Windows – Born's Tech and Windows World

[German]Microsoft has announced this this that the Windows 10 May 2019 update, version 1903, is now available for all users and machines that still have Windows 10 version 1803 installed.

Windows 10 May 2019 update was released for interested users almost at the beginning of April 2019 – the broader distribution took place at the end of May 2019. However, Microsoft has still keept ‘a brake’ to the rollout, so that machines that were not compatible were not receive the feature update.

Microsoft is ready for a broader rollout

With the cumulative updates released in September 2019, Microsoft has fixed a number of bugs and most upgrade blockers are listed as ‘fixed’ on the Windows 10 V1903 status page.

Windows 10 V1903-Statusseite

On September 26, 2019, Microsoft published the explanation shown in the above screenshot on the Windows 10 V1903 status page.

Current status as of September 26, 2019:

Windows 10, version 1903 (the May 2019 Update) is designated ready for broad deployment for all users via Windows Update.
As devices running the Home, Pro, and Pro for Workstation editions of Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019, we are broadly updating these devices, as well as those running earlier versions of Windows 10 that are past end of service, to keep these devices both supported and receiving monthly updates. If you are not offered the Windows 10, version 1903 feature update, please check below for known issues and safeguard holds that may affect your device.
We recommend commercial customers running earlier versions of Windows 10 begin broad deployments of Windows 10, version 1903 in their organizations.

You can check the Windows 10 V1903 status page to see if an upgrade blocker prevents the function update.

The days before some news sites reported, that Windows 10 Version 1903 is already running on 45.5% of Windows 10 computers. The number comes from AdDuplex. I hadn’t reported because I think the numbers of AdDuplex are too uncertain..

Is Windows 10 Version 1903 really ready?

Whether Windows 10 Version 1903 is really ready for a broader use, also in enterprise environments, every user will have to answer himself. Owners of a Surface Book 2 still suffer from the fact that the NVidia GPU is not properly supported. I have booted an old Sony VAIO notebook for testing purposes. The feuature update was installed on this notebook on Windows 10 version 1803 a few months ago. So far the version 1903 has not been offered there. Today the feature update to Windows 10 Version 1903 was available and I clicked the link to download and install.

Funktionsupdate auf WIndows 10 Version 1903

I have not yet been able to test whether an upgrade will then work. Exactly this question will have to be answered by every potential user. At least the updates released in September 2019 for Windows 10 Version 1903 still have some flaws – and the Windows build itself is not yet error-free.

Microsoft explains the ML approach to rollout

In a blog post, Microsoft also explains the machine learning (ML) approach that controls the rollout of Windows 10 feature updates. With Windows 10 Version 1803, this approach was tried for the first time. At that time, six core areas of PC health (e.g. general PC reliability) were considered to determine whether the feature update process was smooth.

With Windows 10, version 1903 (May 2019 update), the third iteration of ML’s rolling out a feature update is available. Microsoft can now evaluate 35 areas of ‘PC health’ to control the rollout. The process will continue to evolve with additional measures to ensure that a feature update installation is as trouble-free as possible.

If you are interested in the topic, you will find some details on how to select the PCs to be updated first in the article. I think Microsoft currently has no other choice but to take this approach. But I always think about the article Ex Microsoft employee explains the worse Windows 10 quality, I’ve published a fews days ago.

[German]Update KB4517211 for Windows 10 Version 1903, released on September 26, 2019 ,seems to cause issues with printers for some users. The printer queue fails and no printers are found.

I’ve mentioned the topic before, along with other problems, briefly in the blog post Windows 10 Problems with Windows 10: Issues with Updates KB4522015, KB4522016 / KB4517211 (Sept. 2019). Since then I’ve received a couple of confirmations of the issue from blog readers. Because Microsoft has classified Windows 10 Version 1903 as ‘ready for widespread use’ as of September 26, 2019, I’ve extracted the topic separately below.

Update KB4517211 for Windows 10 V1903

After tests with insiders (see Windows 10 19H2 Insider Preview in Release Preview Ring) Microsoft released the update KB4517211 for Windows 10 Version 1903 on September 26, 2019. The cumulative non-security (optional) update KB4517211 contains a huge list of fixed bugs in Windows 10 Version 1903 and Windows Server Version 1903. I reported about it in the article Windows 10 V1903: Update KB4517211 released (09/26/2019).

Printer issues after installing Update KB4517211

I got the first notification about issues with update KB4517211 a few hours after release within this German comment. German blog reader Kay reported, that all printers on his system had disappeared after installing the Windows 10 Version 1903 update KB4517211. Kay wrote:

After the installation on a client PC all programs including Office reported “No printer installed” (not even the Windows internal ones – in “Devices and printers” all printers are grayed out) – but the web interfaces of the printers were accessible via browser (status ok).

In addition, the message “Print spooler service does not run” was displayed – manual start of the service was not successful either.

The only solution was to uninstall update KB4517211. Then everything ran as usual. I only guessed an isolated case, because the problem was negated by other blog readers. But blog reader Ralf reported in this German comment that the print queue had ended itself three times since installation (a few hours ago) and had to be restarted manually. Meanwhile two more German blog readers confirm these problems in comments. And also to my english blog post Windows 10: Issues with Updates KB4522015, KB4522016 / KB4517211 (Sept. 2019) contains confirmations from blog readers.

Meanwhile I also found something at askwoody.com, where a user describes the same issue. Update KB4517211 causes the spooler service for the printers to crash, so no more printers are detected. There the affected person can restart the service – but it crashes again during printing. This effect is also described in this Google Chrome support thread and within this German Dr. Windows forum. Currently I don’t know the condition to trigger this issue nor I know a workaround – beside uninstalling update KB4517211

[German]Microsoft doesn’t trust self-encrypting drives (SEDs) no more and has begun to encrypt self-encrypting drives (SEDs) using Bitlocker in Windows 10.

