Microsoft has released the cumulative update KB4483214 for the Insider Preview of Windows 10 19H1. This fixes the IE vulnerability that was closed two days ago in other versions of Windows. Details may be read at softpedia.com for instance.

[German]Microsoft has released the UUP update KB4483530 and KB4483541 for selective user groups under Windows 10. Here is some information about this update, which is being tested by some users.

Blog reader Markus K. informed me about the update (thanks for that). It is a Universal Update Platform (UUP) update, which is currently being tested selectively by some users.

What is the Universal Update Platform (UUP)?

At the end of 2016, Microsoft announced its plans for the Universal Update Platform (UUP), in which differential updates will reduce package size by 30-40%. I had reported on the details in the blog post Windows 10 UUP shrinks update package size under 1GB.  As a result, updates and feature updates were downloaded much more quickly. Within the blog post An update on our Unified Update Platform (UUP) Bill Karagounis of Microsoft explained in March 2017 the latest findings about the UUP approach.

(Source: Microsoft)

The above graph shows the improvements in download size between different Windows builds – the green bars show a differential download per UUP, while blue shows the conventional method with .ESD package. It’s dramatic what’s going on. Microsoft assumes that the download sizes for insider builds can remain below 1 GByte. Starting with the Windows 10 Creators update, UUP is also integrated in the version accessible to end users.

Update KB4483530 for Windows 10 Version 1709

Update KB4483530 is available for Windows 10, Version 1709. However, Microsoft writes that this update has only been made available to a limited amount of customers who participate in a preview of UUP. It is currently in a testing phase and should only be installed on devices that are registered in the UUP preview.

This update is for UUP preview testing only. Do not install this update on a device that is not used for UUP testing. To obtain the standalone package for this update, visit the Microsoft Update Catalog Web site. This update does not replace a previously released update.

Update KB4483541 for Windows 10 Version 1803

Update KB4483541 is available for Windows 10, Version 1803. However, Microsoft writes that this update has only been made available to a limited amount of customers who participate in a preview of UUP. It is currently in a testing phase and should only be installed on devices that are registered in the UUP preview.

Microsoft supports in Windows 10 Delivery Optimization for Updates. It means, updates will be downloaded from Microsoft an can be delivered within a network to other Windows 10 clients. But how effective is Delivery Optimization for Windows 10-updates?

Want to find out how effective Delivery Optimization is at reducing the bandwidth needed to download and install Windows 10 updates in your organization? Microsoft provided a techcommunity blog post Measuring Delivery Optimization and its impact to your network with further details, as they announced recently on Twitter.

Want to find out how effective Delivery Optimization is at reducing the bandwidth needed to download and install Windows 10 updates in your organization? Here are some tips from @narkissit – https://t.co/uR7cD0rhB5 pic.twitter.com/2v0eE8S2Hz

— Windows IT Pro (@MSWindowsITPro) 13. Dezember 2018

[German]A short note for those who like to experiment with Windows 10 privacy: There is a tool , named Private WinTen (Private Win10) with which you can control the privacy and firewall settings of Windows 10. Here is some information about this open source tool.

Background

The tool is developed by David Xanatos – he also developed wumgr (Windows update management tool for windows 10), which can be used to control updates under Windows 10. 

I haven’t introduced wumgr here in my blog yet, because I tested the tool for David. I noticed some things that were not easy to fix. A short discussion can be found in the German comments here. I will blog about the details on occasion – also the drama concerning the store version of wumgr, because I have the relevant information from David.

Shortly before Christmas David Xanatos informed me that he had released a new tool called Private WinTen (or PrivateWin10) for Windows 10 on GitHub. The description:

PrivateWin10 is an advanced Privacy tool for windows it provides a simple and comprehensive UI for tweaking privacy settings, as well as options to block system access to files and registry keys in order to enforce privacy whenever Windows does not provide a satisfying setting for that.

To solve privacy issues with other software the tool includes a powerful custom firewall frontend for the windows built in firewall.

