[German]Microsoft has released the updates KB4295110 and KB4023057 for Windows 10 on August 9, 2018. Here is some information.

Update KB4295110 for Windows 10 V1709

Update KB4295110 (el ‘Updates to Windows 10, version 1709 update components: August 9, 2018’) includes new stability improvements for the update components in Windows 10, version 1709. Microsoft writes.

This update includes new stability improvements for the update components in Windows 10, version 1709.

The updated components include files and resources that work together with the servicing stack engine in Windows 10. These components make sure that quality updates are installed.

According to the KB article, Microsoft tries to improve the Servicing Stack Engine of Windows 10 to ensure that quality updates can be installed.

Note: There have been problems with the update installation in the past months, for example, when ‘race conditions‘ occurred. Then drivers were uninstalled, but the updated version was not installed. Whether exactly this was addressed is beyond my knowledge.

Microsoft writes that only certain builds of Windows 10 version 1709 require this update. Devices that are identified accordingly via Windows Update are automatically offered this update for installation. You don’t have to worry about anything as a user. According to Microsoft, the update is also offered on Windows 10 machines on which the latest updates are not installed (e.g. because their installation was postponed by the administrator).

This also explains why this update is not offered in the Microsoft Update Catalog. Whether the update appears in WSUS is beyond my knowledge. The changed files are listed in the KB article.

Update KB4023057 for Windows 10 V1507-V1709

Update KB4023057 of August 9, 2018 is entitled ‘Update to Windows 10, versions 1507, 1511, 1607, 1703, and 1709 for update reliability’. This update is available from the RTM version of Windows 10 to version 1709 (but not for the current version 1803). Microsoft writes in the KB article about the update that it brings improvements in the reliability of the Windows Update service:

This update includes reliability improvements to Windows update service components in Windows 10, versions 1507, 1511, 1607, 1703, and 1709. It may also take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

This update includes files and resources that address issues that affect the update processes in Windows 10 that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows 10.

So it seems that more serious problems were found in the Windows update process, which prevented the installation of important updates. This is the only way to explain that Microsoft actually provides the patch for all Windows 10 versions except the V1803.

Microsoft advises that the device must be running Windows 10 for a long time to allow the update to be installed. In addition, the update affects the system quite deeply on various machines. Microsoft names the following issues to be addressed.

• This update may try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully.
• This update may repair disabled or corrupted Windows operating system components that determine the applicability of updates to your version of Windows 10.
• This update may compress files in your user profile directory to help free up enough disk space to install important updates.

Users who have blocked the update components should be prepared that this blockages to be ‘repaired’. The goal is to install the feature upgrade to V1803 on that machine. It is also interesting to note that the update may start compressing files in the user profile directory when space becomes limited. This is especially true for upcoming feature updates and is a tribute (imho) to the large footprint of Windows 10 on cheap machines with 64 GB eMMC. These interventions also explain why the update installation can take an exceptionally long time.

The KB article contains hints to systems where the memory on the system drive becomes low and compression of files is also mentioned. If files are compressed, it looks like this in the Explorer folder display:

(Source: Microsoft)

The update is only offered via Windows Update on machines that require it. It is also applied to machines that have not installed the latest updates. This update replaces the update KB4022868, for more information, also about replaced files, see the KB article.

Addendum: Susan Bradley pointed out at askwoody.com that these updates had over 25 re-releases. Due to Microsoft’s guidance, that updates are Simple, Predictable and Transparent, she introduced the Pinnocio scale – priceless.

[German]Owners of Windows 10 version 1803 who try to perform the onboard system image backup end with an error. The function fails, at least in the 32-bit versions of Windows 10 V1803, with error 0x800706BA

German blog reader Volker E. informed me about this issue at the end of July 2018 by mail (thanks for the hint).

The error description

If you are searching the Internet for ‘Windows 10 V1803 Backup error 0x800706BA’, you will find at least a hit within the English Technet forum. Here the error description

After the Windows 10 version 1803 upgrade on April 30, 2018, my System Image Backup keeps failing withe two messages. “The backup failed” “The RPC server is unavailable (0x800706BA)”.

Note that the System Image Backup worked before the upgrade. The upgrade completed OK and I have not found any other issues.

I checked that =1= The RPC (Remote Procedure Call) service in Services is active and running and =2= the DCOM (Distributed COM) is enabled. There used to be a SYSTEM disk when I did the defrag, the defrag does not show the SYSTEM disk in version 1803.

Is it a bug, or is there a fix or should I try the Image Recovery (that might fail as well).

After upgrading to Windows 10 V1803 (April 30, 2018), system image backup with the build-in Windows 7 backup fails. The above error message occurs and the error code indicates that the Remote Procedure Call (RPC) server is not available. It should be added that it is a 32-bit Windows. This is not an isolated case, also in the English Tens forumthe error is reported. It occurs in the 32-bit version V1803 of Windows 10. 

That is a bug

This can be described as a bug in Windows 10 version 1803. Attempts to repair something is useless. If you go back to Windows 10 version 1709, the system image backup works. The bug has not been fixed (as far as I know) with any of the cumulative updates till yet.

However, there is hope for the upcoming Windows 10 V1809. Within this forum thread somebody wrote:

Here is the fix.
Windows 10 Insider Preview Build 17711
We fixed an issue where creating a system image from backup and restore in control panel would fail on x86 machines.

But I should note, that you should no more trust on Windows system backup. The reason: The backup function is still from Windows 7 and has not been made progress since then. Microsoft has declared the Windows system backup as deprecated and intends to omit the system image backup in newer builds sometime (see also Windows 10 Fall Creators Update (V1709): Things removed/deprecated).

There are workarounds

There is a workaround for people who depends to continue using the system’s backup function. You have to use wbengine.exe from a backup of Windows 10 version 1709 and copy this file to the system with Windows 10 version 1803, which was mentioned by blog reader Volker E. in his mail, but is also mentioned in the English Technet forum thread:

I talked to tech support (Ticket #1424749859) about this for over 3 hours while watching a tech on my laptop remotely, until he finally admitted defeat. (“Wait for an update that fixes the problem.”)

After all was said and done, i replaced the x86 1803 version of wbengine.exe with the 1709 version through the recovery command prompt.

After that the image backup worked and a recovery disc PRIOR to 1803 successfully restored it.

While I wouldn’t propose this as a solution, it certainly defines the problem.

wbengine.exe (x86) is the problem. RPC is merely a symptom.

The x64 version of wbengine.exe in 1803 is not a problem.

I reported this back to tech support under the same ticket number. Apparently you have to tell them from 4 different directions before someone notices.

I gather from the forum post that the 64-bit version of wbengine.exe in Windows 10 V1803 is probably not affected (this is also explicitly written here, and can be implicitly derived from this CNet forum discussion). However, given the many errors with Windows Backup, I recommend using third-party backup software.

Similar articles:
Windows 10 Fall Creators Update (V1709): Things removed/deprecated
Windows 10 Version 1709: ReFS will be removed (partially)
Microsoft plans to deactivate SMBv1 in Windows 10 V1709

[German]On August 14, 2018 (second Tuesday of the month, patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds. Here are some details about the updates.

A list of updates can be found on this Microsoft website. In August 2018, Microsoft revised the display format so that the information can be called up more easily. I have pulled out the details below.

Spectre vulnerabilities are closed in all updates – details can be found in the individual sections.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 April Update (version 1803).

