[German]The update KB4515384 for Windows 10 Version 1903, released on September 10, 2019 (Patchday), causes some issues that annoy users after install. Microsoft has now confirmed some of these bugs.

Similar to Windows 10 V1809, Microsoft maintains a list of known issues published in the Windows 10 May 2019 Update (Version 1903). This list is available here.

Issues with Wi-Fi

There have long been complaints from users that there are problems with Wi-Fi connections. Already in the blog post Windows 10 V1903: Known Issues – Part 2 I described this as a known bug. Now Microsoft has updated its status page to indicate that the Wi-Fi problem is mitigated. At the same time Microsoft writes that problems have been found with Intel and Broadcom Wi-Fi chips:

Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters

Microsoft and NEC have found incompatibility issues with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903 on specific models of NEC devices. If these devices are updated to Windows 10, version 1903, they will no longer be able to use any Wi-Fi connections. The Wi-Fi driver may have a yellow exclamation point in device manager. The task tray icon for networking may show the icon for no internet and Network & Internet settings may not show any Wi-Fi networks.

So there is a problem with compatibility on certain NEC devices if the above hardware is installed. Then the Wi-Fi functionality disappears during the upgrade. This can be solved by de-activating the WLAN adapter in the Device Manager and then reactivating it. As a precaution, Microsoft has therefore put an upgrade stop on affected NEC devices. In cooperation with NEC, the developers hope to be able to provide a solution in one of the upcoming updates.

However, Microsoft’s comments are only half the truth. At German site deskmodder.de there are some comments that address WLAN problems in UEFI mode with specific hardware constellations..

Start Menu Issues and Broken Search

Update KB4515384 should fix the search broken by the August update KB4512941. However, some users noticed that the search still doesn’t work and that the start menu is broken by the update. The start menu no longer works. The company writes:

Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

Microsoft had already confirmed the error a few days ago (see Windows 10 V1903: Microsoft confirms, that update KB4515384 breaks Start menu and search). Microsoft has relased a troubleshooting article for the Windows search, but I’m skeptical, that this will help. In addition, there are reports that the notification center (Action Center) raises problems and no longer works.

IME hangs and causes high CPU load

A new bug affects the Input Mode Editor (IME) for Chinese languag. This causes a high CPU load in certain situations and the editor no longer responds. It also affects older versions of Windows 10:

• Client: Windows 10, Version 1903; Windows 10, Version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, Version 1803; Windows 10, Version 1709; Windows 10, Version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, Version 1607
• Server: Windows Server, Version 1903; Windows Server, Version 1809; Windows Server 2019; Windows Server, Version 1803; Windows Server, Version 1709 ; Windows Server 2016

Microsoft specifies a workaround on the status page to at least mitigate the problem.

Audio issues with games and USB devices

Some users complain that with the update KB4515384 the audio output of games and various apps becomes quieter. Microsoft confirms this now:

Audio in games is quiet or different than expected

Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.

I had already reported on the problem in the article Windows 10 V1903: Update KB4515384 degrades Audio quality and suggested some workarounds. Microsoft has indicated a workaround on the status page to mitigate the problem and wants to deliver a fix in upcoming updates.

There is also a problem with USB Audio 2.0 multichannel microphones that no longer work. Last week, Microsoft delivered a hotfix to make the affected systems functional again (see Windows 10 V1903: Update KB4516421 (Sept. 12, 2019)).

The effect described by Microsoft in the status page, that the screen gets a red cast on the snipping tool or similar, is related to the Eye Care function of Lenovo Vantage software (see Windows 10 V1903: Red screen tint bug caused by Update KB4512941 or Lenovo Vantage app?) and has nothing to do with Update KB4512941.

Similar articles
Windows 10 Mai 2019 Update released
Windows 10 N: Media Feature Pack for Version 1903 released
Windows 10 V1803 threatens a forced update as of July 2019
Windows 10 V1903: Known Issues – Part 1
Windows 10 V1903: Known Issues – Part 2

Windows 10 V1903: Updates KB4512941 and KB4515530
Windows 10 V1903: Update KB4512941, KB4515530 (08/30/2019)
Windows 10 V1903: High CPU load from Cortana, Search broken, blame August 2019 Updates
Windows 10 V1903: MS investigating the Search/Cortana issue (09/03/2019)
Windows 10 V1903: Review of update KB4512941
Windows 10 V1903: Search and Cortana bug in Update KB4512941 confirmed (09/05/2019)
Windows 10 V1903: Red screen tint bug caused by Update KB4512941 or Lenovo Vantage app?

[German]Administrators who use Microsoft’s Windows Autopilot to set up Windows 10 machines should be aware of the known issues with Windows 10 version 1903.

Microsoft says: Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that’s easy and simple. Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life.

It’s a pretty long list of things that cause trouble under Windows 10 version 1903 in conjunction with Windows AutoPilot. Microsoft employee Michael Niehaus has now published a list in his blog.

Windows Autopilot known issues in Windows 10 1903 https://t.co/YxmGNa0qnD via @mniehaus

— Michael Niehaus (@mniehaus) September 16, 2019

[German]Microsoft has released Defender Antimalware version 4.18.1908.7 (on Sept. 13, 2019). This update should also fix the error when executing the command sfc /scannow. Here is some information about this topic, which has not been documented by Microsoft and is quite confusing.

The colleagues at German site deskmodder.de recently reported that there is an update to the Defender anti-malware engine to version 4.18.1908.7. After I published the German edition of this article two days ago, I received confirmation from my German blog readers, that their machines also got this update. This update should also provide a fix for the problem of not being able to run a system file check for corrupted files will be fixed for all versions of Windows 10..

The sfc bug explanined

In Windows, you can use an administrative prompt to have the system check for corrupted files with the following command.

sfc /scannow

If the command finds corrupted files, the System File Checker (sfc) should be able to repair them. However, it happens again and again that this repair cannot be carried out.

Since July 2019 this did not work under Windows anymore, the command finds broken files but cannot repair them anymore. Analyses showed that a defective Defender signature file was responsible for the failed system file check. I had reported about it within the blog post Windows: July 9, 2019 Updates breaks sfc. Later Microsoft admitted a problem with sfc (see Microsoft confirms July 9, 2019 Updates breaks sfc in Windows).

Microsoft’s Statement

In KB4513240 (System File Checker (SFC) incorrectly flags Windows Defender PowerShell module files as corrupted) Microsoft writes:

The System File Checker (SFC) tool marks files in %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender as corrupted or damaged. You will receive error messages such as the following:

Hashes for file member do not match.

This is a known issue in Windows 10, version 1607 and later, and Windows Defender version 4.18.1906.3 and later. The files for the Windows Defender PowerShell module, which are found in

%windir%\System32\WindowsPowerShell\v1.0\Modules\Defender

are delivered as part of the Windows image. These files are catalogued. However, the Windows Defender management component has a new out-of-band update channel. This channel replaces the original files with updated versions that are signed with a Microsoft certificate that the Windows operating system trusts. Due to this change, SFC marks the updated files as “Hashes for file member do not match”. The repair process then ends with ‘corrupted files found’, without a

Fix already announced in mid-August

I had reported in the middle of August in the article Microsoft fixes the Windows Defender sfc bug (August 2019) that Microsoft wants to fix this issue by updating Windows Defender to version 4.18.1908. At that time I assumed that this update would be rolled out promptly (the colleague from deskmodder.de left a comment, that the Defender update had not yet been shipped at that time). rolled out.

But now: Update to version 4.18.1908.7

The support article KB4513240, last updated on August 2019, states that ‘future versions of Windows will use the updated files in the Windows image’. After that, SFC should no longer marks the files as buggy.