Cause: SSD manufacturers fail with encryption

Self-encrypting drives (SEDs) are actually a good thing because the operating system doesn’t have to worry about encryption. However, the problem is that these drives do not work reliably in terms of encryption. In November 2018 Microsoft had to publish the security advisory ADV180028 entitled Guidance for configuring BitLocker to enforce software encryption. The background was that the self-encrypting drives (SEDs) had weaknesses in hardware encryption.

On Windows computers with self-encrypting drives, BitLocker Drive Encryption was configured to use hardware encryption by default. Customers who were worried about the vulnerabilities they discovered were advised to take action by Microsoft. Administrators who want to enforce software encryption on computers with self-encrypting drives can do so by deploying Group Policy. This Group Policy overrides the Windows default behavior, which is hardware encryption, and Bitlocker encrypts the data using software.

Microsoft switches to Bitlocker for encryption

Now Microsoft starts to deactivate the hardware encryption in Windows 10 and uses a software encryption with Bitlocker. I was made aware of this by the following tweet.

Microsoft gives up on SSD manufacturers: Windows will no longer trust drives that say they can encrypt themselves, BitLocker will default to CPU-accelerated AES encryption instead. This is after an exposé on broad issues with firmware-powered encryption.https://t.co/6B357jzv46 pic.twitter.com/fP7F9BGzdD

— SwiftOnSecurity (@SwiftOnSecurity) September 27, 2019

The support article for update KB4516071 for Windows 10 Version 1709, released on September 24, 2019, contains the following item:

Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.

When encrypting a ‘self-encrypting drive’, the update changes the setting. Instead of using the encryption by the drive, Windows 10 itself does this using Bitlocker. The same text can be found in Update KB4516061 for Windows 10 Version 1607 and Windows Server 2016.

Meanwhile sites like Tom’s Hardware also report about this issue (with reference to the Tweet and further statements by @SwiftOnSecurity). For other Windows 10 builds, I haven’t found a clue to this change yet. I’m not sure if and when other Windows 10 builds will make this change.

[German]Microsoft has just released an analysis of the Nodersok infection chain. The malware runs entirely in memory and is difficult for antivirus programs such as Defender to detect (but Microsoft Defender ATP can detect the malware). There are thousands of infections of Windows systems, including in Europe.

The Nodersok malware

There is malware whick is named Nodersok at Microsoft (Talos calls it Divergent), which is files-less, but is rolled out via Node.js in the form of encrypted scripts. The entire malicious code is unpacked in memory and then executed. Therefore, a virus scanner like Microsoft Defender cannot detect this malware. The following tweet deals with the whole thing.

Every step of #Nodersok‘s infection chain runs only legitimate executables. All relevant functionalities reside in scripts and shellcodes that come in encrypted and are decrypted and run while only in memory. More in our analysis of this #fileless threat: https://t.co/d4XC5dQeg7

— Microsoft Security Intelligence (@MsftSecIntel) September 27, 2019

According to this Microsoft post the new malware campaign, called Nodersok, uses its own LOLBins image – and it uses two very unusual, legitimate tools for infected computers:

Node.exe, the Windows implementation of the popular Node.js framework that is used by countless web applications.
WinDivert, a powerful network packet capture and editing program.

A LOLBins stands for Living off the land Binary and is a term for a binary file that an attacker uses to perform actions that go beyond the original purpose (see the explanations here).

As with any LOLBin, these tools are not themselves malicious or vulnerable; they provide important functionality for legitimate use under Windows. But the Nodersok uses the tools for its own purposes. It is not uncommon for attackers to download legitimate third-party tools to infected computers (e.g. PsExec is often misused to execute other tools or commands).

Difficult to detect

But Nodersok uses a long chain of file-less techniques to install some very special tools. The ultimate goal is to turn infected computers into zombie proxies. Due to the file-less approach, the attack is very difficult to detect (Microsoft Defender does not detect the malware because there are no files to scan) – but the attack’s behavior creates a visible ‘footprint’ that is clearly visible to anyone who knows where to look. With its set of advanced defense technologies, Microsoft Defender ATP is able to detect the threat throughout the infection chain.

Thousands of machines infected

The Nodersok campaign has attacked thousands of machines in recent weeks, with most targets in the United States and Europe. The majority of the systems attacked are in the hands of consumers. But about 3% of the attacked Windows machines are operated in organizations in areas such as education, professional services, healthcare, finance and retail.

(Source: Microsoft)

The Microsoft diagram above shows that about 8% of the attacks detected on Windows systems in Germany are in Germany. Microsoft discovered this malware campaign ready in mid-July 2019 when suspicious patterns appeared in the abnormal use of MSHTA.exe from Microsoft Defender ATP telemetry. In the days that followed, further anomalies became apparent, leading to a tenfold increase in activity. The campaign peaked at the end of August and the beginning of September 2019 before fading away. Further details can be found in the Microsoft article here or in this article on The Hacker News.

[German]Windows 10 version 1903 might have a problem copying files. The disc load could reach 100%, causing the copy speed to slump. Here is some information about what I know about it so far.

Blog-reader Ismael D. has brought this possible problem in Windows 10 Version 1903 to my attention (thanks for that). So I’ll post it in the blog for information.

Speed drop when copying files

It is possible that Windows 10 version 1903 may lose speed when copying files after 10 seconds. The effect is discussed in this forum post.

Mass file copy speed starts fast but slows down, then fast again

My laptop had an M2 SSD and a SATA HDD. I bought a SATA SSD to replace the SSD. I copied everything from the HDD to an external USB drive, then physically replaced the HDD with the new SSD and formatted it using Manage-> Disk Management.

When I copied the files I had backed up to the external USB drive back to the new SSD drive, the file copy stared off fine, but then unexpectedly slowed down after a few tens of seconds. After running at the slow speed for about a minute, it sped up again to full speed. This cycle repeated until the file transfer was finished.

At first I thought it was the USB HDD, but then I tried with the M2 SSD. This is blazingly fast, so the problem occurs after a significant amount of data has been transferred, but it is there. Initially, the disk usage is low and the transfer speed fast, limited by the slowest disk/ interface. Then suddenly the disk usage on the internal destination disk will go to 100%, regardless of which drive it is. This causes the transfer speed to slow down to about 10 MB/s. After a while, the disk usage automatically drops to a low value and the transfer speed goes back to the previous fast speed.
Speeds switch between two values: (ignoring the initial burst of cached speed).

