Windows – Born's Tech and Windows World

[German]Microsoft has just released the Windows 10 Insider Preview Build 18362.10019 in the Slow Ring. All features for Windows 10 19H2 testers from the circle of Windows insiders who voted for the Slow Ring have been released. For Windows insiders who are using the release preview ring with Windows 10 19H1 (Version 1903), the new build may also be rolled out. The build belongs to the 19H2 development branch, which will lead to a new Windows 10 feature update in a few weeks.

All 19H2 Insider in Slow Ring get Build 18362.10019

I recognized the announcement of the new Insider Preview via the following tweet. It’s a new build for Insider running Windows 10 19H2 the Slow Ring.

Heads up #WindowsInsiders in the Slow ring! We have released 19H2 Build 18362.10019 with all features turned on for everyone in the Slow ring. Details in the blog post: https://t.co/uVn5j6UeYQ pic.twitter.com/D3dRikOiLL

— Windows Insider (@windowsinsider) September 5, 2019

Within the Windows-Blog you will learn that testers with build 18362.10041 and build 18362.10015 get this feature update. Here is the Microsoft explanation::

IF you received Build 18362.10014 with 19H2 features turned OFF by default on 8/19 – you WILL receive Build 18362.10019 today with all 19H2 features turned ON.
IF you received Build 18362.10015 with 19H2 features turned ON by default on 8/19 – you WILL receive Build 18362.10019 today with all 19H2 features turned ON.

Users of Windows 10 May 2019 Update that has activated the Slow Ring should receive the updates for the 19H2. So all Windows insiders who test in the Slow Ring should have the same build again

Update chaos fixed? Insider with 19H1 watch out

With the above build Microsoft tries to eliminate a point of criticism (A/B tests for Windows Insider Previews), which I took up in the blog post Windows (Insider Program): Quo vadis? But Microsoft wouldn’t be Microsoft if you couldn’t create an additional pinch of chaos in the same breath.

Within the blog post Announcing Windows 10 Insider Preview Build 18362.10019 (19H2) Microsoft says, that Windows Insider in Slow Ring will receive all Build 18362.10019.
Meanwhile, a note for testers has been included in the Release Preview Ring of Windows 10 Version 1903 that refers to the article Testing Testing the throttled delivery approach for 19H2.

In the latter article an addition with date 8/5 was made, which is a typo and must be 9/5. Microsoft writes there:

UPDATE 8/5: We have increased the “seeker” experience for 19H2 in the Release Preview ring to 100%. This means that everyone in the Release Preview ring should see a Windows 10, version 1909 update available If they go to Settings > Update & Security > Windows Update. Insiders who choose to install this update will be updated to 19H2 Build 18363.329. We are also beginning to push 19H2 out to 10% of Windows Insiders in the Release Preview ring as well. This means 10% of Insiders in the Release Preview should see 19H2 Build 18363.329 offered automatically.

Users of Windows 10 Version 1903 in Release Preview Ring can use the Settings app in Windows Update to check for updates. If things go well and you belong to the 10% of guinea pigs, the upgrade to 19H2, but to build 18362.10029, is also offered in the release preview ring. So Insider in Slow Ring get 10019, while the Release Preview Ring has 10019.

But there is another limitation: If you use Windows Defender Application Guard (WDAG) or Container on this system, Microsoft does not offer this version of 19H2. It’s always surprising to see this wonder bag from Microsoft.

What is unlocked in build 18363.319?

Finally, an outline of which features Microsoft unlocked in Windows 10 19H2 Build 18363.319 (and probably also in 329).

Windows containers require matched host and container version. This restricts customers and limits Windows containers from supporting mixed-version container pod scenarios This update includes 5 fixes to address this and allow the host to run down-level containers on up-level for process (Argon) isolation.
A fix to allow OEMs to reduce the inking latency based on the hardware capabilities of their devices rather than being stuck with latency selected on typical hardware configuration by the OS.
Key-rolling or Key-rotation feature enables secure rolling of Recovery passwords on MDM managed AAD devices upon on demand request from Microsoft Intune/MDM tools or upon every time recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users.
A change to enable third-party digital assistants to voice activate above the Lock screen.
You can now quickly create an event straight from the Calendar flyout on the Taskbar. Just click on the date and time at the lower right corner of the Taskbar to open the Calendar flyout and pick your desired date and start typing in the text box – you’ll now see inline options to set a time and location.
The navigation pane on the Start menu now expands when you hover over it with your mouse to better inform where clicking goes.
We have added friendly images to show what is meant by “banner” and “Action Center” when adjusting the notifications on apps in order to make these settings more approachable and understandable.

(Click to size)
Notifications settings under Settings > System > Notifications will now default to sorting notification senders by most recently shown notification, rather than sender name. This makes it easier to find and configure frequent and recent senders. We have also added a setting to turn off playing sound when notifications appear.
We now show the options to configure and turn off notifications from an app/website right on the notification, both as a banner and in Action Center.
We have added a “Manage notifications” button to the top of Action Center that launches the main “Notifications & actions” Settings page.
We have added additional debugging capabilities for newer Intel processors. This is only relevant for hardware manufacturers.
We have made general battery life and power efficiency improvements for PCs with certain processors.
A CPU may have multiple “favored” cores (logical processors of the highest available scheduling class). To provide better performance and reliability, we have implemented a rotation policy that distributes work more fairly among these favored cores.
We have enabled Windows Defender Credential Guard for ARM64 devices for additional protection against credential theft for enterprises deploying ARM64 devices in their organizations.
We have enabled the ability for enterprises to supplement the Windows 10 in S Mode policy to allow traditional Win32 (desktop) apps from Microsoft Intune.
We have updated search in File Explorer to show web-powered suggestions in addition to files locally indexed on the PC.
We have added the ability for Narrator and other assistive technologies to read and learn where the FN key is located on keyboards and what state it is in (locked versus unlocked).

In addition to the new build for all 19H2 features enabled in the slow ring, the new build also includes general improvements for these features.

Microsoft has published the Windows 10 Insider Preview Build 18975 (from the development branch 20H1) for Windows Insiders in the Fast Ring. This build should lead to another function update in spring 2020.

The announcement with details about new features/changes and bugs can be found in the Windows Blog. One of the new features in this build is that the Cortana window can now be moved. Virtual desktops can also be renamed. Here is the list of changes and fixes:

