Windows – Born's Tech and Windows World

[German]Microsoft yesterday released the first (official) beta of the Edge browser for Windows 7. Here are some additional information. There are group policies for administration. And Microsoft has revealed what feedback came from the community and how demands are implemented via road map.

Insider feedback on Edge and feature road map

In a Techcommunity blog post David Rubino from Microsoft wrote about the user requests and feedback given to Microsoft by participants of the Insider program for the Edge browser. Some feedback was implemented directly in the browser..

The often requested dark theme is now implemented in the Edge Browser.
Bing Translate is now integrated into Microsoft Edge
Want more control over the data your browser stores? Learn about privacy controls in the Privacy and Services settings, including the option to choose what to delete each time you close your browser.
There is now an option in the settings under Appearance that allows you to control the display of the Favorites bar.
If you’re annoyed about the ads, you want a read view to give you a trouble-free reading experience. Further new features that were requested are planned for September 2019.

Anyone who is annoyed by the advertisements should get a trouble-free reading experience with a reading view. Further innovations that were requested are planned for September 2019.

An option to prevent automatic video and audio playback when a website is opened.
Scrolling improvements and more.
Add a Favorites button to the toolbar for faster access to favorites.

The blog post is a kind of road map of what Microsoft intend to implement as new features within the following months.

Group policies for the Edge

Administrators in enterprise environments will be interested in group policy management. Microsoft has also prepared something, as you can read about the following Tweet.

IF YOU DO EDGE, THIS MIGHT BE HELPFUL:

ICYMI: @SBSDiva @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @SwiftOnSecurity @pcper @MalwareJake @JobCacka @etguenni @AskWoody

Microsoft Edge group policieshttps://t.co/HWw9MRBBWf

— Crysta T. Lacey (@PhantomofMobile) August 21, 2019

[German]Microsoft released a cumulative update KB4512941 and a Servicing Stack Update (SSU) KB4515530 for Windows 10 Version 1903 on August 21, 2019. This should finally fix the sandbox problem. However, the updates don’t seem to be distributed ‘officially’ yet.

A list of the updates can be found on this Microsoft website (currently not documented). The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001. The Windows 10 versions up to version 1709 are no longer supported in Home and Pro – only the Enterprise versions receive the updates there.

Update KB4512941 for Windows 10 Version 1903

Cumulative Update KB4512941 (dated August 21, 2019) raises the OS build to 18362.325 and includes quality improvements but no new operating system features.

Currently, Microsoft has not yet updated its documentation and does not provide it in the Microsoft Update Catalog. The update is mentioned here. And the colleagues from German site deskmodder.de writes here that the sandbox finally works (in Windows 10 systems with language settings other than English) after the update installation.

Currently still quite buggy

Due to the lack of documentation from Microsoft, not much can be said yet about the fixes of this update. According to this comment the sandbox bug has been fixed only partially (some programs developed won’t run within the sandbox environment). In the comments of deskmodder.de it is also criticized that the search does not work and Cortana runs with 44 % CPU load. User Ben writes here that a registry entry is the cause. He suggests the following reg file for import..

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search] "BingSearchEnabled"=dword:00000001

The entry forces the Bing search, whereupon the CPU load for Cortana decreases and the search also works. However, another user cannot confirm this, Cortana continues to run at high load. By the way, the problem has been there for 2 weeks at Windows 10 19H2 Insider Preview and nothing is happening at Microsoft. Deskmodder has added the information that the problem only occurs if users have changed the search settings. As soon as the search index is rebuilt, the load should go back. The region setting German/Austria should also help with the Cortana load (well, since Strache is gone, you don’t have to search in Austria anymore). In the comments here some users mention that Windows wants to ‘synchronize’ itself when restarting. At the moment this update is more of a toilet exercise – maybe Microsoft is still testing and will release it on August 22, 2019.

Update KB4515530 for Windows 10 Version 1903

It is a Servicing Stack Update (SSU), which is mentioned here. Also here there is no information from Microsoft available yet.

[German]Microsoft has already released an update for the .NET Framework 3.5, 4.7.2, 4.8 for various Windows 10 versions on August 20, 2019. But the update comes with some issues.

Already on August 13, 2019 there was an update, as mentioned in the German comments here (and this article). But Microsoft has probably added to the 20.8. The colleagues of Deskmodder took it up here and published the following list of cumulative updates for various Windows versions.

Windows 10 1809: KB4511517 .NET Framework 3.5 and 4.7.2
Windows 10 1809: KB4511522 .NET Framework 3.5, 4.8
Windows 10 1803 KB4511521 .NET Framework 4.8
Windows 10 1709 KB4511520 .NET Framework 4.8
Windows 10 1703 KB4511519 .NET Framework 4.8
Windows 10 1607 KB4511518 .NET Framework 4.8

These updates can also be downloaded from Microsoft Update Catalog. Microsoft states that the update fixes a crash in the Bass Class Library (BCL) that occurs after event logs are broken down.

Attention with BackupExec 20.4

Two days ago blog reader Axel T. contacted me via e-mail and pointed out a big problem. He listed the details at administrator.de. Here is the translation of his German post:

I just installed the August updates on our Windows Server 2012 R2. Before that I checked all hints for possible issues with the new updates; like every month. Then I started our backup software BackupExec 15 on one of the servers because I planned to change a setting before the backup tonight.

And the software doesn’t start anymore.

