[German]As of August 2019, Microsoft will cut VBScript support in Internet Explorer. Now there are problems with the Windows security updates from August 2019 in connection with Visual Basic (VB6, VBA and VBScript).

Sometimes things are ‘laying in the air’. I had already intended yesterday to write a blog post about the end of VBScript support in Internet Explorer – just a reminder to admins, if VBScript suddenly causes issues after August Patchday. Then I got a mail from blog reader Jan V. with a hint about Visual Basic issues (thanks for that). So here is a short list of what you should know.

Internet Explorer restricts VBscript use

I had mentioned it in early August 2019 in the blog post Microsoft deactivates VBScript in IE as of August 2019, Microsoft discontinued support for VBscript in Internet Explorer for Windows 7, 8, and 8.1 for Web Zones.

The change to disable VBScript will take effect in the upcoming cumulative updates for Windows 7, 8, and 8.1 on August 13, 2019. VBScript is disabled by default for Internet Explorer 11 and WebOCs for Internet and Untrusted Zones on all platforms with Internet Explorer 11.

For Windows 10, this has been the case since July 9, 2019. Everything concerning unsafe content (Internet zone, WebOCs) can no longer run VBscript in the browser by default.

Also VBA, VB6, VBScript affected

But there seems to be something else happening at the August 2019 patchday. Because there is a bigger impact from the updates. Blog reader Jan V. wrote me about it:

August patchday has potential for issues with VB6, VBA, VBS based applications..

Jan referred me to the support article for KB4512488 (Monthly Rollup for Windows 8.1/Server 2012 R2). There Microsoft has made the following addition since the first release:

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call§ error.

Microsoft is presently investigating this issue and will provide an update when available.

After the installation there are issues when using Visual Basic 6 (VB6), macros with Visual Basic for Applications (VBA) and scripts or applications that use Visual Basic Scripting Edition (VBScript). The programs suddenly stop responding and there is an invalid procedure call error.

A German reader left a comment to my German blog post: The problem occurs when assigning arrays to VARIANT variables. Then the program crashes with Error 5. Another reader left a comment: It seems to me that only applications that use ParamArrays in a certain way are affected.

Anyway, this does not only affect KB4512488 for Windows 8.1. Jan had XenApps affected.  According to the ‘known issues’ in the KB articles, the following updates are affected:

• KB4512486, KB4512506 for Windows 7 an Windows Server 2008 R2
• KB4512488, KB4512489 for Windows 8.1 and Windows Server 2012 R2
• KB4512497 for Windows 10 (1507)
• KB4512517 for Windows 10 (1607) and Windows Server 2016
• KB4512507 for Windows 10 (1703)
• KB4512516 for Windows 10 (1709)
• KB4512501 for Windows 10 (1803)
• KB4511553 for Windows 10 (1809) and Windows Server 2019
• KB4512508 for Windows 10 (1903) and Windows Server 1903

This means that practically all Windows versions are affected. Jan wrote to me: “We currently have two ivanti/RES consoles for the Automation Manager and the Workspace Manager. Any other of you who are affected?

[German]A brief note for fans of the software tool Dism ++. You can get into a lot of trouble with this tool when customizing Windows installations. Here a few things I became aware of.

What is Dism++?

• Start management – i.e. everything that is started automatically under Windows.
• App management – i.e. uninstalling apps
• Toolbox – with various tools for system administration
• System optimization – functions to optimize the system (more caution required)
• Driver management – all drivers installed via Windows Update can be deactivated
• Feature management – you can deactivate functions from the ‘Programs and Features’ section of Windows.
• Update management – updates can be selected and managed.
• Deployment – all functions to customize an installation image
• Sysprep commands – manages the commands during system deployment

  This site contains additional information an a download link for Dism ++.

  The tool itself is portable, so there is no need to install it. However, Dism++ must be run with administrator privileges. The website chuyu.me doesn’t exist anymore (08/13/2019), and Dism++ is now in Chinese hands.

  Issues caused by Dism++

  The use of Dism++ does involve certain risks, which can lead to problems with Windows. In recent years I have occasionally seen forum posts where feature updates or updates terminates with installation errors and due to installation image altered with Dism++. Furthermore, blog reader Xaver H. contacted me by e-mail. He writes me the following:

  I just noticing that when using Dism++ (current version) in W7 the update rocess is not added. I have just done all updates (except the red ones) in W7. But the update process is at 2016.

  So if you work with customized image files and have used Dism++, you should always think about this cause of error. Final question: Anyone else who has run into problems with Dism++?

[German]There are user reports that the update KB4512508 of August 13, 2019 for Windows 10 Version 1903 can lead to various error aborts during installation.

Sites like Bleeping Computer or Windows Latest reporting about several install issues with August 2019 updates. In the Microsoft Answers forum there is this thread, where someone gets the error code 0x80073701. Other users get the installation error 0x800f0982. And there is the error code 0x8024200D during installation.

Fehlercodes 0x800F0982 and 0x8024200D

About the error codes 0x800F0982 and 0x8024200D I had published the blog post Windows Update ends with error 0x800f0982 / 0x8024200d. There was also the blog post Windows 10 V1903: Error 0x8024200D or 0x800F081F with update KB4512508.

• The error code 0x8024200d stands for ‘Need another download’ in Windows. So there is something missing for the update installation of the respective KB package.
• The update error 0x800f0982 makes it a bit more difficult. The error stands for PSFX_E_MATCHING_COMPONENT_NOT_FOUND and names a missing component there. The reason for the error in March 2019 was that certain installed Asian language packages could not be loaded correctly. Microsoft has documented this as a known issue and recommends that you uninstall or reinstall these language packages.
• The error code 0x800f081f occurs if the installation media is damaged, unavailable or the user does not have the appropriate permissions for the files.

In the linked blog post you will find some hints what you can do to fix the problem. Also in this forum post and at reddit.com you can find hints for a fix for error 0x800F0982. However, the repair script is tailored to the respective user and repairs the references to the missing components.

Error code 0x80073701

The error code 0x80073701 stands for ERROR_SXS_ASSEMBLY_MISSING. Error code 0x0x80073701 indicates a missing assembly in the .NET framework and has nothing to do with an incorrect update. I have handled the error in the German blog post Win 7 SP1-Fehler 0x80073701 (Assembly Missing). Maybe it will help those affected.

Random restarts after update installation

Windows Latest also deals with so-called ‘random boots’ (random restarts of the operating system). A user describes these random reboots here.

In this comment a German user points out the immense memory requirements for update KB4512517 (Windows Server 2016). This needs approx. 10 GByte on the hard disk.

Similar articles:
Windows Update ends with error 0x800f0982 / 0x8024200d
Windows 10 V1903: Error 0x8024200D or 0x800F081F with update KB4512508’
Windows 10 V1703: Update KB4041676 install issues

[German]Is there an issue with the Trusted Platform Module 2.0 on Windows 10 version 1903? I got reports that TPM is causing error code 10 in Device Manager. Then of course Bitlocker does not work anymore.

Background: Bitlocker and TPM

Microsoft’s Bitlocker can be used for hard disk encryption under Windows. This feature is available from the Pro version of the operating system. Bitlocker has the possibility to perform the encryption with or without Trusted Platform Module 2.0.

