[German]On October 8, 2019, Microsoft released various (security) updates for Windows 7 SP1 and other updates for Windows 8.1 as well as the corresponding server versions. Here is an overview of these updates.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1, a rollup and a security-only update have been released. The update history for Windows 7 can be found on this Microsoft page. Installation requires installed SHA2 support to successfully install the security updates. 

KB4519976 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB4519976 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes and addresses the following:

• Addresses an issue that may fail to disable VBScript in Internet Explorer by default after installing KB4507437 (Preview of Monthly Rollup) or KB4511872 (Internet Explorer Cumulative Update) and later. 
• Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
• Security updates to Windows Authentication, Microsoft JET Database Engine, Windows Kernel, Internet Information Services, the Microsoft Scripting Engine, and Windows Server.

According to the above list, the printer issues that has kept some users in suspense since September 2019 should finally be fixed. But I received feedback from German users, who are facing now printer issues for the first time (don’t know the exact update that has been installed on Oct. 8, 2019).

This update will be downloaded and installed automatically via Windows Update. The package is also available via Microsoft Update Catalog and will be distributed via WSUS. The installation requires that the SSU (KB4490628 of March 2019) is already installed. If you install it via Windows Update, it will be installed automatically. After the update installation Microsoft recommends to install the SSU KB4516655 (if not already installed).

Since August 2019, the SHA-2 update (KB4474419) must be installed before installing this security update. This update will only be delivered via SHA-2 Code Signing for Windows Update and WSUS. Microsoft has made an update on October 8, 2019. The update should be updated automatically.

Microsoft does not list a known issues for this update.

KB4520003 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB4520003 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update addresses the following issues. 

• Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
• Security updates to Windows Authentication, Microsoft JET Database Engine, Windows Kernel, Internet Information Services, and Windows Server.

The update is available via WSUS or in the Microsoft Update Catalog. To install the update, the following preconditions must be met. 

1. The March 12, 2019 servicing stack update (SSU) (KB4490628). If you are using Windows Update, this SSU will be offered to you automatically. To get the standalone package for this SSU, search for it in the Microsoft Update Catalog. 
2. The latest SHA-2 update (KB4474419) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. For more information on SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
3. The latest SSU (KB4516655). If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

When deploying via WSUS, make sure that the above-mentioned SSU and SHA-2 updates are installed – the automatic installation will not then be performed via Windows Update. After installation, Windows must be restarted before the Security-only Update is installed. You should also install the security update KB4519974 for IE. Microsoft does not list any known problems with this update. From what I’ve heard, there doesn’t seem to be a telemetry feature this time.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a rollup and a security-only update have been released. The update history for Windows 8.1 can be found on this Microsoft site.

KB4520005 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4520005 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following issues.

• Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
• Security updates to Windows Cryptography, Windows Authentication, Windows Kernel, Windows Storage and Filesystems, Microsoft JET Database Engine, Internet Information Services, the Microsoft Scripting Engine, and Windows Server.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. For manual installation, the latest Servicing Stack Update (SSU) must be installed first.

The update has a known issue: Certain operations, such as renaming files or folders located on a cluster shared volume (CSV), may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the action on a CSV owner node from a process that does not have administrator privileges. See the KB article for details.

KB4519990 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB4519990 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following item.

Security updates to Windows Cryptography, Windows Authentication, Windows Kernel, Windows Storage and Filesystems, Microsoft JET Database Engine, Internet Information Services, and Windows Server.

The update is available via WSUS or in the Microsoft Update Catalog. The update has the same known problems as the rollup update, these are described in the KB article. For a manual installation, the latest Servicing Stack Update (SSU) must be installed first. You should also install the KB4519974 update for IE.

Similar articles:
Microsoft Office Patchday (1. Oktober 2019)
Microsoft Security Update Summary (October 8, 2019)
Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)

Microsoft has released the Windows 10 Insider Preview Build 18999 (from the development branch 20H1) for Windows Insider in the Fast Ring on October 8, 2019. This build should lead to another function update in spring 2020. The announcement with details about new features/changes and bugs can be found in the Windows Blog.

[German]On October 8, 2019 (second Tuesday of the month, patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds. Here are some details about each update.

For a list of updates, visit this Microsoft Web page. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Updates for Windows 10 Version 1903

The following updates are available for Windows 10 May 2019 Update (Version 1903).

Update KB4517389 for Windows 10 Version 1903

Cumulative Update KB4517389 raises the OS build to 18362.418 and is available for Windows 10 Version 1903 and Windows Server Version 1903 (as well as the Hololens). It contains quality improvements but no new operating system functions. Here is the list of improvements, called highlights by Microsoft: 

• Updates to improve security when using Internet Explorer and Microsoft Edge.
• Updates for verifying user names and passwords.
• Updates for storing and managing files.

The following fixes and improvements have been added to the Windows version:

• Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
• Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
• Security updates to Windows Shell, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Storage and Filesystems, Windows Kernel, Microsoft Scripting Engine, and Windows Server.

The update is intended to fix the printer bug that has been known since September 2019. However, I already have a German comment that a Windows update causes printer issues (the printer isn’t detected no more).

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft does not specify any known issues for the update.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (version 1809) and Windows Server 2019.

Update KB4519338 for Windows 10 Version 1809

Cumulative Update KB4519338 raises the OS build to 17763.806 and includes quality improvements but no new operating system features. Here is the list of improvements, called highlights by Microsoft:

• Updates to improve security when using Internet Explorer and Microsoft Edge.
• Updates for verifying user names and passwords.

The following fixes and improvements have been added to the Windows version:

• Addresses an issue in the Keyboard Lockdown Subsystem that may not filter key input correctly.
• Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
• Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
• Security updates to Windows Shell, Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Kernel, and Windows Server.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. . Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists several known issues that the update causes. See the KB article for details.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 April Update (version 1803), which expires on November 12, 2019 for Home and Pro.

Update KB4520008 for Windows 10 Version 1803

Cumulative Update KB4520008 contains quality improvements but no new operating system features and raises the OS build to 17134.1069. Here is the list of improvements, this time called highlights by Microsoft:

• Updates to improve security when using Internet Explorer and Microsoft Edge.
• Updates for verifying user names and passwords.
• Updates for storing and managing files.

And here is the list of fixes and changes:

• Addresses an issue in the Keyboard Lockdown Subsystem that may not filter key input correctly. 
• Addresses an issue with the Bluetooth hardening updates, released August 13, 2019, that may cause a “0x133 DPC_WATCHDOG_VIOLATION” error.
• Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.
• Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
• Security updates to Windows Shell, Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, Windows Cryptography, Windows Authentication, Windows Datacenter Networking , Windows Storage and Filesystems, Windows Kernel, Microsoft Scripting Engine, and Windows Server.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists several known issues that the update causes in the KB article. 

Updates for Windows 10 Version 1507 till 1709

For Windows 10 RTM up to version 1709 different updates are available for the LTSC versions and Enterprise versions. Here is a short overview.

• Windows 10 Version 1709: Update KB4520004 is only available for Enterprise and Education. The update raises the OS build to 16299.1451. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1703: Update KB4520010 is only available for Enterprise and Education. The update raises the OS build to 15063.2108. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4519998 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to 14393.3274 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed before manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1507: Update KB4520011 is available for the RTM version (LTSC). The update raises the OS build to 10240.18368. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, also on known problems, can be found in the KB article. Details can be found in the KB article.

There was no update for Windows 10 V1511, because this version was dropped from support. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Microsoft Office Patchday (1. Oktober 2019)
Microsoft Security Update Summary (October 8, 2019)
Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)
Patchday Windows 10-Updates (October 8, 2019)

[German]A brief information for people who still run a smartphone with Windows 10 Mobile Version 1709. This version received the update KB4522809 on October 8, 2019.

According to Microsoft the security update KB4522809 raises the OS build to 15254.59. The update is automatically distributed via Windows Update and contains all improvements from update KB4520004.

(Lumia 950, Source: Microsoft)

In the comments here, user Yep gives a hint to a nice fix that should please device owners:

There’s also the new build 15254.590 for W10M which brings an important improvement to Microsoft Edge by fixing the reload page issue on devices with low memory!
=> Long life to W10M

Microsoft writes that there are no known problems with the update.

[German]As of October 8, 2019, Microsoft has released a couple of security updates for Windows 10. After the September 2019 patchday disaster, I now have collected a few minor issues, that I became aware.

In general, after the update hassle in September 2019 and October 3, 2019, there seems to be less hassle with the latest updates from October 8, 2019. Nevertheless, there are users who have Windows 10 issues after the update installation.

Is the printer issue fixed?