Update KB4343909 for Windows 10 Version 1803

Cumulativ Update KB4343909 contains quality improvements but no new operating system functions and raises the OS build to 17134.228. The update also includes an update for Microsoft HoloLens (OS Build 17134.228). Here is the list of fixes:

• Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
• Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
• Addresses an issue that prevents apps from receiving mesh updates after resuming. This issue occurs for apps that use Spatial Mapping mesh data and participate in the Sleep or Resume cycle.
• Ensures that Internet Explorer and Microsoft Edge support the preload=”none” tag.
• Addresses an issue that prevents some applications running on HoloLens, such as Remote Assistance, from authenticating after upgrading from Windows 10, version 1607, to Windows 10, version 1803.
• Addresses an issue that significantly reduced battery life after upgrading to Windows 10, version 1803.
• Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after installing the May 2018 Cumulative Update.
• Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement.” For more information, see CVE-2018-8200 and PSModuleFunctionExport.
• Addresses an issue that was introduced in the July 2018 .NET Framework update. Applications that rely on COM components were failing to load or run correctly because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.
• Security updates to Windows Server.

he update is distributed via Windows Update, but should also be available via WSUS or the Microsoft Update. Microsoft (currently) is not aware of any problems with the update.

Updates foür Windows 10 Version 1709

he following updates are available for Windows 10 Fall Creators Update (version 1709).

Update KB4343897 for Windows 10 Version 1709

Cumulativ Update KB4343897 for Windows 10 Version 1709 (Fall Creators Update) raises the OS build to 16299.611 and includes quality improvements and the following fixes:

• Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
• Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
• Updates support for the draft version of the Token Binding protocol v0.16.
• Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after the May 2018 Cumulative Update is installed.
• Ensures that Internet Explorer and Microsoft Edge support the preload=”none” tag.
• Addresses an issue that displays “AzureAD” as the default domain on the sign-in screen after installing the July 24, 2018 update on a Hybrid Azure AD-joined machine. As a result, users may fail to sign in in Hybrid Azure AD-joined scenarios when users provide only their username and password.
• Addresses an issue that adds additional spaces to content that’s copied from Internet Explorer to other apps.
• Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement”. For more information, see CVE-2018-8200 and PSModuleFunctionExport.
• Addresses an issue that was introduced in the July 2018 .NET Framework update. Applications that rely on COM components were failing to load or run correctly because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.
• Security updates to Windows Server.

The update is distributed via Windows Update, but can also be downloaded via Microsoft Update Catalog.

This cumulative update has the same known issues as the previous month’s patch. Some non-English platforms can display the following string in English instead of the localized language: “Reading scheduled jobs from file is not supported in this language mode.” This error is displayed when Device Guard is enabled and you are trying to read the scheduled jobs you have created. In addition, there are other known bugs with Device Guard activated (e.g. no & or . operator etc., see) Microsoft is working on solving the problems.

Dynamic Update KB4340689 for Windows 10 Version 1709

Dynamice Update KB4340689 for Windows 10 Version 1709 is used during install or reset of Windows and contains critical drivers and setup improvements.

Updates for Windows 10 Version 1703

The following updates are available for Windows 10 Creators Update (version 1703).

Update KB4343885 for Windows 10 Version 1703

Cumulative Update KB4343885 for Windows 10 Version 1703 (Creators Update) raises the OS build to 15063.1266 and contains quality improvements. The update is also available for Windows 10 Mobile (OS Build 15063.1266). It addresses the following vulnerabilities and issues:

• Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) that affects Intel® Core® processors and Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). Make sure previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings outlined in the Windows Client and Windows Server guidance KB articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions.)
• Addresses an issue that causes Internet Explorer to stop working for certain websites.
• Updates support for the draft version of the Token Binding protocol v0.16.
• Addresses an issue that causes Device Guard to block some ieframe.dll class IDs after installing the May 2018 Cumulative Update.
• Ensures that Internet Explorer and Microsoft Edge support the preload=”none” tag.
• Addresses a vulnerability related to the Export-Modulemember() function when used with a wildcard (*) and a dot-sourcing script. After installing this update, existing modules on devices that have Device Guard enabled will intentionally fail. The exception error is “This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement”. For more information, see CVE-2018-8200 and PSModuleFunctionExport.
• Addresses an issue that was introduced in the July 2018 .NET Framework update. Applications that rely on COM components were failing to load or run correctly because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.
• Security updates to Windows Server.

The update is distributed via Windows Update, but is also available in the Microsoft Update Catalog. There are no known issues.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.

Dynamic Update KB4343885 for Windows 10 Version 1703

Update KB4343885 for Windows 10 Version 1703 is used during installation or Recovery.

Updates for Windows 10 Version 1507 bis 1607

Various updates are available for Windows 10 RTM to Windows 10 (version 1607). Here is a short overview.

• Windows 10 Version 1607: Update KB4343887 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to 14393.2430. It also contains the spectre fixes mentioned above for other updates. This update is automatically downloaded and installed from Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the Servicing Stack Update (SSU) (KB4132216) must be installed. Details can be found in the KB article.
• Windows 10 Version 1507: Update KB4343892 is available for the RTM version (LTSC). The update raises the OS build to 10240.17946 and includes the spectre fixes mentioned above for other updates. This update is automatically downloaded and installed from Windows Update, but is available for download from the Microsoft Update Catalog. Similar to Windows 10 version 1703, there are also improvements to Windows Update (see note above). Details can be found in the KB article.

For Windows 10 V1511 there was no update that this version has fallen on the support. Details on the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Security update for Adobe Acrobat/Reader
Microsoft Office Patchday (August 7, 2018)
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Microsoft Security Update Summary August 14, 2018
Patchday Windows 10-Updates (August 14, 2018)
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)
Patchday Microsoft Office Updates (August 14, 2018)
Microsoft Patchday: Other Updates (August 14, 2018)

Microsoft has released the Windows 10 Insider Preview Build 17738 (Redstone 5) in the Fast Ring. The announcement was made as usual in the Windows blog, where you may find further details. This build is also part of the RS5_RELEASE fork, which is to open in Windows 10 V1809 (or v1810) in fall 2018. Microsoft has fixed more bugs within this build.

[German]Short question about whether blog readers have been getting the message Your system is low on virtual memory’ in Windows since the July 2018 patchday?

A short description

German blog reader Steve M. contacted me at the end of July 2018 and pointed out the following facts to me:

Since we currently have an increased number of issues with various Windows clients at different customers, we wanted to ask you whether you already have similar reports and at the same time also inform you of our previous findings with this problem.

Also, we have already learned that we are apparently not the only ones with this problem. A software company from one of our customers has also already complained about this problem and stated that the only solution was to reinstall the affected computers.

Problem: The Windows client displays the error message: “Your system is low on virtual memory” “Please close the following programs to free memory again”. At the same time many programs hang up and the computer reacts very slowly.

After a restart, the issue is usually solved for a few hours. However, it has happened also, that the problem recurred immediately.

The programs shown [in Task-Manager] are those which occupy the most memory, but when adding up the used main memory you only get a fraction of the built-in memory.

This indicates that the programs themselves are not to blame. But something in the background occupies the memory.

Findings: During the analysis – which programs occupies the memory – I recognized, as already described above, that the memory is currently occupied perhaps only to approx. 20 % by active services and programs.

In the Resource Monitor on the Memory tab, however, you can see that the “changed memory” in the bar chart occupies the memory massively and is apparently the trigger for the error message.

However, reading the changed memory only reveals small amounts of insignificant services but no information about the remaining “changed” memory.

Here you can see the changed memory. This PC has a total of 8 GB RAM and the second picture clearly shows that this is not nearly used (approx. 650 MB of 8 GB).

You can also see that not all of the memory used can be allocated to the programs or services. (2329 MB are occupied according to the resource monitor and only about 650 MB are effectively displayed in the task manager)

Additional information:

1. It affects both Windows 7 and Windows 10
2. No connection can be seen on the computers so far (on the part of software and hardware)
3. According to our considerations, this error could be caused by a Windows update or even a virus.