USB drive to SATA SSD: ~110 MB/s and ~10 MB/s (USB drive is HDD, so 110MB/s is good)
M2 SSD to SATA SSD: ~500 MB/s and ~10MB/s
USB drive to M2 SSD: ~110 MB/s and ~10 MB/s
SATA SSD to M2 SSD: ~500 MB/s and ~10MB/s
The new SSD in question is a Pioneer 1 TB 2.5″ (APS-SL3N-1T).

According to the report above, the copy speed will be reduced to ~10MB. After some time the process will recover and the old speed will be reached again. The effect occurs both on an HDD and on the M2 SSD drive. Question: Have any of you observed this behavior before?

[German]Microsoft hat gerade bestätigt, dass es nach den Updates vom September 2019 bei einigen Windows-Systemen zu Problemen mit Druckern kommen kann.

Kurzer Rückblick, um was es geht

In Windows 10 Version 1903 stellten einige Benutzer fest, dass die Druckerwarteschlange nach der Installation des Update KB4517211 abstürzt und nicht mehr gedruckt werden kann. Konkret ist es so, dass der Spooler-Dienst für die Drucker abstürzt, wodurch in den Anwendungen keine Drucker mehr erkannt werden. Der Betroffene kann zwar den Dienst wieder starten – dieser stürzt beim Druckvorgang aber wieder ab.

Ich hatte, auf Grund von Leserkommentaren das Problem kurz im Blog-Beitrag Windows 10-Probleme mit Updates KB4522015, KB4522016 / KB4517211 (Sept. 2019) angesprochen. Beim Schreiben des Beitrags ging ich noch davon aus, dass dies ein isoliertes Ereignis bei einem Benutzer sein könnte. Anschließend kamen aber eine Reihe unabhängiger Bestätigungen von Lesern sowohl hier im deutschsprachigen, als auch drüben im englischsprachigen Blog. Daher habe ich später noch im Blog-Beitrag Windows 10 V1903: Druckprobleme nach Update KB4517211 separat über das Problem berichtet.

Nachdem mir die Bestätigungen vorlagen, habe ich weiterhin im Microsoft Answers-Forum einen englischsprachigen Forenbeitrag aufgegriffen und das Ganze an die Microsoft Moderatoren eskaliert – zusammen mit der Bitte, das an die Entwickler weiterzuleiten. Noch kann ich das in meiner Eigenschaft als Microsoft Answers-Communitymoderator.

Problem für alle Windows-Versionen bestätigt

Inzwischen hat Microsoft diesen Fehler in der Windows 10 V1903-Statusseite bestätigt (den Kollegen ist das aufgefallen, denn in den KB-Artikeln hab ich noch nichts finden können). Microsoft schreibt mit Datum 30. September 2019 dazu:

Intermittent issues when printing

The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing. Some apps may close or error when the print spooler fails and you may receive a remote procedure call error (RPC error) from some printing utility or printing apps.

Der Druckspooler-Dienst kann zeitweise Probleme beim Abschließen eines Druckauftrags verursachen und dazu führen, dass ein Druckauftrag abgebrochen oder fehlgeschlagen wird. Einige Anwendungen können geschlossen werden oder einen Fehler aufweisen, wenn der Druckspooler ausfällt, und Sie erhalten möglicherweise einen Fehler beim Remote Procedure Call (RPC-Fehler) von einem Druckprogramm oder einer Druckanwendung. Also alles das, was Blog-Leser auch als Feedback zu meinem Beiträgen geliefert haben. Interessant ist aber, das faktisch alle Windows-Versionen betroffen sein können.

Client: Windows 10, Version 1903; Windows 10, Version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, Version 1803; Windows 10, Version 1709; Windows 10, Version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, Version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, Version 1903; Windows Server, Version 1809; Windows Server 2019; Windows Server, Version 1803; Windows Server, Version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

An dieser Stelle habe ich mir den Microsoft-Beitrag näher angeschaut, denn es trifft nicht alle Nutzer. Und im Gegensatz zum Bild, was ich hier im Blog durch das Leserfeedback bekommen habe, können auch Anwender von Windows 7 SP1, Windows 8.1 oder Windows Server betroffen sein. Microsoft arbeitet an einer Lösung und will in einer kommenden Version ein Update veröffentlichen.

Workaround und weiteres Vorgehen

Microsoft schreibt, dass man versuchen könne, erneut zu drucken und dass dies möglicherweise sogar klappt. Falls das nicht klappt, und sich durch erneutes Ausprobieren nicht drucken lässt, soll man das Gerät neu starten (interessanter Workaround ‘have you tried to switch it off and on again).

Verwendet das Gerät einen v4-Druckertreiber und ist ein v3-Treiber verfügbar, kann man auch versuchen, den älteren v3-Treiber als Workaround zu installieren. Das erklärt auch, warum bei manchen Leuten die Reparatur durch Installation des Druckertreibers über die .inf-Dateien hilft.

Internet Explorer Update KB4522016 ist die Ursache

Als ich dann gesehen habe, dass Microsoft das Sicherheitsupdate KB4522016 vom 23. September 2019 angibt, war mir alles klar. Denn das war das Sicherheitsupdate für den Internet Explorer, das ich im Blog-Beitrag Windows: Schwachstellen in IE und Defender (23.9.2019) beschrieben habe. Und damit war auch klar, warum nicht alle Nutzer betroffen sind. Denn dieses Update wurde ja nur im Microsoft Update Catalog zum Download angeboten.

Frage: Können Betroffene bestätigen, dass dort das IE-Sicherheitsupdate installiert war und der Bug nach Deinstallation des Sicherheitsupdates weg ist?

[German]Microsoft has just announced a kind of extension of the Extended Security Update Program (ESU) for Windows 7 SP1 for small and medium businesses (SMBs).