The exciting question was whether the printing problems caused by a crashing printer spooler process have been fixed. The problems occurred after installing an IE security update from September 2019 (see Windows: Printer issues after Sept. 2019 Update confirmed). The repair attempt with patches as of October 3, 2019 (Windows Updates fixes printer bug (Oct. 3, 2019)) then went down the drain. In the article Windows/IE: Issues and confusion with updates (10/03/2019) I wrote something about this.

Microsoft has explicitly stated in the support articles of the Windows 10 October 2019 updates that the printing issue in the jscript.dll has been fixed (see Patchday Windows 10-Updates (October 8, 2019)). Within my German blog are reports from reader, stating that affected system can print again after installing the new updates.

On reddit.com there are a few users where the update did not fix the printing issues. There, however, uninstalling the previous updates KB4524147 / KB452148 and then installing the October 8, 2019 update helped bring the printers back to life. Someone had to remove the v4 printer drivers and use an alternative driver to fix the problem. A German user commented within my blog:

In my company, the printer connections on three Windows 10 1903 machines were broken. Apparently it was the update “because yesterday it still worked”. Printer and IP connections deleted, works again. Except that the printers do not have yet their own picture in the overview and and a time symbol is to be seen …. At the other identical machines no messages so far.

Blog reader Michael was able to fix the issue in printer port assignment by deleting the entries. I’m not sure if this is related to the printing issue in jscript.dll. For the update from October 3, 2019 there was a comment with hints about issues with the printer assignment. Currently I assume that the printing issue has been fixed.

Update install issues

There are isolated messages, like this German comment here in the blog, which do not get the update installed. The blog reader noticed an abort of the update installation with error code 0x800f0922. I wrote something about this in the article Windows 10: Update error 0x800F0922. These are however isolated cases – in the case sketched above, a virus scanner could have blocked – or the free space on the system disk has been low.

Start menu and search broken

Various users are caught up again by a broken Start menu and desktop search or broken Action Center. This was a never ending gag in August/September 2019 (see Windows 10 V1903: Search and Cortana bug in Update KB4512941 confirmed (09/05/2019)) – but was fixed with the September 2019 patchday. Shortly after the updates were released on October 8, 2019, the first readers reported problems with the desktop search or the start menu. German blog reader Willi writes:

I now have rolled back to Windows 10 V1903 (build 18362.295), because since KB4512941 over KB4515384 and now KB4517389 the search box in the taskbar doesn’t work anymore. Tried all possible registry hacks recommended (Cortana, Bing search, etc.). Only after uninstalling these KBs does the search work again. It is desperate.

And German blog reader Martin reported a broken start menu after installing the update in Windows 10 Version 1903.

This morning I tried KB4517389. Unfortunately the start menu is broken again. So far only deinstallation of the update helps.

Now I have to defer patches for W10 1903 in our patch management for almost a month now, because they cause errors again and again, which strongly limit the use of Windows.

If I am by far not the only one with these problems, MS doesn’t even recognize the bugs and does update after update, which only causes more problems. You feel like you’re getting screwed!

Within my German blog other readers confirmed start menu issues here, here and here. At Microsoft Answers forum there is this thread mentions a critical error in start menu caused from update KB4517389. Also at reddit.com is a mega thread with this comment(and confirmation from a 2nd user) dealing with a broken start menu. This reddit.com post also addresses the broken start menu.

WindowsReport wrote here, that you can copy the old file ActivationStore.dat from another PC to the Cortana folder – helped some people.

In the article WindowsReport also mentions problems with the mouse. But it also seems to be an isolated case.

I also got a feedback from a German blog reader, the the Action Center has issues (some items to direct a screen to another device doesn’t work anymore). And some users are reporting issues with Edge (no more useable). Uninstalling the update fixes these issues. Anyone else affected by such or other issues?

Similar articles:
Microsoft Office Patchday (1. Oktober 2019)
Microsoft Security Update Summary (October 8, 2019)
Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)
Patchday Windows 10-Updates (October 8, 2019)
Patchday Microsoft Office Updates (October 8, 2019)

Windows: Printer issues after Sept. 2019 Update confirmed
Windows Updates fixes printer bug (Oct. 3, 2019)
Windows/IE: Issues and confusion with updates (10/03/2019)

[German]The autumn update of Windows 10, currently under development as 19H2, will probably not be released until the end of October 2019 and will be released for broader use in November 2019.

The next version of Windows 10 will be tested with insiders in the 19H2 development branch. I had once strongly suspected that the release date could be October 3 (see Windows 10 V1909 ready, release on October 3, 2019?) – but this turned out to be untrue. Microsoft is currently patching existing Windows 10 systems and the completion of Windows 10 19H2 is delayed.

First release date probably end of October

Now the colleagues at German site deskmodder.de report that Windows 10 19H2 will not be ready before the end of October 2019. If still critical bugs are found, it could even be November 2019 until the release. We had that last year with Windows 10 version 1809, which was released at the beginning of October, but then had to be withdrawn due to heavy bugs. It was not until November 2018 that there was a new release.

According to deskmodder.de the Windows 10 version 19H2 will be tested in the Release Preview Ring from 17th/18th October 2019. If there are no problems, the starting signal could be given in the last week of October for the release of the operating system.

Softpedia also speculated about the release of Windows 10 19H2 in this article (thanks to EP for the comment). It also says that this release of the new Windows 10 version is expected at the end of October 2019. The article refers to the following tweet by Zack Bowden.

I hear Microsoft is hoping to have 19H2 signed off by the end of next week. I think we’ll be getting a final build very soon. GA later in the month/early Nov.

— Zac Bowden (@zacbowden) October 8, 2019

There’s nothing official there either, just rumors. Microsoft hopes that they can finish Windows 10 19H2 within the coming week and celebrate the Sign-Off. Then the general availability would be planned at the end of October or beginning of November 2019. Microsoft has not yet confirmed these dates, but possibly official information about the release date of Windows 10 19H2 will be released next week.

It will be Windows 10 Version 1909

If you wonder which version number the upcoming Windows 10 will carry, you can give an answer. Even if the release will be in October or November, there will be no version 1910 or 1911. On October 7, 2019 Microsoft published the article What’s new in Windows 10, version 1909. There you can find the information that the upcoming Windows 10 will be version 1909.

Delivery via update or as feature update

The autumn update is rolled out in two different ways. Systems running Windows 10 Version 1809 or earlier will be offered a feature update to upgrade to Windows 10 Version 1909. For Windows 10 Version 1903, Microsoft had announced a new method for delivery (see Windows 10 19H2: What could change). The new version 1909 should be rolled out like a quality update. Exactly this has already happened. Microsoft offered the same updates for Windows 10 Version 1903 and Windows 10 19H2. Windows Insiders have therefore already received the updates for Windows 10 Version 1909. But also systems that run with Windows 10 Version 1903 have already received the code for Windows 10 Version 1909 via the cumulative update.

Microsoft hasn’t activated the features of this new Windows 10 version. Windows 10 Version 1903 has build 18362.xxx, while Windows 10 Version 1909 will have build 18333.xxx. For Windows 10 Version 1903 Microsoft will provide the “Feature Update to 1909 via Enablement Package” as KB4517245. With this 20 kByte update the Windows 10 version 1903 becomes version 1909. The colleagues of deskmodder.de have already provided this update here.  

Similar articles:
Windows 10 19H2: What could change
Windows 10 V1909 ready, release on October 3, 2019?

[German]There are vulnerabilities in the Bonjour updater in iTunes and iCloud for Windows that are currently being exploited by cyber criminals to spread ransomware. Apple has now released updates to close this vulnerability. Anyone who has ever installed Apple software a la iTunes or iCloud on their Windows system should act now.

The Hacker News reports in the article Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks, that cyber criminals are using recently discovered vulnerabilities in the Bonjour updater (the article speaks of 0-day vulnerabilities) of Apple’s iTunes and iCloud for Windows for BitPaymer and iEncrypt Ransomware attacks.

Bonjour updater vulnerable

The vulnerable component is the Bonjour updater, a configuration-free implementation of the network communication protocol that works in the background and automates various low-level network tasks. This includes automatically downloading updates for Apple software.

Since the Bonjour updater is installed as a separate program on the system, Bonjour is not removed when iTunes and iCloud are uninstalled. Therefore, this Bonjour updater is present on many Windows computers and has not been updated after uninstalling iTunes or iCloud, but runs in the background.

Cyber security researchers at Morphisec Labs discovered the exploitation of the Bonjour zero-day vulnerability in August. At the time, the attackers targeted an unnamed automotive company and infected the systems with the BitPaymer Ransomware. Details of the vulnerability can be found in the article Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks.

Apple provides Updates for iTunes/iCloud

Immediately after the discovery of the attack, the Morphisec Labs security researchers informed Apple of the details of the attack. Apple released iCloud for Windows 10.7, iCloud for Windows 7.14 and iTunes 12.10.1 for Windows a few hours ago to close the vulnerability. 