If a TPM module is missing, a PIN must be entered to decrypt the Bitlocker-encrypted files. If there is a Trusted Platform Module 2.0 in the form of a chip on the motherboard, Bitlocker can use it for authentication. The encrypted media are then bound to this hardware via TPM.

Issues with the TPM chip in Windows 10 V1903

Bitlocker and the Trusted Platform Module 2.0 are always good for problems under Windows (see links to other articles at the end of this article). Now German blog reader Andreas E. (thank you for that) has informed me about a problem with Bitlocker in connection with TPM 2.0 and Windows 10 May 2019 Update (Version 1903) via a private message on Facebook. He himself as well as his colleagues have noticed problems with TPM on several computers running Windows 10 Version 1903.

(Source: Technet)

The Trusted Platform Module 2.0 cannot be started. In the Device Manager you will find the error message shown in the screenshot above.

The device cannot start. (Code 10)

(Operation Failed)
The requested operation was unsuccessful.

If the device (TPM 2.0) cannot be started, the device manager reports error 10, of course the TPM protector for bitlockers is omitted. Then Bitlocker is stopped – and you can no longer access the encrypted information or use Bitlocker with TPM. Andreas writes about it:

And the [Bitlocker] protection is stopped
But you will find very little information about it
Maybe worth doing some research.

That’s the information I have so far. But a short search on the internet shows that Bitlocker and TPM are not fool proof at all, but can cause trouble. Dell has published a Support article How to troubleshoot and resolve common issues with TPM and BitLocker on various bugs.

Whether there are issues with a TMP 2.0 firmware update, as described here by Microsoft, isn’t known so far.

What can I find about TPM Code 10?

If you search for TPM 2.0 and the error code 10 in the internet, you will get some hits.

Virus scanners and filter drivers

In the Technet forum there is this post, which deals with the code 10 with TPM 2.0. There a user describes he deleted UpperFilters and LowerFilters (injected by a virus scanner), because they seem to have caused TPM problems.

But you can’t just delete the filter drivers from the registry – the system didn’t boot anymore. The affected person had to reinstall Windows 10 V1809 – and then the TPM 2.0 chip was detected cleanly in the device manager.

Somewhere in forums I found the hint that you should always use the Windows TPM driver – but not the OEM TMP driver (it is also mentioned here). I also found the information (e.g. here) that the UEFI boot mode can have an influence.

Conflict with other hardware?

In this HP forum post, a user also describes the error image that the TPM 2.0 device displays Code 10 in the Device Manager. Microsoft Windows 10 is used, but no version is specified (based on the post it can have been at most Windows 10 V1803).

However, the poster also reports issues with Windows 10 Hello logon and a fingerprint sensor. What I took with me from this (unsolved) thread is to pay attention to the following:

• BIOS and/or UEFI must be up to date to cleanly support the TPM 2.0 chip.
• A suitable chipset driver must be installed over Windows so that all devices are properly detected.

The chipset driver should be provided by Windows 10. But if there are problems there, you can see if the OEM offers something updated.

In this context I found this blog post, where an audio device under Windows 10 V1709 throwing the error code 10. But there was the problem that the Bitlocker DMA protection didn’t work anymore. The error was solved by a cumulative update for Windows 10 and afterwards the Direct Memory Access (DMA) protection for Bitlocker worked again.

I found a comment on this article in which somebody claims that Windows 10 V1903 is ‘bypassing’ the TPM – but without giving further details.

At this point the question: Are there any other people affected who notice this effect? Has anyone perhaps even determined a cause and knows a fix?

Similar articles
Windows 10: Important Secure Boot/Bitlocker Bug-Fix
BitLocker management in enterprise environments
Dell: New BIOS is causing Bitlocker issues
Bitlocker on SSDs: Microsoft Security Advisory Notification (Nov. 6, 2018)
SSD vulnerability breaks (Bitlocker) encryption
Windows 10 V1803: Fix for Bitlocker bug in Nov. 2018?
Windows 10: Bitlocker encrypts automatically

Microsoft has released Windows 10 Insider Preview Build 18963 (from development branch 20H1) for Windows Insider in Fast Ring. The announcement with details about new features/changes and bugs can be found at the Windows Blog.

[German]On August 16, 2019, Microsoft released updated updates for Windows to fix issues with VB6, VBA, and VBScript. On August 17, 2019 more updates for Windows 10 has been released.

What’s the point?

With the updates of August 13, 2019, Microsoft cut VBScript support in Internet Explorer. A short time later, users noticed issues with Visual Basic support (VB6, VBA and VBScript). Corresponding modules caused errors in certain constellations. I had mentioned this in the blog post August 2019 Updates: Issues with VB6, VBA and VBScript.

Microsoft releases new Updates

Blog reader EP has left this comment (thank you) mentions that Microsoft released updated updates for Windows on August 16, 2019 which are supposed to fix the issues with VB6, VBA and VBScript.

• KB4517297 for Windows 7 und Windows Server 2008 R2,
• KB4517301 for Windows Server 2008 SP2,
• KB4517298 for Windows 8.1 und Windows Server 2012 R2
• KB4512494 for Windows 10 V1709

For other Windows 10 builds (1809, 1903) Microsoft has partially released new updates on August 17, 2019 with VBA fixes.

• KB4512534 for Windows 10 Version 1809
• KB4512495 for Windows 10 Version 1607
• KB4517276 for Windows 10 Version 1507

Updates for Windows 10 Version 1903 and 1803 are still missing. Note also the known issues documented within the linked support articles. I also received user feedback, that the issue isn’t completely fixed.

[English]Microsoft has confirmed installation error 0x80073701 on Windows 10 version 1903 (May 2019 update) when installing updates to known issues.

Users who tried to install the KB4512508 update on Windows 10 Version 1903 on August 13, 2019 (Patchday) failed with error code 0x80073701. The error message was:

Updates Failed, There were problems installing some updates, but we’ll try again later

The message indicates a temporary problem, which ‘could fix itself’. Nevertheless, I’m surprised at this error message. The error code stands for ERROR_SXS_ASSEMBLY_MISSING and indicates a missing assembly. Such errors commonly ‘don’t fix themselves in the rules’. I had picked this up in the blog post Windows 10 V1903: Install errors with Update KB4512508.

Microsoft confirms the installation issue

This weekend, Microsoft has confirmed that updates under Windows 10 Version 1903 can cause error code 0x80073701 during installation. I became aware of this via the following tweet.

[Windows Release Health Update – New Known Issue] Updates may fail to install and you may receive Error 0x80073701. Read more here: https://t.co/NHEQuEjsVX.

— Windows Update (@WindowsUpdate) August 16, 2019

It is therefore confirmed directly that users receive this error message during the update installation. The relevant status page says:

Updates may fail to install and you may receive Error 0x80073701

Installation of updates may fail and you may receive the error message, “Updates Failed, There were problems installing some updates, but we’ll try again later” or “Error 0x80073701” on the Windows Update dialog or within Update history.

Microsoft states that they investigate the issue and will provide a fix. So far there is no update available.