Error message “BackupExec does not work anymore”. In addition some MS-Prosa, that was it. Restarting the server does not solve the problem either. Restart of the services also not.

There are no messages regarding the backup software in the Event Viewer. Associated services all run, can also be stopped and restarted. All this without error messages in the Event Viewer.starten. Auch das alles ohne Fehlermeldungen in der Ereignisanzeige.

The blog reader identified the .NET Framework update as the root cause. Then I got today another German Comment from blog reader Sebastian, reporting the same issue:

I’ve also installed the .net 4.8 update. (Server 2008 R2)
Important – who uses BackupExec 20.4:

.net 4.8 bricks BE – the backup can’t start anymore after installing the update.

Now I unistalles .net 4.8 and reinstalled 4.7.2.
It now runs again – if necessary all BE services have to be restarted

Sebastian writes that there is already a KB article (Backup Exec console crashes after installing .NET Framework 4.8).

Problem

After installing .NET Framework 4.8 on the Backup Exec media server , the Backup Exec console crashes when starting, as shown in the following screenshot.

This issue is also observed on servers or workstations with the Backup Exec Remote Administration console installed.

The event log contains an error 0xe0434352 for BackupExec.exe, version: 20.0.1188.186. Veritas identified .NET 4.8 as the cause and recommend uninstalling the update:

Uninstall .NET Framework 4.8 and reboot server. This update will be listed as KB4486105 (Windows 2012 R2), KB4486081 (Windows 2012), KB4486129 (Windows 2016), KB4486153(Windows 2019) in the list of installed updates. For Windows 2008 R2, remove .NET 4.8 through Programs and Features in Control Panel.

The fix for this issue will be included in the next release (20.5) of Backup Exec. This article will be updated when 20.5 is available.

Maybe it will help those affected.

[German]Has Microsoft re-released a number of updated versions of Windows Updates effective August 21, 2019? At the very least, this is what entries in the Microsoft Update Catalog suggest. The updates replace the August 16, 2019 patches for Windows 7 / Windows Server 2008 R2 that were intended to fix the VB6, VBA, and VBScript issues. Here is some information on what I was able to find out.

The patches from 08/16/2019

With the security updates of August 13, 2019 (Patchday) there was the problem that these caused issues with Visual Basic (VB6, VBA and VBScript). I had mentioned this in the blog post August 2019 Updates: Issues with VB6, VBA and VBScript and in the user comments there were hints when the bugs actually occurred.

Late Friday, August 16, 2019, Microsoft then rushed to provide the first updates to fix these bugs. I had described the details in the blog post Fix for VB6, VBA, VBScript bug? Some feedback from blog readers indicated that there were still issues with VB6, VBA and VBscript. And there were installation problems as well.

Revision updates from August 21, 2019?

I have been informed by @PhantomofMobile via Twitter that a number of Windows updates in Microsoft Update Catalog now have the release date August 21, 2019.

(Click to zoom)

These are the updates for Windows 7 and Windows Server 2008 R2 from the list below:

2019-08 Update für Windows Embedded Standard 7 für x64-basierte Systeme (KB4517297): Windows Embedded Standard 7
2019-08 Update für Windows Server 2008 R2 für Itanium-basierte Systeme (KB4517297): Windows Server 2008 R2
2019-08 Update für Windows Embedded Standard 7 für x86-basierte Systeme (KB4517297): Windows Embedded Standard 7
2019-08 Update für Windows 7 für x64-basierte Systeme (KB4517297): Windows 7
2019-08 Update für Windows 7 für x86-basierte Systeme (KB4517297): Windows 7
2019-08 Update für Windows Server 2008 R2 für x64-basierte Systeme (KB4517297): Windows Server 2008 R2

If you read the KB articles, Microsoft seems to have made some minor changes. For update KB4517297 it says:

This update contains all the quality and security changes in KB4512486 (released August 16, 2019). While it does not replace KB4512486 on Windows Update, if you install this update you do not need to install KB4512486.

Update KB4512486 includes fixes for the VB6, VBA, and VBscript bug introduced with the August 13 patches and it seems to be a revision update. So if anyone has been affected by these bugs, they may want to check the updates.

Microsoft has released the update KB4517787 for the Windows 10 Insider Preview Build 18965 (from development branch 20H1). This update is distributed to Windows Insiders in the Fast Ring. It is supposed to be more ‘extensive’, but contains nothing new. Microsoft only raises the build number to 18965.1005. Reason: Micosoft wants to test the delivery method. The announcement can be found in the Windows Blog.

[German]The cyber criminals behind the Emotet-Ransomware have re-activated their C&C servers and there will probably be new campaigns with successful infections soon.

German CERT-Bund warns against Emotet

During the last weeks this summer it was quiet coverring Emotet Trojan/Ransomware infections. The last news I remember mind were the Emotet infection at German publisher heise in May 2019 and a warning from German BSI in April this year. On early June 2019 the Emotet C&C server went offline. Maybe the cyber criminals just went on ‘summer vacation’. But that’s over now.

#Emotet ist zurück! Seit einigen Stunden ist die Anfang Juni abgeschaltete C&C-Infrastruktur von Emotet wieder online und liefert Module an noch infizierte Clients aus. Wer den Zugriff aus seinem Netz auf die zuletzt bekannten C&C-Server noch nicht blockiert hat, …

— CERT-Bund (@certbund) 23. August 2019

German CERT-Bund warns in the tweet above about the Emotet trojan. They say, the Emotet infrastructure, that went offline in June 2019 is back online. The Command and Control servers (C&C servers) has been back online and has started delivering malware modules to infected clients.