Now the colleagues at deskmodder.de noticed that there was an update to version 4.18.1908.7. But it was a bit confusing, some Windows Insider on Windows 10 19H2 and 20H1  got this update, while user on Windows 10 production version didn’t get it at the time of publishing the deskmodder.de article. I tested it on Sept. 16, 2019 – after several update searches my test machine with Windows 10 version 1903 (in the Windows Insider Release Preview Ring) also got this version. Later German blog readers confirmed, that their production machines got the update on Sept. 17,2019.

How do I determine the anti-malware version?

Finally an information on how to check, which module version of the anti-malware engine is installed on a system. The Windows as a service implementation forced me to search for some time until I found the information.

1. Open the settings page and go to Windows Security. Select the Open the settings page and go to Windows Security. Select the Open Windows Security button. button.

2. Click the Settings icon at the bottom of the left column of the Windows Security window. Then click in the right pane under ‘Settings’ on the hyperlink Info.

While most of the hyperlinks open the Edge, which then searches a branch on meaningless Microsoft help pages, the following display appears at Hyperlink Info.

In fact, version 4.18.1908.7 is displayed there. It remains to be seen whether this really fixes the problem in the signature file check for all systems. On my test system sfc /scannow ran last. But I got feedback from German readers, that the sfc issue still continue. One reader wrote:

If you still get errors, just delete all log files under %windir%\logs\cbs, then sfc finally worked for. In an old log file (approx. 200MB) there were still those Defender entries from previous scans.

BTW: Microsoft’s support article 4052623 describes some details, but the last update of this article was on January 28, 2019.

Similar articles:
Windows: July 9, 2019 Updates breaks sfc
Microsoft confirms July 9, 2019 Updates breaks sfc in Windows
Microsoft fixes the Windows Defender sfc bug (August 2019)

[German]A brief notification to Windows users (Windows 7, Windows 8.1 and Windows 10): Microsoft released this week the anti-malware version 4.18.1908.7, which is used in Windows Defender and Microsoft Security Essentials (MSE). The update of the anti-malware module should fix the issue when running the command sfc /scannow in Windows 10. But the update has broken the ability to Microsoft’s antivirus solution, to scan files. A quick scan is now really quick – it ends after seconds and scans just five to 64 files.

Some Background: The Defender Antimalware-Update

Earlier this week Microsoft released a silent update of the Defender antimalware engine to version 4.18.1908.7. The update had been expected by me for a long time to fix the issues in the system file check caused by July 2019 updates.

I had reported in the mid of August in the article Microsoft fixes the Windows Defender sfc bug (August 2019) that Microsoft intends to fix this issue by updating Windows Defender to version 4.18.1908. At the beginning of this week (6 weeks after Microsoft’s announcement) Redmond started silently the distribution of anti-malware module version 4.18.1908.7. I had reported about this in the blog post Defender Antimalware Version 4.18.1908.7 released. On September 16, 2019, Microsoft released update KB4052623 with anti-malware module version 4.18.1908.7 for all Windows versions in the Microsoft Update Catalog.

MSE/Defender scan finished after a few seconds

Microsoft has smuggled a friendly bug onto the system. If you use Windows Security in Windows 10 (or Microsoft Security Essentials in Windows 7 SP1) and start an antivirus scan, this process ends after a few seconds. Between five and 64 files (depending on your system) will be checked. I just tested it in Windows 10 using the following steps (the screenshots are obtained from my German Windows 10 V1903 system).

1. Open the settings page via start menu and go to Windows Security category. Select the button Open Windows Security.

2. In Windows Security window, select the Quick Scan button (see the next but one figure below) to initiate a scan of the system.

Windows Security will show the estimated time and progress of the scan (see screenshot above). It should be about 37 minutes for the quick scan on my test system.

But in the screenshot above you can see that this check is finished after a few seconds and a scan of five files. After updating the Defender antimalware engine to version 4.18.1908.7, Defender simply has a bug. The scan will stop on my system after five files have been scanned. Other users found out, that the scan ends after 14 up to 64 files scanned. The antimalware engine isn’t able to provide a full scan of the files located on the system drive.

After publishing the German edition of this article, I received confirmation from my blog readers. Also here is an independent post on a German forum, and German site deskmodder.de has an article about that too. Since I’ve published the article, I got feedback, that also Windows Server 2016, Windows 7 SP1 (with MSE) and Windows 8.1 is affected. At askwoody.com Woody Leonhard cited a Windows 7 SP1 user, commented on his forum as:

I’m running Win 7 Pro, SP1, x64. I just updated (actually about an hour ago by now) the definitions in MS Security Essentials to 1.301.1608.0. I tried a Full Scan and it quit scanning after 29 files. Tried a Quick Scan and it also stopped after 29 files. It’s not throwing any error codes and says that no threats were found after scanning 29 files. Gives me the big green checkmark. So, it looks just like a normal Full Scan except it only scans 29 files.

I shut down the computer, restarted and attempted another definition update but was told I was already up to date. Tried another Full Scan with the same results as above.

At Microsoft Answers forum there are reports for Windows 7, Windows 10 (V1809)  and here. Also MVP colleague Lawrence Abrams from Bleeping Computer mentioned here reports [reddit.com, reddit.com, reddit.com, MS Answers, MS Answers, MS Answers] dealing with the scan issues.

My colleague at German site deskmodder.de, who also stumbled uppon this bug, proposed a workaround. Instead of using a Quick Scan or a Full Scan, just use a user defined scan.

1. Select the hyperlink Scan options in Windows Security window and then check the option Custom scan in the following page.

2. Then scroll down, click the Check Now button, and select a drive or folder from the dialog box that appears.

Then Defender starts a scan of the selected file object (drive, folder) and checks all the files found there. There I immediately see the found files and the scan of the files runs very fast (several hundred per minute) – and not only 5 files in about 20 seconds.

Similar articles: 
Microsoft fixes the Windows Defender sfc bug (August 2019)
Defender Antimalware Version 4.18.1908.7 released

[German]Some users are facing issues with the Bluetooth A2dp profile. They are receiving an error message that Windows cannot verify the digital signature and the driver drops error code 52. In August 2019 a number of Windows 10 users seem to have been hit. Here is some information about the issue. 

The problem description

I encountered the problem (when writing the post a week ago) via the collection service here, the entries are from September 2019, but the better introduction is this Microsoft Answers forum thread, dated August 13, 2019, where the issue has already been discussed. Within the post the user writes:

Microsoft Bluetooth A2dp source (error code 52) Microsoft Bluetooth A2dp source not working properly. There is error message “Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)”.

His Bluetooth A2dp source is not working properly and drops error code 52. The error message indicates that Windows cannot verify the digital signature required for the drivers. It is caused by a recent hardware or software change. In the linked MS Answers forum thread some affected persons confirmed this behavior. It affects different devices, from Surface Pro 4 to HP Omen systems. A de- and subsequent reinstallation of the Bluetooth drivers is unlikely to help. It seems as if an unsigned driver (possibly via auto-update) has broken the systems. 

Note: August 13, 2019 was a patchday, and Microsoft later confirmed that an update disabled Bluetooth connections. I mentioned this in the article Windows 10 V1903: Update KB4505903 breaks Bluetooth speaker connection.

What’s A2dp?

The abbreviation a2dp stands for Advanced Audio Distribution Profile. This is a manufacturer-independent technology that allows stereo audio signals to be sent wirelessly via Bluetooth to an appropriate receiver. A distinction is made between sources (transmitter, source) and sinks (receiver, sink). The source can be a computer or a smartphone; a Bluetooth headset or loudspeaker set, for example, is used as a sink. In the above error pattern, the source in the form of the relevant profile on the Windows 10 computer throws the error.