Windows users who have iTunes and/or iCloud installed on their system are strongly advised to update their software to the latest versions. Users who have ever installed and then uninstalled this Apple software on their Windows computer should check the list of installed applications on your system (in Control Panel in Installed Applications). If a Bonjour updater is listed there, this software should be uninstalled manually.

[German]Microsoft has revealed a few hours ago the new name and version number for the Windows 10 19H2, which is expected to be released end of October 2019.

Ad hoc I would have guessed that Microsoft would provide something like a Windows 10 October 2019 update for this fall, which results from the development branch 19H2. I had thematized that in the blog post Windows 10 V1909 come end of October 2019 at the earliest already. Brandon LeBlanc of Microsoft published the article Getting the November 2019 Update Ready for Release on the Windows Blog yesterday.

There the official name Windows 10 November 2019 Update is explicitly mentioned. At the same time LeBlanc emphasizes that this Windows 10 will carry the version 1909. It was announced that Windows 10 version 1909 will probably have the build number 18363.418 (although the sub-build number .418 may change). The only difference in the main branch is the last digit, because Windows 10 Version 1903 has the build number 18362.xxx.

Same Updates for Windows 10 V1903 and V1909

I had already mentioned it in several blog posts. At the beginning of 2019, Microsoft decided to provide the same updates for the Windows 10 May 2019 update (version 1903) and the planned autumn update (19H2). Microsoft speaks of the same servicing content, which means that the same cumulative updates will be rolled out for Windows 10 versions 1903 and 1909.

An enabler update is coming

Users who are using the Windows 10 May 2019 Update (Version 1903) and have installed all cumulative updates will basically already have the code for Windows 10 Version 1909. The small changes to Version 1909 are just not unlocked on machines with the Windows 10 May 2019 Update. LeBlanc wrote:

For customers who were given the option to install 19H2, an enablement package is downloaded from Windows Update that turns on the November 2019 Update features.

All users who are offered the option to ‘upgrade’ to Windows 10 19H2 (i.e. version 1909) by Microsoft – at the moment these are only Windows insiders – are provided with an ‘enablement package’ via Windows Update. This has only one task: It changes the build number for the operating system from build 18362 to build 18363. As soon as Windows 10 detects this build, it unlocks the respective features of version 1909.

The colleagues of deskmodder.de state that it will be the 20 kByte update KB4517245 which does exactly this. Via the link you can get to the deskmodder.de page and download the update, install it manually and be on version 1909.

The alternative I had described in the article Windows 10 V1909 come end of October 2019 at the earliest: Just add the machine to the Windows Insider program and switch to the Release Preview Ring. There this update is available and should be loaded via Windows Update. After that you can exit the Insider program with the machine.

At this point my advice: I would try this step only on a test machine. For production machines it is recommended to wait for the final approval by Microsoft. More details may be found on Microsoft’s blog post.

[German]After installing the cumulative updates released on October 8, 2019, some Windows 10 users, especially with version 1903, are facing again issues with a broken start menu, a broken desktop search, and a broken action center. Below I will give a brief analysis and describe some approaches how to repair this.

Description of the issue

As of October 8, 2019, Microsoft has released a bunch of cumulative security updates for Windows 10. One of the goals was to fix the printer issues, which occurred with some systems since the updates at the end of September 2019 and October 3, 2019.

However, shortly after installing these cumulative Windows 10 updates, some users discovered that the Start menu, Desktop Search, and Notification Center no longer works. These bugs had already kept the affected users in suspense at end of August and in early September 2019 (see Windows 10 V1903: Search and Cortana bug in Update KB4512941 confirmed (09/05/2019)). However, the September 2019 patchday updates actually fixed these bugs.

I have covered the issues within my blog post Windows 10 October 2019 Patchday (Start menu) issues. In the German version of this post blog-reader Janami25 has left a comment why suddenly people are affected again. He wrote:

Windows 10 1903:

My original guess with the first problem update KB4524147 has been confirmed here [in this blog post]. Once you have installed this first “problem” update, you will notice that you have issues with the start menu. And these issues will be back, after newer patches are installed.

In my opinion, you MUST restore a system backup BEFORE installing KB4524147 for the first time, and then install the very latest patch, only then the issue with the start menu was solved. At least at my saystem.

The blog reader refers to this English MS Answers forum thread, where this was also discussed. Within my blog post Windows 10 October 2019 Patchday (Start menu) issues I had given hints how to fix this issue. One was to replace the file ActivationStore.dat by an old version – but I had not the time to discuss details. In the meantime, GErman blog readers have thankfully gave me some analysises of the root cause and described some working approaches, which I now summarize here.

Fix #1: Restore ActivationStore.dat

The file ActivationStore.dat is used by various Windows apps (also the Windows shell with the start menu, notification center and search was probably created with the Modern UI app methods) to store certain information. This Microsoft article deals, for example, with the repair of the Store app, where ActivationStore.dat plays a role. The file is a component of the Windows runtime system. For interested readers: James Forshaw has mentioned this in this set of slides.

Now German users have noticed that the file ActivationStore.dat is not only missing for Cortana. In my German the blog post Windows 10 Oktober 2019-Patchday (Startmenü-) Probleme reader Bolko left some details within this comment. The file ActivationStore.dat is missing or damaged in four folders of build-in shell apps:

• Microsoft.Windows.ShellExperienceHost
• Microsoft.Windows.StartMenuExperienceHost
• Microsoft.Windows.Cortana
• Microsoft.AAD.BrokerPlugin

This also explains why the start menu, the (Cortana) search and the Windows shell have massive problems. Bolko has left the following instructions:

• The 4 still working files have to be copied from an earlier still working Windows 10 version, version 18362.329 for instance, to an USB stick.
• The USB stick must be formatted with the NTFS file system and the copying must be done in an administrative PowerShell console.

The latter restrictions have the purpose to get access when copying and to keep the access permissions (especially TrustedInstaller and ACL) when copying. Below are the path specifications for a working Windows 10 1903 Build 18362.329:

C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.329_neutral_neutral_cw5n1h2txyewy

C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.329_neutral_neutral_cw5n1h2txyewy\

C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy\

C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy\

If you use another working Windows 10 build to copy the working files, you may have to change the above pathnames.

The second step is to copy the files from the USB stick with administrative permissions to the following folders. If necessary, the path names must be adapted to the broken Windows 10 Build 18362.418.

copy .\Microsoft.Windows.ShellExperienceHost_10.0.18362.329_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.418_neutral_neutral_cw5n1h2txyewy -force
copy .\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.329_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.418_neutral_neutral_cw5n1h2txyewy\ -force
copy .\Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy\ -force
copy .\Microsoft.AAD.BrokerPlugin_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.18362.418.0_neutral_neutral_cw5n1h2txyewy\ -force

The copy commands, executed in an administrative PowerShell (or command prompt), restores the missing files into the runtime system of the corresponding Build-In Windows apps. This should (if necessary after a restart) restore the Windows shell with working start menu, etc.

Fix #2: Repair Windows 10 via Inplace-Upgrade

The above repair approach will not be practicable for some users because it is too complicated. I had outlined the following additional repair approaches in the blog post Windows 10 October 2019 Patchday (Start menu) issues:

• Try a Windows 10 repair via in-place upgrade. To do this, run setup.exe from a Windows 10 installation media from the running but defective Windows 10 system.
• Then simply let reinstall Windows 10 Version 1903 over the system (this is called an in-place upgrade).

With this approach, programs and data remain intact – and with a little luck, the missing ActivationStore.dat files are written back and everything runs again. In the Microsoft Answers forum thread, user mirovb reported that it fixed 2 machines. Also German blog reader Janami25 confirmed in this comment that it helped.

Fix #3: Restore August 2019 Backup and Update

If the above approaches do not help or are not feasible, one can still try the following approach:

• Reset the broken Windows 10 system to a backup from a working system. It should be a Windows 10 backup from August 2019. For Windows 10 V1903 this would be build 18362.329 at the latest, which was distributed with update KB4512941 to 30.8.2019.
• Then you have to install the cumulative update from October 8, 2019 that fits to the Windows 10 version. I described the updates in the blog post Patchday Windows 10-Updates (October 8, 2019). 

The suggestions proposed in forums to repair Windows 10 using sfc /scannow and dism seem not to help, because the files ActivationStore.dat of the build-in apps are not restored or will be recovered from component store in a damaged version. 

What else you can do

If you don’t have backups of a still working Windows 10 system anymore, you still have the following approaches. 