For admins in companies, this means blocking access to the relevant C&C servers. A list of the IP addresses to be blocked can be found on this website.

https://t.co/THZewKmxN7

— Jake (@JCyberSec_) August 23, 2019

Addenum: The tweet above and this blog post also shares this knowledge.

What is Emotet?

The Emotet Trojan is nothing new, Symantec published an article about this malware in summer 2018. The group behind the Trojan has been active since at least 2014 and had focused on bank customers so far. Some time ago, however, there was a strategy change by attacking infrastructure and companies in Europe and infecting them with Ransomware.

The German Lower Saxony State Criminal Police Office (LKA) has warned during the last months several times, that the malware “Emotet” is spreading massively via e-mail attachments. The Emotet Trojan reads the address books and evaluates the victims’ e-mail communication. In this way, the malware can send itself to other e-mail addresses of potential victims. These then victims receive an e-mail from a supposedly known sender.

The texts of the mail vary, but tries to trick the recipient to open the attachment. The attachment is mostly a Word .doc file with macro code. If macro locks are set, the malware tries to convince the victim to open the attachment and enable macro execution.

The most critical component is the Emotet component, which enables vertical movement in enterprise networks. This represents a special challenge for companies. Network propagation also means that victims can be infected without ever clicking on a malicious link or downloading a malicious attachment.

Once on a computer, Emotet downloads and executes a spreader module. The module contains a password list that it uses to attempt to gain access to other computers on the same network, writes Symantec. Microsoft has published an article about this malware here, with Windows Defender detecting some variants.

[German]Microsoft has released the dynamic update (compatibility update) KB4506578 for Windows 10 Version 1809 on August 22, 2019. However, the descriptions still bear the date of June 2019.

I became aware of the new update by the following tweet of @PhantomofMobile. From the date this update fits into the ‘C-week’ of the month.

COMPARABILITY, DYNAMIC & CRITICAL UPDATES: WK C MS Catalog #3August
Be careful, These ones might trigger a forced Install.

NOW 180

ICYMI: @SBSDiva @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @SwiftOnSecurity @pcper @MalwareJake @JobCacka @etguenni @AskWoody pic.twitter.com/lGKJ13gNDh

— Crysta T. Lacey (@PhantomofMobile) August 23, 2019

Within Microsoft Update Catalog Update KB4506578 is specified as a Dynamic Update for Windows 10 version 1809 with a release date of August 22, 2019.

Windows 10, Update, KB4506578

However, support article KB4506578 is still as of June 18, 2019. This update provides improvements to simplify installation and recovery for Windows 10, version 1809. This Dynamic Update can be optionally downloaded and applied from Setup via Windows Update during the installation and recovery of Windows 10. What exactly has changed within the August 2019 release is not known.

win7 [German]The monthly KB4512506 Security Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 is experiencing issues. Some systems run into boot problems during installation. The machines refuse to start with error code 0xc0000225.

The error description

Austrian blog reader Friedrich S., who runs an IT support company, contacted me by e-mail. He describes the error as follows::

after installation of 2019-08 – Monthly Security Quality Rollup for Windows 7 for x64-based Systems (KB4512506), Windows 7 no longer starts on some PCs. The error message:

Status: 0xc0000225
Info: The boot selection failed because a required device is inaccessible.

Windows 7 Boot-Error 0xc0000225

The blog reader writes that the safe mode of Windows 7 no longer works either. With a Linux USB stick he can start the systems and also access the partitions/data.

The blog reader is not alone; after I wrote the article Windows 7: SHA-2-Klippen am August-Patchday for German magazine heise, some readers left comments like the one, I’ve translated here:

KB4512506 causes a blackscreen with error 0xc0000225 (Win7 x64)

KB4474419 and KB4490628 are installed, but as soon as the 2019-08 monthly security quality rollup is installed, the Windows Boot Manager stalls with status 0xc0000225.

What I found so far was the suggestion to restore the winload.efi and winload.exe in system32 from an intact system, but I haven’t tried it yet.

Has anyone else been able to observe this?

In the thread other users confirm this problem. Krebs on Security also has this user comment. Askwoody also has this forum entry, and Spiceworks also confirms the bug.

Repair attempts of the user

The affected person then tried to boot the systems via Windows 7 DVD and get into Windows PE via the computer repair options. But he had no success there. After the start with the Windows 7 DVD he received this message during system restore

This version of the System Restore Options is not compatible with the version of Windows you are repairing. Use a disk that is compatible with this version of Windows.

FYI: Windows 7 x64 SP1 is installed on the computer, Windows 7 x64 SP1 is also installed on the DVD. If you use the Windows repair disk for starting, an error is found in the Windows boot manager.

Reparaturdetails: Die folgende Startoption wird repariert:
Name: Windows Boot Manager
ID: 9DEA862C-5CDD-4E70-ACC1-F328344D4795

Reparatur der Windows 7 Startdateien

After the repair has been carried out, the starting problem persists. The affected user writes to this:

We already have 5 systems where the problem occurs, 3 systems use a Samsung 860 Pro SSD, 2 systems have an HDD (Seagate/WD) built in.

and asks if others are affected and if there are any solutions. I had answered the question about the afflictions of other users in the text above with links to other sources.