Attempts to fix this error

In the linked MS Answers forum thread some affected persons confirmed this issue. It affects different devices, from Surface Pro 4 to HP Omen systems. A de-installation and subsequent reinstallation of the Bluetooth drivers is unlikely to help. There are two ways to repair or replace the unsigned driver file with Windows 10.

#1: Try troubleshooting Bluetooth issues

The simplest solution is to try Windows 10’s built-in troubleshooting. To do this, open the Settings app from the Start menu and select the Update and Security – Troubleshoot categories. Then select the Bluetooth troubleshooter in the right part of the window and let it run. Maybe this fixes the error – in the forum thread linked above, some users have been successful with the troubleshooter.

#2: Perform a system file check

What you should try in any case, if the troubleshooting does not help, is to run a system file check.

1. To do this, open an administrative command prompt by choosing Run as administrator. 2. Enter the command sfc /scannow and run the check.

In best case this finds damaged files and repairs them. This at least solved the problem for one user (the signed driver was then written back). There are also users who were successful with a driver update.

Small addendum: Microsoft published the Windows 10 Insider Preview Build 18985 (from the development branch 20H1) for Windows Insider in the Fast Ring on September 19, 2019. This build should lead to another function update in spring 2020. The announcement with details about new features/changes and bugs can be found in the Windows Blog.

[German]Good news for users of Windows 7 SP1 and Windows Server 2008/R2. Support for these operating systems is phasing out, but 0patch plans to continue providing security fixes after the End of Life (EOL).

Support end at January 14, 2020

Windows 7 SP1 and Windows Server 2008/R2 will reach their planned End of Life (EOL) at the beginning of 2020. On January 14, 2020, Microsoft distribute the last security updates for Windows 7 SP1 and Windows Server 2008/R2 to all users. This means that by February 2020 you will be on the safer side when it comes to providing security updates.

What happens afterwards is still a little unclear. Microsoft provides the Extended Security Update Program (ESU) for enterprises Software Assurance. The systems get security updates until 2023. Contrary to earlier plans, this is even free of charge for the companies in the first year.

In addition it could be that patches for Windows 7 Embedded Standards also fit for Windows 7 SP1, because Windows 7 Embedded Standard still gets support until 10/13/2020, and Windows Embedded POSReady 7 has support until 10/12/2021. In addition, I’m not so sure that Microsoft won’t provide security updates for large security holes that become known after the EOL. For voting computers, there will be more free Windows 7 updates for 2020, as the following tweet signals.

Summit, Microsoft announced free security updates for certified voting machines running Windows 7 through 2020. #electionsecurityhttps://t.co/DG3OuftVvq

— Tom Burt (@TomBurt45) September 20, 2019

0patch plans fixes for Windows 7/Server 2008/R2

The provider 0patch has announced that it will provide security fixes for Windows 7 SP1 and Windows Server 2008/R2 after the end of support for Windows 7/Server 2008. On askwoody.com you can find the following quote:

After Microsoft ends support for Windows 7 and Windows Server 2008 on January 14, 2020, 0Patch platform will continue to ship vulnerability fixes to its agents.

“Each Patch Tuesday we’ll review Microsoft’s security advisories to determine which of the vulnerabilities they have fixed for supported Windows versions might apply to Windows 7 or Windows Server 2008 and present a high-enough risk to warrant micropatching”

Micropatches will normally be available to paying customers (Pro – $25/agent/year – and Enterprise license holders). However, Kolsek says that there will be exceptions for high-risk issues that could help slow down a global-level spread, which will be available to non-paying customers, too.

After Microsoft discontinues support for Windows 7 and Windows Server 2008 on January 14, 2020, 0patch will continue to provide fixes for its agents. Every patchday, the company will analyze the vulnerabilities reported by Microsoft and develop micropatches for its patch agent. Typically, this support costs $25 per machine per year for registered users. But 0patch wants to provide important patches free of charge to the general public – as you can see in the following tweet.

Micropatching Keeps Windows 7 and Windows Server 2008 Secure After Their End-Of-Support https://t.co/1TF6HHfwPD pic.twitter.com/oSMHxOpicr

— 0patch (@0patch) September 20, 2019

Details can be found in this blog post by Mitja Kolsek. I mentioned 0patch here from time to time with regard to fixes for which Microsoft or other software vendors did not offer updates (see link list).

Similar articles
Third party 0patch closes FoxIt vulnerability
Micropatch for UNACEV2.DLL vulnerability CVE-2018-20250
Micro Patch for Windows 0-Day file write vulnerability
New Windows 0-day-vulnerability (12/20/2018)

[German]Last weekend Microsoft reported some known issues with Windows 10 version 1903 as fixed. Here is a brief overview, what we know about the issues, and what Microsoft wrote about.

Some issues have been confirmed by Microsoft with Update KB4515384 for Windows 10 Version 1903 (see Windows 10 V1903: Issues with Update KB4515384 confirmed). Among other things, there should be problems with the start menu and when using the Input Mode Editor (IME). Microsoft maintains a list of known issues for the Windows 10 May 2019 Update (Version 1903). This list is available here.

IME hangs or cause high CPU load

With update KB4515384 there was the problem that the Input Method Editor (IME) causes trouble. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard. The IME did not react anymore or suddenly caused a high CPU load. Affects the following versions:

• Client: Windows 10, Version 1903; Windows 10, Version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, Version 1803; Windows 10, Version 1709; Windows 10, Version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, Version 1607
• Server: Windows Server, Version 1903; Windows Server, Version 1809; Windows Server 2019; Windows Server, Version 1803; Windows Server, Version 1709; Windows Server 2016

The problem has been marked as solved. Due to security related changes in KB4515384, this issue may occur if the Touch Keyboard and Handwriting Panel Service is not configured to the default startup type Manual. To resolve this problem, follow these steps:

1. Select the Start button and enter Services.

2. Locate and double-click the Touch Keyboard and Handwriting Panel service, or press and hold it, and select Properties.

3. Find the Startup Type and change it to Manual. Select Ok.

The TabletInputService service is now in the default configuration and the IME should work as expected. So it was a misconfiguration that caused the issue.

Issues  with Start Menu and Windows Desktop Search

Microsoft writes that they have received reports that a small number of users have problems with Windows 10 Version 1903 in connection with the Start menu and Windows Desktop Search.

Microsoft has not been able to reproduce the problem with the search and assumes that it does not significantly affect users who have installed update KB4515384. Microsoft will continue monitoring to ensure that any problems it detects are still present. If you are currently experiencing problems, Microsoft recommends that you report them via a feedback hub and then try the Windows 10 Troubleshoot settings (located in Settings). Microsoft has therefore defined the problem as solved. A solution is described in the article Fix problems in Windows Search.

[German]On September 23, 2019, Microsoft unexpectedly released unscheduled security updates for Windows Defender, Microsoft Security Essentials, other security products, and Internet Explorer, which is expected to close vulnerabilities.

The information about the vulnerability was provided via Twitter, as Bleeping Computer found out here.

Out of band security vulnerability fixes CVE-2019-1367 and CVE-2019-1255 have been released today. For more information please see https://t.co/QMUM53m8so and https://t.co/vy3d0wXWng.

— Security Response (@msftsecresponse) September 23, 2019

Defender vulnerability CVE-2019-1255

Vulnerability CVE-2019-1255 addresses a Denial of Service vulnerability in Microsoft Defender. This vulnerability exists if Microsoft Defender handles files improperly. An attacker could exploit the vulnerability to prevent legitimate accounts from running legitimate system binaries.