The source code of the open source tool can be found on GitHubGitHub. The first binary versions can be downloaded here. Currently the version 0.1b is available as a ZIP archive. The tool does not need to be installed, it can be started after unpacking.

Notes on the program

At this point several hints: When downloading the ZIP archive, the SmartScreen filter of the Edge browser or the security check of Google Chrome will be triggered and warns against the download. This is because the alpha versions of the .exe file in the ZIP archive are not digitally signed and are unknown to both Microsoft and Google. But, in case of doubt, you can download the sources and compile the project yourself.

During launch the program requires administrator privileges. If you don’t trust the program, you should keep your hands off. In addition, it is not for users who are little experienced.

Short overview of the program

After the program launch, a query appears once in which you can specify various start options.

The main window is then displayed, with icons for accessing the individual features of the tool (see image below).

In the Privacy Options category, you can customize various Windows 10 privacy settings. 

At the same time, the firewall front-end monitors all outgoing Internet connections and sounds an alarm every time an application wants to access the Internet.

within the popup window, the connection can be configured via a list box control (e.g. block or release). All firewall settings are show within the program window below, and can also be checked and adjusted there.

I only tested the tool briefly in the 0.1b alpha version. There was a short hang where the application didn’t react anymore – but after a few seconds the program worked again. And the frequent popup requests for outgoing connections are a bit annoying – but they show how many functions in Windows 10 ‘want to call outside’.

Some information about the tool can also be found at WilderSecurity. You can leave a comment about the experiences. David Xanatos will surely read along in the blog and is probably interested in feedback.

[German]A brief note for Windows 10 users working with the Build-In Account Administrator. When you upgrade to the October 2018 update (Windows 10 v1809), this account is disabled in some cases.

Background information

In Windows 10, there is a built-in user account called Administrator, which is disabled by default. I remember, this account was already present in Windows XP – but I can’t test it at the moment. 

• The account is deactivated by default during setup (imho during the OOBE phase) if a second administrator account is created during setup. 
• Since Windows Vista, this administrator account does not need a user account control query to assign administrative permissions to tasks.

Microsoft provides this Build-In-Administrator for emergency cases: If no second administrator account exists in Windows, the account will be activated. On the other hand, this means that the account is deactivated during setup when the OOBE phase is performed.

Don’t use the Build-In Administrator

I recommend to let that Build-In account Administrator disabled. Because if this user profile becomes corrupted and no other user account with administrator rights exists anymore, usually only a new installation of the operating system remains.

If, on the other hand, the second administrator account or its password is getting lost and the Build-In Administrator account is deactivated, the system can usually be rescued with a hack. At the end of the article I linked blog posts that show how to activate this administrator account in a Windows PE environment. I have successfully used this several times to save systems.

Attention when upgrading from V1803 to V1803

The Technet team from Microsoft Japan has published a blog post entitled Upgrading from Windows 10 version 1803 to version 1809 will invalidate built-in Administrator, which deals with the issue of Build-In Account Administrator when upgrading from Windows 10 V1803 to version 1809. The statements:

• If you upgrade to version 1809 with Windows 10 version 1803 and Build-In Account Administrator enabled, the account can be disabled.
• The account is not disabled when the feature update is installed if there is no other administrator account. 

  If a second administrator account exists and is enabled, Setup disables the Build-In Administrator account when you upgrade to Windows 10 V1809 during the OOBE phase.

Personally, I would have said that’s the behavior I expected. However, the Technet team from Microsoft Japan writes that the developers at Microsoft are currently working on solving this issue. Microsoft is currently working on releasing a patch by the end of January 2019. 

Some workrarounds

If you need to upgrade before the patch is released, make sure that you can log in with a different administrative user account than the built-in administrator.

Has an upgrade been performed and is the built-in administrator then disabled? Then log on to the remaining administrator account and activate the Build-In Administrator. This can be done in an administrative prompt using the command:

net user administrator /active:yes

In Windows 10 Pro / Enterprise you can use the extended user administration. To do this, open the computer administration with administrative authorizations and double-click on the Administrator account.