Troubleshooting, some approaches

Ad-hoc I guess that the boot manager will be patched by the SHA-2 update in Windows 7. I had already published the blog post Windows hängt mit Boot-Fehler 0xC0000225 in December 2015, which deals with the error image. There was a tip to repair the UEFI files. But I am skeptical that it will help.

Patch KB3133977 is missing?

While writing the blog post something rang with me. A few days ago I published the article Windows 7: Reinstallation causes boot error 0xc0000428. Microsoft states that in certain situations a missing Bitlocker patch KB3133977 causes the stop error 0xc0000428.

Here it is recommended to read the support article 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. Microsoft has added three entries to the August 17, 2019 article. The entries at the end of the article address issues related to the SHA-2 upgrade in Windows 7 SP1 and Windows Server 2008 R2.

At heise I had published the article Windows 7: SHA-2-Klippen am August-Patchday. There I mentioned the missing Bitlocker update KB3133977 may causes boot issues. Then I got an interesting user hint in the comment thread to my article.

It also bricked some of my computers. Fortunately they could be retrieved via restore points. After installing KB3133977 KB4512506 could be installed without any problems.

Be careful with the patch KB3133977 in connection with ASUS boards and Secure Boot. Be sure to read the KB article!

So the Bitlocker patch KB3133977 can solve the problem with the boot problems here as well. I therefore guess that the Windows 7 boot manager can no longer read the signatures without update KB3133977 due to the SHA-2 error and refuses to boot.

Microsoft wrote something about the ASUS board problem in KB article 3133977 that the patch on ASUS board prevents booting. ASUS has published this support article.

Perhaps the above information will help. If so, just leave a comment – thank you.

[German]Cumulative Update KB4505903, released July 26, 2019, breaks the connection to Bluetooth speakers. Microsoft has just confirmed this as a known issue.

Update KB4505903 for Windows 10 V1903

Cumulative Update KB4505903 was released on July 26, 2019 – after extensive tests with Windows insiders – for Windows 10 Version 1903 as well as for Windows Server Version 1903. It fixes a long list of bugs and raises the OS build to 18362.267.

The update was released accidently on 07/25/2019 by mistake and then on 07/26/2019 inally. Users already reported within my German blog a slow installation on this release – and some user has install issues. I had reported about this update in Windows 10 V1903 Update KB4505903 (07/26/2019). There you can also find the hint:

Addresses an issue that may reduce Bluetooth audio quality when using certain audio profiles for extended periods.

Microsoft has also improved the Bluetooth audio output, the update is supposed to improve the quality.

Problems connecting to Bluetooth speakers

On 23 August 2019, Microsoft published the support article 4518538 Bluetooth speakers don’t work after update 4505903 is installed on Windows 10, version 1903, which deals with connection problems with Bluetooth speakers. After installing update 4505903 on Windows 10 version 1903, one of the following problems occurs if an internal speaker is installed:

A Bluetooth speaker can’t connect to the computer.
A Bluetooth speaker can connect to the computer. However, the speaker output sounds noisy (bad quality).
A Bluetooth speaker can connect to the computer. However, the sound is generated by the internal speaker instead of the Bluetooth device.

Additionally, in Device Manager, you notice an entry under the Sound, video and game controllers node for Microsoft Bluetooth A2dp Source that shows a yellow exclamation mark icon.

A workaround should help

In its support article 4518538, Microsoft proposes a workaround in the form of system file system checking. Open an administrative command prompt and type sfc /scannow in its window (see also the relevant part in the blog post Check and repair Windows system files and component store).

It may take some time for the system file system check to run, the progress is displayed in the Command Prompt window. Then restart Windows 10. Then the Bluetooth pairing error should be fixed.

Somehow Microsoft hasn’t been so comfortable with Bluetooth connections. Here in the blog I have reported several times about BT problems caused by updates. Older Bluetooth devices were deactivated by an update in June 2019 for security reasons (see Windows 8–10: Update blocks Bluetooth pairing).

However, in order for the system file system check to run cleanly, the bug caused by the July 2019 Defender updates should be fixed (see notes in the articles linked below). Whether the required Defender update with the sfc fix has already been rolled out, I can’t say exactly at the moment – the error does not occur with me. The colleagues at deskmodder.de explain that the fix for Defender will only be rolled out ‘in the coming weeks’.

[German]A short note about the software tool Dism ++. It looks like this tool won’t be developed further – the developer wants to concentrate on the maintenance of the basic library. In other words, the project switches to maintenance mode. But another developer has spun off a new project.

What is Dism++?

The tool Dism++ is nothing else than a graphical user interface, with which the Windows command dism can be handled better. The tool is quite powerful, because it offers functions to:

Start management – i.e. everything that is started automatically under Windows.
App management – i.e. uninstalling apps
Toolbox – with various tools for system administration
System optimization – functions to optimize the system (more caution required)
Driver management – all drivers installed via Windows Update can be deactivated
Feature management – you can deactivate functions from the ‘Programs and Features’ section of Windows.
Update management – updates can be selected and managed.
Deployment – all functions to customize an installation image
Sysprep commands – manages the commands during system deployment

This site contains additional information an a download link for Dism ++.

Dism++

The tool itself is portable, so there is no need to install it. However, Dism++ must be run with administrator privileges.

Website disappeared – changes announced

A few days ago I had an article Beware of Dism++ with Windows customizations in my blog, where I warned about risks when using the tool. Even then I noticed that the website chuyu.me no longer existed (13.8.2019). Dism++ is in Chinese hands and when you call the URL chuyu.me you get a website with Chinese characters, which contains the following message.