Windows 7: End of Life at January 14, 2020

Windows 7 SP1 and Windows Server 2008/R2 will reach their planned End of Life (EOL) at the beginning of 2020. On January 14, 2020, Microsoft expects to distribute the latest security updates for Windows 7 SP1 and Windows Server 2008/R2 to all users. This means that by February 2020 you will be on the safer side when it comes to providing security updates.

This end date has been known for 10 years, since the release of Windows 7. I had mention that within the blog post Windows 7: Support ends in 6 months. What happens afterwards is still a little unclear. Because on the one hand there are still many Windows 7 systems in users – and some users find it difficult to switch to Windows 10.

Microsoft provides the Extended Security Update Program (ESU) for companies with Software Assurance. The systems get security updates until 2023. Contrary to earlier plans, this is even free of charge for the companies in the first year – see links at the end of the article. But small and medium companies are not covered.

Microsoft offers ESU to SMBs

In a blog postA new way for small and midsize businesses to stay secure and current Jared Spataro, Corporate Vice President for Microsoft 365, makes an offer to small and medium-sized companies (this colleague noticed it here).

Microsoft is extending the availability of paid Windows 7 Extended Security Updates (ESU) to enterprises of all sizes by January 2023. Previously, Windows 7 ESU was only available in volume licensing for Windows 7 Professional and Windows 7 Enterprise customers.

The Windows 7 ESU is sold on a device basis, with the price increasing each year. Partners in the Cloud Solution Provider (CSP) program can visit the Microsoft Partner Center for more information. As of December 1, 2019, companies of all sizes can purchase ESU through the Cloud Solution Provider (CSP) program. This means that customers can work with their partners to receive security updates until the migration to a different operating system is complete.

Windows 7 users who want to take advantage of the paid advanced security updates as they become available on December 1 can learn more about them on the FAQ page. To learn more about the end of Windows 7 support and Office 365 Business, visit the Microsoft support page.

At ZDNet Mary Foley mentioned prices. The price of ESUs ranges from $25 per device for Windows Enterprise users in the first year to $100 per device in the third. For per-user users, the ESU price ranges from $50 per device in the first year to $200 per device in the third year.

In my opinion, private users can also rely on the solution hinted at in the blog post Windows 7/Server 2008/R2: 0patch delivers security patches after support ends. Let’s see what happens next.

Microsoft has released an ISO installation image for the Windows 10 Insider Previews 20H1 Build 18990. These ISO files can be used to install a corresponding Windows 10 Insider Preview 20H1.

I have just seen the info on Twitter and at my colleagues at deskmodder.de. Here is the text:

Windows 10 20H1 Build 18990 available as an ISO download https://t.co/Amv9TBIoMt pic.twitter.com/20Cpf2c882

— Ian Dixon [)-) (@isdixon) October 2, 2019

As usual the download is only possible for Windows insiders after login on the page To access this page, you need to be a member of the Windows Insider program. In a selection box the ISO file of the Windows 10 20H1 Build 18990 (Fast)-Ring will be offered for download.

The ISO file can be transferred to a USB stick using tools such as Rufus or to a DVD using on-board tools. These can be used to boot and perform a clean install. Alternatively, you should be able to run the setup.exe of the mounted ISO file from a Windows 10 and upgrade it.

The colleagues from deskmodder.de lso point out that Microsoft has provided a new version of Windows ADK and Windows WDK as well as the App converter. But this doesn’t need a normal Windows insider.

Windows 10 Version 1909 ISO are coming also

It seems that the first ISO files for (I expected it for tomorrow) Windows 10 version 1909 are in Retail ring, as deskmodder.de reported within the tweet below.

Die ersten zwei ISOs im Retail Ring gesichtet – Windows 10 1909 https://t.co/7h2gEYotYi pic.twitter.com/qGxsQopCFH

— Deskmodder (@Deskmodder) October 2, 2019

Let’s see when there’s official confirmation. I just checked, in the Visual Studio subscription the ISOs do not exist.

[German]It seems, that Update KB4522015 for Windows 10 Version 1903 breaks older Versions of VMware workstation. This virtualization software can’t launch after installing this patch.

Update KB4522015 for Windows 19 V1903

Update KB4522015 has been released on September 23, 2019 for Windows 19 V1903. This is a security update to Internet Explorer, release to mitigate a vulnerability in scripting. This update has been available only via Microsoft Update Catalog, but it is causing several issues (see the knows issues section of KB4522015 and link list below).

Issues with VMware workstation

Shortly after I’ve published the article Windows 10: Issues with Updates KB4522015, KB4522016 / KB4517211 (Sept. 2019) I got a user comment mentions issues with Vmware workstation. German blog reader Kay wrote:

old versions of VMware Workstation no longer work after KB4522015 update

There is a thread at reddit.com, where a user wrote ‘Cannot run VMware WS Pro 14 after KB4517211’. He posted the following screen shot.

VMware workstation can't run (Source: reddit.com)

One user wrote, that it has something to do with changes in Hyper-V and may be present since the release of Windows 10 version 1903. Other users has confirmed this issue. There is also a thread at VMware forum, where this issue has been discussed.

Windows 10 KB4517211 Stops VM workstation 12 From Starting

After installing this Windows update “KB4517211” VMWare workstation 12 no longer starts. Had to delete update….

Other users has confirmed this issue caused by Windows 10 V10ß3 update KB4517211:

We got the same issue but I don’t think that it is a good solution to just remove this update. Is there any other known fix for this issue?

It affects several versions of VMware workstation installed on Windows 10 Version 1903. At tensforum.com a user describes a workaround for VMware workstation 14.

[German]Microsoft finally released the cumulative security update KB4524135 for Internet Explorer versions 9 to 11 on October 3, 2019 to close a vulnerability that had become known in September.

The vulnerability CVE-2019-1367 in IE

On September 23, 2019, Microsoft had surprisingly released out-of-band security updates for Internet Explorer that were intended to close the CVE-2019-1367 vulnerability.

CVE-2019-1367 is a memory corruption vulnerability in IE’s scripting engine. This is related to the handling of objects in Internet Explorer memory by the scripting engine. The vulnerability could damage the memory to such an extent that an attacker could execute arbitrary code in the context of the current user.