Attempts so far:

1. Physical expansion of the main memory
2. Paging file enlarged
3. Paging file completely deactivated

However, all these attempts brought only short lasting success. After some time, the problem reoccurs.

Today we get one of these computers to our company and will scan it for malware and try to find out what occupies the changed memory. I will then report to you on our further findings.

Steve then added in another mail that this problem only occurs since July 16, 2018. He wrote:

We’ve never had problems like this before. Currently we have the problem with 6 customers and a total of 7 computers. All customers have different environments.

I had pointed out memory wasters like Google Chrome, but got feedback that ‘the affected computer was equipped with 16 GB RAM and a relatively large swap file. Even here, the memory was completely full.’ All in all, a strange behavior. Hence the question: Has anyone else observed this behavior?

Microsoft today released the Windows 10 Insider Preview Build 18219 for the testers in the Skip Ahead-Ring. This is the version coming as 19H1 in spring 2019 as a featurel update. The announcement was made in the Windows Blog, where you can also read details.

[German]After the Microsoft patchday disaster of July 2018, August updates seems to be mostly flawless. But there are some minor issues with Windows 10 V1803 (independent from August patchday). Here is an overview about some (minor) issues in Windows 10 V1803 (and minor patchday issues in V1709/V1803).

Thanks to Woody Leonhard, who has collected most stuff at askwoody.com. Perhaps it’s worth reading for administrators, it may save a few hours of troubleshooting. 

Windows 10 V1803 installation loop?

I’ve had seen some vague references (on reddit.com) about an installation loop regarding the patchday update for Windows 10 V1803. Woody Leonhard has picked a case of user Uroboros4 on askwoody.com. The update cannot be installed successfully, the system enters an update loop. 

I have Win10 1803 genuine. None of the cumulative updates can be applied(for example KB4343909, kb4284835, kb4103721). It reaches 100% and says ” Update couldn’t apply, reverting changes”. I have tried a lot of stuff (pausing win update and manually installing them, scan windows for corrupted files to no avail). Anyone has the same problem?

But it seems to be an isolated case, I found no further reports. I had written the blog post Fix: Windows 10 hangs in the update installation loop as a solution to this issue.

Windows 10 V1803: Bitlocker pauses during update

Patch Diva Susan Bradley spottet a specific issue in Windows 10 version 1803. This is described in a Technet forum thread and applies to machines with Windows 10 version 1803 that do not have a TPM module. If the hard disk encryption with Bitlocker is activated on such a machine, Windows deactivates bitlocker during the installation of an update. The thread creator describes this as follows:

I have a machine with Bitlocker enabled, no TPM, Windows 10 1803.

For the last month or so, whenever a Windows system update is applied, Bitlocker is automatically suspended upon first login after the machine restarts. Case in point: the latest Windows 10 cumulative update was applied this morning, only for the machine to restart with Bitlocker suspended on the OS drive. Interestingly, there is also some dubious behaviour in terms of the initial Bitlocker password entry screen. Not having a TPM, the user must enter a password to boot. On at least 2 occasions, after applying an update, the system does not present the Bitlocker password entry screen and progresses all the way to the user login screen. However, this morning the Bitlocker password entry screen was presented correctly but after entering the correct password and then logging in to Windows, Bitlocker was suspended.

This is the state of the OS drive after logging in:

Volume C: [System]
[OS Volume]

Size:                 59.07 GB
BitLocker Version:    2.0
Conversion Status:    Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method:    XTS-AES 128
Protection Status:    Protection Off (1 reboots left)   <——
Lock Status:          Unlocked
Identification Field: Unknown
Key Protectors:
Password
Numerical Password

Now, I realise that Bitlocker is temporarily suspended – restarting the machine again will enable it without any action from the user. However, this is a security risk for the time between restarting after an update and the next restart and severely undermines our trust in Bitlocker. I would expect that Bitlocker should NEVER be suspended unless initiated by a user/admin.

If the machine is restarted, Bitlocker is activated again. It only occurs on Windows 10 V1803 machines without a TMP chip. If people install updates and only send the machine into sleep mode, Bitlocker may remain disabled for a long time. 

Windows Server 2016: sysvol sync bug back?

It is more a question Woody Leonhard asks in this article. A user asked whether a GPO synchronization problem from July 2018 still exists. Here is his error description:

Has anyone else experienced their GPOs not syncing permissions after applying KB4338814 to Server 2016?

We were getting the ACL error

“The sysvol permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain”.

Went through an Non-authoritative SYSVOL restore, demoting and promoting a domain controller, and finally uninstalled patch KB4338814 to resolve the issue.

This problem existed on our test domain (two DCs 2012 and 2016) and our production (three DCs 1-2012 and 2-2016) The ACL sync issues only happened on one of the production 2016 DCs which was strange. Once we removed the patch we had to go to any GPOs still showing ACL errors and restore the delegation permissions to defaults in order for it to start syncing.

I have blocked patch KB4338814 from July in WSUS but the issue is now happening again in our test Active Directory after applying the August cumulative updates. I’d love to know if anyone else is seeing this issue and if Microsoft has reported it as a problem.

He has blocked the July 2018 update KB4338814 in the WSUS, but is now confronted with the problem again in August 2018. This is not an isolated case, because Technet forum has the thread KB4284833 Group Policy Sync issue with a similar issue. 

Windows 10 V1803 Boot loop ‘bootres.dll is corrupt’

This too is an error reported by Woody Leonhard, which is independent of the August 2018 updates. A user describes the error as follows: 

There is recurring issue reported online where Win10 gets stuck in a repair loop. The Win10 Recovery Environment (RE) option Startup Repair fails to correct the problem. The Startup Repair log c:\windows\system32\logfiles\srt\SrtTrail.txt reports a fault:

Root cause found:
—————————
Boot critical file c:\efi\microsoft\boot\resources\custom\bootres.dll is corrupt.

Repair action: File repair
Result: Failed. Error code = 0x57

The odd part of this error is the “Custom” folder location – this is not part of the normal folder structure. The bootres.dll file normally resides in the “Resources” folder with the BCD file in the folder above (Boot).

What the error is reporting is that the bootres.dll file is missing (rather than corrupted) On the systems I have checked the “Custom” folder does NOT even exist – thus the bootres.dll cannot be present at this location and is declared “corrupt” by the Startup Repair utility.

The bigger mystery is why the System thinks the file should be located in a “Custom” sub-folder in the first place. (Also I think the c: drive letter shown is an artifact – most likely it refers to the first partition – not the actual main C: drive – but that is a whole different can of worms)

I am currently working on two HP laptops with this exact problem – both went down within an hour of each other. At first I though it must be a virus or malware attack gone wrong – but could find no evidence to support this idea.

Having read multiple postings and responses across many different online forums: The evidence suggests this is a Microsoft bug that affects a limited number of Win10 systems. The problem appears to affect systems recently upgraded to version 1803 (only one case listed 1709 on a Surface device) – but only occurs after further updates (as yet unidentified) and then a full restart.

I am exploring BCD repair and rebuild options with some success – but have no clean fix as yet (the standard RE repair options get lost)

Anyone have any experience of this problem or ideas as to what causes this error?

This is not an isolated case, because I found the bug description in several German forums (here, here). At MS Answers forum there is this english thread (May 2018), or also here is another case. The solution will be a clean install in most cases, since a file in the EFI boot directory is corrupted. And most users cannot replace it with an undamaged file. However, there is this English-language MS Answers forum thread, where a user has described a solution that works for him. GDATA antivirus is suspected of being the cause in the German administrator.de forum. In other threads I found Norton AV solution be suspected as a root cause, but everything is only a suspicion.