Website is temporarily unavailable

The website has not been filed in accordance with the relevant legal provisions of the Ministry of Industry and Information Technology.

May have the following reasons:
Reason one: The website has not completed submission in accordance with the requirements of the Ministry of Industry and Information Technology. […]

But the Chuyu team continues the project on GitHub and on June 7, 2019 the version Version 10.1.1000.100 was released. Currently you can download it here from German site deskmodder.de. Now I read at deskmodder that the developer of Dism++ does not want to add any new functions to this tool. Instead he wants to focus in the future to maintain the main library of Dism ++. Deskmodder interprets this in such a way that there will only be maintenance updates in Future.

New project Nit started on GitHub

But Deskmodder mentions that another developer, MouriNaruto, wants to continue the project under a different name. The name of the project is “Nit – A Windows Image Tweaker based on DismCore”. The project has already started on GitHub. The new tool should be based on the core of DISM++, because MouriNaruto has the permission of the original developer.

[German]In Hyper-V, you may not be able to install guest operating systems in Generation 2 VMs. The installation process ends with a ‘PXE Network boot using IPv4 …’ message.

The error image

I come across the corresponding error description in this German administrator.de post a few days ago:

Setup VM W2016 does not start in Hyper-V 2016

is just sitting over my new server and trying to install it a VM at the host. I wanted to install a W2016 VM (as Generation 2 over an ISO) as a guest os in Hyper-V … briefly saw the prompt to press any key to setup via the “optical drive” … and then I’m constantly in a black screen with “PXE Network boot using IPv4 ( ESC to cancel). Performing DHCP Negotiation ….” please.

It looks like the prompt to press a key is not being passed to the virtual machine. Then the VM will not boot from the mounted ISO file and attempt a PXE network boot, which of course fails.

PXE Network Boot
(Source: scomandothergeekystuff.com)

If you search the internet for this error message, you will get several hits at once. The Technet forum thread here discusses the issue – and this blog post also deals with the topic. The above screenshot is from this blog post.

The error description

When installing the KB4512506 update, the process terminates with error code 0x800F0816. I once stumbled across this error on Twitter.

#Windows7 #Update 08-2019 #KB4512506
Nachdem @etguenni mir mit Lösung *1geholfen hatte, gab es nun auf dem Sony Vaio einen anderen Fehlercode #800F0816!
Hier konnte das @admonaut Forum mit Lösung *2 helfen! Vielen Dank!
*1 https://t.co/hrNiojBHXd
*2 https://t.co/nnLh3WX2mY

— ⊰ Ɖαƞȋ ⊱ (@vielzuwenig) August 24, 2019

If you go to the above linked article on administrator.de, a person concerned describes his isse as follows (I’ve translated the German text):

The monthly security update for Windows 7 x64 KB4512506 causes all sorts of problems, but I have an error that I haven’t found yet: the update is installed supposedly error-free but after the reboot it is removed from the system boot repair again. The error code is 800F0816. And then the game repeats itself daily.

I have installed the SHA-2 patches (they were already installed automatically). Also I don’t use Symantec or Norton virus scanner but F-Secure, but even with deactivated virus scanner there is the same problem.

So the update is constantly removed because it can’t be installed successfully.

What is causing the error?

I couldn’t find a description of the error code, I only know that this error code is returned by the setup API and is informal (STATUS_SEVERITY_INFORMATIONAL). If I search the blog for the error code 0x800F0816, I come across the blog post Patchday issues with updates & WSUS (September 11, 2018) from September 2018. There I wrote:

The post here on reddit.com confirms that the SSU has caused an installation error 0x800f0816 and another installation attempt has been made.

In the Microsoft Answers forum on August 17, a user described the issue that August 2019 updates KB4512506 and KB4512486 caused problems. Installing them prevents Windows from verifying winload.efi’s digital signature.

Patch KB3133977 missing

I already mentioned the Bitlocker patch KB3133977 in the blog post Windows 7: Reinstallation causes boot error 0xc0000428. This update was released on April 24, 2017 and addresses a problem that Bitlocker cannot decrypt encrypted files and the svchost.exe service crashes.

In the MS Answers forum thread, the affected user rolled back the system to an old backup and then installed the Bitlocker update KB3133977. Then he could install the August 2019 update KB4512506 or KB4512486. At German site administrator.de this comment confirms that installing the Bitlocker update KB3133977 fixes the installation error 0x800F0816.

[German]Microsoft has blocked the upgrade from older Windows versions to Windows 10 May 2019 Update (Version 1903) and even for Windows 10 October 2018 Update (Version 1809) for ruggedized Zebra Tablet PCs due to problems.

Zebra XSLATE B10 Tablet PCs

The Zebra XSLATE B10 Tablets are industrial tablets that are used in harsh environments. The manufacturer also offers the device on this web site.

(Zebra XSLATE B10 Tablets, Source: Vendor)

The technical data of the devices, which come with Windows 10 compatibility, Intel i5 processor, 8 GB Ram and 128 or 256 GByte SSD, can be viewed here.

Support article for Zebra XSLATE B10 Tablets

I became aware of the Microsoft support article Updating to Windows 10, version 1903 or Windows 10, version 1809 on Zebra XSLATE B10 tablets via Bleeping Computer. If administrators try to upgrade these Tablet PCs to Windows 10 V1809 or V1903, the following message appears:

XSlate: Your PC isn’t supported yet on this version of Windows 10. No action is needed. Windows Update will offer this version of Windows 10 automatically once the issue has been resolved.”