Similar articles:
Windows Update ends with error 0x800f0982 / 0x8024200d
Windows 10 V1903: Error 0x8024200D or 0x800F081F with update KB4512508’
Windows 10 V1703: Update KB4041676 install issues
Windows 10 V1903: Install errors with Update KB4512508

[German]Microsoft released several cumulative updates (e.g. KB4512494) for Windows 10 on August 16 and 17, 2019. These are not security updates, but are intended to correct various issues.

For a list of updates, visit this Microsoft Web page. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001. The Windows 10 versions up to version 1709 are no longer supported in Home and Pro – only the Enterprise versions receive the updates there.

Updates foür Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (version 1809) and Windows Server 2019.

Update KB4512534 for Windows 10 Version 1809

Cumulative Update KB4512534 released on 08/17/2019 raises the OS build to 17763.720 and includes quality improvements but no new operating system features. Here is the list of improvements, this time called highlights by Microsoft

• Updates an issue that prevents Windows Hello face recognition from working after you restart a device.
• Allows Microsoft Edge to print PDF documents that contain landscape and portrait-oriented pages together correctly.
• Allows Microsoft Edge to open PDFs that are configured to be opened only once correctly.
• Updates an issue with downloading copyrighted digital media (music, TV shows, movies, and so on) from certain websites using Microsoft Edge and Internet Explorer.

There are also the following security fixes:

• Improves the reliability of push notifications about app deployments to Microsoft HoloLens 1 devices.
• Addresses an issue that prevents Windows Hello Face Authentication from working after a restart.
• Addresses an issue with downloading digital rights management (DRM) files from certain websites using Microsoft Edge and Internet Explorer.
• Addresses an issue that prevents the Universal C Runtime Library from returning the proper value for time zone global variables in certain conditions.
• Addresses an issue that causes Deployment Image Servicing and Management (DISM) to intermittently stop responding while deprovisioning some preinstalled apps using the Microsoft System Center Configuration Manager (SCCM).
• Addresses an issue in which the default keyboard for the English (Cyprus) (en-CY) locale was not set properly.
• Addresses an issue to enable Microsoft Edge to print PDF documents that contain landscape and portrait-oriented pages correctly.
• Addresses an issue with PDFs that are configured to be opened only once in Microsoft Edge.
• Addresses performance issues for the Win32 subsystem and Desktop Window Manager (DWM).
• Addresses an issue with the input and display of special characters that occurs when an app uses imm32.dll.
• Addresses a composition handle leak in Universal Windows Platform (UWP) apps.
• Addresses a memory leak in dwm.exe that may lead to a loss of functionality and cause a device to stop working.
• Addresses an issue that fails to bypass automatic sign in (Autologon) when you press and hold the Shift key during startup.
• Addresses an issue that causes the Windows Management Instrumentation (WMI) class Win32_PhysicalMemory to report that 32 GB memory chips have a missing Capacity value.
• Addresses an issue that prevents an App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure.
• Addresses an issue with User Experience Virtualization (UE-V) that may sometimes prevent exclusion paths from working.
• Addresses a rare issue that causes Windows Defender Advanced Threat Protection (ATP) to temporarily prevent other processes from accessing files.
• Addresses an issue that causes a workstation to stop working when you sign in using an updated user principal name (UPN) (for example, changing UserN@contoso.com to User.Name@contoso.com).
• Addresses an issue in which Windows Defender Application Control will not allow third-party binaries to be loaded from a Universal Windows Platform application. CodeIntegrity event error 3033 appears as, “Code Integrity determined that a process (<process name>) attempted to load <binary name> that did not meet the Store signing level requirements.”
• Addresses an issue that prevents some Trusted Platform Module (TPM) devices from being used for Next Generation Credentials.
• Addresses an issue that causes applications on a container host to intermittently lose connectivity because of a port conflict with applications running on a container.
• Addresses an issue that prevents some users from receiving a TTL value when they are added as members of Shadow Principals. This occurs for users who have distinguished names (DN) that contain an escape character. The TTL value is now added as expected.
• Addresses an issue with the disabled attribute of the input element, which doesn’t allow a scope to be passed to the authorization endpoint.
• Addresses an issue with leaks in Windows notification sockets that causes Windows to run out of ports.
• Addresses an issue that prevents server editions from activating with a Multiple Activation Key (MAK) in the graphical user interface (GUI). The error is, “0x80070490”.
• Addresses an issue that may break the domain trust when the Recycle Bin is configured on the domain that carries the trust.
• Increases the number of supported interrupts per device to 512 on systems that have x2APIC enabled.
• Addresses an issue that may prevent devices from starting when they start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM). The error is, “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed.”
• Addresses an issue that may cause the following to stop responding:
  • Applications that were made using Visual Basic 6 (VB6).
  • Macros that use Visual Basic for Applications (VBA).
  • Scripts or apps that use Visual Basic Scripting Edition (VBScript).

    You may also receive an “Invalid procedure call” error.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists several known issues that the update causes. See the KB article for details.

Updates for Windows 10 Version 1709

The following updates are available for Windows 10 Version 1709 Enterprise and Education.

Update KB4512494 for Windows 10 Version 1709

Cumulative Update KB4512534 released on 08/16/2019 contains quality improvements but no new operating system functions and raises the OS build to 16299.1365. Here is the list of improvements, this time described by Microsoft as highlights:

• Updates for an issue with downloading copyrighted digital media (music, TV shows, movies, and so on) from certain websites using Microsoft Edge and Internet Explorer.

Here is the list of fixes and changes:

• Addresses an issue with downloading digital rights management (DRM) files from certain websites using Microsoft Edge and Internet Explorer.
• Addresses an issue in which the default keyboard for the English (Cyprus) (en-CY) locale was not set properly.
• Addresses an issue that prevents an App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure.
• Addresses a rare issue that causes Windows Defender Advanced Threat Protection (ATP) to temporarily prevent other processes from accessing files.
• Addresses an issue that prevents a user from deleting a network in some specific scenarios.
• Addresses an issue that may prevent devices from starting when they start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM). The error is, “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed.”
• Addresses an issue that may cause the following to stop responding:
  • Applications that were made using Visual Basic 6 (VB6).
  • Macros that use Visual Basic for Applications (VBA).
  • Scripts or apps that use Visual Basic Scripting Edition (VBScript).You may also receive an “Invalid procedure call” error.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists a known issue within the kb article.

Updates for Windows 10 Version 1703

The following updates are available for Windows 10 Version 1703 Enterprise and Education.

Update KB44512474 for Windows 10 Version 1709

Cumulative Update KB4512474 released on 08/17/2019 contains quality improvements but no new operating system functions and raises the OS build to 15063.2021. Here is the list of improvements, this time described by Microsoft as highlights:

• Updates for an issue with downloading copyrighted digital media (music, TV shows, movies, and so on) from certain websites using Microsoft Edge and Internet Explorer.

Here is the list of fixes and changes:

• Addresses an issue with downloading digital rights management (DRM) files from certain websites using Microsoft Edge and Internet Explorer.
• Addresses an issue in which the default keyboard for the English (Cyprus) (en-CY) locale was not set properly.
• Addresses an issue that prevents an App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure.
• Addresses an issue that causes spaceport.sys to stop working with a 0x9E error.