Win 10 V1803: Update KB4343909 kills Application Guard

On Facebook I got the feedback from a German consultant that three of his systems (probably Windows 10 V1803 Enterprise) had a broken  ‘Windows Defender Application Guard’ (WDAG) after installing the August 2018 update. The Windows Defender Application Guard reports the error code 0xC0370106 and the window need to be closed. 

He then confirmed that it is probably the ‘known issue’ that Microsoft has added to KBb4343909.

Launching Microsoft Edge using the New Application Guard Window may fail; normal Microsoft Edge instances are not affected.

The workaround specified by Microsoft is to uninstall the KB4343909 update. Then install updates KB4340917 and KB4343909. Microsoft intends to deliver a fix in the next release. This error is also mentioned here on askwoody.com.

By the way, error code 0xC0370106 is an ‘old friend’. If you work under Windows 10/Server 2016 with Docker, the error code may be displayed. This GitHub article discusses this for example – a search with the error code, however, brings further hits.

Hypervisor Error from KB4343897 for Windows 10 V1709?

It’s a bit out of line, since it does not refer to Windows 10 V1803 – and it is only one case I’m aware. On Twitter Tero Alhonen (@teroalhonen) reports a problem with the cumulative August 2018 update KB4343897 for Windows 10 V1709.

3rd time after August Cumulative Update KB4343897 for Windows 10 version 1709 pic.twitter.com/swx6AstGka

— Tero Alhonen (@teroalhonen) 18. August 2018

After the cumulative update KB4343897 he had his third Blue Screen ‘HYPERVISOR ERROR’. The BSOD stop code 0x00020001 is documented here from Microsoft.

Similar articles:
Windows 10 WikiWindows streikt mit Fehler 0xC000007F
Windows 10 V1803: Update KB4458166 fixes TLS 1.2 issue
Windows 10 V1803 rollout stopped due to TLS 1.2 issues
TLS 1.2: Windows Error Reporting Service drops an error
Windows error 0xC000007F
Patchday Windows 10-Updates (August 14, 2018)

[German]Users of Windows 10 systems may run into a stupid problem. Windows 10 often requires to have to fix the Microsoft account. Here are a few hints.

Error description

Windows 10 suddenly detects an problem with the Microsoft account an reports “You need to fix your Microsoft account”. Then a fix (automatic repair) via the settings app is suggested. This fix is successful in most times.

I have had this occasionally on my Windows 10 test machines where Windows Insider previews are tested. But what’s the reason for this message on normal Windows 10 systems?

Antivirus software as a root cause

If you search the Internet for the error term, there are a lot of hits (see here, here, or here), so this issue isn’t so rare.

However, there are probably different reasons for the repair (password changed etc.). In some threads, the suspicion that third-party components such as antivirus software might be involved in cross-reading is also raised.

Another case

Recently I found this German Microsoft Answers forum post. The user wrote:

when I log on to my computer, I sometimes get the following message:

Microsoft account problem

Your Microsoft account must be repaired before you can share it. 

Select this message to resolve the problem in the settings.

When I click on the message, “Settings > System > Sharing” opens and I have to enter my Windows password (although I am already logged on to the computer).

This seems to be a different cause, because there is no Windows Insider-Build mentioned.

Another reason: Network name changed

Within the MS Answers forum thread another cause for the request to fix the Microsoft account has been mentions. If the administrator changes the network name used by the Windows 10 client to enter a (workgroup) network, this triggers the “You need to fix your Microsoft account” message. Windows 10 will then attempt to repair the account. One of the affected users wrote:

I was able to track the error down to the root cause and now know that the problem occurs when renaming the computer (Settings > System > Info > Rename PC).

As soon as you have renamed the computer, this problem appears.

Maybe it will help you if this message occurs. But you can’t disable this message to fix the Microsoft account (it’s only possible to disable toast notifications, see here).

Similar articles:
Windows 10 Wiki

[German]Short question to owners of an AMD system with Windows 10. Have you been offered obscure Intel driver updates for AMD systems in the last few days?

It’s a strange story that I received by e-mail. German blog reader Ingenieur contacted me by email and described an observation he made with Windows Update. I can’t really make sense of it ad hoc. The blog reader wrote (I translated his text:

today (17.08.2018) I received a message in the Info Center that new devices should be configured.

But since I haven’t connected a new device etc., I was surprised to see what Windows Update looks like there.

There I was offered lots of Intel drivers. Among others the Intel C230 Server chipset from 2015!!

I have no idea how Windows got the idea to load these drivers. I have attached my hardware configuration as an image.

(Click to zoom)

The screenshot shows (in background) the Intel drivers mentioned above, including the Intel C230 Server chipset from 2015, are offered via Windows Update. Well, apart from the date 2015, I wouldn’t have found it particularly strange.

But the system should probably not be able to do so much with the drivers. Intel drivers are offered via Windows Update, although an AMD Ryzen CPU is installed in the system. This is not the first case where Windows Update offers quite strange device drivers (see following link list).

Microsoft Answers has this forum thread from November 2017, where users complain about AMD driver updates for Surfaces with Intel CPUs. The driver names are simply assumed to be renamed there. There may be a logical explanation for this process. The question remains whether any of you have made similar observations?

Similar articles:
Windows: optional update ‘Intel – System – 6/28/2016’
Windows: optional update ‘Intel – System – 8/19/2016’
Windows 7/8.1: Optional INTEL System driver updates
Intel Bluetooth driver released via Windows Update (02/15/2017)?

[German]This article is about the OneDrive client that Microsoft delivers with Windows 10. The way, how Microsoft’s developers has implemented this client, leaves several vulnerabilities. Here are a few details about an investigation.

In the beginning was the word…

Microsoft provides a OneDrive client in Windows 10. According to Microsoft’s marketing, OneDrive should be used everywhere to save data on the cloud service of the same name. But how save is the client’s implementation? Also under the view, that ‘Windows 10 is the most secure Windows ever developed’ (not my words, it’s Microsoft’s saying).

After reading this article (I am planning a separate blog post about that topic), the idea for a blog post ‘investigating OneDrive client under the hood’ came up. Because I had some fragments of information about OneDrive and security issues found from Stefan Kanthak, who deals a lot with security issues. Stefan Kanthak has put me on cc to a mail, that says:

>A friend of mine has disabled OneDrive on Windows 10 because she didn’t want to use the service anymore.

Stefan Kanthak asked within this e-mail: Why did she even activate this junk? – and then he shot a volley of statements about the OneDrive client and its vulnerabilities to the poor recipient of the e-mail.

Note: Microsoft offers also an OneDrive for Business client within Office 365, which is in fact a different client. I haven’t examined this client. But at least the suspicion is obvious that it doesn’t look any different there.

Dude, don’t read the fucking “Designed for Windows” rules

I had already mentioned it in one or two of my German blog posts: When I look at the Windows development from Windows 8 onward, I’m missing the design basics that Microsoft once published in the early days of Windows 95 (I’ve translated the German edition of the Microsoft Press title Programming the Windows 95 User Interface (Microsoft programming series).

But there are many other documents that Microsoft once published for software developers. Even though I have since 25 years been out of software development, I found these guidelines very useful. However, this knowledge seems to have either been lost in Redmond, or has been outsourced to the company museum, or no longer fit into today’s development processes. Stefan Kanthak describes it a little more directly:

These Id***, who created this junk [the OneDrive client under Windows], ignore the MINIMAL specifications of the 23-year-old “Designed for Windows” guidelines.

They don’t install this Crapp under %ProgramFiles%, where it is safe from write access by users, but in the user profile of ANY user.