• Attempt to reset Windows 10 via the Settings app (Windows 10 will then be reset by the OEM partition to the factory settings).
• You download a Windows 10 installation medium via Media Creation Tool from Microsoft, write the ISO file to DVD or a USB stick. Then boot the machine from the installation media and reinstall Windows 10.

Afterwards you have to install the updates from October 8, 2019. The disadvantage of these approaches is that all data and programs are lost – you have a virgin Windows 10.

Just a last remark. I’ve escalated these issues to Microsoft’s engineers via this Microsoft Answers forum post. PaulSey from Microsoft confirmed that they are aware of the issues and promised a fix until end of October 2019.

Similar articles:
Microsoft Office Patchday (1. Oktober 2019)
Microsoft Security Update Summary (October 8, 2019)
Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)
Patchday Windows 10-Updates (October 8, 2019)
Patchday Microsoft Office Updates (October 8, 2019)

Windows: Printer issues after Sept. 2019 Update confirmed
Windows Updates fixes printer bug (Oct. 3, 2019)
Windows/IE: Issues and confusion with updates (10/03/2019)
Windows 10 V1903: Search and Cortana bug in Update KB4512941 confirmed
Windows 10 October 2019 Patchday (Start menu) issues

[German]HP Touchpoint Analytics software is pre-installed on most HP computers. A vulnerability allows attackers to gain administrator privileges. Here’s what you need to know about that incident.

HP TouchPoint Analytics is software preinstalled on most HP computers in the form of a Windows service that runs with NT AUTHORITY\SYSTEM” top-level permissions and is used to anonymously collect hardware performance diagnostic information. I had already blogged about issues with the HP Touchpoint Analytics software in 2017 (see my German blog post HP installiert heimlich HP Touchpoint Analytics Client-Telemetriedatenprogramm). There was a statement from HP at that time that telemetry data collection was not a problem.

Vulnerability in HP Touchpoint Analytics

Bleeping Computer reported here that a Local Privilege Escalation (LPE) vulnerability has been found in the software. The CVE-2019-6333vulnerability was found in the Open Hardware Monitor library used by HP’s monitoring software.

CVE-2019-6333 enables attackers to run malware by extending system-level permissions and avoiding anti-malware detection. To do this, it can bypass the application’s whitelisting. This whitelisting is often used to prevent the execution of unknown or potentially malicious applications.

The vulnerability was discovered by security researcher Peleg Hadar of SafeBreach Labs and reported to HP on 4 July. It affects all versions of the HP Touchpoint Analytics Client under 4.1.4.2827. The problem is the DLL search path that is frequently mentioned here in the blog, which enables DLL hijacking. 

According to Hadar, the security problem is caused by the use of an uncontrolled search path for DLLs and it is not validated whether the loaded DLLs are signed with digital certificates. This allows malware to store and load its own DLL in the path. The DLL then contains the system rights of the loading service.

Such errors in the DLL search order are often exploited in the later phase of malicious attacks after the affected computers have already been infiltrated. This vulnerability makes it possible to increase permissions to gain persistence and further infiltrate a compromised system.

Security advisory and update available

HP has released a security advisory to determine if a device is vulnerable and is providing an update to the HP TouchPoint Analytic software via Windwos Update. The Security Advisories contain information on how to update the software. Personally, I would rather uninstall the software.

[German]Microsoft released a Firmware update to fix two issues with Surface Book 2 running Windows 10 1903. The CPU throttling to 400 MHz and the disabling Nvidia dGPU bug shall be fixed.

Some details about the two issues

Owners of a Surface Book 2 has been facing two issues. When installing the Windows 10 May 2019 Update (Version 1903), the Surface Book 2 caused trouble with the separate GeForce GTX 1060 graphics card. This graphics card was supposed to relieve the internal graphics chip of graphics-intensive tasks. However, models with this graphics card had the problem that the graphics processor on the additional card separated at random. This had a huge impact on the graphics performance of the Surface Book 2. The thread here at reddit.com describes the issue.

Surface Book 2 BSOD and GPU disabling problems since 1903

Evere since I updated windows to 1903 and got new firmware I have been having a lot of problems that I hope you can help me solve:

1- I am getting BSODs regarding VIDEO_TDR_FAILURE and nvlddmkm.sys. I reverted the nvidia drivers this morning and I haven’t got a BSOD yet but it’s only been a few hours.

2- My GPU disconnects randomly. I am using the pc attached to the base and I hear the USB disconnect sound and I no longer see the 1060 gpu. At the same time I notice that my wacom tablet acts as if I just plugged it.

Between the freezes and the disconnects I am driving myself crazy. I already lost hours of work because of one BSOD (BSOD showed up as I was saving a file and corrupted it). can someone help? Is there a way to not only go back to 1809 but to also go back to the previous Surface drivers? Thanks!

I had discussed this issue within the blog post Surfaces Book 2: Issues with Windows 10 V1903 and Nvidia in June 2019 and Microsoft had confirmed this as a known issue. Microsoft also set an upgrade stopper for Windows 10 version 1903 for Surface Book 2.

The second issue: Devices like the Surface Pro 6 or the Surface Book 2 sporadically throttle the CPU down to a clock frequency of 400 MHz. I’ve mentioned this issues within my German blog post Surfaces durch Firmware-Update auf 400 MHz gedrosselt in mid of August 2019. The problem seems to be due to a wrongly set CPU flag called BD PROCHOT (bi-directional processor hot). This flag tells the processor to slow down due to high system temperatures.

A Microsoft spokesman had said in August 2019 that the developers were working on a solution through a firmware update. In the blog post mentioned above, I had announced a fix at the end of September 2019, and  that Microsoft run internal tests with fixes. A few days ago I became aware, that affected people were informed in the Microsoft Answers forums to join the Insider program of Windows 10 in order to get the fixes in advance. 

Firmware update with fixes in broad deployment

Now several media reported, that a firmware update with fixes are available. The Surface Book 2 update history enlists the following firmware updates for October 2019 for Surface Book 2 devices running Windows 10 April 2018 Update, version 1803 or greater.

• Surface – System – 1.75.139.0: Surface Base 2 Firmware Update – Firmware 1.75.139.0 improves battery stability.
• Surface – Firmware – 182.1004.139.0: Surface System Aggregator – Firmware 182.1004.139.0 resolves an issue where the CPU will throttle down to .4GHz, and improves battery stability.
• Surface – Firmware – 389.2837.768.0: Surface UEFI – Firmware 389.2837.768.0 resolves an issue where the display adapter disappears from Device Manager.

Martin Geuß at German site Dr. Windows reported, that his Surface Book 2 still says it’s not ready to upgrade to Windows 10 version 1903. But Microsoft has updated the Windows 10 V1903 status page, mentions the dGPU issue has been solved at October 11, 2019. Martin Geuß mentions also at Dr. Windows that there are Firmware updates for Surface Laptop 1 and 2 and for Surface Pro 4, 5 and 6, improving battery stability.

[German]Short info and question, whether this can be confirmed. The update KB4522015 for Windows 10 V1809 dated September 23, 2019 is supposed to block the installation of the RSAT management tools.

Update KB4522015 for Windows 10 V1809

Update KB4522015 was released on September 23, 2019 for Windows 10 Version 1809, Windows Server Version 1809, and Windows Server 2019. The main purpose of this update was to close a vulnerability in Internet Explorer 11. I reported on this topic in the blog post Windows: Vulnerabilities in IE and Defender (09/23/2019).

Update KB4522015 is causing multiple issues

This security update has caused serious issues under Windows 10. After the installation there were printing issues, which Microsoft finally had to confirm (see Windows: Printer issues after Sept. 2019 Update confirmed).

I also reported that this update blocks the use of older versions of VMware Workstation on Windows 10. Details can be found in the article Windows 10: Update KB4517211/KB4522015 breaks VMware Workstation.

Is this update causing RSAT install issues?

Remote Server Administration Tools (RSAT) allow IT administrators to remotely manage roles and features in Windows Server from a computer running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. You can install RSAT only on the Professional or Enterprise editions of the Windows client operating system.

The tools are available for download from this Microsoft Web site. In my English-language blog I have now received a comment that there are issues with RSAT. 

KB4522015 also breaks enabling RSAT tools installation. Uninstalling KB4522015 allows RSAT tools to install again.

Has anyone had the same experience? Since Microsoft has meanwhile released follow-up updates to close the IE vulnerabilities, the follow-up question: Are there any problems there?

Similar articles
Windows: Vulnerabilities in IE and Defender (09/23/2019)
Windows 10: Update KB4517211/KB4522015 breaks VMware Workstation

[German]A brief information for users of Windows 10 version 1903 who suddenly have issues with the Edge browser, which won’t launch. It is due to the cumulative update KB4517389, which was released on October 8, 2019. Microsoft is aware of the bug, however, a fix is expected by the end of the month. Within this blog post I outline also some workarounds.