Then enable the disabled administrator account in the properties via the Account is enabled checkbox (which I don’t really recommend for the above reasons).

However, if the second administrator account is damaged, the above approach does not work anymore. Then you can try the approaches I described in the article series Activate Build-in Administrator account in Windows – I. (via)

Similar articles:
Activate Build-in Administrator account in Windows – I
Activate Build-in Administrator account in Windows – II
Windows: Yes button in user account controls is disabled
Windows 10: file system error (-1073741819) – ‘extended attributes are in consistent’
Windows 10: Open command prompt window as administrator

[German]At the end of the year 2018 a new 0-day bug in Windows became known, which allows attackers to overwrite files. Here is some information about this new bug.

The 0-day bug in Windows was discovered in December 2018 by a hacker using the alias SandboxEscaper. The hacker had already released three more 0-day bugs in Windows in the past. 

Bug in Error Reporting System

The 0-day bug is located in the Windows Error Reporting system and allows you to overwrite files in Windows 10 for which a user normally has no permissions.

(Click to zoom)

This takes advantage of the fact that the Windows Error Reporting tool can be run in task scheduling (see screenshot above). A Proof of Concept (PoC) was published by SandboxEscaper on GitHub. This PoC code overwrites the ‘pci.sys’ file with information about software and hardware issues collected through Windows Error Reporting (WER).

‘Pci.sys’ is a system component that is required for correct booting of the operating system as it lists physical device objects.

According to SandboxEscaper, other files could also be overwritten using this approach. The hacker speculates: “You can also use the PoC to potentially disable third-party AV software”.

The hack isn’t reliable

The 0-day bug is currently rather uncritical, an exploitation in the wild seems unlikely. The hacker writes that the effect used by the PoC is not guaranteed and that the exploit has some limitations. It could not be observed on some systems with certain CPUs. For example, the bug cannot be reproduced on a machine with a CPU core. It may also take some time for an effect to occur at all. The PoC depends on a race condition where one process gets access to resources faster than another.

This latest 0day from SandboxEscaper requires a lot of patience to reproduce. And beyond that, it only *sometimes* overwrites the target file with data influenced by the attacker. Usually it’s unrelated WER data.https://t.co/FnqMRpLy77 pic.twitter.com/jAk5hbr46a

— Will Dormann (@wdormann) 29. Dezember 2018

This is confirmed by Will Dormann, a vulnerability analyst at CERT/CC. Dormann was able to reproduce the error in Windows 10 Home, Build 17134. However, Dormann writes that the overwriting is not consistent.

Microsoft informed at Christmas

The hacker sent an email to Microsoft before Christmas and announced on December 25, 2018 that he would release the PoC for a new bug in Windows on New Year’s Day (see picture below).

But two days later he changed his mind and released the details by the end of December 2018. In general SandBoxEscaper seems to be a pretty frustrated personality (see also this reddit thread), as each of his released PoCs was somehow quite bumpy and unexpectedly released. Furthermore, the hacker always deactivates the accounts (or gets them deactivated). The PoCs are also usually not knitted in such a way that they can be easily exploited.

At the end of August, for example, he released an exploit that increases the permissions for SYSTEM under Windows via a vulnerability in the Task Scheduler component. This has been patched by Microsoft in the meantime. At the end of October 2018 he reported another Privilege Escalation Bug in Windows, which made it possible to delete a file without administrative permissions. On December 19, he released a PoC code that allowed reading protected files. Bleeping Computer discusses more details here.

Similar articles
New Windows 0-day-vulnerability (12/20/2018)
Windows 0-day ALPC vulnerability in task scheduler
Windows 10: 0-Day-Exploit in Microsoft Data Sharing
Windows ALPC vulnerability (CVE-2018-8440) used in Exploit Kit

Microsoft has released the Windows 10 Insider Preview Build 18309 in the Fast Ring at the beginning of the year. This is the 19H1 development branch, which will be released in spring 2019.