An attacker who successfully exploited the vulnerability is granted the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs, view, modify, or delete data, or create new accounts with full user privileges.

I had blogged about the updates available for the various Windows versions in the blog post Windows: Vulnerabilities in IE and Defender (09/23/2019). According to KB article, the security updates were only available for manual download in the Microsoft Update Catalog und had to be installed manually. However, there were printing issue with the September updates and Microsoft blamed the IE security update for this (see Windows: Printer issues after Sept. 2019 Update confirmed).

Update KB4524135 for Internet Explorer

Cumulative Update KB4524135, released on October 3, 2019, is available for Internet Explorer 9 – 11 for the following Windows versions:

Internet Explorer 11 on Windows Server 2012 R2
Internet Explorer 11 on Windows Server 2012
Internet Explorer 11 on Windows Server 2008 R2 SP1
Internet Explorer 11 on Windows 8.1 Update
Internet Explorer 11 on Windows 7 SP1
Internet Explorer 10 on Windows Server 2012
Internet Explorer 9 on Windows Server 2008 SP2

The cumulative update addresses again the CVE-2019-1367 vulnerability, and this time it is shipped via both Windows Update and WSUS. The update can also be downloaded from the Microsoft Update Catalog and installed manually.

Before installing the IE update KB4524135, the installation of Servicing Stack Update (SSU) (KB4490628) or newer (if available) is recommended. In addition, the SHA-2 update (KB4474419) dated September 10, 2019 must have been installed under Windows 7 and Windows Server 2008/R2.

Microsoft also recommends that you install the latest Servicing Stack Update (SSU) (KB4516655) under Windows 7/Server 2008/R2 after installing the update. If a language pack is subsequently installed, update KB4524135 must be reinstalled. The support article KB4524135 lists known errors and further information that should be noted.

The printer issue mentioned below will be fixed in separate Windows-Updates.

Microsoft has released the Windows 10 Insider Preview Build 18995 (from development branch 20H1) for Windows Insider in the Fast Ring on October 3, 2019. This build should lead to another feature update in spring 2020. The announcement with details about new features/changes and bugs can be found in the Windows Blog.

Windows Update [German]Microsoft has released on October 3, 2019, a bunch of updates for Windows 7 to Windows 10 and their server counterparts. These are intended to solve the problem with printers that has occurred since the end of September 2019.

The printer problem in Windows

In all Windows versions, printing problems could occur after the installation of the updates released at the end of September 2019 (IE, Windows). The Print Spooler service cause issues when completing a print job on the affected systems and crashed. The print job was canceled or failed. Also, applications could close or fail because the print spooler failed. I had mentioned the error in more detail in the blog in various articles. Later, Microsoft confirmed that the error could actually occur in all versions of Windows. I mentioned this in the blog post Windows: Printer issues after Sept. 2019 Update confirmed.

Bug fix update for printer issues and more

Effective October 3, 2019, Microsoft has released updates for Windows other than the KB4524135 Cumulative Update for Internet Explorer (see Internet Explorer: Cumulative Update KB4524135 (10/03/2019)). Blog reader EP has pointed this out to me here.

Update-Note

For all Windows updates, the support articles contain a yellow background indicating that this is a required security update to close the CVE-2019-1367 vulnerability reported on Sept. 23, 2019 (see screenshot above and following text).

IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent printing issue some users have experienced. Customers using Windows Update or Windows Server Update Services (WSUS) will be offered this update automatically. To help secure your devices, we recommend that you install this update as soon as a possible and restart your PC to fully apply the mitigations. Like all cumulative updates, this update supersedes any preceding update.

Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019.

The following updates do not replace the security updates scheduled for the upcoming patchday. Microsoft always provides the same fixes for these updates:

The sporadic printer problem (see Windows: Printer issues after Sept. 2019 Update confirmed) is to be resolved with this update.
Fixes a problem that could cause an error when installing Features On Demand (FOD), such as .Net 3.5. The error is: “The changes could not be completed. Please restart your computer and try again. Error code: 0x800f0950.”

However, I have already noticed messages where the printer problem has not been fixed. Then the September 2019 updates causing the problem should be uninstalled. Microsoft released the following updates for the Windows versions listed below on October 3, 2019.

KB4524147: Cumulative update for Windows 10 version 1903 and Windows Server 1903, which raises the OS build to 18362.388.
KB4524148: Cumulative update for Windows 10 version 1809, Windows Server 1809, and Windows Server 2019 which raises the OS build to 17763.775. The Servicing Stack Update (SSU) KB4512577 has also been released.
KB4524149: Cumulative update for Windows 10 version 1803, which raises the OS build to 17134.1040.
KB4524150: Cumulative update for Windows 10 version 1709, which raises the OS build to 16299.1421.
KB4524151: Cumulative update for Windows 10 version 1703, which raises the OS build to 15063.2079.
KB4524152: Cumulative update for Windows 10 version 1607 and Windows Server 2016, , which raises the OS build to 14393.3243.
KB4524153: Cumulative update for Windows 10 version 1507 (RTM), which raises the OS build to 0240.18335.
KB4524156: Monthly Rollup for Windows 8.1 and Windows Server 2012 R2
KB4524157: Monthly Rollup for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1

For Windows Server 2008 I did not find an update for October 3, 2019.

Please note that older Windows 10 systems prior to version 1803 are only supported in the Enterprise version (also LTSC). Details about the updates and known problems can be found in the linked KB articles.

[German]Microsoft has released a cumulative security update for Internet Explorer on October 3, 2019, as well as an optional bug fix update for various Windows versions to fix the printer bug. At the end of the day, it turns out that the updates raise more questions and problems than they solve.

In the night from October 3 to October 4, 2019, I summarized hints about these updates in the following two blog posts.

Internet Explorer: Cumulative Update KB4524135 (10/03/2019)
Windows Updates fixes printer bug (Oct. 3, 2019)

The comments I received to those articles (German, English) reveals inconsistencies and additional errors. Here is an outline of the situation.