Update KB4517389 for Windows 10 Version 1903

Cumulative Update KB4517389 was released on October 8, 2019 for Windows 10 Version 1903 and Windows Server Version 1903. I reported about it in the blog post Patchday Windows 10-Updates (October 8, 2019). Microsoft’s support article states that this cumulative update is intended to improve security for Internet Explorer and Edge browsers.

It is presumably a patch for the vulnerability CVE-2019-1367, which has been patched several times since the end of September 2019 (see also Windows: Vulnerabilities in IE and Defender (09/23/2019)).

Microsoft Edge browser does not start anymore

Since the release of the update, KB4517389 for Windows 10 version 1903, some users suddenly find that the Edge browser can no longer be called. Internet Explorer and other browsers work. Within this Microsoft Answers forum thread users complain massively about malfunctions in the start menu as well as about problems with printing. Within the thread, one user reports also issues with the Edge Browser.

I can confirm that. Besides, Edge does not work anymore. It does not start anymore. Internet Explorer starts and runs.

I´ve i deinstall update KB4517389 everythink works as before.
Apart from VMware 14, which does not work anymore, too.

The issues with the broken Windows shell (Start Menu, Desktop Search and Action Center) were discussed in the blog post Windows 10 October 2019 Patchday (Start menu) issues. Within this blog post I also mentioned that some users complain about an Edge browser that no longer starts. Uninstalling update KB4517389 solves this issue as well. Within the MS Answers forum thread linked above, other users confirm this issue. This reddit.com post also mentions the Edge malfunction explicitly.

Just recently installed Windows 10 on my SSD. I used an old iso from around 2015. Windows worked flawlessly with that old version but then I decided to update my windows. After installing all the newest updates my browsers stopped working. Edge, Chrome, even the steam browser. I’ve downloaded all updates, re-installed the updates and chrome but no change. The only way to get chrome to work is if I run in admin mode. There’s no option for that in Edge however.

Even when Chrome is running, it doesn’t have an icon in the taskbar. If I try to open edge it pops up for a second then the window disappears. I’ve tried repairing Edge that didn’t do anything.

Does anyone know how to fix this? I don’t have any anti-virus aside from windows defender and the only apps installed are steam and origin. It’s an almost clean install of windows but I’m still having issues with Edge.

Even the Chrome browser has malfunctions, no icon for the window of the running browser is displayed in the taskbar. Also within my German blog a user has left a comment on a broken Edge-Browser. A second user confirms this in this comment here on my  blog. But it doesn’t seem to affect many users.  

Microsoft confirms the Edge issue

I’ve had escalated the start menu issues within this MS Answers forum thread and asked to forward it to Microsoft’s developers. For the start menu issue there was a feedback from a Microsoft employee that this was known and that they were working on a fix for the end of October 2019.

We are aware of this issue and estimate a resolution to be released in late October.

However, it wasn’t clear to me which bugs were meant exactly (although the Microsoft developers knew my blog post where the Edge issue has been mentioned as well). Now I came across a second forum thread at Microsoft Answers where issues with Edge are mentioned.

Edge doesn’t work

After installing KB4517389 today can’t open Edge. Tried rebooting. Tried uninstalling update (then it worked). Reinstalled update and Edge won’t open. Tried reset and still won’t work. All other browsers work including internet explorer.

There only uninstalling update KB4517389 fixed the broke Edge browser. Microsoft employee PaulSey has also posted the following answer within the MS Answers forum thread:

We are aware of this issue and estimate a resolution to be released in late October.

So we man have a fix till the end of this month. But what’s in the mean time? Is there are workaround for affected users?

A possible fix

First it was a suspicion from me, that I posted within the German version of this blog post. For the start menu/shell issue, I had published a workaround to fix start menu issues in the blog post Windows 10: Fixes for October 2019 (start menu) issues. This workaround will replace the broken/missing ActivationStore.dat file in the appdata folder of broken packages. So my idea was to ask affected users (I couldn’t test this, because my test system wasn’t affected) to check in the Edge directory of the path: 

C:\programdata\Microsoft\Windows\AppRepository\Packages\

for a missing file ActivationStore.dat. Maybe there would be a chance to copy an old edition of this file to the folder an repair the Edge browser. Shortly afterward I received this German comment from Peter V., who wrote, that the file was missing. He was able to copy the missing file ActivationStore.dat from folder:

Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe

to

Microsoft.MicrosoftEdge_44.18362.387.0_neutral__8wekyb3d8bbwe

within the path mentioned above. If Edge couldn’t be launched using the taskbar’s icon, a broken ShellExperienceHost may be the reason. German blog reader W10Tester left here such a comment. In this case, my workaround from the blog post Windows 10: Fixes for October 2019 (start menu) issues will help.

Note: According to this German comment system adaptations using W10Privacy or similar tools could be the trigger for all these issues.

Similar articles:
Microsoft Office Patchday (1. Oktober 2019)
Microsoft Security Update Summary (October 8, 2019)
Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)
Patchday Windows 10-Updates (October 8, 2019)
Patchday Microsoft Office Updates (October 8, 2019)
Windows 10: Fixes for October 2019 (start menu) issues

[German]Microsoft has just announced that it intends to activate Defender Tamper Protection under Windows 10 May 2019 Update (Version 1903). This is available for all Windows Defender ATP customers.

What is Defender Tamper Protection?

Microsoft wants to protect the Windows Defender included in Windows 10 against malware tampering. It should not be possible for a malicious program to switch off Windows Defender via registry entries, command prompt program commands, tools or group policies. Windows 10 May 2019 Update (Version 1903) introduced tamper protection, the so-called Windows Defender Tamper Protection (see this article on Preview Build 18305 in the Windows Blog).

(Activate Windows Defender Tamper Protection, Source: Ghacks.net)

I had reported in March 2019 in the blog post Windows 10 V1903 get Windows Defender Tamper-Protection about this feature. Microsoft published this support article in June 2019.

Previously, however, Windows Defender Tamper Protection was disabled by default. This functionality prevents administrators from using the DisableAntiSpyware Group Policy key to disable the Windows Defender Antivirus service. I pointed this out in the blog post Windows 10 V1903 get Windows Defender Tamper-Protection.

Tamper Protection should be enabled by default

Microsoft has probably now told Bleeping Computer that they want to enable Tamper Protection by default in Windows 10. In this article, colleague Lawrence Abrams writes:

Microsoft has announced today that the Windows 10 Tamper Protection security feature is now officially generally available for the Enterprise and consumers. Along with this announcement, Microsoft will be enabling this security feature on all Windows 10 devices by default.

According to this statement the manipulation protection should be activated for all Windows 10 users (but I am not sure whether this also affects Windows 10 V1809). It should take a few days until this activation is rolled out.

Microsoft has published this Techcommunity articles with details. According to my reading, Tamper Protection is only activated by default for Windows Defender ATP (i.e. the paid solution for companies).

Deactivate Defender in Intune or via GUI

If you want to disable this tamper protection, you can do so on consumer systems via the Windows Security Center in the Defender settings. In June 2019, Microsoft published this support article on the subject, which describes the necessary steps. Let’s see, if there is acollateral damage with third-party antivirus solutions that disable Defender.

In the corporate environment, however, administrators can’t use group policies such as the DisableAntiSpyware policy. Administrators can, of course, use the Windows Security Center to disable tamper protection in Defender. However, Microsoft points out in the article that central management of Tamper Protection for all Windows 10 devices is possible via Microsoft’s Intune.

[German]As of October 15, 2019, Microsoft Preview has released Rollup Updates for Windows 7 and Windows Server 2008 R2 SP1. At the same time, a preview rollup update for Windows 8.1 and Windows Server 2012/ R2 was released.

Preview Rollup Updates are optional, quasi for testing, their content will be released for the following regular patchday.

Updates for Windows 7/Windows Server 2008 R2

A preview rollup update has been released for Windows 7 SP1 and Windows Server 2008 R2 SP1. The update history for Windows 7 can be found on this Microsoft page.

KB4519972 (Preview Monthly Rollup) Windows 7/Windows Server 2008 R2

Update KB4519972 (Preview Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains improvements and bug fixes that will be rolled out in the following month. The following changes are listed in the KB article.

• Updates time zone information for Norfolk Island, Australia. 
• Updates time zone information for the Fiji Islands. 
• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. For more information, see KB4525208 (doesn’t exists).
• Addresses an issue that prevents netdom.exe from displaying the new ticket-granting ticket (TGT) delegation bit for the display or query mode.