The announcement and a description of the new features can be found in the Windows Blog. There are some new features that Microsoft lists for the new build.

Simplfied Windows Hello PIN reset

In this build, the improved resetting of the PIN for Windows Hello logon is announced as a highlight. If you have forgotten the PIN for the Windows Hello login, you should be able to reset this PIN just as easily via the link “I have forgotten my PIN” as it works with websites.

(Source: Microsoft)

Originally this feature was announced for build 18305, but only available for insiders with Windows 10 Home Edition. With today’s Windows Insider Preview Update, this feature is available on all Windows 10 editions.

Passwordless login is enforced

Already in the build 18305 the passwordless registration was introduced. A user account can be created via a Microsoft account with a telephone number and an SMS. This login option available in Windows 10 Home, which set up a PIN, is available for testing with build 18309 for all Windows 10 editions.

Cortana is switched off during setup

Also activating Cortana during Setup of a Windows 10 machine hasn’t been a highlight in the user favor. In the changelog for the new Insider Preview you can now read:

Based on feedback, if you clean install Pro, Enterprise, or Education editions of Windows, the Cortana voice-over will be disabled by default. Screen reader users can still choose to start Narrator at any time by pressing WIN + Ctrl + Enter.

Based on user feedback, Cortana remains disabled by default when you clean install Windows 10 Pro, Enterprise or Education.

The new build provides a number of other improvements and fixes, ranging from Hyper-V issues to green screen bugs and Explorer crashes when accessing network printers. Read the details here. There is also a long list of known issues.

[German]The Finnish Consumer Disputes Board decided, that Microsoft had no contractual right to install a new operating system without asking for permission. Microsoft has to compensate Windows 10 “Forced Installation” damage to consumer.

The news was distributed a few hours ago by Tero Alhonen via Twitter to his followers..

Finnish Consumer Disputes Panel: Microsoft has to compensate Windows 10 “Forced Installation” damage to consumer https://t.co/gvRrcLDJ0t Microsoft had no contractual right to install a new operating system without asking for permission, says the Board.

— Tero Alhonen (@teroalhonen) 6. Januar 2019

Some background

In the first year of Windows 10 release, from July 2015 to July 2016, Microsoft offered existing Windows 7 and 8.1 systems a free upgrade to Windows 10. More or less tricky approaches by Microsoft were used to tempt unwilling upgraders to update to Windows 10. I had some articles on this topic in my blog.

(Source: neowin.net)

In Finland, Microsoft had also committed itself in 2018 to forego the Windows 10 compulsory upgrade – in Germany, a cease-and-desist declaration became effective. Now back to the current case. A Windows 8 computer from a Finnish user has been forced in May 2016 to upgrade to Windows 10 without the customer’s consent. After the installation of Windows 10, the device, which was not even two years old, provided an error message that the device should be repaired.

The device has also been used for camera surveillance of the user’s property. The object in question was probably located in another town, so that remote surveillance by camera was possible. This function of the camera software was no longer available with the updated Windows 10 system.

According to this Finnish article, the customer contacted fifteen Microsoft service representatives who were not able to solve the problems. The affected person stated that he had spent a lot of time recovering files and had some expenses for spare parts and maintenance costs.

Compensation claim against Microsoft

The owner of the computer demanded 3,000 euros in damages from Microsoft to compensate for his efforts to correct the forced upgrade. Microsoft argued that the user had received the necessary help from free customer support. According to Microsoft, there is no responsibility for the control programs created by users (here for video surveillance).

Interestingly, Microsoft did not deny that the new operating system could be downloaded without the user’s permission. But in other cases, downloading without consent led to Microsoft accepting out-of-court or injunctive relief long after the end of the forced update period.