To exploit the vulnerability, an attacker would first have to execute the exploit code on the affected system. Microsoft classifies the vulnerability as Important, but not as Critical. The security update fixes the vulnerability by ensuring that Microsoft Defender processes files properly. However, Microsoft does not yet provide any downloads to close the vulnerability. The following Microsoft security products are affected:

• Microsoft Forefront Endpoint Protection 2010
• Microsoft System Center Endpoint Protection
• Microsoft System Center 2012 Endpoint Protection
• Microsoft System Center 2012 R2 Endpoint Protection
• Microsoft Security Essentials
• Windows Defender

The security issue basically affects all supported Windows versions with the Microsoft Malware Protection Engine version 1.1.16300.1. The Microsoft Malware Protection Engine version 1.1.16400.2 addresses the vulnerability. The update should be performed automatically by the relevant Microsoft security products (however, the update does not appear to be ready yet).

IE-Updates for Windows

Microsoft has also released a number of security updates for Internet Explorer. However, Microsoft does not explain why IE is vulnerable in the KB articles. This information can be found in CVE-2019-1367: This is a memory corruption vulnerability in IE’s scripting engine. This depends on how the scripting engine handles objects in memory in Internet Explorer. The vulnerability could damage memory to such an extent that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could obtain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs, view, modify, or delete data, or create new accounts with full user privileges. Microsoft has released the following security updates for the various versions of Windows 10 to close the Internet Explorer vulnerability.

• KB4522016: Windows 10 Version 1903, Windows Server Version 1903
• KB4522015:  Windows 10 Version 1809, Windows Server Version 1809, Windows Server 2019
• KB4522014: Windows 10 Version 1803
• KB4522012: Windows 10 Version 1709
• KB4522011: Windows 10 Version 1703
• KB4522010: Windows 10 Version 1607, Windows Server 2016
• KB4522009: Windows 10 Version 1507
• KB4522007: Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows 7 SP1 für den IE 9 – 10

According to KB articles, the security updates are only available for manual download in the Microsoft Update Catalog and must be installed manually. Bleeping Computer has compiled some more information here.

[German]Microsoft has started this night the distribution of the Windows 10 19H2 Insider Preview in the release preview ring. It is the version that will be probably released in the coming weeks as an autumn update.

According to the announcement in the Windows blog the build 18362.385 for Windows 10 19H2 was released as update KB4517211 in the release preview ring. There is again a tiered approach:

• Windows Insider in the Release Preview Ring who currently have Windows 10 19H1 Build 18362.329 installed will immediately receive Windows 10 19H1 Build 18362.385.
• Windows Insiders in the Release Preview Ring who currently have Windows 10 19H2 Build 18363.329 installed will immediately receive Windows 10 19H2 Build 18363.385.

So an update KB4517211 will be rolled out for different development branches. If you install this update and are running Windows 10 Version 1903, you will receive the new features contained in Version 1909 of the upcoming Windows 10 19H2 branch. Pretty confusing the whole thing and not really transparent. Details, also about the known problems, can be found within the Windows blog.

Another short note about Windows 10 and it’s use on devices: Microsoft claims that Windows 10 runs on more than 900 Million devices. This means, it’s a  new official value from Microsoft – just a week before the October 2, 2019 event, Microsoft announced recently.

The announcement of the new figures has been made by Yusuf Mehdi, Corporate Vice President, Modern Life & Devices Group on Twitter:

#Windows10 is on more than 900M devices! Thanks to our customers, we added more new Windows 10 devices in the last 12 months than ever before. From PCs to HoloLens to Xbox to Surface Hub, Windows continues to power innovation—with more to come next week! https://t.co/G3CRdkFoPT pic.twitter.com/38fKk50IEH

— Yusuf Mehdi (@yusuf_i_mehdi) September 24, 2019

So let’s see the details: It’s a collection of all installs from PCs to HoloLens to Xbox to Surface Hub. In March 2019 Microsoft mentions ‘more than’ 800 Million devices running with this operating system. It took another 6 months to reach this value, although Windows 7 is facing the end of life at January 2020. So it seems that Windows 10 isn’t the success story Redmond wishes to announce. Or what your opinion?

[German]Microsoft has released several non-security updates for several older versions of Windows 10 as of September 24, 2019. Here is an overview of these updates.

Information on the individual Windows 10 security updates can be found on the Windows 10 Update History page. Please note that support for older Windows 10 versions has expired. Windows 10 Home and Windows 10 Pro will then no longer receive updates. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Update KKB4516077 for Windows 10 V1809

Cumulative Update KB4516077 for Windows 10 V1809 and Windows Server 2019 raises the build to 17763,774. The update includes quality improvements, but no new operating system features. Here is the list of improvements, called highlights by Microsoft: 

• Allows Microsoft Edge to print PDF documents that contain landscape and portrait-oriented pages together correctly. 
• Updates an issue that doesn’t provide a cursor when you select a text input box using touch. 
• Updates an issue that prevents some minimized windows from being restored, closed, or maximized.
• Updates an issue that prevents the Save and Save As options in Microsoft Office 2010 applications from working when high contrast mode is on. 
• Updates an issue with incorrect folder and file properties in File Explorer.
• Updates an issue that causes vertical fonts to be larger when printing to a PostScript printer.
• Updates an issue that prevents Microsoft Narrator from opening.
• Updates an issue that occasionally prevents you from changing the display brightness after resuming from Sleep or Hibernation when using certain graphics drivers.
• Updates an issue that causes icons in message box dialogs to appear too large when you choose scaling options in Display settings.
• Updates an issue that may cause the Calculator app to close unexpectedly if you select any available Converter option.
• Updates an issue that causes excessive CPU usage when you switch applications or hover over the Taskbar.

• Updates an issue that causes a dim display after waking from Sleep.

The following fixes and improvements have been added to the Windows version:

• Addresses an issue that prevents the discovery of remote systems associated with a user from working properly. 
• Addresses an issue that prevents Microsoft Narrator from opening when the User Account Controls setting is disabled on the Standard User account. 
• Addresses an issue to enable Microsoft Edge to print PDF documents that contain landscape and portrait-oriented pages correctly. 
• Addresses an issue that occasionally prevents users from changing the display brightness after resuming from Sleep or Hibernation when using certain graphics drivers. 
• Addresses an issue with MSCTF.dll that causes an application to stop working. 
• Addresses an issue that prevents some minimized windows from interacting, and you cannot restore, close, or maximize them when a system is running with a custom shell. 
• Addresses an issue that fails to provide a cursor when you select a text input element using touch. 
• Addresses an issue that causes icons in message box dialogs to appear too large when you choose scaling options in Display settings. For more information, see Using Dialog Boxes and Display Scaling in Windows 10.
• Addresses an issue that prevents the Save and Save As options in Microsoft Office 2010 applications from working when high contrast mode is on. 
• Addresses an issue that causes File Explorer to report the number or the size of files and folders incorrectly when they use long paths. 
• Addresses an issue that causes unnecessary restart requests on servers. 
• Addresses an issue with diagnostic data processing during the Windows Out of Box Experience (OOBE) sequence. 
• Configures Windows 10 Enterprise for Virtual Desktops (EVD) editions in Azure Active Directory (Azure AD) licensing mode by default. Users who connect to EVD editions must have an EVD license. 
• Addresses an issue that prevents an App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure. 
• Addresses an issue that prevents a web browser from connecting securely to Windows Server. This occurs when using a client authentication certificate, such as a SHA512-based certificate, and the web browser does not support a signature algorithm that matches the certificate. 
• Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) to stop working with an “0xc0000005” error. 
• Addresses an issue that prevents the BitLocker recovery key from being successfully backed up to Azure Active Directory. 
• Addresses an issue that leads to excessive memory utilization in Microsoft Defender Advanced Threat Protection (ATP). 
• Addresses a possible compatibility issue when Microsoft Defender Advanced Threat Protection (ATP) accesses case-sensitive Server Message Block (SMB) shares. 
• Addresses a rare issue that occurs when the mssecflt.sys driver takes too much space on the kernel stack. This results in the error, “STOP 0x7F: UNEXPECTED_KERNEL_MODE_TRAP”, and Parameter 1 is set to “EXCEPTION_DOUBLE_FAULT.” 
• Improves the detection accuracy of Microsoft Defender ATP Threat & Vulnerability Management. 
• Addresses an issue that gives a Windows Hello for Business user two certificates for authentication during certificate renewal instead of one certificate. 
• Addresses an issue that causes the lsass.exe service to stop working, which causes the system to shut down. This occurs when migrating Data Protection API (DPAPI) credentials using dpapimig.exe with the –domain option. 
• Addresses an issue that may cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd). 
• Addresses an issue that causes vertical fonts to be larger when printing to a PostScript printer. 
• Addresses an issue that prevents Windows from sending a shutdown notification to a Non-Volatile Memory Express (NVMe) drive when the driver unloads using Disable Device in Device Manager. 
• Addresses an issue that prevents you from running the Active Directory Diagnostics Data Collector Set from the Performance Monitor for Domain Controllers. This causes the Data Collector Set name to appear empty. Running the Active Directory Diagnostics Data Collector Set returns the error, “The system cannot find the file specified.” Event ID 1023 is logged with the source as Perflib and the following messages:
  • “Windows cannot load the extensible counter DLL “C:\Windows\system32\ntdsperf.dll.”
  • “The specified module could not be found.”
• Addresses an issue in GetFinalPathNameByHandleW() that prevents Favorites from opening in Internet Explorer 11. This occurs when Favorites are redirected and offline in a client-side caching scenario with enhanced protected mode compatibility (EPM) enabled.
• Addresses an issue in which the product description of Windows Server 2019 was incorrect when queried using slmgr /dlv.
• Addresses an issue that may cause authentication to fail for certificate-based authentication when the certificate authentication includes a cname as part of the pre-authentication request.
• Addresses a Lightweight Directory Access Protocol (LDAP) runtime issue for Domain Controller Locator-style LDAP requests. The error is, “Error retrieving RootDSE attributes, data 8, v4563.”
• Addresses an issue that causes LDAP queries that contain LDAP_MATCHING_RULE_IN_CHAIN (memberof:1.2.840.113556.1.4.1941) to intermittently fail on Windows Server 2019 domain controllers. However, these queries do not fail on domain controllers running previous versions of Windows Server.
• Addresses an issue that causes group membership changes in Active Directory groups to fail. This occurs if the Lightweight Directory Access Protocol (LDAP) client uses the Security Identifier (SID) Distinguished Name (DN) syntax after installing previous versions of NTDSAI.DLL. In this scenario, an issue with the LdapPermissiveModify (LDAP_SERVER_PERMISSIVE_MODIFY_OID) control causes Active Directory to incorrectly return a “SUCCESS” status even though the group membership change did not occur.
• Addresses an issue in which the Set-AdfsSslCertificate script is successful. However, it throws an exception during resource cleanup because the target server-side endpoint is no longer there.
• Addresses an issue that causes File Explorer to show a regular file icon for files marked with FILE_ATTRIBUTE_OFFLINE instead of the expected placeholder icon.
• Addresses an issue that may cause the Calculator app to close unexpectedly if you select any available Converter option.
• Addresses an issue that causes excessive central processing unit (CPU) usage when users switch applications or hover over the Taskbar.
• Addresses an issue with applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent. They may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages, you may receive the error, “1359: an internal error occurred.” This solution also resolves this issue for all the updates on or before June 18, 2019.
• Addresses an issue with the Origin request header behavior in Internet Explorer when you make cross-origin resource sharing (CORS) requests that use redirected resources in internal subnets.
• Addresses an issue that causes the display’s maximum brightness to appear as 50% or less after completing the out-of-box experience (OOBE) and then waking from Sleep.
• Allows auditing of security events for clients managed by mobile device management (MDM) for security monitoring and incident response activities.

• Addresses an issue that prevents Microsoft App-V from handling a parameter of the CreateProcess API properly, which prevents the virtual process from opening.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog, , but not via WSUS. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). For the update, Microsoft lists a number of known issues in the KB article.

Update KB4516045 for Windows 10 Version 1803

For Windows 10 version 1803 the cumulative update KB4516045 is available.  This raises the OS build to 17134.1039 and includes quality improvements but no new operating system features. Here’s the list of enhancements that Microsoft calls highlights:

• Updates an issue that may cause a browser to stop working on certain architectures. 
• Updates an issue that prevents Microsoft Narrator from opening.
• Updates an issue that doesn’t provide a cursor when you select a text input box using touch. 
• Updates an issue that causes excessive CPU usage when you switch applications or hover over the Taskbar.

In addition there are the following fixes and improvements to the Windows version:

• Addresses an issue that may cause a browser to stop working on certain architectures. 
• Addresses an issue that prevents Microsoft Narrator from opening when the User Account Controls setting is disabled on the Standard User account. 
• Addresses an issue that fails to provide a cursor when you select a text input element using touch. 
• Addresses an issue with configuring a lock screen image using a Group Policy. If you have enabled AppLocker DLL rules, the image does not change. Instead, you will get a solid blue background. 
• Addresses an issue that causes excessive central processing unit (CPU) usage when users switch applications or hover over the Taskbar. 
• Addresses an issue that prevents an App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure.  
• Addresses an issue that may not preserve changes to the access control policy when upgrading to a newer version of Windows 10. 
• Addresses an issue that may cause authentication to fail for certificate-based authentication when the certificate authentication includes a cname as part of the pre-authentication request. 
• Addresses an issue that prevents a web browser from connecting securely to Windows Server. This occurs when using a client authentication certificate, such as a SHA512-based certificate, and the web browser does not support a signature algorithm that matches the certificate. 
• Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) to stop working with an “0xc0000005” error. 
• Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change. 
• Addresses an issue that prevents the BitLocker recovery key from being successfully backed up to Azure Active Directory. 
• Addresses a possible compatibility issue when Microsoft Defender Advanced Threat Protection (ATP) accesses case-sensitive Server Message Block (SMB) shares. 
• Addresses a rare issue that occurs when the mssecflt.sys driver takes too much space on the kernel stack. This results in the error, “STOP 0x7F: UNEXPECTED_KERNEL_MODE_TRAP”, and Parameter 1 is set to “EXCEPTION_DOUBLE_FAULT.” 
• Addresses an issue that leads to excessive memory utilization in Microsoft Defender Advanced Threat Protection (ATP). 
• Improves the detection accuracy of Microsoft Defender ATP Threat & Vulnerability Management. 
• Addresses an issue that gives a Windows Hello for Business user two certificates for authentication during certificate renewal instead of one certificate. 
• Addresses an issue that causes the lsass.exe service to stop working, which causes the system to shut down. This occurs when migrating Data Protection API (DPAPI) credentials using dpapimig.exe with the –domain option.
• Addresses an issue that may give write access to a removable USB disk when a user switches from a privileged user to an unprivileged user.
• Addresses an issue that prevents you from running the Active Directory Diagnostics Data Collector Set from the Performance Monitor for Domain Controllers. This causes the Data Collector Set name to appear empty. Running the Active Directory Diagnostics Data Collector Set returns the error, “The system cannot find the file specified.” Event ID 1023 is logged with the source as Perflib and the following messages:
  • “Windows cannot load the extensible counter DLL “C:\Windows\system32\ntdsperf.dll.”
  • “The specified module could not be found.”
• Addresses an issue in GetFinalPathNameByHandleW() that prevents Favorites from opening in Internet Explorer 11. This occurs when Favorites are redirected and offline in a client-side caching scenario with enhanced protected mode compatibility (EPM) enabled.
• Addresses an issue with the Origin request header behavior in Internet Explorer when you make cross-origin resource sharing (CORS) requests that use redirected resources in internal subnets.