Microsoft has fixed an issue resulting in the “Bluetooth and Other Devices” and “Printers and Scanners” not rendering correctly in the last two flights.
Microsoft has fixed an issue resulting in search crashing on launch for Insiders using certain display languages, including Polish.
Microsoft has fixed an issue resulting in some Insiders receiving error 0xC0000142 when attempting to upgrade to recent builds.
Microsoft has fixed a recent issue resulting in some Insiders finding that various File Explorer settings were unexpectedly modified, and in some cases couldn’t be corrected. This impacted File Explorer’s navigation pane visibility, the option for the navigation pane to automatically show all folders, and showing the drive letters. Please note that while this fix will stop it from happening, if you were impacted, you will need to take steps to return these settings in File Explorer to be their desired state.
Microsoft has fixed an issue resulting in the minimize, maximize, and close title bar buttons not working for certain apps.
For those who would prefer not to see the post upgrade setup page, Microsoft has added a new option to turn it off under Notification Settings. Note, it will only be visible for users eligible for seeing this setup page.
Microsoft has fixed an issue where the text candidate list, when typing in Korean using the touch keyboard, was in reverse order.
Microsoft has updated the Chinese Pinyin IME toolbar to now be light when using light theme.
Microsoft has fixed an issue that could result in the Chinese Pinyin IME not responding the first time you tried to select a text candidate in certain types of text fields.
Microsoft has fixed an issue that could result in the mouse cursor becoming transparent and not visible when HDR was enabled.
Microsoft has fixed an issue where if MS Paint was open in the background, using the arrow keys would result in the mouse cursor changing position despite MS Paint not being in focus.
Microsoft has fixed an issue when using your PC in Arabic or Hebrew, where when maximizing win32 apps you could see the title bar flip for a second to show the close button on the right instead of on the left.
We fixed an issue impacting Action Center reliability in the previous flight.
We’ve made some adjustments to help address potential out of memory issues over Remote Desktop that could result in you being unexpectedly logged out of your remote session.
Microsoft has fixed an issue resulting in not being able to setup Windows Hello during OOBE.
Microsoft has updated our upgrade logic so that going forward, your preferred scheduled defragmentation settings will be preserved on upgrade. Thanks to those who shared feedback about this.
Microsoft made some improvements to help address out of memory issues resulting in users potentially getting logged out of remote desktop sessions.
Microsoft has fixed an issue impacting Your Phone reliability in recent flights that resulted in seemingly random crashes during use.
Microsoft has fixed an issue where, when taking a screenshot using the pen after rotating your device, the screenshot might not be in the expected orientation.
Microsoft has fixed an issue when taking a snip that could result in your screenshot being unexpectedly blacked out.
Microsoft has have removed the option to change Magnifier UI to a magnifying glass and be in the viewport. We would be interested to hear if this option was useful to you and why.
Magnifier reading now supports reading in more places.
Several issues have been resolved that caused the Magnifier UI not to scale or resize correctly when users adjusted the Make text bigger or the Make everything bigger settings.
Microsoft has resolved an issue where users could not use some Magnifier hotkeys after sign-in until Magnifier was restarted.
Microsoft has resolved an issue where Magnifier Docked and Lens mode would turn into Full Screen mode when User Account Controls were active.
Microsoft has resolved an issue in Notepad where the text cursor would display, but the text cursor indicator would not.
Microsoft has resolved an issue in Notepad where the text cursor indicator prevented users from double-clicking to select text.
Microsoft has resolved an issue where the text cursor indicator preview in Ease of Access settings was not usable when Dark Mode is enabled.
Microsoft has resolved an issue where the text cursor indicator was randomly filling in with black.
Microsoft has fixed an issue with Narrator stopping early when reading certain dialogs.
Based on user feedback, Microsoft has enhanced Narrator’s reading experience when arrowing through messages in Outlook. When the importance column is read the “importance” header is always spoken before the high or low. If a message has been flagged that column’s information will be spoken immediately after the importance column instead of at the end.
Microsoft has fixed a bug where Narrator did not play the error sound in certain scenarios.
Microsoft has raised the volume of Narrator’s link and scroll sounds.
Microsoft has fixed a bug when the Narrator page summary was not working in the Chrome browser.
Microsoft has fixed a bug where assistive technology (e.g. Narrator, Magnifier, NVDA) were starting after sign-in when only the before sign-in setting was set.
Narrator is now presenting “flash messages” on a configured braille display as expected for reading the window title and when presenting suggested content.
Narrator is now presenting cell contents on a configured braille display as expected when navigating a table.

Known Issues

The Reset this PC cloud download option is not currently calculating the correct amount of space you need to free up if you do not have enough disk space to proceed. To work around this until the fix is available, free up an extra 5GB beyond what is prompted.
The Reset this PC cloud download option is not currently working when specific optional features are installed. The process will begin, but an error will occur and roll back the changes. To work around this issue, remove the optional features before trying the cloud download option. We’ll let you know once this issue has been resolved. The optional features are: EMS and SAC Toolset for Windows 10, IrDA infrared, Print Management Console, RAS Connection Manager Administration Kit (CMAK), RIP Listener, all RSAT tools, Simple Network Management Protocol (SNMP), Windows Fax and Scan, Windows Storage Management, Wireless Display, and WI SNMP Provider.
There has been an issue with older versions of anti-cheat software used with games where after updating to the latest 19H1 Insider Preview builds may cause PCs to experience crashes. We are working with partners on getting their software updated with a fix, and most games have released patches to prevent PCs from experiencing this issue. To minimize the chance of running into this issue, please make sure you are running the latest version of your games before attempting to update the operating system. We are also working with anti-cheat and game developers to resolve similar issues that may arise with the 20H1 Insider Preview builds and will work to minimize the likelihood of these issues in the future.
Some Realtek SD card readers are not functioning properly. We are investigating the issue.
Some Insiders may experience a deadlock in netprofmsvc.dll on Builds 18967+. This can result in the upgrade to the build freezing at 98%, or if you’re on the build already you may find that various aspects of the system unexpectedly freeze and become unresponsive. We appreciate your patience as we work on a fix.
We are looking into an issue where, after updating to this build, adding a new Language Pack reports successful installation but is not installed.
There is an issue with this build where certain Local Experience Packs (LXPs) may revert to English. We are working on a fix.
Certain 2D apps (like Feedback Hub, Microsoft Store, 3D Viewer) are incorrectly being treated as having protected content within Windows Mixed Reality. During video capture, these 2D apps block their content from being recorded.
When capturing a repro video while filing a bug via Feedback Hub in Windows Mixed Reality, you won’t be able to select Stop video, due to the protected content issue noted above. If you want to submit a repro video, you will need to wait 5 minutes for the recording to time out. If you’d like to file the bug without a repro video, you can close the Feedback Hub window to end the recording and resume filing your bug when you reopen the app in Feedback > Drafts.

[German]The day that software vendors and security researchers have been waiting for for months has arrived. A metasploid for the Bluekeep vulnerability in Windows is publicly available.

I had been warning about the BlueKeep vulnerability for months and waiting for an exploit every day (see BlueKeep warning: Exploit might come soon?). Now it seems to have happened, as you can see in the following tweet. Exploit for wormable Bluekeep Windows bug released into the wild.

Exploit for wormable Bluekeep Windows bug released into the wild https://t.co/1mCiPR5ZeF by @dangoodin001

— Ars Technica (@arstechnica) September 6, 2019

The exploit is ‘wormable’, i.e. the infection of a computer is enough to spread the malware over the network. Some information is also available from Bleeping Computer .

Work of Programm on GitHub

On GitHub the code for a BlueKeep exploit was published as ‘Work in Progress’. The exploit exploits the vulnerability CVE-2019-0708, alias BlueKeep, via RDP in the Windows kernel. The author of the exploit writes that the RDP driver termdd.sys handles bindings to the internal channel MS_T120 improperly. Thus a faulty Disconnect Provider Indication message can trigger a use-after-free error. With a controllable Data/Size Remote nonpaged Pool Spray, an indirect call gadget of the enabled channel is used to achieve arbitrary code execution.

The module currently works with 64-bit versions of Windows 7 and Windows Server 2008 R2. However, for Windows Server 2008 R2, a registry entry must be changed to allow heap grooming over the RDPSND channel. The author writes that there are other ways to use alternative channels that are enabled by default on all Windows operating systems.

The module is currently classified as manual because the user must enter additional target information. Otherwise, there is a risk of the target host crashing. The module implements a default TARGET option that only searches for a vulnerable host and displays some initial information about the specific target operating system. However, an attack requires the user to specify a more specific target. Later or further improvements in this module could allow a more accurate determination of the target system’s memory layout at runtime.

Background to the BlueKeep vulnerability

I had reported about the BlueKeep vulnerability CVE-2019-0708 in several blog posts. An explanation of the vulnerabilities can be found in the blog post Security Critical update for Windows XP up to Windows 7 (May 2019).

There is a patch, but it has not been installed on all systems. It is currently estimated that approximately 800,000 systems are still unpatched and accessible via the Internet (see BlueKeep warning: Exploit might come soon?).In my blog post How To: BlueKeep-Check for Windows, I explained how a system can be scanned both locally for installed patches and in a network for vulnerabilities.

Microsoft is experimenting with a boot optimization, which could find its way into one of the upcoming Windows 10 versions. At least there are first indications for such a feature in Windows 10 20H1. In addition, clearer command options seem to be implemented.

Friday the next insider preview of Windows 10 20H1, build 18975, was released. I had reported in the blog post Windows 10 Insider Preview Build 18975 (20H1) released. WalkingCat looked at the help of the defrag command in builds 18970 and 18975 and compared it, as shown in a (now deleted tweet).

Windows 10 Build 18970 still has the usual defrag info, as it is also displayed in current versions. However, there are already new switches compared to the current Windows 10 version 1903.

Windows 10 Build 18970 defrag Infos

A new entry can be found in the help page:

defrag /bootoptimize

whose purpose is to optimize the speed of the boot process under Windows. I hadn’t seen this option before (but I may have missed it). For build 18975 the following output will be displayed.

Windows 10 Build 18975: defrag-Ausgabe

The help page provides more entries for different options, whose names are more meaningful than the single letter abbreviations. So /L has been extended by /Retrim for SSD drives.