That was something I had already noticed, but I couldn’t make sense of it. In fact, the OneDrive client can be found (with all files) in each user profile under

C:\Users\%USERNAME%\AppData\Local\Microsoft\OneDrive

(Click to zoom)

It is indeed the case that a user (but also malware) has write access to this folder, i.e. can manipulate the OneDrive files at will. This approach has been frowned upon for 23 years according to the “Designed for Windows” guidelines. But the developers  in Redmond probably don’t read such old things anymore – and the old experienced developers have been gone long ago. Another possible explanation can be found in Part 3 of the article series – then Microsoft would make bad compromises and as a Windows user one should draw his conclusions.

Unfortunately, the today’s story goes even further, and by no means more positive. Microsoft developers have made further mistakes, such as using outdated open source libraries which contains well known vulnerabilities. But this is part of part 2 of this article series.

Articles:
Windows 10 and the OneDrive vulnerabilities – Part 1
Windows 10 and the OneDrive vulnerabilities – Part 2
Windows 10 and the OneDrive vulnerabilities – Part 3

Similar articles
Security-Risk: Avoid 7-Zip
7-Zip vulnerable – update to version 18.01

[German]In part 1 of my article series about vulnerabilities in OneDrive client I mentioned, the location of the program files in the unprotected profile folder. But Microsoft developers have made further mistakes, such as using outdated open source libraries with known vulnerabilities.

Using outdated OpenSSL libraries

In his e-mail Stefan Kanthak then drew my attention to a fact that I could hardly believe at first. Stefan wrote (free translated):

It seems that the fresh men from the open source scene didn’t know anything about secure software development for Windows!

The current OneDriveSetup.exe, released on 18.7.2018 at
16:56:01 GMT, available via
<https://onedrive.live.com/about/en-us/download/> from
<https://go.microsoft.com/fwlink/p/?LinkId=248256> alias
<https://g.live.com/1rewlive5skydrive/skydrivesetup>  installs the outdated (from 28.8.2017) and insecure version 1.0.2k of the OpenSSL open source crap!

My first reaction was: Impossible, Microsoft won’t do that, there are professionals developing Windows 10 – the most secure Windows at all, according to Microsoft’s marketing. I’ll have to see and proof for myself. So I asked Stefan Kanthak how I could determine if OpenSSL would be installed. Stefan Kanthak then wrote that I should search and inspect the following files.

DIR /A/S “%USERPROFILE%\???eay32.dll”
DIR /A/S “%ProgramFiles%\???eay32.dll”
DIR /A/S “%ProgramFiles(x86)%\???eay32.dll”
DIR /A/S “%ProgramData%\???eay32.dll”
DIR /A/S “%SystemRoot%\???eay32.dll”

The two DLLs are called ssleay32.dll and libeay32.dll – I immediately found files with this name within the profile folder of a Windows 10 V1803 system (with all patched till August 2018).

(Click to zoom)

Stefan Kanthak then wrote: Other such candidates are libcurl.dll, libz*.dll alias zlib*.dll, *7z*.dll and many more. File names like *7z*.dll ring a bell even to me (see my blog post Security-Risk: Avoid 7-Zip). But there is still the OpenSSL issue.

Microsoft’s developers apparently used OpenSSL libraries within the OneDrive client, but on August 18, 2018 (when I wrote the blog post) they are still shipping version 1.0.2k, as shown in the screenshot above – I right-clicked on the file ssleay32.dll and clicked on Properties to invoke the window. Stefan Kanthak had sent me the link to the following website:

https://www.openssl.org/news/vulnerabilities-1.0.2.html

This website documents vulnerabilities in the OpenSSL library. If you go through the page, you will find some references to version 1.0.2k. However, I did not notice any text in the page, where a vulnerability for this version was documented. But I noticed that version 1.0.2k was up to date sometime in January 2017. For June 2018 version 1.0.2p is mentioned in the last fixes.

But if you search specifically for the terms ‘OpenSSL 1.0.2k vulnerabilities’, you should find a lot of hits on the CVE Details page. There are several known vulnerabilities in version 1.0.2k, but none is critical (the level only goes up to 5, maximum would be 10). But the bottom line is that Microsoft’s developers are using an outdated Open Source OpenSSL library.

Windows has it’s own CryptoAPI …

Stefan Kanthak notes in an e-mail: Windows brings a CryptoAPI and SChannel since 22+ years and does NOT need such outdates open source libraries:

Microsoft’s mantra “Keep your PC up-to-date!”, which they regularly preach to all their customers, is once again ignored by Microsoft’s developers!

But there is more in stock, as Stefan Kanthak wote. He mentioned, that Microsoft’s developers are either not able or not willing, to write a “shell extension” for the Explorer using the the Win32 API of the Windows GUI. The background for this: Microsoft’s OneDrive client developers uses the Qt5 library instead of the well-documented and updated Windows API. Stefan Kanthak wrote:

Instead, these BEGINNERS uses the the open source monster Qt5 (of course also an OLD version); its Runtime environment Qt5*.dll occupies “only” 20MB on the hard disk. In RAM it’s even more.

The whole thing has two aspects. Kanthak criticizes the use of an outdated version of Qt5, where basically the same explanations apply as above to the outdated OpenSSL library. I assume, that Microsoft is in certain constraints and the outdated open source libraries are not classified as ‘extremely serious security risks’. This can bee seen as critically from the user’s point of view. The second point Kanthak criticizes is the use of Qt5, which is incomprehensible at first glance. But I realized some reasons during writing this blog post. These thoughts, as well as a Microsoft statement on the OneDrive client follows in Part 3.

Articles:
Windows 10 and the OneDrive vulnerabilities – Part 1
Windows 10 and the OneDrive vulnerabilities – Part 2
Windows 10 and the OneDrive vulnerabilities – Part 3

Similar articles
Security-Risk: Avoid 7-Zip
7-Zip vulnerable – update to version 18.01

[German]In Part 1 and Part 2 of my article series I described the vulnerabilities in Microsoft’s OneDrive client (addressing the location of program files in the unprotected profile folder and the use of outdated open source libraries with known vulnerabilities). In part 3 I try to give an explanation for that behavior and there is a statement from Microsoft.

A possible explanation?

During writing about Qt5 in part 2, I came about an explanation, why the developers designed it this way (and also explains other issues already mentioned in Part 1 and Part 2): It’s Mr. Satya Nadella’s previous credo ‘Mobile first, Cloud first’ – Windows doesn’t matter anymore, but somehow should not die.

The development of software should be designed in such a way that products like Office, a OneDrive client (if necessary as app) etc. has to run on different platforms! So the developers of the OneDrive client fell for the idea of using the Qt5 library in addition to OpenSSL. According to Wikipedia:

Qt is a cross-platform application framework and widget toolkit for creating classic and embedded graphical user interfaces, and applications that run on various software and hardware platforms with little or no change in the underlying codebase, while still being a native application with native capabilities and speed.

And Android, iOS, macOS or Linux do not have a Windows crypto API etc. In order not to rewrite code for each platform, they use tools to create cross-platform software. The result looks like ‘not fish, nor meat’.

For me, this also explains some steps within the development of the OneDrive client since Windows 8.1. There has been several times where they re-started the OneDrive client development. Suddenly, functions that the previous OneDrive client could do very well had disappeared.

Well, that’s settled, so there’s (probably) a reason for this stuff. But at this point you have to say goodbye to the romantic idea that Redmond is still programming for Windows 10. Microsoft’s developers are cobbling together their software for various platforms – and the result is accordingly.

And at this point it may be obvious that the OneDrive for Business Client is sailing in the same waters. Stefan Kanthak also says that dropbox is by no means better.

Furthermore, I let Stefan Kanthak read the text in advance. His feedback on the subject:

everything Qt can do (according to WikiPedia) has been provided by the Win32 API since over 25 years.

It doesn’t make sense, to use Qt5 for a client, that is only available in Windows, it’s superfluous: there is no OneDrive client for Android or iOS or Linux.