• Addresses an issue that may cause the following to stop responding:
  • Applications that were made using Visual Basic 6 (VB6).
  • Macros that use Visual Basic for Applications (VBA).
  • Scripts or apps that use Visual Basic Scripting Edition (VBScript).You may also receive an “Invalid procedure call” error.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists a known problem that causes the update.

Updates for Windows 10 Version 1607

The following updates are available for Windows 10 Version 1607 Enterprise and Education and Windows Server 2016

Update KB4512495 foür Windows 10 Version 1607

Cumulative Update KB4512495 released on 08/17/2019 contains quality improvements but no new operating system functions and raises the OS build to 14393.3181. Here is the list of improvements, this time described by Microsoft as highlights:

• Updates an issue with downloading copyrighted digital media (music, TV shows, movies, and so on) from certain websites using Microsoft Edge and Internet Explorer.
• Updates an issue that causes File Explorer to intermittently stop working.

Here is the list of fixes and changes:

• Addresses an issue with downloading digital rights management (DRM) files from certain websites using Microsoft Edge and Internet Explorer.
• Addresses an issue in the Windows Push Notification Platform Connection Provider that causes File Explorer to intermittently stop working.
• Addresses an issue that may cause a new domain certificate to stop working after a day. This issue occurs when you set up the domain using a live account and the virtual private network (VPN) is configured using the Anywhere Access wizard. The error is, “Error 619: A connection to the remote computer could not be established, so the port used for this communication was closed”. After more connection attempts, the following error appears, “Link to VPN connection failed. Reconnecting pending …”
• Addresses an issue that prevents an App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure.
• Addresses an issue that causes spaceport.sys to stop working with a 0x9E error.
• Addresses an issue with enclosure awareness for a scenario that does not include Storage Spaces Direct (S2D).
• Addresses an issue that prevents some users from receiving a TTL value when they are added as members of Shadow Principals. This occurs for users who have distinguished names (DN) that contain an escape character. The TTL value is now added as expected.
• Addresses an issue that may break the domain trust when the Recycle Bin is configured on the domain that carries the trust.
• Addresses an issue that may prevent devices from starting when they start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM). The error is, “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed.”
• Addresses an issue that may cause the following to stop responding:
  • Applications that were made using Visual Basic 6 (VB6).
  • Macros that use Visual Basic for Applications (VBA).
  • Scripts or apps that use Visual Basic Scripting Edition (VBScript).You may also receive an “Invalid procedure call” error.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists several known issues that the update causes. See the KB article for details.

Updates for Windows 10 Version 1507

The following updates are available for Windows 10 Version 1507 Enterprise LTSC.

Update KB4517276 for Windows 10 Version 1507

Cumulative Update KB4517276 released 08/17/2019 contains quality improvements but no new operating system functions and raises the OS build to 10240.18308. Here is the list of improvements, this time called highlights by Microsoft:

• Addresses an issue that may cause the following to stop responding:
• Applications that were made using Visual Basic 6 (VB6).
• Macros that use Visual Basic for Applications (VBA).
• Scripts or apps that use Visual Basic Scripting Edition (VBScript).You may also receive an “Invalid procedure call” error.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists a known problem that causes the update. See the KB article for details.

Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
Patchday Microsoft Office Updates (August 13, 2019)

[English]Microsoft has just fixed the error caused by Defender when executing the command sfc /scannow. Here is some information on this topic.

Since July 2019 all Windows versions are affected by a problem. It is no longer possible to run a system file check for corrupted files.

File system checker sfc bug since July 2019

Under Windows, an administrative prompt can be used to check the system for corrupted files. To do this, simply use the command:

sfc /scannow

is executed. If the command finds corrupted files, the System File Checker (sfc) should be able to repair them. However, it happens again and again that this repair cannot be carried out.

This is exactly the case with sfc, which finds corrupted files after installing the July 2019 updates in Windows, but cannot repair them. However, it turned out that it had nothing to do with the July 2019 updates. Rather, analysis showed that a broken Defender signature file was responsible for the failed system file check. I had reported it in the blog post Windows: July 9, 2019 Updates breaks sfc. Later Microsoft admitted a with with sfc (see Microsoft confirms July 9, 2019 Updates breaks sfc in Windows). 

Microsoft fixed the issue

Microsoft has published the support articleSystem File Checker (SFC) incorrectly flags Windows Defender PowerShell module files as corrupted on August 17, 2019. They wrote:

The System File Checker (SFC) tool flags files that are located in the %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender folder as corrupted or damaged. When this issue occurs, you see error entries that resemble the following: 

Hashes for file member do not match.

Microsoft had already admitted that this was a known issue in Windows 10, version 1607 and later versions. It occurs in Windows Defender version 4.18.1906.3 and later versions up to version 4.8.1908.

The issue has been fixed by updating Windows Defender to version 4.8.1908. After you install this update, PowerShell files that are part of Windows are no longer reported as incorrect by sfc /scannow.

[German]Microsoft has confirmed an issue (slow start) related to Internet Explorer 11 on Windows 10. The issue occurred last Friday due to a server outage, but has been fixed. I took this as an opportunity to compile some information about the topic. Maybe users of IE 11 can provide additional experiences.

It is only a short information for users of Internet Explorer 11 under Windows 10, because the problem has now been solved by Microsoft.

Issue: Internet Explorer 11 starts slow or hangs

The background was an observation that the Internet Explorer 11 under Windows 10 suddenly started with a delay. Woody Leonhard pointed out the problem here and via Twitter a few days ago.

MS fixes the bug that caused a very long delay in launching Internet Explorer. A requisite site went down – they got it back up this afternoon. https://t.co/M8iNFaUKbG

— Woody Leonhard (@AskWoody) August 17, 2019

Due to an outage of a Microsoft server, Internet Explorer 11 failed to launch and became unrepsonsive. The following entry in the  Windows 10 message center from August 16, 2019 has more details:

Resolved: Delays starting Internet Explorer 11

On August 16, 2019 at 7:16 AM a server required for downloading the Internet Explorer 11 (IE11) startup page, went down. As a result of the server outage, IE 11 became unresponsive for some customers who had not yet installed the August 2019 security updates. Customers who had the August 2019 security update installed were not affected. In order to ensure your devices remain in a serviced and secure state, we recommend you install the latest monthly update.

This issue was resolved on the server side at 1:00 pm PST.

In a nutshell: Last Friday (7am, US time) some users has an issue with Internet Explorer 11, because the server needed to download the start page had been dwon. Internet Explorer waited for the page to load and stopped responding. Microsoft was able to fix the outage at 1 a.m. (local time) so that the browser starts as usual and displays the Microsoft start page.

Internet Explorer 11 shows a Microsoft page

I had noticed a change in Internet Explorer’s behavior due to user comments within my German blog. The June 2019 security update KB4503259for IE probably introduced a change. A start page must be set up in the browser. A user wrote:

Ever since I recklessly installed this stupid IE update, IE has generally started rather sluggishly and takes a lot of time to display the window bar at all. Once a day it also loads a background tab to a go.microsoft page, which then redirects to an ie11.welcome page. However, this remains empty for me – and since this doesn’t satisfy IE, he has been repeating the game over and over again for a week!