[German]Within the blog post I would like to pick up two issues about the settings for updates under Windows 10 that has come to my attention. One is the possibility (or inability) to hide the update delay in Windows 10 V1809, which doesn’t work. And I came across a case where Windows 10 was in the Insider Preview without being assigned an account from the program.

With the options to delay the update installation, I’m ‘at war somehow’. Windows 10 Version 1903 introduced an update control for all users. But if you work with group policies to set update delays, you will facing issues. I had reported about it in the blog post Windows 10 May 2019 Update brings back Update control.

Windows 10 V1809: GPO to pause update does not work

In Windows 10, version 1809 should be able to remove the options for pausing updates via group policies. The whole thing is outlined in this blog post on tenforum.com. German blog reader Martin K. contacted me this week by mail and wrote:

Option to suspend updates can’t get removed

what I want to do: In Settings/Windows Update/ Advanced Options remove the possibility to pause updates.

There is also GPO or Regkey as described here. It doesn’t work with 1709 (ok is not supported there…. so it’s ok if it doesn’t work), but with 1809 [doesn’t work either].

He sent me the following screenshot of the registry, where you can see the entries.

(Click to size)

But no matter what he tried, the GPO doesn’t seem to work. The options are still available.

(Click to size)

Markus writes: Can also reproduce this on my system which is not in the domain. But maybe I’m overlooked something? Anyone else with similar experiences?

Insiders without an insider account?

Tero Alhonen demonstrated with a tweet that the options shown on the settings page of Windows 10 should not be taken seriously with regard to the insider preview page.

Something I’ve never seen before. Getting Windows 10 Insider builds without being an Insider pic.twitter.com/rjgp0Kg1uv

— Tero Alhonen (@teroalhonen) September 6, 2019

The photo above shows that his machine is in the slow ring of the Windows Insider program. But the page does not show to which Windows Insider account he belongs. Pretty crude, this options shown. Well, a few restarts and possibly exiting and re-entering the Insider program should fix the problem.

[German]The cumulative update KB4512941 for Windows 10 Version 1903 released on August 30, 2019 seems to cause display issues for some users (e.g. screenshots). The display is turned to a colored reddish, as in night mode, if screenshots are obtained – or without screenshots on some systems. For Lenovo devices it could be the Vantage app, but also graphics drivers were mentioned. Here is an overview, what I know so far.

I hadn’t noticed it, but I got the comment here (thanks for that) from a German blog reader, pointing to that issue.

Are night mode and screenshots collide?

The folks at MSPU has mentioned within an article, I was pointed to this German WinFuture article. A user reported, that he is plagued by a strange bug. When he tries to take a screenshot, the screen turns reddish/orange (like night in mode).

Red-Screen-Bug with Update KB4512941 Windows 10 V1903
(Source: MS Answers-Forum)

The user posted the above screenshot within the Microsoft Answers forum with am a description:

My screen turns red when I capture a screenshot.

My screen turns red when I capture a screenshot. How can I turn it off? I haven’t changed any settings; yesterday it was fine. I tried using different snipping tools, and the regular PrtSc button. All red.

I have the night mode off, and everything else is regular.

As soon as he wants to make a screenshot using the print key, the display becomes reddish. Of course every observer would tap on the night mode, which forces exactly this behavior for the desktop display (should be more eye friendly). However, the user writes that he has not activated night mode at all.

The user had tested several screenshot programs, all with the same error. In this case the update of the graphic driver led to a correction of the error.

Wait, there is more

However, another user posted the screenshot shown below in the same thread. And he don’t use a screenshot before the desktop went to that color.

Red-Screen-Bug with Update KB4512941 Windows 10 V1903
(Source: MS Answers-Forum)

The user gets this reddish / orange display right after logon without further action. This user has a Lenovo Yoga 710-14ISK with Intel Core i5 and Intel HD Graphics 520. His attempt to install a driver went wrong – the latest driver could not be installed.

It is probably an isolated problem caused by graphics drivers. At reddit.com I came across a 2 year old post where someone got an Orange Screen of Dead (instead of a BSOD) because the graphics display spun.

Is Lenovo Vantage app to blame?

My German collegues at deskmodder.de found another thread in Microsoft Answers forum, where an affected user reported similar issues. Due to serveral typos, this wasn’t revealed within an ordinary internet search (I’ve amed the title of the post now). The Text in German says:

Windows 10 V1903: Screen color suddenly reddish/orange – Update KB4512941 / Lenovo Vantage app to blame?

Hello,

I have a problem with the screen color …. immediately after switching on the screen lights up normally and after 2 seconds the color turns yellow

One user presumed, that the Lenovo Vantage app may cause this behavior. The app also contains something like a night mode. Lenovo devides are known to have issues with night mode. At least one user at deskmodder.de has confirmed the Lenovo Vantage tool as the cause. A German blog reader confirmed here the same issue with a X380-YOGA. Addendum: I have now the feedback, that the Vantage app have to be blamed, update KB4512941 hasn’t been installed on that machine.

Question: Any of you who are affected? And if so, does uninstalling the update KB4512941 or adjusting the screen display in the Vantage app help?

Update KB4512941 has caused several issues, see links below. But if it’s related to the Lenovo Vantage app, the update wouldn’t be involved..

[German]In Windows 10 May 2019 Update (V1903) there are some bugs that people have noticed. Here are some findings that blog reader Reto F. have pointed out to me. Nothing serious, but unsightly.

Blog reader Felix R. already e-mailed me about this in mid-August 2019 and wrote the following:

In the appendix I described 4 bugs, which I stumbled across and can’t find any further information on the net. I reported everything to Feedback.hub. But nobody was interested in this yet. Maybe you can make these bugs known to a wider audience.

It’s a well-known phenomenon, the Feedback-Hub is used to make people get rid of their displeasure – but it’s not always corrected what was reported.

#1: Time zone error [seems fixed]

Reto wrote: On Windows 10 1903 (also 1803) systeminfo.exe returns a different time zone than the Settings page or the Control Panel. The same time offset but still wrong.

(Zeitzone in den Einstellungen: Windows 10 V1903)

Zeitzone in Windows 10 Datumsanzeige
(Time zone in Windows 10 date dialog box)

In the two screenshots above you can see the time zone setting of Windows 10 Version 1903 in the Settings app and in the Properties window Date and Time. The two settings are identical.

Zeitzone von Systeminfo
(Time zone of system info in Windows 10 V1903)

On the other hand, if you query the system info in Windows 10 via systeminfo.exe, it returns a slightly different value (Amsterdam is missing). The blog reader noticed this with the Windows 10 version 1903 Build 18362.175 and writes: With Windows 10 1703 this was still correct. I checked it at build 18362.329, so the information seems nor correct.

#2: Trustable websites not definable in IE settings

Internet Explorer has problems adding certain Web pages to the list of trusted Web pages. Reto writes that *.amazonaws.com cannot be added to the trusted pages.

(Click to zoom)

A strange error message. But it’s even more crude – if you type an incorrect URL, it’s assumed. The URL *.amazonaws1.com can be added – I was able to verify that.

(Click to zoom)

Reto writes about it: A rogue, who thinks that the competition should be locked out. On Windows 8.1, both still work.

#3: Data Execution Prevention Turns Off

In Windows, data execution prevention can be used to protect against viruses or malware. Windows 10 version 1903 has problems. Reto writes:

For security reasons I activate the data execution prevention since Windows XP for all programs. After each upgrade, the less secure default setting is active again.

Datenausführungsverhinderung

#4: Alt-D no longer works in German registry editor

In Windows 10 V1903 there is a localization error in the German registry editor. Reto writes about it:

Since the registry editor has an address line you can’t call the file menu with ALT+D anymore.

MS also uses ALT+D in the English version of the Explorer for the address bar.

With the German version ALT+E is used in the Explorer to prevent the collision with ALT+D for the file menu.

Unfortunately MS has not adapted this for the address line in Regedit.

Registrierungseditor

Not a drama, but also not really nice when the bugs are reported in the feedback hub, but nobody cares. In part 2 I pick up further inconsistencies.

Windows Update [German]As of September 10, 2019, Microsoft released security updates for Windows clients and servers, Office, and more. Here is a compact overview of these updates.

A list of the updates can be found on this Microsoft page. Details about the update packages for Windows, Office etc. can be found in separate blog posts.

Servicing Stack Updates

Microsoft now publishes an overview of all current Servicing Stack Updates (SSUs). The list of SSUs can be found at ADV990001.