Well, for Linux there is no client from Microsoft, but there are OneDrive apps for Android and iOS I would say, that are clients. What Kanthak also criticise however, is this:

Also on Windows with its rich Win32 API, more and more developers who seem to be too lazy to deal with the Win32 API are abusing libraries/ components like Boost, Qt ,… which are completely superfluous there.

The initial problem (lack of knowledge about or mastery of the Win32 API) then splits into two: the superfluous components used by the developers are NOT updated. Using OpenSSL or Qt5 under Windows is a pain in the ass!

This OpenSource crap again has many dependencies on “tools” like CMake, Python/Perl, or on an history MS compiler for MS-DOS,

That’s what Microsoft says about the OneDrive client

In this series of articles I have uncovered some vulnerabilities in the OneDrive client to which Stefan Kanthak has drawn my attention. And I tried to find a logical explanation for Microsoft’s design decisions. However, I have no feedback from Microsoft whether my above conclusions are correct – so it remains a working hypothesis.

However, security specialist Stefan Kanthak informed Microsoft and its Security Response Team (MSRT) about the vulnerabilities in the current implementation of OneDrive. Kanthak send me a copy of the mail exchange with Microsoft, which I cite below in excerpts.

In mid-July 2018, Stefan Kanthak drew the attention of the MSRT to the security issues (he basically described what I documented in Part 1 and Part 2). Microsoft replied as follows:

Thank you very much for your report.

I have opened case 46989 and the case manager, Kamuran will be in touch when there is more information.

In the meantime, to protect the ecosystem, we ask that you respect coordinated vulnerability disclosure (see here for details) and not report this publicly before we have notified you that this issue is fixed.

So a case has been opened at Microsoft and they ask not to publish the reported vulnerability until it is fixed. Well, it’s a standard phrase. But a few weeks later there was the following answer:

From: “Microsoft Security Response Center” <secure@microsoft.com>
To: “Microsoft Security Response Center” <secure@microsoft.com>; “Stefan Kanthak” <******>
Sent: Wednesday, August 08, 2018 2:09 AM
Subject: RE: ?MSRC Case 46989? CRM:0461058631

> Hello Stefan,
> Thank you again for submitting this issue to Microsoft. We determined that a fix for this issue will be considered in a future version of this product or service.

At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.

Thank you very much for working with us.
> Regards,
> Kamuran
> MSRC

In a nutshell: Following the internal guidelines (see Microsoft Security Servicing Commitments) they decided, that vulnerabilities do not require an immediate fix. But they intend to address the issue sometime in the future and closes the case.

My 2 Cents

It has now become now an article series consisting of three parts. I’ve described things in a broader manner, so that blog readers can understand and classify the vulnerabilities. So you may judge yourself as a reader. For me, however, this story has a different dimension and when I was writing, some things suddenly became clear to me.

I still have had the idea ‘Windows 10 has a solid basis, here and there a few adjustments/modifications, then it fits, Microsoft just has to decide that’. I think about auto-updates, semi annual feature updates controllable and disable as well as making a basic operating system with configurable additional Windows functions by means of de-selectable features.

This naive idea I put down the last weeks. The more I deal with certain aspects of Windows 10 development and implementation of various features under stability and security aspects (as a blogger I often just scratch the surface), the clearer it becomes for me: This development is currently going down the hill.

Why should they work more solidly on the core of Windows 10 than with the tweaked OneDrive client? The many ‘exceptions’ in the Windows update environment (keyword: besides Windows Update there are other mechanisms like USOclient, Remsh etc.), to download and install updates), the problems with patches or the many bugs in new features and after release of a feature update draws a fatal image: The development of Windows 10 is no longer stable and it seems that ‘they’ lost control.

I just read a nice article Das Problem mit der Agilität (unfortunately in German) by Eberhard Wolff, which deals with Continuous Architecture. He outlines what is behind the term Agile software development and reports on his practical experience. There was another piece in my mosaic, as Microsoft has recently also been using the term agility or continuous delivery in the Windows 10 and Office 365 development environment.

The question remains whether you can and should use agile development and continuous delivery for a platform like Windows 10 (or at least the basic operating system)?.Maybe the whole approach isn’t helpful for Windows development, where we depend on a a core OS solid as a rock (and won’t see disruptive agile ‘not ready yet’ prototype development). What do you think?

Articles:
Windows 10 and the OneDrive vulnerabilities – Part 1
Windows 10 and the OneDrive vulnerabilities – Part 2
Windows 10 and the OneDrive vulnerabilities – Part 3

Similar articles
Security-Risk: Avoid 7-Zip
7-Zip vulnerable – update to version 18.01

[German]Microsoft has released Intel microcode updates (KB4346084, KB4346085, KB4346086, KB4346087, KB4346088) for Windows 10 on August 20/21, 2018 (thanks to GeroH for the tip). Here is a brief overview.

Update KB4346084 for Windows 10 V1803

Update KB4346084 (Intel Microcode Update) is available for Windows 10 V1803. According to Microsoft, it addresses the following vulnerabilities:

Intel recently announced that they have completed their validations and started to release microcode for recent CPU platforms related to Spectre Variant 3a (CVE-2018-3640: “Rogue System Register Read (RSRE)”), Spectre Variant 4 (CVE-2018-3639: “Speculative Store Bypass (SSB)”), L1TF (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646: “L1 Terminal Fault”). In addition to microcode updates previously released in KB4100347​ to address Spectre Variant 2 (CVE 2017-5715: “Branch Target Injection”), this update also includes microcode updates from Intel for the following CPUs.

This update applies to several Intel processors listed in the KB article. It is a standalone update for Windows 10 version 1803 (Windows 10 April 2018 update) and Windows Server version 1803 (Server Core). This update is distributed via Windows Update, WSUS, and the Microsoft Update Catalog.

Microsoft intends to offer additional microcode updates from Intel for this operating system via the KB article as soon as they are available for Microsoft. Vulnerability protection is enabled by default for Windows client systems, so no action is required.

Please make sure that protection against Spectre Variant 2 for servers is enabled via the registry settings documented in the article Windows Server guidance to protect against speculative execution side-channel vulnerabilities.

Notes: Microsoft advises: Check with your device manufacturer and Intel through their websites for microcode recommendations for your device before applying this update to your device.

Users of Windows 10 V1803 are still offered the Intel Microcode Update KB4100347. The package is listed in the Update Catalog with date 8/21/2018, the KB article specifies July 2018 as the last change date. I had described the package in May 2018 in the article Windows 10 V1803: Microcode update KB4100347 (05/15/2018).

Update KB4346085 for Windows 10 V1709

Update KB4346085 is the same Intel Microcode update as described above, but is available for Windows 10 V1709. The list of supported updates is listed in the KB article. There you will also find further details and the link to the Microsoft Update Catalog.

Update KB4346086 for Windows 10 V1703

Update KB4346086 is the same Intel Microcode update as described above, but is available for Windows 10 V1703. The list of supported updates is listed in the KB article. There you will also find further details and the link to the Microsoft Update Catalog.

Update KB4346087 for Windows 10 V1607

Update KB4346087 is the same Intel Microcode update as described above, but is available for Windows 10 V1607. The list of supported updates is listed in the KB article. There you will also find further details and the link to the Microsoft Update Catalog.

Update KB4346088 for Windows 10 V1507

Update KB4346088 is the same Intel Microcode update as described above, but is available for Windows 10 V1507 (RTM. The list of supported updates is listed in the KB article. There you will also find further details and the link to the Microsoft Update Catalog.

The list of updates can be viewed in the Microsoft Update Catalog (updates with date 8/20/2018). At KB4090007 is an overview of all supported CPUs.

The mail app of Windows 10 doesn’t support to send group emails to contacts located within the people app. The creation of groups in the people app is not possible. Now a Microsoft employee is trying to push the topic.