In the course of the discussion, it turns out that IE 11 opens a second information page that explains that the Edge browser exists now. The affected user reports that uninstalling security update KB4503259 fixes the problem of a slow IE 11 start. 

Microsoft recommends the August 2019 security updates

The related entry within the Windows 10 message center from August 16, 2019 contains simple advice from Microsoft for affected users:

IE 11 became unresponsive for some customers who had not yet installed the August 2019 security updates. Customers who had the August 2019 security update installed were not affected. In order to ensure your devices remain in a serviced and secure state, we recommend you install the latest monthly update.

Users affected by this delay shall install the latest August 2019 security updates. There the problem has probably been fixed by Microsoft.

• For Windows 7 and Windows 8.1 as well as the Windows Server counterparts, the cumulative security update KB4511872 for IE 11 must be installed there.
• If you are using Windows 10, you should get the fix with the August 2019 security updates for Windows 10.

Finally, the following questions arise: Is the problem with the delayed IE 11 start fixed? Does Internet Explorer still show a go.microsoft.com page with references to Edge?

Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
Patchday Microsoft Office Updates (August 13, 2019)
Windows 10: Updates August 16/17, 2019

Windows 10 V1903: Update install error 0x80073701 confirmed
Microsoft fixes the Windows Defender sfc bug (August 2019)
Windows 10 V1903: Install errors with Update KB4512508
Windows 10 V1903: Error 0x8024200D or 0x800F081F with update KB4512508
August 2019 Updates: Issues with VB6, VBA and VBScript
Fix for VB6, VBA, VBScript bug?
Symantec/Norton blocks Windows Updates (SHA-2)
Windows Updates KB4512506/KB4512486 drops error 0x80092004

[German]On August 17, 2019, Microsoft Preview released Rollup Updates for Windows 7 and Windows Server 2008 R2 SP1. At the same time, a preview rollup update for Windows 8.1 and Windows Server 2012/ R2 was released.

Preview Rollup Updates are optional, for testing, their content will be released to the following regular patchday then generally.

Updates for Windows 7/Windows Server 2008 R2

A preview rollup update has been released for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update history for Windows 7 can be found on this Microsoft page. 

KB4512514 (Preview Monthly Rollup) Windows 7/Windows Server 2008 R2

Update KB4512514 (Preview Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that will be rolled out in the following month. Only two small changes are listed in the KB article.

• Addresses an issue that causes the svchost.exe that hosts the WSMan Service (WsmSvc) to stop working and stops other services in the same host process. This issue occurs when you run multiple instances of Windows Remote Management (WinRM).
• Addresses an issue that may prevent devices from starting when they start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM). The error is, “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed.”

Although the WDS PXE startup problem has been fixed, there may be a 0xc0000428 startup error on systems with this error. Microsoft has re-released update KB4474419 to resolve this issue. Furthermore, the problems with Symantec/Norton are mentioned (there are no updates there). In addition, VBScript may not be disabled in Internet Explorer 11 as expected. Microsoft describes in the KB article the steps how to deactivate this. 

The update is provided through Windows Update and the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Servicing Stack Update (SSU) before installing it. But since it is a preview update, I would hide it. 

Updates for Windows 8.1/Windows Server 2012 R2

A preview rollup update has been released for Windows 8.1 and Windows Server 2012 R2. The update history for Windows 8.1 can be found on this website.

KB4512478 (Preview Monthly Rollup) Windows 8.1/Windows Server 2012 R2

Update KB4512478 is available for Windows 8.1 and Windows Server 2012 R2 as Preview of Monthly Rollup. This is not a security update. The preview rollup addresses the following issues:

• Addresses an issue in which the memory usage of LSASS continues to grow until it is necessary to restart the system.
• Addresses an issue that may cause rdpdr.sys to stop responding or stop working (0x18, 0x50, 0xa, 0x27, 0x133). This issue occurs when Remote Desktop Protocol (RDP) clients use a redirected drive on the local system.
• Addresses an issue that may prevent devices from starting when they start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM). The error is, “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed.”

The update is provided through Windows Update and the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Servicing Stack Update (SSU) before installing it. But since it is a preview update, I would hide it. Microsoft only reports one known problem in article KB4512478 – certain file operations fail on Cluster Shared Volume (CSV).

Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
Patchday Microsoft Office Updates (August 13, 2019)

Microsoft has just released the Windows 10 Insider Preview Build 18362.10014 and Build 18362.10015 in the Slow Ring. Both builds belong to the 19H2 development branch, which will lead to a new Windows 10 feature update in a few weeks.

The announcement of the new Insider Preview took place in the Windows Blog. Microsoft is testing the possibility of delivering these updates with features that are disabled by default so that they can be turned on via controlled feature rollouts. This means that the Insider Preview comes as an optional update where you have to select the Download and Install option.

This should help Microsoft to get a better feedback about the overall quality of the build. A subset of insiders in the slow ring have features that are disabled by default, while other insiders have features that are enabled by default. This means that not everyone in the Slow Ring immediately sees new features. Which build you get depends on which version is currently installed

• If 19H2 Build 18362.10012 is present, Build 18362.10014 with features is installed on Off. This includes the features listed below as well as the features of the previous version. 
• If 19H2 Build 18362.10013 is present, Build 18362.10015 with features is installed on On..

If you are still using the Windows 10 May 2019 update and bring the system into the Slow Ring of the Insider program to get the 19H2 update, you will randomly receive one of the above builds. The following changes have been made since the last update:

• Microsoft has enabled Windows Defender Credential Guard for ARM64 devices for additional identity theft protection for organizations that use ARM64 devices in their businesses.
• Microsoft enables organizations to supplement Windows 10 policy in S mode to enable traditional Win32 (desktop) applications from Microsoft Intune.
• Updated file explorer search to display web-based suggestions in addition to locally indexed files on the PC.
• Added the ability for Narrator and other assistive technologies to read and learn where the FN key is on keyboards and in what state it is (locked or unlocked).

More details may be found within Microsoft’s announcment.

[German]Brief information for administrators in corporate environments who manage updates with WSUS. A blog reader told me about a problem he ran into. A bug in the WSUS SHA-2 update prevents certain updates from being downloaded. But there is a workaround if you know the bug.

Problem: WSUS can’t download updates

German blog reader Markus K. uses a Windows Server 2008 R2 on which a Windows Server Update Services (WSUS) is installed to manage updates for clients. Markus wrote me in an e-mail:

I don’t know if it concerns anybody else, I don’t get two updates I need downloaded (had a vacation last week, so I’m only trying to download the updates today).

KB4512506 and KB4517297 cause Event 364 (Content file download failed. Reason: File cert verification failure. Source File).

KB4511872 (IE CU), on the other hand, downloads without any problems, so I think there might be some problem with these two KBs.

The error message with the reference to File cert verification failure would have been spontaneously interpreted as ‘the SHA-2 support might be missing’. But Markus wrote me that WSUS is up to date. Under Windows Server 2008 R2 he said all SHA2 updates were installed and WSUS was 3.2.7600.307.