Notes on updates

All Windows 10 updates are cumulative. The monthly Patchday update includes all security fixes for Windows 10 and all non-security fixes up to Patchday.

From March 2017 a Delta package for Windows 10 version 1607 and newer is available in the Microsoft Update Catalog. This delta package contains only the delta changes between the previous month and the current version. .

In addition to the security patches for the vulnerabilities, the updates include defense-in-depth updates to improve security.

Updates can also be downloaded from the Microsoft Update Catalog. Updates for Windows RT 8.1 and Microsoft Office RT are only available through Windows Update. Information about the support period for Windows 10 can be found in the Windows Lifecycle Facts Sheet.

Internet Explorer 11 will be available on Windows Serverv 2012 from May 2019. This configuration is available only through the Cumulative Update for IE. .

The September 2019 security updates cover 85 vulnerabilities, of which 19 are classified as “critical”, 65 as “important” and one as “moderate”. There is also a critical note related to the latest update to Adobe Flash Player. Talos has published a summary here. According to askwoody.com, two vulnerabilities are ‘known’ and two are already attacked (but requires the attacker to be locally active). There is also a fix for the bug in the Windows 10 V1903 search and the high CPU load by Cortana (see also my old article Windows 10 V1903: Search and Cortana bug in Update KB4512941 confirmed (09/05/2019), where a fix was promised).

Critical Security Updates

Internet Explorer 11
ChakraCore
Microsoft Edge
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server
Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core Installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Lync Server 2013
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Project 2010 Service Pack 2 (32-bit editions)
Microsoft Project 2010 Service Pack 2 (64-bit editions)
Microsoft Project 2013 Service Pack 1 (32-bit editions)
Microsoft Project 2013 Service Pack 1 (64-bit editions)
Microsoft Project 2016 (32-bit edition)
Microsoft Project 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
.NET Core 2.1
.NET Core 2.2
ASP.NET Core 2.1
ASP.NET Core 2.2
ASP.NET Core 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8
Rome SDK 1.4.1

Important Security Updates

Microsoft Access 2010 Service Pack 2 (32-bit editions)
Microsoft Access 2010 Service Pack 2 (64-bit editions)
Microsoft Access 2013 Service Pack 1 (32-bit editions)
Microsoft Access 2013 Service Pack 1 (64-bit editions)
Microsoft Access 2016 (32-bit edition)
Microsoft Access 2016 (64-bit edition)
Microsoft Exchange Server 2016 Cumulative Update 12
Microsoft Exchange Server 2016 Cumulative Update 13
Microsoft Exchange Server 2019 Cumulative Update 1
Microsoft Exchange Server 2019 Cumulative Update 2
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017
Microsoft Visual Studio 2017 version 15.9
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2019 version 16.2
Yammer for Android

Moderate Security Updates

Internet Explorer 9
Internet Explorer 10

Similar articles:
Microsoft Office Patchday (September 3, 2019)

Windows Update [German]On September 10, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support to successfully install the security updates.

KB4516065 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4516065 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes and addresses the following items:

Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Kernel, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server.

In addition to the many unnamed vulnerabilities, the update once again addresses vulnerabilities caused by speculative side-channel attacks. This update is automatically downloaded and installed via Windows Update. The package is also available via Microsoft Update Catalog and again distributed via WSUS. The installation requires that the latest SSU (KB4516655) is already installed. If you install it via Windows Update, it will be installed automatically.

Since August 2019, the SHA-2 update (KB447444419) must be installed before installing this security update. This update will only be delivered via SHA-2 Code Signing for Windows Update and WSUS.

For this update, Microsoft lists the known issue that users may receive an error when opening or using the Toshiba Qosmio AV Center after installing this update. Errors may also occur in the event log associated with cryptnet.dll. Microsoft is working with Toshiba to resolve this issue and will provide a fix with upcoming updates.

But there is a second problem: VBScript in Internet Explorer 11 should be disabled by default after installing KB4507437 (preview of monthly rollup) or KB4511872 (Internet Explorer cumulative update) and later. Under certain circumstances, however, VBScript may not be disabled as intended. The KB article contains instructions on how to solve the issue.

KB4516033 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4516033 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the same issues as Update KB4516065 (see above). The update is available via WSUS or in the Microsoft Update Catalog. If you install the update, you must first install the latest Servicing Stack Update (SSU) (see above). You should also install the security update KB4516046 or IE. In this update, Microsoft lists the same Toshiba AV Security Center issues as for update KB4516033.

Updates foür Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4516067 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4516067 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following istems.

Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
Security updates to Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server.

This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog For manual installation, the latest Servicing Stack Update (SSU) must be installed first.

The update has a known problem: Certain operations, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.

KB4516064 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4516064 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same points as update KB4516067. The update is available via WSUS or via the Microsoft Update Catalog. The update also has known issues that are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed beforehand. For this update, Microsoft lists the same issues as for update KB4512488. You should also install the KB4516046 update for IE.

[German]On September 10, 2019 (the second Tuesday of the month, Patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds. For example, an update fixes the Cortana/Search bug in Windows 10 V1903. Here are some details about each update.

For a list of updates, visit this Microsoft Web page. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Updates for Windows 10 Version 1903

The following updates are available for Windows 10 May 2019 Update (Version 1903).

Update KB4515384 for Windows 10 Version 1903

Cumulative Update KB4515384 raises the OS build to 18362.356 and is available for Windows 10 Version 1903 and Windows Server Version 1903 (and Hololens). It includes quality improvements but no new operating system features. Here is the list of improvements, this time called highlights by Microsoft:

Updates to improve security when using Internet Explorer, Microsoft Edge, networking technologies, and input devices such as a mouse, keyboard, or stylus.
Updates for verifying user names and passwords.
Updates for storing and managing files.

The following fixes and improvements have been added to the Windows version

Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
Addresses an issue that causes high CPU usage from SearchUI.exe for a small number of users. This issue only occurs on devices that have disabled searching the web using Windows Desktop Search.
Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Wireless Networking, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.

In addition to the many unnamed vulnerabilities, the update once again addresses vulnerabilities caused by speculative side-channel attacks. The update also contains the fix for the bug in the Windows 10 V1903 search which causes a high CPU load by Cortana (see also my old article Windows 10 V1903: Search and Cortana bug in Update KB4512941 confirmed (09/05/2019) where a fix was promised). But I got already a feedback from a German reader, that the broken Bing search hasn’t been fixed on all machines.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available from Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft does not specify any known issues for the update.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (version 1809) and Windows Server 2019.

Update KB4512578 for Windows 10 Version 1809

Cumulative Update KB4512578 raises the OS build to 17763.737 and includes quality improvements but no new operating system features. Here is the list of improvements, this time called highlights by Microsoft:

Updates to improve security when using Internet Explorer, Microsoft Edge, and input devices such as a mouse, keyboard, or stylus.
Updates for verifying user names and passwords.

The following fixes and improvements have been added to the Windows version:

Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Fundamentals, Windows Authentication, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.

Again, the update addresses vulnerabilities caused by speculative side-channel attacks. This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists several known issues that the update causes. See the KB article for details.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 April Update (version 1803).

Update KB4516058 for Windows 10 Version 1803

Cumulative Update KB4516058 contains quality improvements but no new operating system functions and raises the OS build to 17134.1006. Here is the list of improvements, called highlights by Microsoft:

Updates to improve security when using Internet Explorer, Microsoft Edge, and input devices such as a mouse, keyboard, or stylus.
Updates for verifying user names and passwords.
Updates for storing and managing files.

And here is the list of additional fixes and changes:

Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
Security updates to Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, Windows Server, and Microsoft Edge.

This update is automatically downloaded and installed by Windows Update. This update is also available from Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists two known issues that the update causes in the KB article.

Updates for Windows 10 Version 1507 till 1709

For Windows 10 RTM up to version 1709 different updates are available for the LTSC versions and Enterprise versions. Here is a short overview.

Windows 10 Version 1709: Update KB4516066 is only available for Enterprise and Education. The update raises the OS build to 16299.1387. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
Windows 10 Version 1703: Update KB4516068 is only available for Enterprise and Education. The update raises the OS build to 15063.1988. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
Windows 10 Version 1607: Update KB4516044 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to14393.3204. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
Windows 10 Version 1507: Update KB4516070 is available for the RTM version (LTSC). The update raises the OS build to 10240.18333. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, also on known problems, can be found in the KB article. Details can be found in the KB article.