Recently I came across the thread Unable to send group emails to multiple contacts in Windows 10 People App from Sophie_Z while browsing the US Microsoft Answers forum. On she is a moderator in US Microsoft Answers forum, but she is also a Microsoft employee (support engineer). Sophie_Z apparently posted a problem and asked for more feedback.

Unable to send group emails to multiple contacts in Windows 10 People App

I am a Microsoft support engineer and I want to gather more feedback from you in regards to the issue that users cannot send emails to multiple contacts in People App, so I can drive a feature request with Windows engineering group.

I have submitted a Feedback Hub post with the issue description here: https://aka.ms/AA21cea

If you could upvote the issue and leave a detailed comment about your frustration with the absence of this feature, that would help me make a strong business case for the request.

Thank you very much and please comment below if you have any more questions!

Till now, more than 500 users added their feedback. So, if you miss this feature too, feel free to send feedback.

[German]Microsoft’s Intel Microcode KB4100347 update causes issues with Trend Micro Worry-Free Business Security (WFBS). After installing this update, virus protection seems no longer active.

In blog article McAfee pulled Endpoint Security 10.5.4 August-Update a few hours ago I had reported a case with issues after installing the microcode update KB4100347 under Windows 10. According to comments, this update, which actually dates from July 2018, was also installed on machines via Windows Update in August 2018.

Trend Micro Worry-Free Business Security (WFBS) is a security solution from Trend Micro. These are cloud-based security services for Windows, Mac and mobile devices for Windows. This security solution is also available for Windows 10.

German blog reader Thomas B. has informed me by e-mail that there is an issues with the Trend Micro Worry-Free Business Security (WFBS) virus protection solution. After installing microcode update KB4100347, the WFBS virus protection no longer works under Windows 10. The following screenshot from Thomas shows the problem.

(Click to zoom)

Der Trend Micro Security Agent is no longer activated, the device isn’t protected. Thomas wrote, that he got this issues on all systems, where KB4100347 has been installed. Is someone else affected?

Microsoft has provided an ISO file for creating an installation disc for Windows 10 Insider Preview Build 17738, which was released in mid-August 2018. The download is possible for Windows Insider after logging in on this website. (via)

Microsoft has released the Insider Preview Build 17744 of Windows 10 (Redstone 5) for testers in the Slow Ring. This build was released on August 20, 2018 in the Fast Ring (see Windows 10 Version 1809: Insider Preview 17744 released).

The announcement of the new build was made in the Windows Blog. Dona Sarkar has also announced it on Twitter.

Hi #WindowsInsiders we have released Windows 10 Insider Preview Build 17744 (RS5) + KB4459375 to Windows Insiders in the Slow ring. Check out the blog for the details! https://t.co/0W7J3r2Ivx

— Dona Sarkar (@donasarkar) 30. August 2018

The Windows blog post mentions also that the update KB4459375 has been released. KB4459375 contains as a fix for the problem that causes PCs to throw a Blue Screen (BSOD) when logging off from the user profile or shutting down the PC. In addition, the KB4459375 update is already packed with a new design so that Windows Insiders Preview builds can be downloaded and installed more efficiently (see Microsoft announced the end of Windows 10 Delta Updates).

Intel has updated its graphics driver for Windows 10 to version 24.20.100.6286. This update brings some bug fixes, including a fix for YouTube video playback issues.

You can download the drivers (the 64-bit package contains a bold 367.13 MByte) on this Intel web page. Intel writes that this driver has performance enhancements and optimizations for World of Warcraft: Battle for Azeroth* (for DirectX* 11 and 12 versions) and Jurassic World Evolution* on Intel® Core 6th generation or higher processors. The new driver supports the following operating systems:

• Microsoft Windows* 10-64 – Creators Update
• Microsoft Windows* 10-64 – Fall Creators Update
• Microsoft Windows* 10-64 – April 2018 Update

The driver update is available for the following platforms:

• 6th Gen Intel(R) Core(TM) processor family (Codename Skylake)
• 7th Gen Intel(R) Core(TM) processor family (Codename Kaby Lake)
• 8th Gen Intel(R) Core(TM) processor family (Codename Kaby Lake-R, Coffee Lake-R)   
• Apollo Lake
• Gemini Lake
• Intel(R) Xeon(R) Processor E3 v5

A detailed list of supported processors can be found on the Intel download page. The Release Notes (PDF) contain information on the improvements and fixes provided by the driver update. (via)

[German]Microsoft has released the updates KB4346783, KB4343893, KB4343889 and KB4343884 for various Windows 10 builds as of August 30, 2018. Here is an overview.

A list of released updates for Windows 10 can be obtained from Microsoft’s Update history page.

Update KB4346783 for Windows 10 Version 1803

Cumulative Update KB4346783 for Windows 10 Version 1803 raises the build number to 17134.254. This is a maintenance update that addresses the following issues.

• Addresses an issue in Microsoft Foundation Class applications that may cause applications to flicker.
• Addresses an issue where touch and mouse events were handled differently in Windows Presentation Foundation (WPF) applications that have a transparent overlay window.
• Addresses a reliability issue in applications that have extensive window nesting.
• Addresses an issue in the Universal CRT that sometimes causes the AMD64 FMOD to return an incorrect result when given very large inputs.
• Addresses an issue in the Universal CRT that causes the _get_pgmptr() function to return an empty string.
• Addresses an issue in the Universal CRT that causes isprint() to return TRUE for a tab when using the C locale.
• Addresses an issue where Microsoft Edge or other UWP applications can’t perform client authentication when the private key is stored on a TPM 2.0 device.
• Addresses an issue that causes computer certificate enrollment or renewal to fail with an “Access denied” error after installing the April 2018 update. This issue occurs when the registry process has a lower process ID (PID) than all other processes except SYSTEM.
• Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
• Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
• Addresses an issue where not all network printers are connected after a user signs in. The HKEY_USERS\User\Printers\Connections key shows the correct network printers for the affected user; however, the missing list for network printers from this registry key isn’t populated in any app, including Microsoft Notepad, or in Devices and Printers. Printers may disappear or stop functioning.
• Addresses an issue that prevents printing on a 64-bit OS when 32-bit applications impersonate other users (typically by calling LogonUser). This issue occurs after installing monthly updates starting with KB4034681, released in August 2017. To resolve the issue for the affected applications, install this update, and then do one of the following:
  • Use Microsoft Application Compatibility Toolkit to globally enable the Splwow64Compat App Compat Shim
  • Use the following registry setting, and then restart the 32-bit application:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print
    Setting: Splwow64Compat, Type: DWORD Value1: 1
• Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
• Addresses an issue that causes devices that have 802.1x Extensible Authentication Protocol (EAP) enabled to randomly stop working with the stop code ”0xD1 DRIVER_IRQL_NOT_LESS_OR_EQUAL”. The issue occurs when the kernel memory pool becomes corrupted. Crashes will generally occur in nwifi.sys.
• Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
• Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.

Unfortunately, this update does not fix the problem that the Edge browser fixes an error in the Application Guard (see my blog post Windows 10 V1709/1803: Issues (also August). Microsoft proposes to uninstall the KB4343909 update and then install the KB4346783 update as a workaround. The update is automatically distributed via Windows Update (if necessary, check for updates in Settings under Update & Security – Windows Update). It can also be downloaded for manual installation from Microsoft Update Catalog.

Update KB4346793 foür Windows 10 Version 1709

Cumulative Update KB4343893 for Windows 10 Version 1709 raises the build number to 16299.637. This is a maintenance update that addresses similar issues to the update described in the previous section.