Internet Explorer updates knitted with a hot needle?

Cumulative security supdate KB4524135 for Internet Explorer 9 till 11 shall fix a vulnerability CVE-2019-1367 (that became public in September) in older Windows versions (Windows 7, Windows 8.1 and Server pendants).

I have given some hints in the blog post Internet Explorer: Cumulative Update KB4524135 (10/03/2019). It also mentions the Windows versions that this update applies to. For Windows 10, the fix for the vulnerability is provided through cumulative updates for the various Windows 10 builds.

Microsoft already writes in support article KB4524135 that Internet Explorer displays an incorrect update installed.

On Windows 7, the “About Internet Explorer” dialog box in Internet Explorer 11 may list a different KB number, even when you have KB4524135 installed.

Exactly this discussion has originated within my German blog. In this comment, Blog reader Bolko tries to unravel Microsoft’s inconsitencies with various patches (the KB number used in the update’s internal metafiles has not been adapted to the KB number under which the patch was released).

As a result, the rollup update KB4524157 installs the older IE11 version 11.0.9600.19503, while the IE 11 update KB4524135 installs version 1.0.9600.19504.

The printer bug and other issues

Even more confusing is the situation with Microsoft’s attempt to solve the printer problem (see my blog post Windows: Printer issues after Sept. 2019 Update confirmed) in Windows, which was caused by September updates, with subsequent updates.

In the blog post Windows Updates fixes printer bug (Oct. 3, 2019), I enlisted the updates available for the various Windows versions. There was a hint from me that the first feedback I got, was that the printer bug wasn’t fixed for all users. If I go into the comments I received for my blog post, I see the following picture:

The Windows update in question (see the list in Windows Updates fixes printer bug (Oct. 3, 2019)) did nothing to fix the printer bugs – so the error is still there (see this comment, for example).
Users who had working printers until now suddenly are facing printing issues after installing the update – so the error was newly introduced (see this German comment). I also read something like this on MS Answers.

The observation from the following tweet, which Susan Bradley pulled out of askwoody.com, is also very ugly.

I’d like to thank @Microsoft for pushing out Windows 10 v1903 w/KB4524147 included, breaking the Print Spooler service, bypassing our WSUS, and wasting hours of my time. Seriously, thanks for the job security. @AskWoody

— Kobold Curry Chef (@KoboldCurryChef) October 4, 2019

Those who run into these problems should try to reinstall the printer driver. For a blog reader this has helped. The alternative would be to update the printer driver via the Update Driver button in the Device Manager using the .inf file. Maybe it will help – otherwise there is only uninstalling the updates that cause this bug.

Within this German comment blog reader Kay mentions, that the massive printing issues caused by the old update KB4517211 have been fixed for him by the new update KB4524147. But he has the problem that the Info-Center (button at the bottom right next to time) and “Windows “+”P” don’t work anymore. On MS Answers there is this more recent thread, which already discusses issues with the Action Center at the end of September 2019.
Other German users reported install issues in Windows 7 SP1, or freezing application and more in Windows 8.1.
At this MS Answers forum post someone reports that the start menu does not work anymore after installing the update KB4524147 in Windows 10 Version 1903. Woody Leonhard already discussed this in this short article on October 3, 2019. Meanwhile the reports of affected people are increasing.

Woody Leonhard has published this ComputerWorld article in the meantime, where he collected further issues in connection with the patches. It breaks KB4524156 possibly ASP applications on Windows Server 2012 R2. It may be isolated cases – but it doesn’t really make you happy.

[German]Just a brief information: Microsoft has released the Windows 10 version 1909 as a build for Windows insiders testing in the Release Preview Ring. Here are a few details I know so far.

I had speculated a few days ago that the new Windows 10 version 1909 could be released on October 3, 2019 (see Windows 10 V1909 ready, release on October 3, 2019?). As we know now, this hasn’t happened. Instead, a new V2 of Windows 10 version 1903 has been added to Microsoft’s Techbench servers (the colleagues from deskmodder.de have discussed this in the German blog post Win10 1903 V2 ISO steht nun zum Download bereit).

Now it looks as if Microsoft could release the new Windows 10 version 1909 build for ‘daring’ users next week. On Friday, Microsoft released the new Windows 10 Version 1909 as a build for Windows insiders testing in the Release Preview Ring.

Users have noticed this and they have reported it in tweets as shown below. The Slow Ring was obviously skipped. Microsoft employee Brandon LeBlanc confirmed that.

Yes, see the update to our blog post here: https://t.co/dh00qMpUzc

— Brandon LeBlanc (@brandonleblanc) September 11, 2019

Microsoft has written an addendum to the Windows Blog that confirms this. The addendum says:

UPDATE 10/3: Today, we have released KB4524147 which applies to both 19H1 and 19H2. For Windows Insiders in Release Preview on 19H2, this will update them to Build 18363.388.

Update KB4524147 has been released for Windows 10 Version 1903, which should fix the printer problems (see my blog posts Windows Updates fixes printer bug (Oct. 3, 2019) and Windows/IE: Issues and confusion with updates (10/03/2019)). The update KB4524147 was also released for Windows 10 19H2, which will become version 1909.

The colleagues from German blog deskmodder.de pointed out a few hours ago in the blog post KB4517245 – Feature-Update auf die Windows 10 Version 1909 that this is also the ‘Feature Update’ for Windows 10 Version 1909. In principle, all Windows 10 1903 users already have the code for Windows 10 Version 1903 through the updateKB4524147. However, Microsoft has not yet released the functions. Only a small Enablement Package KB4517245 is required to unlock the features and increases the build from 18362 to 18363. Insiders who test in the release preview will probably get this update – if you want to experiment, you can download and install the update from the deskmodder page via the blog post linked above.

KB4517245. Dieses schaltet die Funktionen frei und erhöht die Build von 18362 auf 18363. Insider, die im Release Preview testen, bekommen dieses Update wohl angeboten – wer unbedingt experimentieren will, kann sich das Update über den oben verlinkten Blog-Beitrag von der deskmodder-Seite herunterladen und installieren.