There was no update for Windows 10 V1511, because this version was dropped from support. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

[German]In Windows 10 May 2019 Update (Version 1903), Microsoft has introduced some update control features. In connection with update KB4512941 I noticed some inconsistencies. Therefore I summarize some things, associated with the question whether someone can confirm the observations.

First of all: This is only about people who use Windows Update to provide patches, WSUS & Co. are left out.

Update Control in Windows 10 Version 1903

In Windows 10 Version 1903, Microsoft has included two options for controlling updates in the Windows Update Client. Starting with this version of Windows, Microsoft offers users the option to defer quality updates by 5 x 7 days (35 days) in all versions.

(Update options in Windows 10 V1903)

n Advanced options an option to pause updates from the screenshot shown below are visible. Currently I have this screenshot only in German – but you can see the list box to select a date until updates are paused.

Erweiterte Update-Optionen in Windows 10 V1903
Advanced update options in Windows 10 V1903

Starting with Windows 10 May 2019 Update, Version 1903, Microsoft provides users with the ability to defer quality updates by 5 x 7 days (35 days) in all versions. This is positive, I had described this in the German article Windows 10 Mai 2019 Update mit Update-Kontrolle. At the same time Microsoft has introduced a second, positive feature. Feature updates can be postponed by the user until shortly before the end of the support period.

Funktionsupdates ab Windows 10 Mai 2019 Update
(Feature Update to Windows 10 May 2019 Update, Click to zoom)

To start the installation, click to the Download and install now hyperlink shown in the above dialog box. All in all a paint solution and documented by Microsoft (see my blog post Windows 10 May 2019 Update brings back Update control).

Is there control for optional updates?

In the meantime, people have observed that Microsoft has also used the approach for feature updates in Windows 10 Version 1903 for the optional update KB4512941. In my German blog post Windows 10 V1903: Update KB4512941, KB4515530 (30.8.2019) I used the following screenshot that was sent to me by readers.

Windows 10 V1903 Update KB4512941

Update KB4512941 is optional and is not automatically downloaded and installed by Windows Update if the user seeks for updates. The user must explicitly initiate the download via the Download and install now hyperlink.

I had already mentioned it within the blog post Windows 10 19H2: What could change. The background could be that Windows 10 19H2 is rolled out as an ordinary update on machines with Windows 10 version 1903 (only older builds get a feature update). So Microsoft had to implement a mechanism that allows the user to defer the update. However, I don’t know of any Microsoft document that explicitly describes this.

Oddity #1 during update installation (KB4512941)

German blog readers reported here and here that update KB4512941 had to be manually triggered for download and install by clicking the hyperlink Download and install now. But after uninstalling this patch, the update was automatically downloaded and installed again.

I actually had to uninstall the KB4512941 update twice. The first time I installed KB4512941, I had started the search for updates myself and clicked on Download and install.now. After that I noticed the high CPU load. […]

Because of the CPU load I decided to uninstall the update anyway. After the restart the KB4512941 was downloaded and installed automatically.

This is of course bad what Microsoft has implemented. People then had to do this:

Pausing the installation of updates (for 35 days) to block the immediate reinstallation.
Then manually uninstall the KB4512941 update to correct the problem.

To permanently block the installation of the update, Windows 10 Home will not get around using the wushowhide.diagcab (KB3073930) blocking tool.

Windows 10: Update blockieren

How exactly this works is described in the blog post How to block Windows 10 updates. But I got reader feedback, that the tool didn’t find the update package.

Oddity #2 during update installation (KB4512941)

I myself came across the curiosity number 2 when I wanted to install the update KB4512941 on my test machine. I was not offered the possibility to download the update via hyperlink.

Windows 10: Nach Updates suchen

When I opened the Windows Update page, I was not offered any updates (see picture above). Then I offered to search for optional updates so that the optional update could be offered. This seemed to have worked, but I was perplexed to find out that I was offered the following display.

Windows 10 V1903 Update KB4512941

According to the screenshot above, the optional update KB4512941 was downloaded and installed without further user action. So nothing with Download and install now. However, I have to note that the test machine was in the release preview ring at that time.

The latter two peculiarities raise questions from my point of view. Does the update installation behave differently when I’m in the release preview ring? Or is Microsoft once again doing A/B tests with the optional update KB4512941, so that only some people get the option to trigger the download of the update via hyperlink?

The latter option would explain to me why so many users were suddenly caught cold by the Cortana/search bug. Also the observation that this update installs immediately after a one-time installation is cheese. Would it mean at the end of the day that the process that Microsoft programmed to install the update produces different results? Hence the question: Has anyone had similar experiences and can this be confirmed?

Microsoft has released the Windows 10 Insider Preview Build 18980 (from development branch 20H1) for Windows Insider in the Fast Ring on September 11, 2019. This build should lead to another function update in spring 2020. For the first time, the names for this spring update have also become known.

The announcement with details about new features/changes and bugs can be found in the Windows Blog. Cortana has been reworked once again. Insiders can now find Cortana as an app (supports English only) and as an icon in the taskbar. Furthermore, support for ARM64 devices has been added to the Windows Subsystem for Linux (WSL).

Windows 10 optionale Features (Source: Microsoft)

A further improvement concerns the Settings app, whose section for optional functions has been revised. New entries, checkboxes for multiple selection and a search field have been added. Here is the list with further changes:

There was an upgrade block on the previous flight in order to ensure that Insiders with certain versions of Outlook weren’t impacted by an issue in the build, which resulted in some insiders not finding the build when they checked for updates last week. This has been removed with this flight.
We fixed a deadlock in netprofmsvc.dll that was occurring in recent builds. Symptoms for those impacted potentially included upgrade to the build freezing at 98%, or (if you were able to upgrade,) various aspects of the system unexpectedly freezing and becoming unresponsive.
We’ve done some work to help address an issue where Outlook wouldn’t launch if you clicked an incoming email notification.
We fixed an issue impacting touch keyboard reliability in recent builds.
We fixed an issue impacting WIN+(Period) reliability.
We’ve made the decision to return to the retail build version of the Korean IME while we work on addressing feedback Insiders shared with us about the updated IME experience.
We fixed an issue impacting screen snipping reliability in the last few flights.
We fixed an issue that could result in the login screen acrylic on the previous flight sometimes unexpectedly showing squares around UI elements.
We fixed an issue that could result in certain app thumbnails going unexpectedly blank when you right-clicked them in Task View.
We fixed an issue where removable devices were erroneously labeled as HDD in Task Manager’s performance tab. They will now be labeled Removable.
As some Insiders have noticed, to give you the option to save disk space if needed, we’ve converted MS Paint and WordPad into Optional Features. You can choose to uninstall them or reinstall them via Optional Features in Settings.
We’ve made some adjustments to help improve performance of the Apps & Features page in Settings when searching.
We fixed an issue that could result in Settings crashing when updating your account picture.
Ease of Access settings are no longer participating in settings synchronization (roaming). Accordingly, we have now removed the Ease of Access toggle in Settings > Accounts > Sync your settings.
Magnifier reading now works better in applications like Google Chrome and Firefox.
Magnifier reading no longer clicks the application when using the “Read from here” button or the Ctrl + Alt + Left Mouse Click keyboard shortcut.
We fixed an issue where the text cursor indicator would not display when switching between left-to-right and right-to-left languages.
We fixed an issue where the text cursor indicator would sometimes appear on read-only areas of the screen.
We fixed an issue where the text cursor indicator would appear over the Start menu instead of staying in the Search edit box after typing text in the Search edit box.
Improved the ability of reading the title of the window with Narrator while reading messages in Outlook.
Improved auto-reading in Outlook with Narrator to make it more reliable.
Made changes to more reliably read the message headers using Narrator while reading when using the Shift + Tab command while in Scan Mode.
Improved the verbosity of Narrator when reading lists at verbosity level one.
We fixed an issue where an edit field on some webpages was not getting properly updated on a configured braille display when editing the contents with Narrator.
We fixed an issue where certain Local Experience Packs (LXPs) may revert to English.
We fixed an issue resulting in certain Wi-Fi adapters not being able to load (code 10 error) after upgrading from a previous release of Windows and needing to be disabled and re-enabled for it to work.

The list of known issues is also long.