• Allows auditing of security events for clients managed by mobile device management (MDM) for security monitoring and incident response activities.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists several known issues that the update causes. See the KB article for details.

Updates for Windows 10 Version 1507 to 1709

For Windows 10 RTM up to version 1709 different updates are available for the LTSC versions and Enterprise versions. Here is a short overview.

• Windows 10 Version 1709: Update KB4516071 is only available for Enterprise and Education. The update lifts the OS build to 16299.1420. The update corrects the excessive CPU usage when using the hover function of the taskbar. In addition, the fixes mentioned in the KB article are rolled out. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed before manual installation. Details, also on known problems can be found in the KB article.
• Windows 10 Version 1703: Update KB4516059 is only available for Enterprise and Education. The update raises the OS build to 15063.2078 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4516061 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to 14393.3242 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed before manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1507: Update KB4522009 is available for the RTM version (LTSC). The update raises the OS build to 10240.18333. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, also on known problems, can be found in the KB article. Details can be found in the KB article.

There was no update for Windows 10 V1511, because this version was dropped from support. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Microsoft Office Patchday (September 3, 2019)
Adobe Flash Player 32.0.0.255
Microsoft Security Update Summary (September 10, 2019)
Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019)
Patchday: Windows 10 Updates (September 10, 2019)
Patchday Microsoft Office Updates (September 10, 2019)

[German]Why is the quality of Windows 10 poor? Within my blog posts, I discuss from time to time some reasons. Now there is a new voice. Former Microsoft employee @Barnacules explains in a YouTube video why the quality of the current operating system and especially the updates from his point of view ‘goes down the drain’ and is currently ‘in the basement’.

I was on the road for the weekend and therefore mostly offline. But Garman blog reader Rudi K. thankfully sent me an e-mail on Sunday informing my about the topic. I’ll pull the things a bit together, describe the points of criticism of the Microsoft employee and classify the whole thing a bit. Because it’s not that new, the ex-Microsoft employee confirms, what I’ve posted in several articles within my German blog in the past.

The view of the ex-Microsoft employee

In a video, former Microsoft employee Jerry Berg, aka @Barnacules, has presented his point of view on the quality problems of Windows 10. Background: Berg spent 15 years as Senior Software Developer (SDET) at Microsoft, where he worked as a developer and tester for Vista and Windows Server. When exactly he left Microsoft is not quite clear in the video. Here is the video by Berg – whose presentation takes a little getting used to for my taste – but which shows some of the problems that Microsoft’s management has been trying to solve with certain decisions.

(Source: YouTube).

I have summarized the key points Berg points out in his video as a problem for the quality of Windows 10 in the following. But have a look at the video for yourself, maybe I overheard something, weighted it wrong or sorted it too diagonally. Here is my interpretation of the whole thing:

• The core problem of Microsoft is that there used to be test departments for the products. There the products were tested intensively, so that most bugs were found. Only when these departments gave their OK was software released for end users. However, these test teams were released and disbanded in the context of the big wave of redundancies in 2014/2015. I had reported several times here in the blog (see link list at the end of article and my German article Scheitert Microsofts neuer Entwicklungs-Workflow? from 2016). #
• According to Berg, and Microsoft’s statements, today people rely more on short tests of the developers in virtual machines, on the telemetry data and on the fact that the errors are noticed by the user (consumer) – or by insiders.
• A cornerstone of the (missing) ‘quality assurance’ are currently the Windows Insiders, who are supposed to take over the task of the former test department. But the problem is, the Windows Insiders don’t report all errors. And when errors are reported, the insiders cannot provide Microsoft with the information to reproduce the error. In other words: Microsoft is practicing blind flying and hopes to get ahead somehow according to the principle ‘eyes closed and through’.
• Berg explains in the video that telemetry is good for performance measurements and tuning. Sometimes you can also detect bugs by telemetry. This does not work if the crash happens outside an instrumented module. A core problem of the whole telemetry approach used by Microsoft: In case of crashes, mini dumps (memory dump of the crashing module) may be sent. But these dumps don’t contain the required information. Complete kernel dumps with the data of all processes would be to huge and are practically unmanageable and can’t be transmitted via the Internet (60 to 120 GB of data are transmitted).
• So Microsoft gets only a part of the information via telemetry and in case of crashes the developers only can try to take the data to reproduce the crash. If the developers find a problem, a patch is developed. But the developers are never sure if this really fixed the original issue. So the patch goes to the Windows insiders for testing in the hope that they will somehow report something back or that telemetry will provide new insights.
• The problem is that the mini-dump data is often not sufficient to locate the problem. So the Microsoft developers are looking for the needle in the haystack, and when they find and fix a bug, they can’t be sure if it was the bug triggered in the crash report.

  In the video, Berg suggests that Microsoft goes there and sees if the telemetry data collected can be used to find a cause. If it is not possible to find the cause of a crash using the mini dumps, the 60 or 120 GByte files of a complete dump should be requested from selected testers.

In the video Berg also explains that the Windows insiders do not represent all the hardware and software available in the field. After users getting pretty upset with the first Windows 10 feature updates, Microsoft is now rolling them out in waves. It’s hoped that they will become aware of major issues early on and be able to avoid major catastrophes. If a machine doesn’t get a feature update because Microsoft sees the machine as ‘not ready’, this means, according to Berg, translated: Microsoft does not know whether the new build is running on the hardware from the telemetry data.

Ex-developer demands a test department

The quintessence of Berg is: Many of the problems found today by telemetry at some point would have been found earlier by the test team. That’s why the quality of earlier products was – at least I felt it – better. Today you can’t find the bugs at Microsoft or if you found something, you can’t be sure if you found a reported bug or just a new one. That’s bad, of course, but explains to me why, despite bug fix updates, people keep finding that a problem isn’t really fixed.

This would also explain why Microsoft is extremely failing to deliver tested updates for its own hardware such as the Surface models and why serious bugs are not detected. Berg suggests that Microsoft should again set up a test department to test Windows 10 on different hardware.

Windows as a Service as another problem

Much of what Berg addresses in his video I can agree. However, Berg ignores one relevant aspect: With Windows as a Service, Microsoft has lost sight of the needs of its users. Management and developers are rushing along timelines that have nothing to do with reality. There are features presented that no one needs – and suddenly the features are removed after a while.

We have has a working start menu in Windows 7. Now we have a start menu in Windows 10, that is causing steady trouble. We have had a working update control in Windows up to Windows 8.1. Now Microsoft is experimenting with feature updates, that can be deferred by a user, optional updates and driver updates, that the user may control. But we are still not back at the comfort and transparency we have had in Windows 7/8.1. It’s interesting to see, how Jerry Berg outlines what is causing the current Windows 10 update mess from his experience.

[German]As of September 24, 2019, Microsoft Preview has released Rollup Updates for Windows 7 and Windows Server 2008 R2 SP1. At the same time, a preview rollup update for Windows 8.1 and Windows Server 2012/ R2 was released.

<Preview Rollup Updates are optional, quasi for testing, their content will be released for the following regular patchday.

Updates for Windows 7/Windows Server 2008 R2

A preview rollup update has been released for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update history for Windows 7 can be found on this Microsoft page. 

KB4516048 (Preview Monthly Rollup) Windows 7/Windows Server 2008 R2

Update KB4516048 (Preview Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that will be rolled out in the following month. Only the following change is listed in the KB article. 

Addresses an issue that may cause an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in the Event Log related to cryptnet.dll.

So the issue with the Toshiba Qosmio AV Center known from the last patchday is fixed. Microsoft reports that VBScript could not be disabled by default in Internet Explorer 11 as planned. A workaround to disable VBScript is suggested. The update is provided through Windows Update and the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Servicing Stack Update (SSU) before installing it. But since it is a preview update, I would hide it.