The passage ‘Addresses an issue with evaluating the compatibility status of the Windows ecosystem’ is not available to me, the linked KB article does not exist. Microsoft states that no issues are known. Microsoft states that VBScript could not be disabled by default in Internet Explorer 11 as planned. The update is provided by Windows Update and WSUS and can be downloaded from the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Servicing Stack Update (SSU) before installing it. The SHA-2 updates are also required – see the KB article for details. But since it is a preview update, I would hide it.

Updates for Windows 8.1/Windows Server 2012 R2

A preview rollup update has been released for Windows 8.1 and Windows Server 2012 R2. The update history for Windows 8.1 can be found on this website.  

KB4520012 (Preview Monthly Rollup) Windows 8.1/Windows Server 2012 R2

Update KB4520012 is available for Windows 8.1 and Windows Server 2012 R2 as Preview of Monthly Rollup. This is not a security update. The preview rollup addresses the following issues:

• Updates time zone information for Norfolk Island, Australia. 
• Updates time zone information for the Fiji Islands. 
• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. For more information, see KB4525208 (not available).
• Addresses an issue that prevents netdom.exe from displaying the new ticket-granting ticket (TGT) delegation bit for the display or query mode.
• Addresses an issue with a race condition between the volume mount process (within fileinfo.sys) and the deregistration of filter notifications that causes the operating system to stop working on certain virtual machines. The error code is “0x7E.” 
• Addresses an issue in security bulletin CVE-2019-1318 that may cause client or server computers that don’t support Extended Master Secret (EMS) RFC 7627 to have increased connection latency and CPU utilization. This issue occurs while performing full Transport Layer Security (TLS) handshakes from devices that don’t support EMS, especially on servers. EMS support has been available for all the supported versions of Windows since calendar year 2015 and is being incrementally enforced by the installation of the October 8, 2019 and later monthly updates.

The update is provided via Windows Update, WSUS, and the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Servicing Stack Update (SSU) before installing it. But since it is a preview update, I would hide it. Microsoft only reports one known problem in article KB4520012 – certain file operations fail on Cluster Shared Volume (CSV).

Similar articles:
Microsoft Office Patchday (1. Oktober 2019)
Microsoft Security Update Summary (October 8, 2019)
Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)
Patchday Windows 10-Updates (October 8, 2019)
Patchday Microsoft Office Updates (October 8, 2019)

[German]Microsoft has released several non-security updates for several older versions of Windows 10 as of October 15, 2019. Here is an overview of these updates.

Information on the individual Windows 10 security updates can be found on the Windows 10 Update History page. Please note that support for older Windows 10 versions has expired. Windows 10 Home and Windows 10 Pro will then no longer receive updates. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Update KB4520062 for Windows 10 V1809

Cumulative Update KB4520062 for Windows 10 V1809 and Windows Server 2019 raises the build to 17763.8832. The update includes quality improvements, but no new operating system features. Here is the list of improvements, called highlights by Microsoft: 

• Prevents blank tiles from appearing in the Start menu when you upgrade to Windows 10, version 1809 from any previous version of Windows 10.  However, if you have already upgraded to Windows 10, version 1809, installing this update will not remove existing blank tiles.
• Updates an issue that causes the power consumption for a device in Connected Standby mode to be high.
• Updates an issue that might display a black screen at startup during the first sign in after installing an update. 
• Updates an issue with Bluetooth that occurs when using certain audio profiles for extended periods.
• Updates an issue that prevents users from opening the print dialog in Internet Explorer to print a webpage. 
• Updates an issue that causes the Settings app to stop working when you change a Theme. 
• Updates an issue that might prevent a scroll bar from being selected in Internet Explorer.

The following fixes and improvements have been added to the Windows version:

• Prevents the appearance of blank tiles in the Start menu when you upgrade to Windows 10, version 1809 from any previous version of Windows 10. These blank tiles have names such as “ms-resource:AppName” or “ms-resource:appDisplayName”. However, if you have already upgraded to Windows 10, version 1809, installing this update will not remove existing blank tiles. 
• Addresses an issue that causes the power consumption for a device in Connected Standby mode to be high. 
• Addresses an issue that prevents users from reconnecting or signing in to Windows Virtual Desktops because of orphaned database handles from a previous user session. 
• Updates time zone information for Norfolk Island, Australia. 
• Updates time zone information for the Fiji Islands. 
• Addresses an issue that fails to index Microsoft Outlook items properly, which causes incomplete results in the search query on Windows Virtual Desktops. 
• Addresses an issue that causes Windows Machine Learning (WinML) to throw an unhandled exception when a graphics driver times out. 
• Addresses an issue that might prevent a scroll bar from being selected when an ActiveX control implements the CScrollView class. This occurs if you move the Internet Explorer window, which then moves the scroll bar to the left. 
• Improves an access control list (ACL) check for Known Folders to prevent a black screen that appears the first time a user signs in after installing a feature or quality update. 
• Addresses an issue that causes Microsoft SharePoint file names to appear incorrectly in the Quick access and Recent items folders. 
• Addresses an issue with Bluetooth that occurs when using certain audio profiles for extended periods. 
• Addresses an issue that causes a query request of the Win32_LogonSession class for the StartTime to display the value of the epoch (for example, 1-1-1601 1:00:00) instead of the actual logon time. 
• Addresses an issue with diagnostic data processing when a device has the Diagnostic data setting enabled and set to Basic. 
• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. 
• Addresses an issue that prevents netdom.exe from displaying the new ticket-granting ticket (TGT) delegation bit for the display or query mode. 
• Addresses an issue in which Microsoft AppLocker might prevent an application from running or log a false positive error instead of running the application. 
• Addresses an issue that causes the Windows Defender Application Control (WDAC) policy to become too restrictive when you enable the WDAC Group Policy setting for Script Enforcement or Constrained Language Mode. 
• Addresses an issue that fails to include the full file hash as part of the Event Log entry during auditing events for WDAC. 
• Addresses an issue that may cause high CPU usage when many windows are open and Background Application Manager runs a periodic background scan. Additionally, the desktop may become unresponsive. To turn off this scan, set the following registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BamThrottling

Name: DisableWindowHinting

Type: REG_DWORD

Value: 1 

• Addresses an issue that causes applications that utilize change notifications on named pipes to have a kernel mode memory leak of input and output (I/O) Request Packet (IRP) objects. 
• Addresses an issue that prevents users from opening the print dialog in Internet Explorer to print a webpage. 
• Adds support to allow removable drives and assigned access restrictions. 
• Addresses an issue that causes printing from 32-bit applications to fail with an “Access is denied” error when you select Run as different user for the application. 
• Addresses an issue that might cause error 0x1E, 0xA, or 0x50 to occur during a block cloning operation on an Resilient File System (ReFS) volume because of a race condition.
• Addresses an Offline Files Shell graphical user interface (GUI) issue about online and offline indicators.
• Addresses an issue that causes the Settings app to stop working when you change a Theme. 
• Addresses a reliability issue in Windows Server 2019 Hyper-V Host Clusters that are managed using System Center Virtual Machine Manager (SCVMM). 
• Addresses an issue with Lightweight Directory Access Protocol (LDAP) queries that have a “memberof” expression in the filter. The queries fail with the error, “000020E6: SvcErr: DSID-0314072D, problem 5012 (DIR_ERROR), data 8996”. 
• Addresses an issue that causes all Transmission Control Protocol (TCP) dynamic ports to be consumed. As a result, network communications will fail for any protocol or operation using dynamic ports.
• Addresses an issue with applications and scripts that call the NetQueryDisplayInformationAPI or the WinNT provider equivalent. They may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages, you may receive the error, “1359: an internal error occurred.” 
• Addresses an issue that prevents Computer objects from being added to local groups using the Group Policy Preference “Local Users and Groups”. The Group Policy Editor returns the error message, “The object selected does not match the type of destination source. Select again.”
• Addresses an issue with a race condition between the volume mount process (within fileinfo.sys) and the deregistration of filter notifications that causes the operating system to stop working on certain virtual machines. The error code is “0x7E.”
• Addresses an issue in which an Active Directory Federation Services (AD FS) certificate is renewed and published by default each year. However, the client does not use them, which results in an authentication error.
• Addresses an issue in which files that are stored in a Cluster Shared Volume (CSV) with an alternate data stream are still present after you try to delete them. You may also receive an “access is denied” message on the next try to access or delete the files.
• Addresses an issue that may cause error 0x50 to occur when a backup operation is being performed.

In addition, Microsoft has released an update directly for the Windows Update Client to improve its reliability. This will be rolled out outside of Windows Update if the machine is compatible and not a LTSC variant and updates have not been blocked by GPO.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog,and via WSUS. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). For the update, Microsoft lists a number of known issues in the KB article.

