 13, 2019
Windows 7: From April 2019 ‘SHA-2-Support’ is required
SHA-2 patch for Windows 7 arrives on March 2019
WSUS: Endpoint decommissioned; SHA2 update required

[German]A brief information for users who install the August 2019 security updates KB4512506 or KB4512486 for Windows 7 SP1 and Windows Server 2008 R2 in an installation error 0x80092004. It is highly likely that updates to retrofit SHA-2 support will then be missing.

Users report error 0x80092004

It didn’t take long after the release of the security updates KB4512506 (Monthly Rollup) or KB4512486 (Security Only) for Windows 7 SP1 and Windows Server 2008 R2 until the first users reported issues within my German blog. German blog reader Heidemann wrote in this comment:

The attempt to install the update to W2K8R2 fails here with Installation Failure: Windows failed to install the following update with error 0x80092004: Security Update for Windows (KB4512486).

No Symantec or Norton (but McAfee) on the systems.

And a short time later M. Gruber posted this comment with the same tenor, but to another German blog post.

I repeatedly fail to install KB4512506 (Monthly Security Quality Rollup) with code 80092004 under a naked Win7 x64 without AV software.
Am I the only one or is there a workaround?

The user then pointed out similar feedback from users in the English DSL forum.

I can’t install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004. Multiple restarts and retries result in same error. Anyone else seeing this?

I found also a japanese post mentions this error code without giving further hints.

The error has already occurred with .NET.

I mentioned the error code 0x80092004 in some blog posts (see links at the end of the article) and Microsoft also published a KB article about the error. However, this KB article refers to a bug in the .NET framework that prevents updates from being installed. However, I don’t consider this to be a valid cause, as these are currently Windows updates.

What does error code 0x80092004 stands for?

Before you start any wild experiments, it’s good to know what the cause of the error is. The error code 0x80092004 stands for CRYPT_E_NOT_FOUND. Windows Update could not find any cryptographic value and rejects the update.

There was something SHA-2 signing?

I had it mentioned in the blog post Symantec/Norton blocks Windows Updates (SHA-2). Microsoft changed the signing of update packages for Windows 7 SP1 and Windows Server 2008/R2 for the first time in August 2019. Instead of signing the packages with both SHA-1 and SHA-2, only a SHA-2 hash value is stored in the package. The above error code indicates that Windows Update is looking for the SHA-1 signature in the package and does not find it.

What should be checked

One possibility is that an external virus scanner recognizes and modifies the update packets incorrectly. The blog post Symantec/Norton blocks Windows Updates (SHA-2) mentions that Symantec and Norton security solutions cause trouble. In this scenario, however, Microsoft blocks the delivery of security updates.

Weighting the above information, there is a lot of evidence that the support for the new updates and Windows signed exclusively by SHA-2 is simply missing. As of March 12, 2019, Microsoft had extended support article 4472027 (2019 SHA-2 Code Signing Support requirement for Windows and WSUS) to include the SHA-2 updates required for Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, and Windows Server 2008 Service Pack 2.

• Update KB4474419 (SHA-2 code signing support update for Windows Server 2008 R2 and Windows 7: March 12, 2019) adds support for SHA-2 signature checks for the above operating systems.
• In addition, the Servicing Stack Update KB4490628 was published in March 2019. This fixes a problem in the Servicing Stack, which occurs as soon as packages are signed with SHA-2 only.

I had mentioned within my blog post Windows 7: Updates for SHA-2 support, that it’s required both updates are installed. Within my German comment here I had recommended checking to see if the relevant updates were available. In fact, blog reader M. Gruber reported here that the SSU KB4490628 was missing on his machine. After installing the Servicing Stack Update (SSUs) from March 2019, the August 2019 security update for Windows 7 SP1 and Windows Server 2008 R2 was successfully installed. And I got a 2nd feedback, that this was the root cause for the update install error. Perhaps it will help one or the other affected person.