In Finland, there is the Kuluttajariitalautakunta (Consumer Disputes Board). The board of this organization has to judge about this case. The board then came to the following conclusions:

• According to the Consumer Disputes Board, the updates included in the Windows 8 license purchased by the consumer are services under the Consumer Protection Act. The vendor must be able to demonstrate that the service has been properly provided. 
• According to the board of the Consumer Disputes Board, it is clear that Microsoft had no contractual right to install the new operating system without the user’s permission. 
• According to the Consumer Disputes Board, the service was not provided professionally and carefully and in the interest of the customer, as required by the Finnish Consumer Protection Act.
• The Board notes that there was an error and that Microsoft did not dispute the connection between the error and the damage caused.

Microsoft considered the man’s demands inappropriate. These included, among other things, 2,300 euros for the workload to be approached. But the man believes that Microsoft should also pay him for new surveillance cameras unless Microsoft makes sure he can work with the new operating system.

The Consumer Disputes Board rejected the claim in some parts, for instance, the user could not give any explanation for the purchase of the new security cameras. In addition, the members of the board agreed with Microsoft’s argument that the estimated 2,300 euros for the workload were not documented.

However, the user’s claim for damages was not rejected. The Consumer Disputes Board estimated that the man incurred immediate replacement and service costs of around one thousand euros and travel costs of one hundred euros due to the error generated by the Windows 10 upgrade. Microsoft has to compensate for this.

The proposals of the Consumer Disputes Board are not binding, but the companies usually agree. Otherwise, a case goes to court – and this means that a company could get a verdict. But Microsoft seeks settlements in such cases.

Similar articles:
Windows 10 Upgrade: Legal action against Microsoft Germany
Insides about the “can’t avoid Windows 10 upgrade offer”
Is Microsoft forcing Windows 10 upgrades again?
Microsoft has been “served” by French authorities for Windows 10 privacy failings
Forced Windows 10 Upgrades: Microsoft signed a waiver
Lawsuits against Microsoft after forced Windows 10 upgrades
Windows 10: Why Clover Trail is a trouble maker

[German]On January 8, 2019 (the second Tuesday of the month, Patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds. Here are some details about each update.

For a list of updates, visit this Microsoft Web page. I’ve pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (version 1809).

Update KB4480116 for Windows 10 Version 1809

Cumulative update KB4480116 raises the OS build to 17763.253 and contains quality improvements and fixes:

• Addresses a security vulnerability in session isolation that affects PowerShell remote endpoints. By default, PowerShell remoting only works with administrator accounts, but can be configured to work with non-administrator accounts. Starting with this release, you cannot configure PowerShell remote endpoints to work with non-administrator accounts. When attempting to use a non-administrator account, the following error will appear:
• “New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.”
• Addresses an issue in which using esentutl /p to repair a corrupt Extensible Storage Engine (ESE) database results in a mostly empty database. The ESE database is corrupted and cannot be mounted.
• Security updates to Microsoft Edge, Internet Explorer, Windows App Platform and Frameworks, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, Microsoft JET Database Engine, Windows Linux, Windows Virtualization, and the Microsoft Scripting Engine.

The update is automatically distributed via Windows Update, no update search is necessary anymore. The update can also be downloaded and installed from the Microsoft Update Catalog. The manual installation of the update requires that the Servicing Stack Update (SSU) KB4470788 (Microsoft Update Catalog, WSUS) is installed. This is ensured when installing via Windows Update.

After you install this update, third-party applications may have difficulty authenticating hotspots. Microsoft is working on it.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 April Update (version 1803). 

Update KB4480966 for Windows 10 Version 1803

Cumulative update KB4480966 contains quality improvements but no new operating system functions and raises the OS build to 17134.523. Here is the list of fixes:

• Addresses a security vulnerability in session isolation that affects PowerShell remote endpoints. By default, PowerShell remoting only works with administrator accounts, but can be configured to work with non-administrator accounts. Starting with this release, you cannot configure PowerShell remote endpoints to work with non-administrator accounts. When attempting to use a non-administrator account, the following error will appear:
• “New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.”
• Security updates to Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, the Microsoft Scripting Engine, Windows Kernel, Windows Storage and Filesystems, Windows Virtualization, Windows Linux, Windows MSXML, and the Microsoft JET Database Engine.