Cause found

Later Markus K. contacted me again by e-mail to wrote that he probably identified the root cause. He referred me to the Microsoft support article SHA-2 Support for Windows Server Update Services 3.0 SP2, which deals with the requirements for SHA-2 support for WSUS 3.0 SP2. The ‘known issuses’ contain the following text:

After installing this update, content downloads may fail if WSUS is configured to download express installation files. You may receive the following update in the SoftwareDistribution.log, “Info           WsusService.23      CabUtilities.CheckCertificateSignature                  File cert verification failed for *\WsusContent\*\*.psf with 2148098064.”

When the KB4484071 update required for SHA-2 support is installed, it configures WSUS for Express Updates. But then the error described above occurs when downloading updates.

Workaround: Disable Express Updates

To resolve this problem, administrators must disable the Download Express Installation Files feature. In the WSUS console, select Options -> Update files and languages -> Save update files locally on this server and clear the Download express installation files check box.

Microsoft is working on a solution and wants to release an update in a future release. Perhaps the information will help one or the other administrator. Thanks to Markus K. for the hint.

[German]A German blog reader dropped a bomb within a comment. He claims, that ‘Microsoft will no longer support security updates in Windows 10, Flash will be removed from Windows 10’. Here is a look at the current situation.

The Background

Microsoft has integrated Adobe’s Flash Player in Windows 8.1 as well as in Windows 10. The Flash Player can therefore be used in Microsoft Edge and Internet Explorer browsers. As a user, there is no way to uninstall Adobe Flash Player to get rid of this security risk. But Microsoft provide the Flash Player in Windows 8.1 and in Windows 10 with security updates from Adobe.

The end of Flash in 2020

At the end of July 2017, Adobe had announced that it was planning the end-of-life for Flash together with Apple, Facebook, Google, Microsoft and Mozilla. At the end of 2020, the Flash update will end and the Adobe Flash Player will no longer be available for download. At that time it was said: Publishers who still rely on Flash should use the time to convert the content to new formats such as HTML5. I had outlined this topic within my blog post Fake News: Flash is dead? Now it’s fading out is planned 2020.

In general, the use of Flash is fading out. The percentage of daily Chrome users who have at least one page of Flash content loaded per day has dropped from around 80% in 2014 to below 8% in early 2018. I had reported this in March 2018 in the German blog post Adobe Flash im Sturzflug.

Then I got new numbers about Flash’s decline: The share of Adobe Flash in use dropped to 4.9% as of April 19, 2018 (see the table above). 

Microsoft’s timeline for Flash exit

In the article mentioned above I have also outlined Microsoft’s timetable, which determines how to reduce the support for Flash in Microsoft Edge and Internet Explorer (in Windows 8.x/10):

• Since 2017 and 2018, Microsoft Edge has been asking users if they want to display Flash content in their browsers. Consent is given on the first visit to a site that requires Flash. Internet Explorer allows Flash to be displayed during this time without further request. 
• From mid-2019 until the end of 2019, Microsoft planned to disable Flash by default in Microsoft Edge and Internet Explorer. However, the user can activate Flash in both browsers. Microsoft Edge then asks at each session whether Flash content on a site should be run.
• From the end of 2020, the ability to run Adobe Flash in Microsoft Edge and Internet Explorer will be removed in all supported versions of Microsoft Windows. Then Flash is dead in Windows.

This is the status I know of Microsoft so far. At least with a short internet search I couldn’t find anything new.

Also in Chrome 76 the Flash-Player should be deactivated by default (see also). In mid-June 2019 Computerworld took a status picture in this article – the browsers deactivate the Flash Player, but support is planned until the end of 2020. 

No flash updates for Windows for 2 months now

Until now, Adobe Flash was more known as a changing security vulnerability, and Adobe had to release security updates for the player at least monthly. Occasionally, there have even been special updates to close critical vulnerabilities that have been exploited.

Windows users had therefore become accustomed to the fact that every patchday (2nd Tuesday of the month) an update for Microsoft’s Adobe Flash Player was also distributed. In July and August 2019, however, these updates failed to appear – which of course fuels speculation.

Microsoft Chat: No more Flash security updates

It is a statement that seems to contain explosive power, which I received from a German blog reader as a comment. Since there have been no Adobe Flash updates for Windows 10 for two months now, blog reader Nick has asked Microsoft for details. Nick posted the following statement from Microsoft, he got from a MS Chat session:

According to contact with Microsoft support (chat), Flash Player is no longer supported by Microsoft in Windows 10. Microsoft no longer distributes security updates for Flash Player.

Because Flash Player is built into Windows 10, it cannot be manually uninstalled.

Further information: The player will be removed by the manufacturer with the next updates, you cannot uninstall it now. In previous versions of Windows, Adobe provided a tool to uninstall the player. Unfortunately there is no such tool for Windows 10.

These statements should, in my opinion, be very strongly taken with care. Let’s take a look at the core statements.

Adobe Flash can’t be uninstalled

That the Adobe Flash Player is integrated into Windows 10 (and Windows 8.1) and cannot be uninstalled is true. I mentioned the topic in my German blog post Windows 10: Adobe Flash entfernen.

There are ways to remove the Flash Player from Windows 10. The problem: With every (feature) update, the player comes back to the system. In corporate environments, however, administrators have the option of deactivating the Flash Player via group policies. The above statement, that Flash can’t be uninstalled/removed by a user ist therefor true.

Flash no longer receives security updates

The statement that Microsoft no longer provides security updates for Flash Player should get a big question mark at this point! As long as Adobe Flash is integrated in Windows 8.1 and Windows 10, Microsoft will roll out security updates provided by Adobe in my opinion.

Maybe the information obtained from the Microsoft chat was interpreted incorrectly in context. I’m not sure, who is the chat partner from Microsoft – I know from Microsoft Answers that service providers from Asia (India etc.) are active there – and the quality of the delivered answers is at least to be questioned. Here we have to wait and see!

Flash will be removed by update

The last statement from the Microsoft Chat is, ‘The player will be removed from the manufacturer with the next updates’. That would indeed be a very interesting development. I wouldn’t put it entirely in the realm of speculation, but I’m not sure, that that really happens in 2019. So far there is nothing official known to me personally.

This action would make sense, but would be contrary to the above exit schedule published by Microsoft. The telemetry data may show that the Adobe Flash Player is no longer in use. Users who are still dependent on Flash could then use the Chrome browser or Firefox with its addin. Let’s just wait and see what really happens. If Microsoft removes Flash from Windows, it will definitely be officially announced – possibly this month.

[German]Microsoft released a KB4512509 cumulative update for Windows 10 on August 17, 2019. This fixes several issues, including problems running VB6, VBA, and VBscript.

For a list of updates, visit this Microsoft Web page. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001. The Windows 10 versions up to version 1709 are no longer supported in Home and Pro – only the Enterprise versions receive the updates there.

Update KB4512509 for Windows 10 Version 1803

Cumulative Update KB4512509, released on August  19, 2019, raises the OS build to 17134.984 and contains quality improvements but no new operating system functions. Here is the list of improvements, this time called Highlights by Microsoft: 

• Updates an issue that unintentionally removed Windows Hello credentials.
• Updates an issue that causes the Settings page to stop working and occasionally prevents default applications from being set properly.
• Updates an issue with downloading copyrighted digital media (music, TV shows, movies, and so on) from certain websites using Microsoft Edge and Internet Explorer.