(Zebra XSLATE B10-Blocker, Quelle: Microsoft)

The background is that Zebra and Microsoft have discovered compatibility issues with Windows 10, version 1903, or Windows 10, version 1809, and the Zebra XSLATE B10 Tablets. It may happen that the touch screen stops working after the device is restarted. For more information, see the Zebra Support article.

Microsoft is currently investigating the case. To be on the safe side, Microsoft has stopped upgrading these devices to Windows 10, version 1903 or Windows 10, version 1809. Microsoft is working on a solution and plans to release it as an update in a future version. Until November 2019 it’s still time, because then the support of Windows 10 version 1803 expires.

[German], Microsoft’s Your Phone service, which can pair compatible (Android) smartphones with Windows 10, failed today (August 26, 2019). The service has been down all day.

Your Phone is supposed to enable Windows 10 users to synchronize their smartphones with the operating system. With the app Your Phone and the service behind it, you can send and receive SMS messages from Windows 10, view the latest 25 photos from your smartphone or even mirror the screen of your smartphone. All you need is a compatible phone and PC and a login to Microsoft (I’ve never used or tested the service because of the recommended registration).

But the service needs Microsoft servers to communicate – and when they’re up, it’s vinegar with fun. That’s exactly what happened after a message from neowin.net today.

Microsoft’s Your Phone service has been down all day #YourPhone https://t.co/vJOzT2uJsK pic.twitter.com/tQKFJ5ibvD

— Neowin (@NeowinFeed) August 26, 2019

Today a number of users report that the Microsoft Your Phone service does not work. The Microsoft status page reports a problem with Your Phone.

(YourPhone status, Click to zoom)

User Impact: Users may experience connection problems and errors when using the Your Phone app.

Current status: We’ve identified an issue causing connection problems for the Your Phone app. Users may receive “Can’t connect” or other error banners when using the app. We’re actively investigating to identify the cause of the problem and develop a remediation plan.

Start time: Monday, August 26, 2019, at 7:00 AM UTC

There are connection problems with the service – people cannot connect to the service and synchronize their smartphones using the appropriate Windows 10 app. According to neowin.net this has been going on all day. The incident comes just days after Samsung launched the Galaxy Note10 with all-new “Link to Windows” features that make it easier to connect to the service.

[English]If you have a Lenovo notebook or other Windows system, you should check to see if the Lenovo Solution Center is installed there. If this is the case, you should uninstall this crapware as soon as possible for security reasons.

Lenovo Solution Centre

Lenovo Solution Centre (LSC) is a software developed by Lenovo and shipped preinstalled on many Lenovo Windows system.

Lenovo Solution Centre (Quelle: Lenovo)

Lenovo Solution Center is, according to Lenovo, a software application developed by Lenovo for think products that enables users to ‘get the most out of their computer’. With this new software, users can easily see the status of their system, network connections and system security, the manufacturer said.

According to Lenovo, the Solution Center (LSC) has been shipped with their Windows systems since 2011. However, Lenovo now states that the software has reached its end of life on November 30, 2018 and will no longer be shipped with new devices. The Lenovo Solution Center is crapware filled with vulnerability.

New vulnerability – Lenovo says ‘out of support’

Security researchers from the British company Pen Test Partners have found a serious vulnerability in the Lenovo Solution Center. The vulnerability, documented in CVE-2019-6177, allows attackers with normal user rights to gain administrator privileges. The security researchers reported in this article about the Privilege Escalation vulnerability.

The vulnerability is that a highly privileged Lenovo process overwrites the Discretionary Access Control List (ACL), randomly changing the permissions of a file. This means that a low-privileged user can control it. Because the highly privileged process gives all users on the system full control over that file.

In an attack, a low-privileged user could write a “hardlink” file to the controllable location – a pseudo file that really points to any other file on the system over which the low-privileged user has no control. When the Lenovo process runs, it overwrites the permissions of the hardlinked file with appropriate permissions. This gives the low-privilege user full control over a file that they are not normally allowed to use. This can be used to execute arbitrary code on the system with administrator or SYSTEM privileges.

Lenovo has published a security advisory CVE-2019-6177 and has identified the vulnerability as critical. According to Lenovo, the vulnerability is in the Solution Center version 03.12.003, but this version was dropped from support. Lenovo states that users of the Lenovo Solution Center were recommended to migrate to Lenovo Vantage or Lenovo Diagnostics as early as April 2018.

Because support has expired, the manufacturer recommends that users uninstall the Lenovo Solution Center immediately using Windows Control Panel programs and features. According to security researchers, Lenovo said the software dropped out of support in April 2018. But the last version of LSC was released in late November 2018. The British site The Register has also taken up the case here and calls the whole thing as ‘sweeping under the carpet’.

Microsoft has just released the Windows 10 Insider Preview Build 18363.327 in the Release Preview Ring. The build belongs to the 19H2 development branch, which will lead to a new Windows 10 feature update in a few weeks.

The announcement of the new Insider Preview took place in the Windows Blog. Microsoft is testing the ‘throttled approach’ of delivering Windows 19H2 to users in the Windows Insider program via the Release Preview Ring with features deactivated by default. This means that the Insider Preview comes as an optional update, where you have to select the option Download and install.