This cumulative update has the same known issues as the corresponding August 14, 2018 update (see). Some non-English platforms can display the following string in English instead of the localized language: “Reading scheduled jobs from file is not supported in this language mode.” This error is displayed when Device Guard is enabled and you are trying to read the scheduled jobs you have created. In addition, there are other known issues with Device Guard activated (e.g. no & or . operator etc., see kb article) Microsoft is working on solving the problems.

The update is automatically distributed via Windows Update (if necessary, check for updates in Settings under Update& Security – Windows Update). It can also be downloaded for manual installation from Microsoft Update Catalog.

Update KB4343889 for Windows 10 Version 1703

Cumulative Update KB4343889 for Windows 10 Version 1703raises the build number to 15063.1292. This is a maintenance update that addresses almost identical issues to the update described in the previous section (see kb article). Additional an issue that causes win32kfull.sys to stop working (Stop 3B) when cancelling journal hook operations or disconnecting a remote session has been addressed.

Microsoft is currently not aware of any problems with the update. The update is automatically distributed via Windows Update (if necessary, check for updates in Settings under Update and Security – Windows Update). It can also be downloaded for manual installation from Microsoft Update Catalog.

Windows update improvements

Microsoft has released an update directly to the Windows Update Client to increase reliability. Each device with Windows 10, which is configured for automatic updates via Windows Update, receives the function update (to V1803). Windows 10 Enterprise and Pro Edition also receive the feature update (to V1803) based on device compatibility and the update delay (Defer) set in Windows Update for Business Deferral Policy. This does not apply to LTSC versions.

Update KB4343884 for Windows 10 Version 1607

Cumulative Update KB4343884 for Windows 10 Version 1607 (only available for Enterprise and Education and Windows Server 2016) raises the build number to 14393.2457. This is a maintenance update that addresses this issues.

• Updates the music metadata service provider used by Windows Media Player.

Addresses an issue from the March 2018 update that prevents the correct lock screen image from appearing when the following GPO policies are enabled:

• Computer Configuration\Administrative Templates\Control Panel\Personalization\Force a specific default lock screen and logon image
• Computer Configuration\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image
• Addresses an issue that prevents users of PIV/CAC smart cards from authenticating to use enterprise resources or prevents Windows Hello for Business from configuring on first logon.
• Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
• Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
• Addresses an issue that causes PowerShell scripts to stop working when attempting operations such as Get-Credentials.
• Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
• Addresses a Windows Task Scheduler issue that occurs when setting up an event to start on a specific day of the month. Instead of starting on the specific day of the month you selected, the event starts one week ahead of schedule. For example, if you set an event to start on the third Tuesday of August 2018, instead of starting on 08/21/18, the event starts on 08/14/18.
• Addresses an issue that prevents Hypervisor from automatically launching on restart when running a nested or non-nested virtualization scenario after enabling Device Guard.
• Addresses an issue that causes the event viewer for Microsoft-Windows-Hyper-V-VMMS-Admin to receive excessive Event ID 12660 “Cannot open handle to Hyper-V storage provider” messages. This issue occurs when performing migration testing on a Windows Server 2016 S2D Cluster Platform. As a result, events are deleted after three hours when the event log size reaches 1 MB.
• Addresses an issue that causes virtual functions (VF) to be unintentionally removed when a virtual machine (VM) is saved in Hyper-V Manager. This issue occurs when assigning and loading multiple virtual functions to a single VM during live migration on Windows Server 2016. Saving the VM doesn’t result in a normal shutdown of the virtual functions and doesn’t allow the VF driver to have backchannel communication with the physical function (PF).
• Addresses an issue that causes an Azure to on-premise failback operation to fail and puts the virtual machine (VM) into an unresponsive state. This issue occurs if the failback is interrupted by an event such as restarting the Virtual Machine Management Service (VMMS) or restarting the host machine. The failback operation then continues to fail even when the VMMS is running.
• Addresses an Active Directory Federation Services (AD FS) issue where Multi-Factor Authentication does not work correctly with mobile devices that use custom culture definitions.
• Addresses an issue in Windows Hello for Business that causes a significant delay (15 seconds) in new user enrollment. This issue occurs when a hardware security module is used to store an ADFS Registration Authority (RA) certificate.
• Addresses an Active Directory Domain Services (AD DS) issue that causes Local Security Authority Subsystem Service (LSASS) to stop working intermittently. This issue occurs when a custom component binds over Transport Layer Security (TLS) to a Domain Controller using Simple Authentication and Security Layer (SASL) EXTERNAL authentication.
• Addresses an issue that generates Event ID 2006 and prevents the Windows Performance counter from reading Server Message Block (SMB) performance counters. This issue occurs when Hot-Plug is enabled for CPUs on Windows 2016 virtual machines.
• Addresses an issue that causes users to disconnect from a remote session when the Remote Desktop Gateway service stops working.
• Addresses an issue that causes svchost.exe to stop working intermittently. This issue occurs when the SessionEnv service is running, which causes a partial load of the user’s configuration during a Remote Desktop session.
• Addresses an issue that may cause the server to be restarted because the system nonpaged pool consumes too much memory.
• Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
• Addresses an issue that prevents a drive from being made writable even after BitLocker encryption has completed. This issue occurs when using the FDVDenyWriteAccess policy.
• Addresses an issue that occasionally displays a blue screen instead of the lock screen when a device wakes up from sleep.
• Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.

Microsoft is currently not aware of any problems with the update. The update is automatically distributed via Windows Update (if necessary, check for updates in Settings under Update and Security – Windows Update). It can also be downloaded for manual installation from Microsoft Update Catalog.

Please note that the Servicing Stack Update (SSU) (KB4132216) must be installed before installing the KB4343884 update. Without this SSU, the cumulative update is not offered.

Windows update improvements

Microsoft has released an update directly to the Windows Update Client to increase reliability. Each device with Windows 10, which is configured for automatic updates via Windows Update, receives the function update (to V1803). Windows 10 Enterprise and Pro Edition also receive the feature update (to V1803) based on device compatibility and the update delay (Defer) set in Windows Update for Business Deferral Policy. This does not apply to LTSC versions.

Similar articles:
Security update for Adobe Acrobat/Reader
Microsoft Office Patchday (August 7, 2018)
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Microsoft Security Update Summary August 14, 2018
Patchday Windows 10-Updates (August 14, 2018)
Patchday: Updates for Windows 7/8.1/Server (August 14, 2018)
Patchday Microsoft Office Updates (August 14, 2018)
Microsoft Patchday: Other Updates (August 14, 2018)
Windows 10 V1709/1803: Issues (also August Patchday)
Windows 7/8.1 Preview Rollup Updates KB4343894, KB4343891 (August 30, 2018)

[German]On August 31, 2018, Microsoft not only revealed the new name for the Windows 10 V1809, but also released the Insider Preview Build 17751 of Windows 10. Now we have the 1st release candidate.

New Redstone 5 preview in Fast Ring

In addition to the following tweet with the announcement, Microsoft has traditionally announced details of the new Insider Preview Build 17751, which is available in the Redstone 5 branch for Insiders in the Fast Ring, in Windows Blog and also mentioned within this Tweet.

Announcing Windows 10 Insider Preview Build 17751 https://t.co/y5O9OILhgt

— Windows Blogs (@windowsblog) August 31, 2018

Without watermark, without expiration date

The change log mentiones that the watermark in the lower right corner of the desktop has been removed. People who downloaded and installed the new version reported that Winver no longer displays an expiration date for this build 17751.1 either. So this is like the first release candidate for ‘Windows 10 October 2018 Update’, but not yet a final build for version 1809.

The list of fixed problems in this build is quite extensive – from fixed blue screen to fixed explorer crashes in tablet mode. However, there are still problems, such as a non-opening browser in the Twitter PWA app or display problems with functions for easier operation. You can read all this here.