Just a short information: At the end of September 2019, Dell released a BIOS update for its Dell OptiPlex 7070 systems. This provides support for downloading recovery images from the cloud.

On Friday, I became aware of a tweet that addresses exactly this issue.

Interesting new Dell BIOS feature. pic.twitter.com/UMUmTHS0Pk

— Steven Kister (@StevenKister1) October 4, 2019

[German]Windows 10 users occasionally facing the problem that the operating system reports error code 0xC0020036 during an update installation. I have also seen the error code associated with Windows activation. In the blog post I discuss this error code.

The problem description

I recently stumbled upon this error 0xC0020036 while browsing the Microsoft Answers forum. In this post, a user describes the problem for Windows 10 version 1903, but the error also occurred with older builds. Here is an excerpt of his error description

Update error 0xc0020036

Hello,

a week ago (15.9.2019) I got stopcode “System service Exception“. Right now its second time this month. First time it was failed installation in Windows update. Hard to find as now…

15.9.2019 I got stopcode (as I wrote up) but everything was updated so I just wait. In Wednesday I found in Your website that in May was update for Windows so I downloaded it because I had my Notebook in “Safe mode” so can’t reach Windows update. While I try to run it I got a message “something about I already have this update” so it was good but yesterday I try to restart NB (notebook) and in Windows update was that Im without last update (that one in may :/ 1903 – had 1803). Becuase today I had time I used my downloaded update. Yeah and error 0xc0020036 ….

The user received the stop error 0xC0020036 during restarting Windows, when trying to install a feature update for Windows 10 Version 1903. The last operation failed.

From the description above I can see that the existing Windows 10 version 1803 system of the user was already very ‘broken’, because he had to work in safe mode. This only as a note.

What does stop code 0xC0020036 stands for?

COM error 0xC0020036 is dropped from the Windows kernel mode (in the FACILITY_DISPATCH area, see this Microsoft document) and is of an informal nature regarding the availability of certain resources. It stands for EPT_NT_NOT_REGISTERED or EPT_S_NOT_REGISTERED.

The full error message is ‘There are no more endpoints available from the endpoint mapper’. In the kernel (late-binding IDispatch interface) an attempt is made to assign an endpoint for an operation. But this is impossible because there are no more endpoints available (a search didn’t found a required endpoint for a procedure entry, because it isn’t registered). The system can no longer perform the operation, then triggers a stop code and stops the last operation.

What can you do?

The error is quite serious because an operation such as installing the update or activating Windows can no longer be performed. The operating system as such will continue to work, but updates cannot be installed. This should also apply to update packages that are not obtained via Windows Update, but are downloaded from the Microsoft Update Catalog and installed manually.

At this point there is only the vague hope that something can still be ‘repaired’. In this MS Answers forum thread you will find the suspicion that the error during the Windows 10 update installation could be caused by defective or missing Windows files. Under this assumption you can try the following repair instructions.

Windows Update-Troubleshooter

The user can try the build-in Windows 10 update troubleshooter. This feature can be found in Windows 10 V1903 in the Settings app under Update and Security – Troubleshooting (see screenshot above). If necessary, you should perform the troubleshooter several times.
If this measure is of no use (which I guess from experience), there is still a precautionary check of the system for defective files and a repair using the commands scf and dism. I have described the steps in the older blog post Check and repair Windows system files and component store.

If the steps above do not help (which I suspect), you should reboot the system to be safe, that a hanging process isn’t the root case for this issue.

If the error occurs when activating Windows, you can check the system file for damages and the tip for a special scenario, which is described here in the thread, as well as the hints in this article to exclude faulty or damaged license keys.

If this doesn’t help, most users still just have the option to try a repair installation by a so-called Inplace-Upgrade.

This requires a Windows 10 installation medium suitable for the current installation. This can be downloaded from Microsoft using the Media Creation Tool and then saved as an ISO file, burned as a DVD medium or saved on a USB stick.
An ISO file with the installation image can be ‘mounted’ under Windows 10 using the context menu, so that the installation files can be accessed via the ‘virtual optical DVD drive’ created in this way. If you have created an USB stick, you should copy its contents to a folder on your hard disk (since there is a bug in older versions of Windows 10 Version 1903 that prevents the installation of a function upgrade on existing USB storage media).

If the installation image is accessible, boot Windows 10 and launch the file setup.exe from the install image. Then follow the instructions of the wizard to carry out the repair installation with an in-place upgrade. Windows 10 is simply installed over the existing Windows 10. During the in-place upgrade, however, all data and the installed programs should be retained. With a bit of luck, this will allow the system to be repaired and the error will be gone.

Final note: There remains the question why Windows can break down and eject the above error. I’m guessing collateral damage during the installation/uninstallation of software. It is also possible that third-party virus scanners play a role that interfere with these installation/uninstallation procedures.

[German]A little surprise that might not be a surprise after all. Dona Sarkar leaves the Windows Insider Program to move to the Azure developer group.

The announcement was made a few minutes ago – I saw it on Twitter – but there is an article with more details at Windows Blog.

1/ After 3+ years of leading the #WindowsInsiders program, I’ll be moving over to the MS Developer Relations @azureadvocates team to lead advocacy for Power Platform + tech skilling.

Please tag @windowsinsider with your Insider-related questions! <3https://t.co/mORjqzHLdE

— Dona Sarkar (@donasarkar) October 7, 2019

So it has been 3 years, since Dona Sarkar overtook the Windows Insider program lead from Gabe Aul. Gabe Aul has been left Microsoft and joined Facebook gewechselt recently.

According to Eran Megiddo, Corporate Vice President, Windows and Education, Dona will be moving to a new role at the company. She will be joining  the Microsoft Developer Relations team to  lead advocacy for Citizen Developers, especially how they use the Power Platform (Microsoft Flow, PowerApps and Power BI).

Because there is no new leader of the Windows Insider Program (Microsoft claims they are still searching), there is the question: Is that programm now reaching an end? It could be a sign, that this will be true.