Updates for Windows 8.1/Windows Server 2012 R2

A preview rollup update has been released for Windows 8.1 and Windows Server 2012 R2. The update history for Windows 8.1 can be found on this website. 

KB4516041 (Preview Monthly Rollup) Windows 8.1/Windows Server 2012 R2

Update KB4516041 is available for Windows 8.1 and Windows Server 2012 R2 as Preview of Monthly Rollup. This is not a security update. The preview rollup addresses the following issues:

• Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) to stop working with an “0xc0000005” error.
• Addresses an issue that may prevent Internet Explorer 11 from opening after installing KB4516067 on a Windows 8.1 RT device. You may have received the error, “C:\Program Files\Internet Explorer\iexplore.exe: A certificate was explicitly revoked by its issuer.”

The update is provided through Windows Update and the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Servicing Stack Update (SSU) before installing it. But since it is a preview update, I would hide it. Microsoft only reports one known problem in article KB4516041 – certain file operations fail on Cluster Shared Volume (CSV).

Similar articles:
Microsoft Office Patchday (September 3, 2019)
Adobe Flash Player 32.0.0.255
Microsoft Security Update Summary (September 10, 2019)
Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019)
Patchday: Windows 10 Updates (September 10, 2019)
Patchday Microsoft Office Updates (September 10, 2019)
Windows 10 Updates (September 24, 2019)

Microsoft has released the Windows 10 Insider Preview Build 18990 (from development branch 20H1) for Windows Insider in the Fast Ring on September 24, 2019. This build should lead to another function update in spring 2020. The announcement with details about new features/changes and bugs can be found in the Windows Blog. New features include a restart of UWP apps, improvements to the Windows Subsystem for Linux (WSL) and the Game Bar. There are a number of other fixes, but also known issues described in the blog post.

[German]Microsoft has just released the Windows 10 Insider Preview Build 18362.10022 in the Slow Ring. The new build should correct some bugs of the previous build. The announcement of the new build, which will only be distributed to Windows Insiders in the slow ring, was made on the Windows Blog. This build includes the improvements and fixes to KB4515384 and general quality improvements to Windows 10 19H2.

[German]Microsoft has begun to provide function updates for Windows 10, which are still in preview status, via WSUS, thus enabling distribution in enterprise environments.

Windows Server Update Services (WSUS) is a Microsoft software component that runs on Windows Server and is used in enterprise environments to distribute updates to clients. In the tweet below I became aware to this new feature of WSUS.

PUBLISHING PRE-RELEASE WINDOWS 10 FEATURE UPDATES/UPGRADE to WSUS:

Aria Carley @Microsoft
2019-09-24 01:17 PM

ICYMI: @SBSDiva @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @SwiftOnSecurity @pcper @MalwareJake @JobCacka @etguenni @AskWoodyhttps://t.co/hTvmiGRp9j

— Crysta T. Lacey (@PhantomofMobile) September 24, 2019

Microsoft employee Aria Carley has revealed details in the blog post Publishing Publishing pre-release Windows 10 feature updates to WSUS. Redmond keeps an eye on the participants in the Windows Insider for Business program who will be provided with previews for distribution to test computers via WSUS.

If you want to join the group of IT administrators who are validating their environments based on pre-release builds, you can now deploy pre-release feature updates through the Configuration Manager: In the Products tab of Software Update Point Component Properties, select the box next to Windows Insider Pre-Release.

(Note: While this option will be visible on every version of Configuration Manager, you must be running Configuration Manager, version 1906 or newer to select it.)

(Source: Microsoft)

In the Techcommunity article, Microsoft gives further hints on what to consider. First users have already used this innovation in WSUS to get previews of function updates.

Starting with Windows 10, version 1909, Microsoft’s goal is to publish pre-release builds for the Configuration Manager on a monthly basis. Beyond this release, Microsoft will strive to publish these types of builds in accordance with the Windows Insider Program Slow Ring Builds. See the Techcommunity article here for more details.

[German]There are several indicators that Windows 10 version 1909 development is finished. The release could take place on Thursday next week, October 3, 2019.

ESD versions of Windows 10 Version 1909 final available

Last night I had reported within the blog post Windows 10 previews are distributed via WSUS about an new development that allows administrators in corporate environments to distribute previews of Windows 10 feature updates. A couple of hours ago it has been reported that Windows 10 version 1909 was viewed as an ESD file. The colleagues at German site deskmodder.de have reported that a few hours ago in this article. The build 18363.35 was distributed.

German blog reader Bolko has mentioned that within this comment and reported, that he has experimented with the ESD file. Bolko left also a 2nd comment pointing out some odd things.

The Microsoft-ESD:
18363.356.190918-2052.19h2_release_svc_refresh esd
has a real drawback: Internally it is version 10.0.18362 (so not 10.0.18363).

This is because the version switcher KB4517245 (18362 -> 18363) has no effect with offline integration via dism. The KB4517245 works in running Windows, i.e. in post-install.

This has the side effect that an in-place repair installation of 18363 does not work because the ISO has an inappropriate build number at startup (18362). Only the completely installed Windows 1909 gets a build number adjustment to 18363 thanks to the switch.

We have to wait and see, what Microsoft does final and whether only an ESD or an ISO file will be released.

Will the release take place on October 3, 2019?

The colleagues at deskmodder.de have noticed that the Edge Browser is scheduled for release on Thursday, October 3, 2019. In the article, the colleagues at deskmodder.de state that the official release of Windows 10 Version 1909 is to take place on October 3, 2019.

This could be the case, because the ‘finished release’ (build 18362.385 or build 18363.385) is currently distributed to Windows Insiders in the release preview ring. At the same time there will be a surface event at Microsoft on October 2, 2019 (I didn’t announce it separately in the blog). We will know by October 3, 2019 whether all this has happened.

MCT loads Windows 10 Version 1903 Build 18362.356

Another brief information: If you use Media Creation Tool (MCT) to download a Windows 10 install image, you will get now Windows 10 Version 1903 Build 18362.356. Details may be found here.

[German]After tests with insiders (see Windows 10 19H2 Insider Preview in Release Preview Ring) Microsoft released the update KB4517211 for Windows 10 Version 1903 on September 26, 2019.

Information on the individual Windows 10 updates can be found on the Windows 10 update history page. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Update KB4517211 for Windows 10 V1903

Cumulativ Update KB4516077 for Windows 10 Version 1903 and Windows Server Version 1903 raises the build to 18362.387. The optional updateincludes quality improvements. Here is the list of highlights:

• Updates an issue that causes vertical fonts to be larger when printing to a PostScript printer.
• Updates an issue that may cause you to disconnect from a virtual private network (VPN) on cellular networks.
• Updates an issue that may cause audio playback and recording to fail when connecting to a remote virtual machine.
• Updates an issue that may prevent older systems from upgrading to the latest operating systems because a display driver error on older versions.
• Updates an issue that may cause the screen color to turn white on laptops that have built-in, high-dynamic-range (HDR) screens. 
• Updates an issue that causes audio in certain games to be quieter or different than expected.