Update KB4519978 for Windows 10 Version 1803

For Windows 10 version 1803 the cumulative update KB4519978 is available. This raises the OS build to 17134.1099 and includes quality improvements but no new operating system features. Here’s the list of enhancements that Microsoft calls highlights:

• Updates an issue that might display a black screen at startup during the first sign in after installing an update. 
• Updates an issue with Bluetooth when using certain audio profiles for extended periods.
• Updates an issue that causes a system to stop working during the Windows upgrade process.
• Updates an issue that may prevent a scroll bar from being selected in Internet Explorer.

In addition there are the following fixes and improvements to the Windows version:

• Addresses an issue that causes a device to repeatedly go into the Windows Out Of Box Experience (OOBE) restart loop in certain situations. 
• Updates time zone information for Norfolk Island, Australia. 
• Updates time zone information for the Fiji Islands. 
• Addresses an issue that may prevent a scroll bar from being selected when an ActiveX control implements the CScrollView class. This occurs if you move the Internet Explorer window, which then moves the scroll bar to the left. 
• Addresses an issue with MSCTF.dll that causes an application to stop working. 
• Improves an access control list (ACL) check for Known Folders to prevent a black screen that appears the first time a user signs in after installing a feature or quality update. 
• Addresses an issue with Bluetooth when using certain audio profiles for extended periods. 
• Addresses an issue that fails to include the full file hash as part of the Event Log entry during auditing events for Windows Defender Application Control (WDAC). 
• Addresses an issue in which Microsoft AppLocker may prevent an application from running or log a false positive error instead of running the application. 
• Addresses an issue that causes a system to stop working during the Windows upgrade process. The Stop error “SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)” appears in the Transmission Control Protocol/Internet Protocol (TCPIP). 
• Addresses an issue that causes the WDAC policy to become too restrictive when you enable the WDAC Group Policy setting for Script Enforcement or Constrained Language Mode. 
• Addresses an issue that prevents netdom.exe from displaying the new ticket-granting ticket (TGT) delegation bit for the display or query mode. 
• Addresses an issue that may cause high CPU usage when many windows are open and Background Application Manager runs a periodic background scan. Additionally, the desktop may become unresponsive. To turn off this scan, set the following registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BamThrottling

Name: DisableWindowHinting

Type: REG_DWORD

Value: 1 

• Addresses an issue that causes printing from 32-bit applications to fail with an “Access is denied” error when you select Run as different user for the application. 
• Addresses an issue that sometimes causes the Resilient File System (ReFS) to stop working. 
• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
• Addresses an issue with a race condition between the volume mount process (within fileinfo.sys) and the deregistration of filter notifications that causes the operating system to stop working on certain virtual machines. The error code is “0x7E.”

his update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest Service Stack Update (SSU) for your operating system before installing the latest Cumulative Update (LCU). Microsoft lists several known issues that the update causes.

Updates for older Windows 10 versions

For older Windows 10 versions tupdates are available only for LTSC and Enterprise versions. Here is a short overview.

• Windows 10 Version 1709: Update KB4520006 
• Windows 10 Version 1703: Update KB4520010 
• Windows 10 Version 1607: Update KB4519979

There were no updates for older Windows 10 versions as well as for version 1903. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Microsoft Office Patchday (1. Oktober 2019)
Microsoft Security Update Summary (October 8, 2019)
Patchday: Updates for Windows 7/8.1/Server (Oct. 8, 2019)
Patchday Windows 10-Updates (October 8, 2019)
Patchday Microsoft Office Updates (October 8, 2019)
Windows 7/8.1 Preview Rollup Updates (October 15, 2019)
Windows 10 Updates (10/15/2019)

[German]Systems using Symantec Endpoint Protection (Symantec SEP) on Windows will probably dropping BlueScreens after the last SEP update. The reason is a SEP update from 10/14/2019. Here is some information on this topic, that has been confirmed by Symantec.

German blog reader Ralf M. informed me yesterday afternoon about the issue via mail (thanks for that). But I had already noticed it via the following tweet from Woody Leonhard.

Symantec acknowledges that the Endpoint Protection client is throwing bluescreens BAD_POOL_CALLER (c2) or KERNEL_MODE_HEAP_CORRUPTION (13A). There’s a solution. Tied to Proactive threat prevention? https://t.co/KMLn4DQLMo

— Woody Leonhard (@AskWoody) October 15, 2019

There are BlueScreen issues with Symantec Endpoint Protection (Symantec SEP). This probably affects all Windows versions. Judging by the tweet above, Symantec has already admitted the problem. I didn’t have time to post yesterday, hence the post.

The error description

Within the Symantec forum  this thread, titled BSOD caused by SEP update? a user posted to a discussion at reddit. After a Symantec SEP update on October 14, 2019, a user got BlueScreens on his machines. The BSOD occurs before they can do or verify anything. So the problem occurs while deDas seems to affect all Windows versions – there are postings for Windows 7, Windows 8.1 and Windows 10. Windows servers are also affected and are restarting randomly. A user describes how he got out of the situation by safe mode and uninstalling the update from the BSOD loop.

We were seeing it on Windows 8 and 10. It would Blue Screen before we could do anything so we had to safe mode and clean wipe.

Another user suspects a connection with a faulty IPS Signature R61 and writes that the TECH256643 Signature R62 fixes this. One suggestion from a user was to block communication with Symantec.com in the firewall.

Did anyone try a temp FW block to “Symantec.com”? I’d think it would be way too much work to manually touch all your systems to roll them back/forward. If you can stop the BSOD with a FW, then your system is up… IMHO.

That seems to have helped some people. The other solution is to block the buggy update for Symantec SEP.

Symantec acknowledges the issue

Symantec released an official support article TECH256643 on October 15, 2019 confirming the bug. Symantec writes about it.

Endpoint Protection Client gets a Blue Screen Of Death (BSOD) BAD_POOL_CALLER (c2) or KERNEL_MODE_HEAP_CORRUPTION (13A)

When run LiveUpdate, Endpoint Protection Client gets a Blue Screen Of Death (BSOD) indicates IDSvix86.sys/IDSvia64.sys is the cause of the exception BAD_POOL_CALLER (c2) or KERNEL_MODE_HEAP_CORRUPTION (13A).

When BSOD happens, Intrusion Prevention signature version is 2019/10/14 r61.

As a workaround, Symantec has released an update to the affected Intrusion Prevention Signature version 2019/10/14 r61 for the systems affected by the BSOD. Signature 2019/10/14 r62 is intended to resolve the issue. You should run LiveUpdate again to download the latest Intrusion Prevention signature.

If BSODs occur that prevent the LiveUpdate of SEPM, the affected machines should boot in Safe Mode with Network and try the LiveUpdate again. Then reboot the machine. Anyone who is unable to run the Symantec LiveUpdate again there due to the BlueSceens that occur can follow the following hint from the reddit.com thread: 

For those with the issue of not being able to grab the definition without a bsod, grab this and install offline

Link: 20191014-062-IPS_IU_SEP.jdb

This applies to Symantec Endpoint Protection 12.1 or later. Any of you affected by the bug?

[German]Microsoft begins (according to media reports and an addition to a support article) three months before the end of support to also display a notification about EOL in Windows 7 Professional.

The Windows 7 Nag Screen

I myself haven’t received this notification yet. But Mary Foley spotted the note, Microsoft has added to this article.

Oct. 15, 2019 – We are now extending the notifications discussed below to Windows 7 Pro devices to ensure our customers are aware of the end of support for Windows 7 and can take action to remain productive and secure.
Devices that are domain-joined as a part of an IT-managed infrastructure will not receive the notifications.

So it seems that Microsoft has decided to deliver the notification update also to Windows 7 Pro. 

Some Background information

The topic itself is not really new, because the end of support on 14 January 2019 has been known for a long time. In April 2019, Microsoft had also begun to draw attention to this end of support. I had reported in the blog post Windows 7 shows End of Support notification as well as in other blog posts on the topic.

Update KB4493132 for Windows 7 SP1

Windows 7 SP1 Support End Notification is enabled by Microsoft Update KB4493132. Microsoft writes to the Windows 7 SP1 support notification update:

After 10 years of servicing, January 14, 2020, is the last day Microsoft will offer security updates for computers running Windows 7 SP1. This update enables reminders about Windows 7 end of support.

This update is available through Windows Update. If automatic updates are enabled, this update is automatically downloaded and installed. The update does not require any prerequisites or restart after installation.

Information from Microsoft in a FAQ

I had explained the background to this update in the blog post Microsoft announces Windows 7 End of Life. At the same time, Microsoft announced that from April 2019, Windows 7 users should expect a notification of the end of support to be displayed on their Windows 7 PC.