For a small subset of insiders (about 10%) in the Release Preview Ring, Microsoft has enabled the ‘Search’ option for 19H2. When these insiders go to Settings > Update & Security > Windows Update, they see that there is a Windows 10, version 1909 update. You can choose to download this update and install it on your PC. When the update is complete, you will be on 19H2 build 18363.327.

John Cable mentioned in July that Windows 10 19H2 rolled out like monthly updates to users with the 19H1 (so no feature update). Further details can be found in the Windows blog.

win7 [German]Support for Windows 7 Sp1 will expire on January 14, 2020. The security company Kaspersky recommends upgrading the operating system to supported versions. And enterprises with the right plans may receive a free extended update support extension for Windows 7 in 2020..

Kasperky recommends an upgrade

On January 14, 2020, Windows 7 SP1 will receive security updates for the last time as scheduled. Microsoft will then discontinue support for this operating system for the mass of users. There will be only tricks to manually install updates intended for embedded versions.

On the other hand, the share of Windows 7 on the desktop worldwide (end of July 2019) is probably still around 32 percent. The security company Kaspersky has published their own figures. According to its own data, Windows 7 still runs on 38% of systems in private households.

Two percent still use Windows XP and one percent Windows 8, as Martin Geuß writes here. Kaspersky uses data from the Kaspersky Security Network (KSN) to collect data, for which customers can choose. This does not result in representative data, but trends can be identified. Alexey Pankratov of Kaspersky writes in a press release:

Our statistics show that a significant proportion of users, both businesses and individuals, still use machines with an outdated or outdated operating system.

The widespread use of Windows 7 is also problematic, as less than five months remain until this version is no longer supported. The reasons for this backlog vary: software that may not run on the latest operating system versions, economic reasons, or habit.

Nevertheless, an old, unpatched operating system is a major cyber security risk; the cost of an incident can be significantly higher than the cost of an upgrade. Therefore, we recommend switching to supported versions and ensuring that additional security tools are available during the transition period.

So a clear statement to switch to Windows 10 or another operating system (macOS or Linux).

One year free support extension for enterprises

The fact that Microsoft grants companies an extension of support (Extended Security Updates) until 2023 has long been known. I had reported about it in various blog posts (see article end). These ESU (Extended Security Updates) should be available to companies with software assurance contracts for a fee from April 2019. This should be offered to approved customers per device, and the price increases every year.

In the announcement Microsoft did not mention any prices. In February 2019, Mary Foley published an article about prices for Windows 7 Extended Security Updates. According to Foley, Microsoft informed its partners about the prices for Extended Security Updates (ESUs) until January 2023.

(Source: ZDnet)

I had mentioned some details in my blog post Windows 7 Extended Security Updates buyable from April 2019, but assume that these prices are negotiable. Gregg Keizer has noticed a special offer and he has thematized it on Computerworld.

Microsoft provides free Extended Security Updates for Windows 7 for EA and EAS customers with active subscriptions to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security. An FAQ for Windows 7 and Office 2010 says:

Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit,

Enterprises that have an Enterprise Agreement and Enterprise Agreement Subscription for Windows 10 Enterprise E5, Microsoft 365 E5 or Microsoft 365 E5 will receive Windows 7 Extended Security Updates free for the first year. However, Windows 10 Enterprise E5 and Microsoft 365 E5 are the top subscriptions of the operating system with the highest subscription costs – not every company will have booked these packages.

“Qualified subscription licenses must remain active throughout the ESU coverage period, or the free ESU coverage expires with the subscription,” Microsoft has made a condition. The second and third years of ESU can be purchased separately for $50 and $100 per device, respectively. However, Microsoft expects that this will not be required. “We believe that most customers who need to buy Windows 7 ESU only need first year coverage,” the company wrote in the FAQ. “[And] the annual price increases…. are intended to encourage customers to continue their momentum with the introduction of Windows 10.”

Microsoft is currently testing the KB4512941 update for Windows 10 Version 1903 on Windows insiders. I reported about it in the blog post Windows 10 V1903: Updates KB4512941 and KB4515530. Now KB4512941 was updated. The the colleagues from deskmodder.de report here, the sandbox should finally work now. Some insiders are testing Microsoft’s upgrade to Windows 10 19H2 (see Windows 10 Insider Preview Build 18363.327 (19H2)).

[German]Windows 10 May 2019 Update (version 1903) has a bug in Remote Desktop Connections (RDP). These cause a high CPU load on a CPU core when disconnecting the session. There are also reports that VMs freeze on RDP connections (when not enough cores are allocated). However, there is a workaround.

It is a bug whose solution has already been mentioned here in the blog in another context. But I decided to prepare the topic separately again. Maybe it will help those affected.

Windows 10 V1903: Issues with RDP connections

If you establish a remote desktop connection (RDP) to a computer with Windows 10 May 2019 Update (Version 1903), you should be careful. If you disconnect the session without logging out, the process dwm.exe (Desktop Windows Manager) hangs on the client. The process will then fully utilize a CPU core.

(Click to zoom, Source: MS-Answers-Forum)

This high CPU load remains until the next login. Users opened this thread in the Microsoft Answers forum on June 15, 2019 with a description of the bug and posted the screenshot above.

After exiting a remote desktop session, cpu load goes up (dwm.exe) until next login

When I access another Windows 10 PC via remote desktop and then exit the remote desktop session, the CPU load goes up. It is DWM.EXE that causes it.