There are also the following bug fixes:

• Addresses an issue with downloading digital rights management (DRM) files from certain websites using Microsoft Edge and Internet Explorer.
• Addresses an issue that causes Deployment Image Servicing and Management (DISM) to intermittently stop responding while deprovisioning some preinstalled apps using the Microsoft System Center Configuration Manager (SCCM).
• Addresses an issue in which the default keyboard for the English (Cyprus) (en-CY) locale was not set properly.
• Addresses an issue that causes the Settings page to stop working and occasionally prevents default applications from being set properly.
• Addresses an issue that causes a query request of the Win32_LogonSession class for the StartTime to display the value of the epoch (for example, 1-1-1601 1:00:00) instead of the actual logon time. This occurs when a user who isn’t an administrator creates the query request.
• Addresses an issue that causes a Windows Management Instrumentation (WMI) call to connect to the Windows PE (WinPE) host fails with the error, “0x80070721.”
• Addresses an issue that prevents an App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure.
• Addresses an issue that unintentionally removed Windows Hello credentials after installing KB4489894.
• Addresses a rare issue that causes Windows Defender Advanced Threat Protection (ATP) to temporarily prevent other processes from accessing files.
• Addresses an issue that causes a workstation to stop working when you sign in using an updated user principal name (UPN) (for example, changing UserN@contoso.com to User.Name@contoso.com).
• Addresses an issue in which Windows Defender Application Control will not allow third-party binaries to be loaded from a Universal Windows Platform application. CodeIntegrity event error 3033 appears as, “Code Integrity determined that a process (<process name>) attempted to load <binary name> that did not meet the Store signing level requirements.”
• Addresses an issue that may break the domain trust when the Recycle Bin is configured on the domain that carries the trust.
• Addresses an issue that prevents some users from receiving a TTL value when they are added as members of Shadow Principals. This occurs for users who have distinguished names (DN) that contain an escape character. The TTL value is now added as expected.
• Addresses an issue that may prevent devices from starting when they start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM). The error is, “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed.”
• Addresses an issue that may cause the following to stop responding:
  • Applications that were made using Visual Basic 6 (VB6).
  • Macros that use Visual Basic for Applications (VBA).
  • Scripts or apps that use Visual Basic Scripting Edition (VBScript).

    You may also receive an “Invalid procedure call” error.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalo and through WSUS. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists two known issues that the update causes. For example, errors may occur during file operations on Cluster Shared Volume (CSV). And a small number of systems will end up with a black screen instead of a login page at the first reboot after installation. Ctrl-Alt-Del can be used to force the login page. Then you should select the menu button and the command to restart. Details can be found in the KB article.

Similar articles:
Microsoft Office Patchday (August 6, 2019)
Microsoft Security Update Summary (August 13, 2019)
Patchday: Updates für Windows 7/8.1/Server (August 13, 2019)
Patchday Windows 10-Updates (August 13, 2019)
Patchday Microsoft Office Updates (August 13, 2019)
Windows 10: Updates August 16/17, 2019
Windows 7/8.1 Preview Rollup Updates (August 17, 2019)

Windows 10 V1903: Update install error 0x80073701 confirm
Windows 10 V1903: Install errors with Update KB4512508

[German]Users reinstalling Windows 7 SP1 may get the boot error 0xc0000428. This can be caused by a missing Bitlocker patch. Here is some information about the problem and why it might occur.

The error code 0xc0000428

The error 0xc0000428 stands for STATUS_INVALID_IMAGE_HASH – the hash of the image is invalid. The corresponding error text is:

“Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.”

An error occurred during signature verification of the boot files. The system refuses to boot because the hardware or software has been modified (something may have been damaged or overwritten by malware).

If you search for the error code, you will find it in the NeoSmart Knowledge-Base, for example. The causes mentioned there, such as outdated boot manager (BootMgr), wrong version of the boot disk, etc., have been known for years. In the current scenario, however, this is not the case.

Problem: New installation of Windows 7 SP1

Let’s get to the issue, which is the subject of this blog post. Some users will reinstall systems with Windows 7 SP1 in the coming months. Problems are installation media that have been adapted using DISM and extended by SHA-2 support.

Background: Windows 7 SP1 installation image with SHA-2 support

Microsoft has changed the signing of update packages from August 2019 to SHA-2-only. The dual signing with SHA-1 and SHA-2 has expired. I had about blogged about that (see at the article end). Without SHA-2 support, Windows 7 SP1 will not be able to install new updates released after August 2019. In my blog post Windows Updates KB4512506/KB4512486 drops error 0x80092004  I pointed out that Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 and Windows Server 2008 Service Pack 2 must have the following SHA-2 updates installed.

• Update KB4474419 (SHA-2 code signing support update for Windows Server 2008 R2 and Windows 7: March 12, 2019) adds support for SHA-2 signature checks for the above operating systems.
• In addition, the Servicing Stack Update KB4490628 was published in March 2019. This fixes a problem in the Servicing Stack, which occurs as soon as packages are signed with SHA-2 only.

If you now want to reinstall Windows 7 SP1 (or one of the other server variants mentioned), it is recommended to use a customized installation image. The two updates mentioned above can be integrated into the installation image using dism.

Windows 7 New Installation: The Cause of Error 0xc0000428

Users who reinstall Windows 7 SP1 (or the server variants) via a customized installation image with SHA-2 support can now run into the boot error 0xc0000428. I had already seen it a few hours ago at Woody Leonhard, who also points out a trap in the following tweet.

Installing Win7 from a backup? If you’re installing a customized image (e.g., from DISM), burning an image directly, or installing an up-to-date image that throws 0xc0000428, you need to install a BitLocker patch. Whether you use BitLocker or not. Gotcha. https://t.co/o8Zt6sah2e

— Woody Leonhard (@AskWoody) August 19, 2019

Also in this German comment the issue is mentioned, but there however with Windows Server 2008 R2. Microsoft has added three entries to the support article 2019 2019 SHA-2 Code Signing Support requirement for Windows and WSUS on August 17, 2019:

• I am using setup to perform a clean installation of Windows 7 SP1 or Windows Server 2008 R2 SP1. I’m using an image that has been customized with updates (for example, using dism.exe). How do I update to SHA-2 support?
• I am installing an image of Windows 7 SP1 or Windows Server 2008 R2 SP1 directly to the disk without running setup. How do I make this scenario work?
• I have installed an image of Windows 7 SP1 or Windows Server 2008 R2 SP1, which includes the SHA-2 support, directly to the disk without running setup and now the system does not boot and I receive error 0xc0000428 (STATUS_INVALID_IMAGE_HASH). How do I make this scenario work?

The first item deals with the question how to retrofit the SHA-2 support for Boot-Record. The second point deals with the question of what updates have to be installed and adapted for a new installation. And the third point deals with the problem that the boot process ends after the new installation with the error 0xc0000428.

The reason for this error is the missing Bitlocker patch KB3133977 (BitLocker can’t encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2). This update was released on April 24, 2017 and addresses a problem that Bitlocker cannot decrypt encrypted files and the svchost.exe service crashes. This Bitlocker patch KB3133977 must be included in the boot image before installing any updates. Here are the steps to follow:

1. Start the operating system with a recovery media. .
2. Before installing additional updates, install KB3133977 with Deployment Image Servicing and Management (DISM) for Windows 7 SP1 and Windows Server 2008 R2 SP1.
3. Restart the recovery media. This restart is required. 
4. Run bcdboot.exe at the command prompt. This copies the boot files from the Windows directory and sets up the boot environment. 