The Reset this PC cloud download option is not currently calculating the correct amount of space you need to free up if you do not have enough disk space to proceed. To work around this until the fix is available, free up an extra 5GB beyond what is prompted.
The Reset this PC cloud download option is not currently working when specific optional features are installed. The process will begin, but an error will occur and roll back the changes. To work around this issue, remove the optional features before trying the cloud download option. We’ll let you know once this issue has been resolved. The optional features are: EMS and SAC Toolset for Windows 10, IrDA infrared, Print Management Console, RAS Connection Manager Administration Kit (CMAK), RIP Listener, all RSAT tools, Simple Network Management Protocol (SNMP), Windows Fax and Scan, Windows Storage Management, Wireless Display, and WI SNMP Provider.
There has been an issue with older versions of anti-cheat software used with games where after updating to the latest 19H1 Insider Preview builds may cause PCs to experience crashes. We are working with partners on getting their software updated with a fix, and most games have released patches to prevent PCs from experiencing this issue. To minimize the chance of running into this issue, please make sure you are running the latest version of your games before attempting to update the operating system. We are also working with anti-cheat and game developers to resolve similar issues that may arise with the 20H1 Insider Preview builds and will work to minimize the likelihood of these issues in the future.
Some Realtek SD card readers are not functioning properly. We are investigating the issue.
We are looking into an issue where, after updating to this build, adding a new Language Pack reports successful installation but is not installed.
Certain 2D apps (like Feedback Hub, Microsoft Store, 3D Viewer) are incorrectly being treated as having protected content within Windows Mixed Reality. During video capture, these 2D apps block their content from being recorded.
When capturing a repro video while filing a bug via Feedback Hub in Windows Mixed Reality, you won’t be able to select Stop video, due to the protected content issue noted above. If you want to submit a repro video, you will need to wait 5 minutes for the recording to time out. If you’d like to file the bug without a repro video, you can close the Feedback Hub window to end the recording and resume filing your bug when you reopen the app in Feedback > Drafts.

Tero Alhonen found hints for the new name of Windows 10 20H1, which will become Version 2003 and may be called as ‘Windows 10 May 2020 Update’:

Windows 10 May 2020 Update pic.twitter.com/0pWIaFIhn6

— Tero Alhonen (@teroalhonen) September 11, 2019

The development branch runs internally under the code name Vibranium – but who cares. A list with all released Windows Insider-Preview versions including date and ring can be found in the Flight Hub. An overview of what functions were introduced in which insider build can be found on this page.

There is currently a rumor that Microsoft is already distributing the Windows 10 Version 1909 (Fall 2019 Update) to Windows Insiders in the Release Preview Ring.

The whole thing came under my eyes on Twitter in the tweet below. The person has posted a screenshot.

#windows10 1909 Available on Release Preview Ring! @thurrott @maryjofoley pic.twitter.com/siQK2AziHX

— Shawn Fagan (@fagansc) September 11, 2019

It can be seen that this build comes as an optional update (if you are using Windows 10 V1903, which is currently the case for Windows Insiders). However, the 19H2 is not yet widely distributed. I mentioned this in the blog post Windows 10 Insider Preview 19H2 Build 18362.10019. Windows 10 Insider Preview Build 18362.10019 is generally released in the Slow Ring. For Windows insiders using Windows 10 19H1 (Version 1903) in the Release Preview Ring, the new build may also be rolled out. Microsoft is doing a test there again, where Windows insiders who are in the release preview ring are offered Windows 10 19H2 (version 1909) as an optional update when searching for updates (10% get this build automatically offered). The user need (like other feature update) click a link to download and install.

[German]Another addendum: Microsoft has confirmed problems with the update KB4515384 of September 10, 2019 in a support article. Specifically, a broken start menu and a not working search are addressed.

Update KB4515384 intended to fix SearchUI issues

On September 10, 2019, Microsoft released the KB4515384 cumulative update. The ‘High CPU load caused by SarchUI.exe’ item is also explicitly listed in the list of fixed issues. I had pointed this out in the blog post Patchday: Windows 10 Updates (September 10, 2019).

The support article for update KB4515384, still states that no issues are known. I had checked explicitly an hour ago when I wrote the German blog post Windows 10 V1903: Fix für kaputte Suche nach Update KB4515384.

Users report problems

Comments from my German blog readers indicates, that Microsoft’s update KB4515384, ‘didn’t fix the bug with Cortana and the empty search window’. The high CPU load was gone, but the desktop search didn’t work. There was also feedback on the blog post that the search still didn’t work.

I proposed within my German blog post Windows 10 V1903: Fix für kaputte Suche nach Update KB4515384 to launch an administrative command prompt windows via Run as administrator and execute a system file check with sfc /scannow. That helped in a few cases, but not for all affected users. Some users could run a desktop search with Bing search disabled, whilst others need to activate Bing websearch for desktop. My impression is, that the issue and the success of a repair depends from the system’s history.

But there has been a 2nd issue reported from a blog reader. In his comment the reader reports that they have a broken start menu on many systems:

We also have problems with this update again with many PCs that after the installation of KB4515384 display the message that the start menu doesn’t work anymore. This seems to happen only on PCs where Powershell apps have been removed. Is anyone still struggling with this behavior? In the beginning we tried to uninstall all pre-installed apps with Powershell until we gave up.

I had mentioned in the past, that repairing apps with removing entries with powershell may result in issues. But that was related to old Windows 10 builds. The blog reader above left a link to this thread at reddit.com, where other users are describing Startmenu issues after installing KB4515384

KB4515384 – Anyone else having Start Menu issues?

Thought I would give KB4515384 a shot on a spare test computer (released today, yeah I’m brave). Now, when I type in something to the start menu to bring up a program, it does absolutely nothing.

Anyone else having the same?

Edit: I uninstalled it and the problem went away.

Uninstalling cumulative update KB4515384 fixed that broken Startmenu issue.

Microsoft confirms the issues

Well, it depends, which Microsoft article you read. As mentioned, the support article for update KB4515384 says ‘Microsoft is not currently aware of any issues with this update.’ – Sept. 12, 2019, 01:18 p.m. CET. So, if someone is negating any issue with Windows 10 and update KB4515384, use the support article as ‘proof’ your right.

But hey, you can also use the idea of simply asking another oracle. And the status page for Windows 10 version 1903 lists the following findings from Microsoft.

Some users report issues related to the Start menu and Windows Desktop Search

Microsoft has received reports that some users are having issues related to the Start menu and Windows Desktop Search.

Affected platforms:

Client: Windows 10, version 1903

Next steps: We are presently investigating and will provide an update when more information is available.

The colleagues here became aware of this entry. Microsoft confirms that the KB4515384 update has caused problems with the Start menu and desktop search for some users. It is being investigated and more information will be provided in in future.

[German]It seem update KB4515384, which was rolled out on September 10, 2019 for the Windows 10 May 2019 update (version 1903), causes audio problems for some people. Audio quality is reduced because bass notes are missing.

Audio quality is lost in games

It’s a strange story that came to my attention yesterday on the Internet and through this comment. After installing Update KB4515384 on Windows 10 Version 1903, players are experiencing audio problems. Specifically, people notice a significant deterioration in audio quality. On reddit.com a user reports his experiences:

KB4515384 (September 10) caused significant decrease in audio quality in 3D games

Basically title. IDK what is wrong with it, but with KB4515384 my in-game sound lost all bass notes. It didn’t affect video player, audio player or browser. Uninstalled it – sound in games went back to normal. Just leaving it here, maybe it will help somebody with the same issue.

After installing the update KB4515384 under Windows 10 Version 1903 the user has lost all basses in his games. As soon as he uninstalls the update, the audio output is available again in the usual quality.

Other users report that some games are suddenly quieter than the audio output before the update was installed. Other players complain about a ‘washed-out’ sound in the audio output. Another user writes that certain sound effects ‘oscillate’ wildly between channels (of the headphones).

In Microsoft Answers forum a user complains about a ‘lost’ Realtek sound card driver after installing this update. It is currently unclear to me how many users are affected by this.

Different workarounds can help

Besides uninstalling the update, some people have found workarounds that help. However, there is no universal solution that applies to everyone.