The user has taken the usual measures to exclude his system as a cause. He wrote what he’ve checked:

What I did to exclude other causes:

– scanned for viruses (yes, DWM.EXE is the original one from MS)
– made sure no magnifier was active (Google proposed this)
– made sure no screen saver is active and nothing else is on my lock screen
– made sure the gfx driver (Intel integrated) is up to date

He also performed system file checks with sfc /scannow and dism without success. The whole thing is simply a bug in Windows 10 version 1903. The thread has already received over 10,000 user votes that have the same problem. In addition, a user has linked a number of other sources in the thread. So far, however, Microsoft has not provided a fix or even left out the problem at all.

Workaround: Force XDDM driver use

In mid-July 2019, I published the blog post Windows 10 V1903: Remote Desktop shows Black Screen, which deals with a different problem in RDP sessions (black screen). My suggestion for a workaround there was to force the use of the XDDM driver instead of the normally used WDDM graphics driver.

Launch gpedit.msc with administrative privleges.
Then navigate to the following branch in the Group Policy Editor.

(Click to zoom)

Use the branch: Computer Configuration->Policies->Windows Settings->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Remote Session Environment, set the Policy Use WDDM graphics display driver for Remote Desktop Connections to Disabled.

Once this policy has been disabled and the commit may have been forced with gpudate /force, the problem should be fixed.

Already in the German user comments there was a reference to the MS forum post linked above – and this comment and another comment describe that the workaround helps with a freezing VM. In the MS forum post, user Dr4g0n 36 writes that for him forcing the XDDM driver also helped. I myself, in addition to the comments here in the blog, have become aware of the problem again through this entry at German site administrator.de.

[German]Since August 27, 2019, Microsoft has lifted the update blockade for Windows 7 SP1 and Windows Server 2008 R2 for systems with installed Symantec/Norton antivirus software. Symantec has given Microsoft permission to release Windows updates. However, these users should install updates for the antivirus software.

Some Background information

As of August 13, 2019, Microsoft released security updates for Windows 7 SP1 (and Windows Server 2008 R2). However, if the users installed antivirus solutions from Norton or Symantec, the delivery of the updates was suspended. The reason for this was that the antivirus solutions from these vendor supposed to be not compatible with the new updates and could have potentially damaged Windows.

As a precaution, Microsoft has therefore, in consultation with Symantec, blocked the delivery of updates for affected machines. The reason for this measure was that the security solutions could not cope with the changed signing of Windows updates (since August 2019, these have only been signed with SHA-2). I reported in the blog post Symantec/Norton blocks Windows Updates (SHA-2).

Symantec provides a patch

A week ago, antivirus vendor Symantec released a patch to fix the update problem under Windows 7 / Windows Server 2008 R2. The distribution for various language versions began already on August 21, 2019. I had addressed this within the blog post Symantec releases a patch for the SHA-2 bug in Windows 7. Later, in acomment to the article, German blog reader Andreas confirmed that the updates were offered by Microsoft after updating his Symantec antivirus software (thanks for the feedback).

Update ban lifted

A few days ago, Symantec completed its internal assessment of the impact of incorrectly detected August 2019 updates and future updates for Windows 7/Windows 2008 R2. It was determined that the risk of false-positive detection is not increased for all in-field versions of Symantec Endpoint Protection previously installed on systems. Symantec has thus given Microsoft the go-ahead to lift the update blockade.

Yesterday I got a comment from German blog reader Hermann informing me, the update hold has been lifted by Microsoft (thanks for that). Microsoft has added the following note to KB article 4512506 as of August 28, 2019:

The safeguard hold has been removed. Symantec has completed its evaluation of the impact of this update and future updates to Windows 7 and Windows 2008 R2. Symantec has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection and Norton antivirus programs. See the Symantec support article for additional details and please reach out to Symantec or Norton support if you encounter any issues.

In order to be able to process the updates properly, Norton/Symantec users should update their AV programs to the following versions as a precautionary measure

SEP 14.2 RU1 MP1 (14.2.4814.1101) has been certified and is available for download via MySymantec.
SEP 14.2 RU1 (14.2.3357.1000) has been certified and is available upon request through Symantec Technical Support.
SEP 14.2 MP1 (14.2.1057.0103) has been certified and is available upon request through Symantec Technical Support.

Only then full SHA-2 signature support is given for the updates. Then updates KB4512506 / KB4512486 and subsequent updates for Windows 7 SP1 and Windows Server 2008 R2 must be successfully installed.

Insider feedback on Edge and feature road map

Group policies for the Edge

Update KB4512941 for Windows 10 Version 1903

Currently still quite buggy

Update KB4515530 for Windows 10 Version 1903

Attention with BackupExec 20.4

The patches from 08/16/2019

Revision updates from August 21, 2019?

German CERT-Bund warns against Emotet

What is Emotet?

The error description

Repair attempts of the user

Troubleshooting, some approaches

Patch KB3133977 is missing?

Update KB4505903 for Windows 10 V1903

Problems connecting to Bluetooth speakers

A workaround should help

What is Dism++?

Website disappeared – changes announced

New project Nit started on GitHub

The error image

Suggested solutions for the problem

The error description

What is causing the error?

Patch KB3133977 missing

Zebra XSLATE B10 Tablet PCs

Support article for Zebra XSLATE B10 Tablets

Lenovo Solution Centre

New vulnerability – Lenovo says ‘out of support’

Kasperky recommends an upgrade

One year free support extension for enterprises

Windows 10 V1903: Issues with RDP connections

Workaround: Force XDDM driver use

Some Background information

Symantec provides a patch

Update ban lifted