(Windows 7 EOL-Nag-Screen, Source: Bleeping Computer)

So far, however, this update has only been rolled out to owners of Windows 7 Home Edition and Windows 7 Ultimate. I explained this in more detail in the blog post Windows 7: Details about notification update KB4493132. 

Suppress the notification

The easiest way to suppress further notifications is the checkbox shown in the dialog box (see picture above). But it is also possible to block the display via a registry entry. Bleeping Computer mentioned that within this article.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SipNotify

With the following content of a .reg file you can hide the notification. 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SipNotify]
“DateModified”=hex(b):
“LastShown”=hex(b):
“DontRemindMe”=dword:00000001

Simply save it into a .reg file using the editor and import it into a user account by double-clicking on it. Furthermore you can check in Windows 7 Professional which updates are offered. If the update KB4493132 is below it, you hide it. Maybe the information will help you.

Similar articles:
Microsoft announces Windows 7 End of Life
Windows 7 shows End of Support notification
Windows 7 Notification Update KB4493132 released
Windows 7: Details about notification update KB4493132
Windows 7 Update KB4493132 re-released (03/26/2019)
Windows 7: New notification update KB4493132 (July 2019)
Wow! Windows 7 get extended support until January 2023
Prices for Windows 7 Extended Security Updates till 2023
Windows 7 Extended Security Updates buyable from April 2019

[German]Microsoft has released the ISO installation images of Windows 10 November 2019 Update (version 1909) to customers with a Visual Studio subscription (formerly the MSDN subscription).  There is also brief information for developers.

Last week Microsoft had declared that the development of the upcoming Windows 10 19H2 is ‘believed to have been completed’. The general release was scheduled for ‘at the earliest end of October or beginning of November 2019’. I had reported that in the blog post Windows 10 V1909 come end of October 2019 at the earliest. Windows insiders can already update existing Windows 10 V1903 systems via the Release Preview Ring. This was also the topic of my blog post Windows 10 V1909 in the Release Preview Ring.

Furthermore, last week the exact name for the upcoming Windows 10 function update became known. It will be called version 1909 and the name will be Windows 10 November 2019 Update (see Windows 10 V1909 is called November 2019 Update). A novelty is that it is rolled out for systems with version 1903 as a normal update – only earlier Windows 10 builds get the classic feature update. This has also been covered in the blog posts linked at the articles end. 

On October 16, 2019, the Windows development team published the blog post What Windows 10, version 1909 Means for Developers. There you can find information for developers and the note that the ISO files are available. 

ISOs for Visual Studio subscribers

If you have a Visual Studio subscription (formerly MSDN), you can download the relevant ISO installation files for Windows 10 Version 1909 as Consumer Edition (Windows 10 Home) or Business Edition (Windows 10 Pro) as 32- or 64-bit version in various languages from the Visual Studio Subscription Center. 

(Click to zoom)

The ISO files are ‘Multi-Edition’ variants that contain several so-called SKUs (Stock Keeping Units). In the Business Edition of Windows 10 Version 1909, the ISO installation image file contains the SKUs listed below.

Windows 10 Pro
Windows 10 Pro N
*Windows 10 Pro for Workstations
*Windows 10 Pro N for Workstations
Windows 10 Pro Education
Windows 10 Pro Education N
Windows 10 Education
Windows 10 Education N
Windows 10 Enterprise
Windows 10 Enterprise N

However, the ISO installation images of the Consumer Edition of Windows 10 Version 1909 contains the following SKUs.

Windows 10 Home
Windows 10 Home N
Windows 10 Core Single Language
Windows 10 Pro
Windows 10 Pro N
*Windows 10 Pro for Workstations
*Windows 10 Pro N for Workstations
Windows 10 Pro Education
Windows 10 Pro Education N
Windows 10 Education
Windows 10 Education N

In both ISO images there is a certain overlap with regard to the SKUs contained. I don’t know why Microsoft handles this in this way, because not only MAKs but also a Windows 10 Pro retail key are offered to me in the Business Editions variant.  

To install Windows 10 Pro for Workstations, Windows 10 Pro, version 1709 or newer required to have been installed before. Otherwise, Microsoft states, the relevant product key cannot be used. So-called ‘Supplemental Media’ are not offered for version 1909, Microsoft writes. The reason: You can use the media for version 1903.

Attention: The 64-bit ISO installation files are a good 5 GByte in size, so they no longer fit on a normal DVD. For USB installation sticks you also have to work with tricks (I covered this within my German blog post Windows 10 und die ISO/FAT32/UEFI-Falle).

Developer Information

If you are developing for Windows 10 version 1909, Microsoft has provided some info snippets for you in the blog post What Windows 10, version 1909 Means for Developerss. There is a new WinUI 2.2 library, and there will be no new Windows SDK for Windows 10 version 1909, because this version does not contain any new APIs. Developers do not need to change the project files for software developed for Windows 10 version 1909. The versions 1903 and 1909 are on the same level regarding the updates – new functions of the version 1909 are only released via the build number. 

Similar articles:
Windows 10 19H2: What could change
Windows 10 V1909 ready, release on October 3, 2019?
Windows 10 V1909 come end of October 2019 at the earliest
Windows 10 V1909 in Release Preview Ring
Windows 10 V1909 is called November 2019 Update

[German]A brief message for administrators: Microsoft has released its ‘Desktop Analytics’ product, which can be used to check the compatibility of Windows endpoints, as generally available for SCCM.

Microsoft Desktop Analytics is designed to help business users verify their app compatibility and minimize issues with the latest Windows 10 feature updates. Mary Foley now points to the general release in this tweet.

Microsoft’s Desktop Analytics service for assessing Windows 10 feature update compatibility is now generally available: https://t.co/isS8kW0RDg

— Mary Jo Foley (@maryjofoley) October 16, 2019

The announcement was made on October 16, 2019 by Brad Anderson, Corporate Vice President for Microsoft 365 in this blog post,

What is Desktop Analytics for?

Desktop Analytics is a cloud-based service that integrates with the System Center Configuration Manager. The goal is to help IT professionals manage Windows endpoints in a data-driven manner. By evaluating millions of registered endpoints, the cloud can quickly determine whether hardware and software components are incompatible.

Since the public preview in July 2019, thousands of companies have benefited from the insights gained from millions of registered endpoints. Desktop Analytics gives administrators insight and information about the clients they are using, enabling them to make informed decisions about the updateability of existing Windows endpoints.

What you can do with Desktop Analytics

By combining the data specific to the customer’s business with aggregated intelligence from millions of Windows devices connected to Microsoft’s cloud services, Desktop Analytics allows the administrator to do some remarkable things:

• Gain a comprehensive view of the endpoints, applications, and drivers to manage in the enterprise ecosystem.
• Evaluate application and driver compatibility with the latest Windows feature updates, get recommendations to reduce known issues, and get advanced insight for industry applications.
• Set up a set of pilot systems that represent the enterprise environment using artificial intelligence (AI) and the Microsoft cloud to optimize.

(Desktop Analytics, Source: Microsoft Click to size)

Since the preview was released, Microsoft has integrated many new features into Desktop Analytics. Version 1906 of the System Center Configuration Manager (SCCM) integrates Desktop Analytics with tiered implementations. The hope associated with the use of desktop analytics: Customers can migrate their Windows 10 systems faster.

Desktop Analytics Requirements

Desktop Analytics requires that users have a subscription to Windows 10 Enterprise E3 or E5, Microsoft 365 F1, E3 or E5, Windows 10 Education A3 or A5, Microsoft 365 A3 or A5, or Windows Virtual Desktop Access E3 or E5. It is not available for use with Windows 10 Enterprise LTSC systems. It also does not support upgrades from 32-bit to 64-bit architectures. 

Some nasty thoughts

Reading Micrsoft’s blog post for details brought some nasty thoughts to my mind. Microsoft inflates a big balloon for a problem you wouldn’t have if we haven’t theat unfortunate Windows as a Service.

Large customers with thousands of Windows 10 systems (referred to as endpoints) now need software with AI and cloud connectivity to ensure that new features that hardly anyone needs and wants to have somehow get on the boxes. I would translate it as: There was a lot of pressure from large customers to fix the issues caused from the rollout of feature updates – so Microsoft had decided to throw their customers a little tool off their feet.

But I wonder how this corresponds to the machine-learning based rollout of feature updates? Does this only works on machines that are updated directly by Windows Update=

But the mass of people who don’t want to or can’t be on the road with Desktop Analytics are looking into ‘an empty sack’ if it comes to Windows as a Service and product compatibility. They rely on Microsoft’s decision to declare ‘a system is upgrade compatible enough’. Well, that thoughts are not nice, but in my opinion, we (the majority of Windows 10 users) will continue to struggle with serious upgrade issues. So Microsoft: Please proof me, that I’m wrong with my assumptions.