Similar articles
Fix for .Net Framework Update KB4340558 error 0x80092004
.Net Framework: Update KB4340558 drops error 0x80092004?
Patchday: Updates for Windows 7/8.1/Server (August 13, 2019)
Symantec/Norton blocks Windows Updates (SHA-2)
Windows 7: Updates for SHA-2 support

[German]There are first (German) user reports that report errors when installing the update KB4512508 for Windows 10 Version 1903 (May 2019 Update). Either error code 0x8024200D or error code 0x800F081F is reported.

User reports about update error 0x800F081F

Shortly after the KB4512508 update for Windows 10 Version 1903 was released, users who ended the installation with the error 0x800F081F reported the error.

• At German site Dr. Windows a user Saw reports the information: I always get Error 0x800f081f  with 2019-08 Cumulative update for Windows 10 version 1903 for x64-based systems (KB4512508) – […] With the *.msu downloaded from the Microsoft Update Catalog, the installation also failed.
• At German site winfuture there is a comment for this article, reporting also this error: ‘cannot be installed on 2 systems, error 0x800f081f’. Windows Update Repair didn’t help either’.
• Within this German Microsoft Answers forum thread a user reports, that Update KB4512508 for Windows 10 Version 1903 fails at 3 of 5 systems. 2019-08 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4512508) – Error 0x800f081f […]. Windows Update Repair etc. did not help anything.
• The colleagues at deskmodder.de also mentioned the bug in this article – and left a comment within the MS Answers forum post mentioned above. 

The error code 0x800F081F stands for CBS_E_SOURCE_MISSING, i.e. the source files were not found. Some time ago I had discussed the error code in the blog post Windows 10 V1703: Fix for DISM error 0x800F081F. Also, Microsoft has published a support article related to a .NET installation error. Microsoft provides the information that a file or folder referenced during an update is not found.

For Windows 10 users who have this problem, Microsoft recommends that you use the Windows 10 installation media in question as a source for repair. Some advice can be found in this Microsoft article.

But since most Windows 10 users don’t really get anywhere with these hints, an Inplace Upgrade is the only repair option available. This means run setup.exe from an appropriate Windows 10 installation medium under your running Windows 10. This forces to install Windows 10 over the existing Windows 10, whereby data and programs are preserved. With this approach, however, missing features are installed, so that the update should be installable afterwards.

User reports about error 0x8024200D

Error code 0x8024200D came to my attention in connection with update KB4512508 in this forum post. In addition the colleagues of deskmodder.de mentioned the error code in this post. Error 0x8024200D stands for WU_E_DOWNLOAD_FAILED, i.e. Windows Update could not successfully download the required package from the Microsoft servers. This could be caused by third-party tools such as third-party virus scanners.

However, there is a much more profane explanation I have given in the blog post Windows Update ends with error 0x800f0982 / 0x8024200d. Microsoft doesn’t get it sorted, that the required install order of update packages is adhered to during installation. Actually, the latest Servicing Stack Update (SSU) must be installed before the cumulative update (CU). However, this fails regularly and Windows Update prefers to install the CU first. Then its installation fails and afterwards the SSU is installed. After a restart, the CU is found again and then successfully installed.

However, if the Servicing Stack is broken and no updates can be installed due to error 0x800F081F, the SSU cannot be installed successfully. Here you can only check whether a Windows repair (see Check and repair Windows system files and component store) can help. The problem with this approach: The sfc /scannow command is broken due to a Defender issue (see Microsoft confirms July 9, 2019 Updates breaks sfc in Windows) and probably returns errors.

And you can try to download the update packages from the Microsoft Update Catalog (CU and SSU). Then install the SSU and then the CU. Maybe it helps.

Similar articles:
How to decode Windows errors?
Windows 10: Analyze upgrade errors
Windows: How to decode update 0x8024…. errors
Check and repair Windows system files and component store

Windows 10 V1703: Fix for DISM error 0x800F081F
Windows Update error 0x8024200D
Windows Update ends with error 0x800f0982 / 0x8024200d