The following fixes and improvements have been added to the Windows version:

• Addresses an issue that causes vertical fonts to be larger when printing to a PostScript printer. 
• Addresses an issue that causes printing from 32-bit applications to fail with an “Access is denied” error when you select Run as different user for the application. 
• Addresses an issue that may give write access to a removable USB disk when a user switches from a privileged user to an unprivileged user. 
• Addresses an issue that causes the lsass.exe service to stop working, which causes the system to shut down. This occurs when migrating Data Protection API (DPAPI) credentials using dpapimig.exe with the –domain option. 
• Addresses an issue that gives a Windows Hello for Business user two certificates for authentication during certificate renewal instead of one certificate. 
• Addresses an issue that prevents a web browser from connecting securely to Windows Server. This occurs when using a client authentication certificate, such as a SHA512-based certificate, and the web browser does not support a signature algorithm that matches the certificate. 
• Addresses an issue that may cause authentication to fail for certificate-based authentication when the certificate authentication includes a cname as part of the pre-authentication request. 
• Addresses an issue that prevents a Microsoft App-V application from opening and displays a network failure error. This issue occurs under certain circumstances, such as when a system’s battery is low or there is an unexpected power failure. 
• Addresses an issue that causes a query request of the Win32_LogonSession class for the StartTime to display the value of the epoch (for example, 1-1-1601 1:00:00) instead of the actual logon time. This occurs when a user who isn’t an administrator creates the query request. 
• Addresses an issue that causes File Explorer to show a regular file icon for files marked with FILE_ATTRIBUTE_OFFLINE instead of the expected placeholder icon. 
• Addresses an issue with intermittent virtual private network (VPN) disconnections on cellular networks. 
• Addresses an issue that may cause audio playback and recording to fail when connecting to a remote virtual machine. 
• Addresses an issue with MSCTF.dll that causes an application to stop working. 
• Addresses an issue with the input and display of special characters that occurs when an app uses imm32.dll. 
• Addresses an issue with resizing Windows Presentation Foundation (WPF) applications; they may not respond to being resized using the mouse until you release the mouse button. 
• Addresses an issue that may prevent older systems from upgrading to the latest operating systems because of an error in the display driver of older versions. 
• Addresses an issue that may cause the screen color to turn white on laptops that have built-in, high-dynamic-range (HDR) screens. 
• Addresses an issue with converting an application from 32-bit to 64-bit architecture. 
• Addresses an issue that prevents you from running the Active Directory Diagnostics Data Collector Set from the Performance Monitor for Domain Controllers. This causes the Data Collector Set name to appear empty. Running the Active Directory Diagnostics Data Collector Set returns the error, “The system cannot find the file specified.” Event ID 1023 is logged with the source as Perflib and the following messages:
  • “Windows cannot load the extensible counter DLL “C:\Windows\system32\ntdsperf.dll.”
  • “The specified module could not be found.”
• Addresses an issue that causes audio in certain games to be quieter or different than expected.
• Addresses an issue that prevents Microsoft App-V from handling a parameter of the CreateProcess API properly, which prevents the virtual process from opening.
• Addresses an issue in which the maximum central processing unit (CPU) performance is not enabled when you select the High Performance power plan.
• Provides a way to configure the read buffer size. This allows you to address an issue with slow upload times when uploading a file to a Universal Naming Convention (UNC) share using the Internet Information Services (IIS) Web Distributed Authoring and Versioning (WebDAV) feature.
• Addresses an issue that causes a device to stop working when opening files from a network drive that has client-side caching enabled. This issue may occur when the device has certain third-party antivirus products installed and the drive is backed by a server that is not a Microsoft Server Message Block (SMB) server. The error code is, “0x27 RDR_FILE_SYSTEM.”
• Facilitates the configuration of devices that are managed by mobile device management (MDM) settings, which are created by ADMX ingestion. You can update a previously ingested ADMX file with a newer version, and you are not required to delete the previous ADMX file. This solution applies to all applications that use ADMX ingestion.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog, as well as via WSUS. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). For the update, Microsoft only specifies the known problem with the Input Mode Editor (IME) in the KB article.

For older Windows 10 versions, optional updates were released on 24.9.2019 (see Windows 10 Updates (September 24, 2019).

Similar articles:
Microsoft Office Patchday (September 3, 2019)
Adobe Flash Player 32.0.0.255
Microsoft Security Update Summary (September 10, 2019)
Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019)
Patchday: Windows 10 Updates (September 10, 2019)
Patchday Microsoft Office Updates (September 10, 2019)
Windows 10 Updates (September 24, 2019

[German]Here is a short collection of issues with updates KB4522015, KB4522016 etc. and KB4517211 released for Windows 10, which were reported by users here in the blog or by affected persons on the Internet.

The updates KB4522015, KB4522016 and KB4517211 were released by Microsoft in the last days of September 2019 (see my articles Windows: Vulnerabilities in IE and Defender (09/23/2019) for KB4522015, KB4522016 etc. and Windows 10 V1903: Update KB4517211 released (09/26/2019) for KB4517211). The IE updates were only available in the Microsoft Update Catalog as of 24.9.2019, but have now been added to WSUS. Update KB4517211 was even tested with insiders for Windows 10 V1903 and V1909 before release.

.Net 3.5 install issues with IE update KB4522015/016 etc.

Within the support article for the updates (e.g. update KB4522016) as well as in the Windows 10 V1903 status page I found nothing about the issues outlined below. But the Internet Explorer security updates like KB4522015, KB4522016 etc. (i.e. all packages I described in the article Windows: Vulnerabilities in IE and Defender (09/23/2019)) may seem to cause issues when installing .NET Framework 3.5, resulting in consequential errors when installing programs that rely on .NET 3.5.

KB4522015: Trouble with SAP software requiring .NET 3.5

The problem with the out-of-band security update KB4522015 was first brought to my attention by blog reader Markus K. who postet it in an admin group.

might be interesting for those of you using SAP which requires .NET 3.5.
After short testing today I decided to release KB4522015 into production (WSUS).

Shortly after that newly installed machines which also should install SAP client failed installing .NET 3.5 which is a prerequisite.

After the release of update KB4522015 for Windows 10 V1809 via WSUS Markus had to find out that SAP software clients could no longer be installed: Cause: The required .NET Framework 3.5 cannot be installed. Its installation fails with the error:

Microsoft-Windows-NetFx3-OnDemand-Package: 0x800f0954

As soon as he uninstalls the update KB4522015, the installation of the SAP client with the required .NET 3.5 works again.

Askwoody reported the same for KB4522016

At the same time I saw on askwoody.com that the same problems with update KB4522016 are reported there. This is the IE security update for Windows 10 version 1903. In the askwoody.com forum a user was able to reproduce the installation problem during a test.

I’m guessing that the .NET Framework 3.5 problem is affected in all IE security updates described in the article Windows: Vulnerabilities in IE and Defender (09/23/2019).

Printer issues with Update KB4517211?

German blog reader Kay left this comment within my blog. He reports, that all printers are gone after installing Windows 10 Version 1903 update KB4517211.

Hello – for info: Problem with printers after installation

today (27.9. at 05:07) I downloaded and distributed the KB4517211 for Windows 10 19.03 x64 via WSUS server.

After the installation on a client PC all programs including Office reported “No printer installed” (not even the Windows internal ones – in “Devices and Printers” all printers are grayed out) – but the web interfaces of the printers were accessible via browser (status ok).

In addition, the message “Print spooler service does not run” was displayed – manual start of the service was not successful either.

The only solution was: Reset share on WSUS and uninstall KB4517211 on client. Now everything prints as usual.

But this could be an isolated case, because so far I haven’t found a single hit on the Internet. On the other hand Microsoft patched the print routines with update KB4517211. It’s quite possible that something broke.

At  askwoody.com Woody Leonhard reports about a case where the above mentioned IE security update KB4522016 leads to a HP printer not being able to print anymore. Uninstalling the update fixes the problem.

Similar articles:
Microsoft Office Patchday (September 3, 2019)
Adobe Flash Player 32.0.0.255
Microsoft Security Update Summary (September 10, 2019)
Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019)
Patchday: Windows 10 Updates (September 10, 2019)
Patchday Microsoft Office Updates (September 10, 2019)
Windows 10 Updates (September 24, 2019)
Windows: Vulnerabilities in IE and Defender (09/23/2019)
Windows 10 V1903: Update KB4517211 released (09/26/2019)