[English]Brief information for users of Microsoft Office 365 ProPlus who run this Office package on Windows 7. Microsoft wants to ensure support for this package until 2023.

End of Life causing issues

The subscription version of Microsoft Office 365, receives monthly updates, so Office 365 ProPlus is always up to date. However, this requires that Office 365 ProPlus is installed on a Windows operating system that is still supported by Microsoft. But support for Windows 7 SP1 will end on January 14, 2020.

Microsoft extends support till 2023

The tweet below from Woody Leonhard pointed me to this issue. Microsoft has thought about what will happen to Windows 7 SP1 users who will be using Office 365 ProPlus after January 14, 2020.

Office 365 ProPlus customers to get support on Windows 7 after January 14, 2020. Support’s been extended to January 2023. https://t.co/0LgWzJ6uEJ

— Woody Leonhard (@AskWoody) October 8, 2019

Microsoft writes on the Windows 7 / Office Support page that the use of Office 365 ProPlus on older, unsupported operating systems can lead to performance and reliability issues over time. If you are using Office 365 ProPlus on Windows 7 devices, Microsoft strongly recommends that you migrate these devices to Windows 10.

Although Windows 7 will no longer be supported after January 2020, Microsoft has decided to continue providing security updates for Office 365 ProPlus for the next 3 years, until January 2023. Microsoft is doing this to give users additional timefor the transition from Office 365 ProPlus on Windows 7 devices to a supported operating system such as Windows 10.

However, this step includes the limitation that a device that is still running Windows 7 will not receive updates for new features for Office 365 ProPlus. This also applies if users have purchased Extended Security Updates (ESU) for Windows 7 SP1.

[German]After the September and October 2019 updates for Windows, there are not only printer issues. I have also noticed RDP issues. And the Sept. 2019 update KB4515384 causes boot problems with certain network drivers.

I’ll sum it up here in this article – currently as ‘single cases’ – but maybe there are other users affected.

RDP issues after October 2019 updates

But I got several feedback from reader reporting RDP issues after installing October 3, 2019 updates for Windows. A user of my German article Chaos bei Oktober-Updates für Windows und Internet Explorer I published at news portal heise reported the following issue (I’ve translated the German comment):

RDP no longer works

After the updating my virtual server, RDP only works as an administrator.

Does anyone else have the same problem?

I had the comment still open in the browser tab for further research when I received this comment in my German blog..

KB4524147: Installed on a Windows 10 PC with an HP laser attached. This PC connects to a server 2008R2 via RDP as terminal server. The TS server printer redirection “Easyprint” is used.

After the “Update”: If a document with more than one page is printed, the RDP session is suddenly disconnected. After logging in again, you will see the error message: “Printer xy” not found. Printer xy is then any other printer.

Update KB4524147 was released on October 3 for Windows 10 Version 1903 and Windows Server Version 1903 to address the Internet Explorer vulnerability and printing issues. User Hansi reported a similar issue within my English blog.

SBS 2011 Remote Access (RDP) does not work after this crap update. And yes I know SBS is EOL in January 2020, but we have just October 2019.

This doesn’t have to be the same error – but all comments refer to RDP connections.

Update KB4515384 causes boot issues?

As of September 11, 2019, several security updates were released for Windows, which also fix a vulnerability in the RDP service. I noticed this threadin the comment section of a in a German news site. One affected writes:

I still have problems with the patch, both network drivers (GBit and Wireless, both Intel) cannot start the device. I can’t start Microsoft Edge and the Start menu immediately displays a serious error that forces me to log off.

sfc /scannow does not output any errors. Uninstalling the patch immediately fixes all these bugs. The whole thing is easily reproducible.

Somebody else who observed this behavior?

Update KB4515384 has more problems – for example it may cause the installation error 0xe0000100 on USB HID devices – as you can read here. The same author has published a more comprehensive overview of problems here.

Windows Update [German]On October 8, 2019, Microsoft released security updates for Windows clients and servers, Office, etc. Here is a compact overview of these updates.

A list of the updates can be found on this Microsoft page. Details about the update packages for Windows, Office etc. can be found in separate blog posts.

Servicing Stack Updates

Microsoft now publishes an overview of all current Servicing Stack Updates (SSUs). The list of SSUs can be found at ADV990001. In October 2019 SSUs were updated – e.g. changes to the Secure Boot Revocation List were made for some Windows 10 updates. Here is the compact list:

Servicing Stack Updates Oct. 2019
(Source: Microsoft/Askwoody)

Notes on updates

All Windows 10 updates are cumulative. The monthly Patchday update includes all security fixes for Windows 10 and all non-security fixes up to Patchday. In addition to the security patches for the vulnerabilities, the updates include defense-in-depth updates to improve security.

Updates can also be downloaded from the Microsoft Update Catalog. Updates for Windows RT 8.1 and Microsoft Office RT are only available through Windows Update. Information about the support period for Windows 10 can be found in the Windows Lifecycle Facts Sheet.

Internet Explorer 11 will be available on Windows Serverv 2012 from May 2019. This configuration is available only through the Cumulative Update for IE.

For Windows 7 SP1 and Windows Server 2008/R2 an updated SHA-2 Code-Signing Update KB4474419 was released on October 8, 2019 (see this comment at askwoody.com).

The October 2019 security updates cover 59 CVE vulnerabilities, of which 9 are classified as “critical”, 49 as “important” and one as “moderate”. A list can be found on the Google Zero Day Initiative blog – Talos has also published a summary here. And Martin Brinkmann has published a compact list of updates here (I will describe details within separate blog posts).

Critical Security Updates

Internet Explorer 11
ChakraCore
Microsoft Edge (EdgeHTML-based)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Azure App Service on Azure Stack
Open Enclave SDK

Important Security Updates

Excel Services
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
Office Online Server
SQL Server Management Studio 18.3
SQL Server Management Studio 18.3.1
Microsoft Dynamics 365 (on-premises) version 9.0
Windows 10 Mobile
Windows Update Assistant

Moderate Security Updates

Internet Explorer 9
Internet Explorer 10