Within the reddit.com thread a user reports that resetting the sound output to 16 bit, 44100 Hz (CD quality) has solved the problem for him. Other users were not successful, but were able to solve the problem with other frequencies (96000 Hz).
An affected person who complained about a volume reduction was able to increase the volume again by deactivating the sound effects during output. Another user disabled an Enhancements option and was successful.
One user switched to the ‘Virtual Sound’ setting to get a reasonably tolerable audio quality.

Windows Latest has some step by step explanations, how to change audio settings. Also the update of a USB audio driver came under my eyes as a fix. The following links deal with other problems that some users are struggling with despite installing the update.

[German]Microsoft surprisingly released another update for the Windows 10 May 2019 Update (Version 1903) on September 12, 2019. However, this update is undocumented and very mysterious. Here is some information.

The information reached me via this German comment. But Microsoft hasn’t documented anything about update KB4516421 yet, a KB article doesn’t exist yet. I then checked my test machine and asked it to search for updates. The update was not offered there.

I have included then the machine into the Release Preview Ring, but I am not offered an update there either. In the Microsoft Update catalogue there is also no trace of this update to be seen. First I thought it could be another A/B test, which Microsoft runs with Windows Insiders. But the the German blog reader wrote, that the Update has been offered via WSUS.

Update KB4516421
(Source: tensforum)

Seaching the internet for Update KB4516421 brought me to this post within the tensforum. The update has been offered that user via Windows Update (see above screenshot). But the post didn’t reveal more information either. My German tipster wrote here, that he found the file uac2formatreset.exe within the update package.

I did not find anything about this file name on the Internet. So following considerations are most speculative. We have audio issues in Windows 10 V1903 (see). There are USB Audio Class 2 devices and corresponding drivers to transfer audio signals via USB. Maybe Microsoft is experimenting with a fix for audio issues.

If I gain further insights, I will try to add them here.

Update search broken?

During my quick tests this morning, I noticed something else. Yesterday I deactivated the web search and Cortana via group policies and deactivated Bing directly via registration entry on my test machine (I was experimenting with the Bing desktop search issue). When I started a search for new updates this morning (without being in the Insider program), the update client suddenly shows a nearly empty Update Settings window.

Windows 10 Update-Client kaputt?

All options was suddenly gone. And I wasn’t able to get it back refreshing the window. After I deleted the group policies again and updated the changes thing with:

gpupdate /force

the vanished options came back. I could check again for updates and the options to defer updates are remain within the window. Could be a coincidence, because the machine lags from time to time for half a second. I didn’t test how reproducible this is, and if group policies matters. But that’s strange – hence the question: Has anyone else stumbled across this phenomenon of the empty Windows Update page?

win7 [German]Microsoft has released a security-only update as of September 10, 2019. The Security-only update comes again with telemetry on board. Here is a review of what is known so far.

I had described the updates in the blog post Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019).

Telemetry on board

For years, the rollup updates for Windows 7 were equipped with telemetry functions, but the security online updates were telemetry-free. Under WSUS, these updates are offered as standard anyway and installed in corporate environments.

Users who didn’t want any new telemetry functions, but are dependent on Windows Update, have manually installed the Security-online Updates. Unfortunately this model died. Already in July 2019 update KB4507456 comes with telemetry. I had reported in the blog post Windows 7 Update KB4507456 (security only) with Telemetry. The Security-only Update from August 2019 was shipped without Telemetry.

Security-only Update KB4516033 with Telemetry again

Shortly after the release of the updates I received a mail from blog reader Christoph W. with a hint to the telemetry functions in the security-only update KB4516033.

I just found out that on patchday under win 7 MS a new version of “CompatTelRunner.exe” was added! (firewall reported)

Christoph ran ZoneAlarm as a firewall, so one of them got a message. German blog reader Bolko also left a comment with details (thanks).

The security-only update KB4516033 contains telemetry again:
– appraiser.dll
– CompatTelRunner.exe
– diagtrack.dll
– DiagTrackRunner.exe

Previously, these files were included in the KB2952664 update.

This is of course a nasty situation. Apparently Microsoft want to find out why the machines aren’t being updated – at least that’s the only explanation I can think of.

Disable the Telemetry

The telemetry features have, besides the often unwanted data collection, the often unpleasant side effect that TrustedInstaller.exe causes a high CPU load (see this thread to Windows 8.1) or lead to problems. Some blog readers gave hints on how to disable the telemetry functions under Windows 7.

Disable Task in Task Planner

Bolko gave the tip in the comment here, to check in the task planner in the branch:

\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser

whether the task is switched off. If the task is activated, the programs CompatTelRunner.exe and DiagTrackRunner.exe run daily, which collect the telemetry data and upload it to Microsoft.

You can open the entry by double-clicking it and then click on the Delete button on the Trigger tab to cancel the task. Or you can select Edit and uncheck the Enabled checkbox in the Edit Triggers dialog box.

Task deaktivieren

Then at least the task is no longer executed.

Deactivate service

Blog reader Christoph W. suggests stopping and deactivating the Diagnostic Tracking Service in question.

It is better to disable telemetry. Several steps are necessary:

1) Stop and deactivate the Diagnostic Tracking Service under the services.

2) Check in the registry whether it was successful. So check, if the entry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack
contains an entry “Start”.

Meaning of the values: 2 (automatic), 3 (manual) and 4 (deactivated)

3) Start editor for local group policies with gpedit.msc as admin.

Activate the entry “Deactivate application telemetry” under Administrative Templates > Windows Components > Application Compatibility.

Under Administrative Templates > Windows Components > Ease of Use Program: Disable Both Entries

At askwoody.com there is this post, that deals also with this telemetry topic. Also the article here discusses several workaround to deactivate telementry. It’s also possible, to use Software Restriction Policies to block CompatTelRunner.exe.

[German]A brief question, if anyone else has observed this. I just received the information that Windows 10 Enterprise LTSC installations were offered again a new feature update. It’s no big deal, the update is not installed, but it’s confusing. And it seems that this repeat itself sporadically since the June 2019 incident – I now have reports from August and September 2019 incidents.

Windows 10 LTSC versions, what it means

The abbreviation LTSC stands for Long-Term Servicing Channel (formerly also referred to as Long Term Servicing Branch (LTSB)). This is a long-term support version of Windows 10 based on the Enterprise edition. The LTSC version doesn’t provides features like Cortana, Edge and the UWP apps (everything Microsoft likes to update in Windows 10).

Microsoft is committed to providing bug fixes and security patches for each LTSC version over a 10-year period. Instead of releasing feature updates every 6 months, Microsoft releases a new Windows 10 Enterprise LTSC version every 2-3 years. Companies can install these new LTSC versions optionally as in-place upgrades on a machine – whereby the license conditions of Microsoft are to be considered then (only with a software maintenance contract an upgrade is covered – in other cases a new license would have to be bought).

Microsoft has planned the LTSC versions for scenarios where nothing changes to Windows 10 (e.g. in devices, ATMs etc.), but not for office environments. In such environments, feature updates for new LTSC versions are not offered within the the 10-year lifecycle, that’s the deal.

LTSC version	Windows 10 pendant	Release
Windows 10 Enterprise 2015 LTSC	Windows 10, Version 1507	7/29/2015
Windows 10 Enterprise 2016 LTSC	Windows 10, Version 1607	8/2/2016
Windows 10 Enterprise 2019 LTSC	Windows 10, Version 1809	11/13/2018

According to this website Microsoft has so far released the LTSC versions listed within the table above. The left column shows the LTSC names, while the middle column shows the Windows 10 counterpart on whose code basis the LTSC version is based.

The incident in June 2019

It was a crude story that took place in June 2019: Administrators and users operating a Windows 10 Enterprise LTSC 2019 in the corporate environment were suddenly surprised to find that the machines were offered a functional update to the Windows 10 May 2019 Update (Version 1903).

From the kernel point of view this would make sense, as the Windows 10 Enterprise LTSC 2019 is based on the development branch for Windows 10 October 2018 Update (Version 1809). But LTSC versions, according to my explanations above, don’t get any function updates.

I had reported about this incident in June 2019 in the blog post Crazy: Windows 10 Enterprise LTSC 2019 offered a feature update to 1903. Anyone who initiates the download and installation of the feature update via the link on the Windows Update page is relieved to find out that nothing is happening. Windows 10 Enterprise 2019 LTSC notices that something is wrong and downloaded nothing. A German user notified me, that the same occurred with his Windows 10 Enterprise LTSC 1607.