For more information, see BCDBoot Command Line Options. Then restart the operating system.

Similar articles
SHA-2 patch for Windows 7 arrives on March 2019
Windows 7: From April 2019 ‘SHA-2-Support’ is required
Windows 7: Updates for SHA-2 support
Windows Updates KB4512506/KB4512486 drops error 0x80092004
Windows Server 2008 R2 and a WSUS SHA-2 issue
Symantec/Norton blocks Windows Updates (SHA-2)

Microsoft has released the first beta of the Chromium-based Edge browser for various Windows versions. Users of Windows 7 can now also test this beta of the browser.

The announcement of the first beta was made by Joe Belfiore in the Windows Blog, the following tweet points to this event.

COME AND GET IT! Edge BETA branch is here!
https://t.co/oWkUQVinpV

— Joe Belfiore (@joebelfiore) August 20, 2019

The Edge-Beta is available for all supported operating systems (Windows, macOS). The possibility to download the beta can be found on this Microsoft page. So far, Microsoft has counted more than one million preview build downloads across all supported versions of Windows and Mac. There have been more than 140,000 individual feedbacks. The final is expected in 2020 – see the Windows Blog for more details.

And the good news keeps on coming! We’re headed back to Reddit for another AMA this Thursday, August 22 at 11:30AM PST to answer all your questions about Beta. In the meantime, try it out here!https://t.co/LjAGAfINrX pic.twitter.com/WuB29UfZPm

— Microsoft Edge Dev (@MSEdgeDev) August 20, 2019

By the way, the Edge developers are hosting an Ask me anything (AMA) meeting on reddit.com on August 22, 2019, as the above tweet reveals.

[English]Antivirus vendor Symantec has released a patch to fix the update issue on Windows 7 / Windows Server 2008 R2. Distribution is scheduled for August 21, 2019 for various language versions, the English version is said to have already been released. Here is some information on the topic. 

What exactly we are talking about?

Microsoft has changed the signing of Update for Windows 7 in August 2019 exclusively to SHA-2. I’ve addressed this, among other things, in the blog post Windows 7: From April 2019 ‘SHA-2-Support’ is required. This is not a problem, because Microsoft has provided the relevant updates to SHA-2 support since months. So far, Microsoft has also provided dual-signed update packages signed with SHA-1 as well as SHA-2.

As of August 2019, however, the SHA-1 signature in the Windows 7 updates has been completely removed. These can only be installed if Windows 7 SP1, Windows Server 2008, Windows Server 2008 R2 and WSUS have been upgraded accordingly (see also WSUS: Endpoint decommissioned; SHA2 update required).

However, users of Windows systems that have Symantec Antivirus or Norton Antivirus installed have a problem since the August 2019 patchday. The antivirus solutions only detected updates signed with SHA2 (because of the missing SHA-1 signature) as malware and blocked these packages.

Symantec has published the KB article Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed . Microsoft has therefore blocked the deployment of the August 2019 updates for Windows 7 SP1 and Windows Server 2008 R2. The required August 2019 security updates were not offered. I reported in the blog post Symantec/Norton blocks Windows Updates (SHA-2).

Symantec startet rollout a patch

Through the following tweet by Woody Leonhard I became aware that Symantec has now released an update to solve this problem.

Remember that block on Win7 patches this month, on systems with Symantec or Norton antivirus? Looks like Symantec has released a fix and you can now install this month’s patches. (MS’s KB articles haven’t been updated.) https://t.co/2j8ZQp0LWi

— Woody Leonhard (@AskWoody) August 20, 2019

Leonhard received a notification from CA, which indicates the release of the patch:

Symantec released an updated version of Norton Internet Security that
fixes the SHA-2 patch problem for Windows 7 this morning (Tues). The new version will show up through Live Update (140+ mb).

Once the patched version is applied (v22.18.0.222), security roll-ups
for August (Group A – Aug 13 KB4512506) will appear in Windows Update
without user intervention. A reboot may be required for this to happen.

MS has not updated KB4512506 or KB4512486 to reflect this:
https://support.microsoft.com/en-us/help/4512506

For Symantec Endpoint Protection users, the English 14.2 version has
been updated. Localized language versions will be available on the 21st.

The Support article about Symantec Endpoint Protection hasn’t been udated yet. But I expect Symantec/Norton users will receive the fix later today and Microsoft to release the August 2019 security updates for affected Windows systems.

[German]Another addendum from last week. Microsoft has released some Intel Microcode updates for Windows 10. The updates were released last week on the regular patchday.

The colleagues from German site deskmodder.de had mentioned it in this article last week, but were not sure what was really updated. Meanwhile, people on Twitter have pointed me to the microcode updates for Windows 10.

FOLKS, THOSE w Sandy Bridge @INTEL CPU, MICROCODE IS OUT for 1709 to 1809

Last Updated Aug 13 2019

ICYMI: @SBSDiva @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @SwiftOnSecurity @pcper @MalwareJake @JobCacka @etguenni @chrisbhoffman @LawrenceAbrams @AskWoody

1/5 pic.twitter.com/POAvZCqWol

— Crysta T. Lacey (@PhantomofMobile) August 16, 2019

According to the tweet, it affects systems with Sandy Bridge. Here is the list of available Intel microcode updates for Windows 10 that Microsoft maintains on this website.

• KB4465065: Windows 10 Version 1809, Windows Server 2019
• KB4346084: Windows 10 Version 1803, Windows Server Version 1803
• KB4346085: Windows 10 Version 1709, Windows Server Version 1709
• KB4346086: Windows 10 Version 1703
• KB4346087: Windows 10 Version 1607, Windows Server Version 2016
• KB4346088: Windows 10 Version 1507 (RTM)

In another tweet, @PhantomofMobile points out that an installed update KB4494174 (June 2019) under Windows 10 V1809 must first be uninstalled before update KB4465065 can be installed.

IF YOU INSTALLED KB4494174 YOU WILL HAVE TO UNINSTALL IT, TO INSTALL KB4465065
My experience on 1809@SBSDiva @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @SwiftOnSecurity @pcper @MalwareJake @JobCacka @etguenni @AskWoody @cybericua @Kym_Possible @epakskape

1 pic.twitter.com/EtefZu7Ep4

— Crysta T. Lacey (@PhantomofMobile) August 17, 2019

Maybe someone could use it. For Windows 10 V1903 I don’t know any microcode update for August 2019. Hints for activating registry entries can be found in the article Microsoft Security Advisories/Notifications June 2019.

Similar articles:
Windows 10: Intel Microcode Updates (June 2019)
SB Intel Microcode Boot Loader for Spectre mitigation
Windows 10 V1809: Retpoline is automatically active now
Microsoft Security Advisories/Notifications June 2019

Microsoft has released Windows 10 Insider Preview Build 18965 (aus dem Entwicklungszweig 20H1) (from development branch 20H1) for Windows Insider in the Fast Ring. The announcement with details about new features/changes and bugs can be found in the Windows Blog.