The technical explanation at the time was that a bug in the UUP system (Microsoft’s Unified Update Platform) was responsible for this effect. The feature update is displayed but not downloaded and installed. Microsoft solved the issue in June 2019 at short notice, so the faulty feature update disappeared. All in all not a really big deal, but confusing for those concerned. That’s why I posted it in the blog at the time.

Does the effect occur repeatedly?

The exciting question is whether we are dealing with a repeating issue? Already in August 2019 there was this comment claiming the same.

Sorry for coming back onto this topic…just today setting up a new machine with Win 10 LTSC based on the .316 version and upon requesting further updates, I am being offered again the 1903 feature pack???

Seems like this is recurring to fail and also preventing any other updates from coming through… :-(

Anybody else with the same issue – or having a hint, how to overcome it?

This happened to the user when setting up a new machine. However, there was no further answer to his question as to whether there were any other affected users. At the moment, in September 2019, another reader wrote, that the same thing has just happened to him. He writes:

I am having the same issue on one out of eight identical laptops. No idea how to fix it, though.

It’s probably just a few isolated cases that this happens to. In a follow-up comment EP writes that the user should block the feature update with wushowhide.diagcab from KB3073930. That’s a solution (thanks to EP for that hint). But: how poor has it all become that we now have to use helper tools to block updates that should never end up on a machine because of the missing update control? So here’s the question: Are there any other blog readers who have had this happen?

win7 [German]Microsoft has released a rollup and a security-only update as well as a Servicing Stack Update (SSU) on September 10, 2019. The Security-only update comes with telemetry, the updates may cause installation issues and the SSU has a surprise in its baggage. Here is an overview of what is known so far.

had described the updates in the blog post Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019). Below I try to summarize information, which is I got from readers as comments or which I outlined in other blog posts.

Security-only Update KB4516033 with Telemetry

For years, the rollup updates for Windows 7 were equipped with telemetry functions, but the security-onlye updates were telemetry-free. Users who didn’t want any new telemetry functions installed the Security-online updates. Already in July update KB4507456. was rolled out with telemetry functions surprisingly for me. I had written in the blog post Windows 7 Update KB4507456 (security only) with Telemetry about this fact.

Telemetry is also included with the security-only update KB4516033, released on September 10, 2019. Details about this update including the question what to do against telemetry can be found in the article Windows 7: Security-only Update KB4516033 with Telemetry.

Refreshing the Servicing Stack Update KB4516655

Microsoft has begun rolling out regularly updated Servicing Stack Updates (SSUs) for Windows 7 and Windows 10 at patchday. But Microsoft’s documentation on the updated SSUs is clue less:

This update improves the quality of the service stack, which is the component that installs Windows updates.

Microsoft also strongly recommends that you install the latest Service Stack Update (SSU) before installing the latest Cumulative Updates (LCU). For Windows 7, this would be Rollup and Security-only updates.Microsoft says:

By installing service stack updates (SSU), you ensure that you have a robust and reliable service stack so that your devices can receive and install Microsoft security fixes.

However, with the SSU KB4516655 shipped on September 10, 2019, it was again the case that it was automatically installed after the Rollup update installation. This users to worry, as can be seen in the following comment.

I was offered KB4516655 in Windows Update, when I had already successfully installed the updates KB4516065 – KB4514602 – KB4474419.

I had discussed it in this comment, Microsoft fixes issues with refreshed SSUs. Unfortunately Microsoft doesn’t get it solved that the update client installs the patches in the required order (I mentioned this in the blog post Windows 10: SSU issue addressed in SCCM UserVoice). In many cases the installation goes well and the SSU will be installed on the system afterwards. But in some cases update installation fails because of the missing SSU. Then the SSU installation need to be forced and the user need to wait until the SSU has been installed. Then the failed update has to be re-installed.

The above procedure does not seem necessary for the September 2019 update. That SSU KB451665 does not seem to fix any bugs. German blog reader Bolko has inspected the package and according to his comment here found a new file:

The new Servicing Stack Update KB4516655 contains a file to install the updates from February 2020: ExtendedSecurityUpdatesAI.dll

This file did not exist in the previous Servicing Stack Update KB4490628.

When manually installing an SSU, be aware that no other installation procedures should be performed when installing an SSU.

Revision Version 3 of the SHA-2 update KB4474419

Since August 2019, the SHA-2 update (KB4474419/) must be installed in order to install further updates. In the German comment here blog reader Gerold points out that the SHA-2 update KB4474419 has been refreshed to version v3. Microsoft writes about it:

This security update was updated on September 10, 2019 to include Start Manager files, thereby preventing startup errors on Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2..

Users who experience problems with nonbooting systems after installing Update KB4516065 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) or Update KB4516033 (Security-only Update) should repair the system and then download and manually install the updated SHA-2 Update KB4474419 v3 from the Microsoft Update Catalog. This could also help with other installation problems with the September 2019 Windows 7 updates.

Update installation terminates with error 0x80092004

Within this comment, a user reports that the update installation ends with error code 0x80092004. The error code 0x80092004 stands for CRYPT_E_NOT_FOUND. There are some bugs in the SHA-2/Bitlocker patch environment in imho. I had discussed the problem for August 2019 in the blog post Windows Updates KB4512506/KB4512486 drops error 0x80092004.

[German]A brief information for owners of a Surface RT (or all Surface models with 32-bit Windows 8.1 RT): With update KB4516067 Microsoft has accidentally revoked the certificates so that Internet Explorer can no longer be used.

Update KB4516067 declares certificates invalid

MVP colleague Barb Bowman has pointed in a tweet what happened with update KB4516067 for Windows 8.1 RT.

update kb4516067 breaks IE11 on @Surface RT/Surface 2. need to uninstall and block Windows Updates to recover. Testing seems to be reaching new lows..

— Barb Bowman (@barbbowman) September 12, 2019

ddd

Susan Bradley weist bei askwoody.com ebenfalls auf das Problem hin. Wer das Update KB4516067 installiert, kann anschließend den Internet Explorer 11 nicht mehr für https-Seiten verwenden. Denn das Update zieht alle Zertifikate zurück – wenn der IE 11 ein Zertifikat validieren möchte, ist dieses dann ungültig. Das Ganze wurde im Microsoft Answers-Forum in diesem Thead thematisiert.

Latest Windows update pushed 9/10/19 causes Internet explorer to not run on my surface 2.

Latest Windows update causes Internet explorer to not run on my surface 2. Update was pushed 0n 9/10/19.

Error: The certificate has been revoked by its certification authority. See DefaultBrowser_NopublisherId in event viewer.

I saw that the update pushed a new version of I.E.

Uninstalling the 4 updates fixes the problem. Reinstalling the updates and the problem comes back. Must be a problem with the update. Can’t install a different browser on Windows RT. Update basically turns the surface 2 into a boat anchor. Had to make registry hack to shut off windows update. Why can’t we get help from Microsoft when they break stuff?

The user installed the update KB4516067 issued on September 10, 2019. After that the Internet Explorer threw him an error message of the kind:

The certificate was revoked by his certification authority. See DefaultBrowser_NopublisherId in the Event Viewer.

This affects Surface RT as well as Surface 3 users, as Barb Bowman states in the thread. If we now postulate that Microsoft does not intend to withdraw the Surfaces from use, a bug has slipped into the update. After publishing the German article I received a mail from German blog reader Matthias D. (thank you), who confirmed the issue.

Hello, Günter,

is rather marginal, since Windows 8.1 RT (on Surface 2) is not quite as common, but still does its job for rudimentary tasks.

Since the patchday in September, after the installation of KB4516067 [September 10, 2019-KB4516067 (Monthly Rollup)], the Internet Explorer no longer works (see screenshot); the app-based IE closes without comment.

The problem does not occur on systems with Windows 8.1 x64. Solution: Uninstall KB4516067.

Remedy: Uninstall update and block installation

The remedy is simple under Windows 8 RT or Windows 8.1 RT. You uninstall updates KB4516067 and block it for further installation. This should make Internet Explorer 11 surf again. If this does not help, only a refresh (reset) of the surface with update blockade remains. Barb Bowman also asks the rhetorical question:

.@WindowsUpdate kb4516067 is breaking IE on Surface RT and Surface 2. Trending in Answers forum. How do you test these things? When will there be a fix? These customers are not comfortable uninstalling updates and disabling WU.

— Barb Bowman (@barbbowman) September 12, 2019