The update is distributed via Windows Update, but should also be available via WSUS or the Microsoft Update Catalog. Manual installation of the update requires the current Servicing Stack Update (SSU) KB4477137 (Microsoft Update Catalog) to be installed. This is ensured when installing via Windows Update.

Microsoft is aware of the following issues with this update: An installed .NET Framework Preview des Quality Rollup causes issues. It may raise an exception when instantiating SqlConnection. For more information about this issue, visit the Microsoft Knowledge Base.

After you install this update, some users may no longer be able to place a Web link in the Start menu or taskbar. Microsoft has been working to resolve this issue since December and will release a fix in upcoming updates.

After installing KB4467682, the Cluster Service may refuse to start with the error “2245 (NERR_PasswordTooShort)”. Occurs when the Minimum Password Length group policy is configured with more than 14 characters. Here the password length must be limited to 14 characters. 

After you install this update, third-party applications may have difficulty authenticating hotspots. Microsoft is working on a solution and estimates that a solution will be available in mid-January.

Updates for Windows 10 Version 1709

The following updates are available for Windows 10 Fall Creators Update (version 1709). 

Update KB4480978 foür Windows 10 Version 1709

Cumulative update KB4480978 for Windows 10 Version 1709 (Fall Creators Update)raises the OS Build to 16299.904 and contains quality improvements and the following fixes: 

• Addresses a security vulnerability in session isolation that affects PowerShell remote endpoints. By default, PowerShell remoting only works with administrator accounts, but can be configured to work with non-administrator accounts. Starting with this release, you cannot configure PowerShell remote endpoints to work with non-administrator accounts. When attempting to use a non-administrator account, the following error will appear:
• “New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.”
• Security updates to Internet Explorer, Microsoft Edge, Windows App Platform and Frameworks, the Microsoft Scripting Engine, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Virtualization, Windows Linux, and the Microsoft JET Database Engine.

The update is distributed via Windows Update, but can also be downloaded via Microsoft Update Catalog. Manual installation of the update requires the current Servicing Stack Update (SSU) KB4477136 to be installed. This is ensured when installing via Windows Update.

With this version, an installed .NET Framework Preview des Quality Rollup Update from August or September 2018 causes problems. It can raise an exception when instantiating SqlConnection. For more information about this issue, visit the Microsoft Knowledge Base.

After you install this update, third-party applications may have difficulty authenticating hotspots. Microsoft is working on a solution and estimates that a solution will be available in mid-January. 

Updates for Windows 10 Version 1507 till 1703

For Windows 10 RTM up to version 1703 different updates are available for the LTSC versions and Enterprise versions. Here is a short overview. 

• Windows 10 Version 1703: Update KB4480973 is only available for Enterprise and Education. The update raises the OS build to 15063.1563. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4480961 is only available for Enterprise and Education and Windows Server 2016. The update raises the OS build to 14393.2724 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed before manual installation. Details, including known issues, can be found in the KB article. 
• Windows 10 Version 1507: Update KB4480962  is available for the RTM version (LTSC). The update lifts the OS build to 10240.18094 and includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed prior to manual installation. Details, including known issues, can be found in the KB article. Details can be found in the KB article.

There was no update for Windows 10 V1511, because this version was dropped from support. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Similar articles:
Microsoft Office Patchday (January 2, 2019)
Office 2010 Updates for January 2019 has been pulled
Microsoft Security Update Summary (January 8, 2019)
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)

[German]On January 15, 2019, Microsoft released several cumulative updates for the supported Windows 10 builds. Here are some details about each update and the known issues.

For a list of updates, visit this Microsoft Web page. I’ve pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001.

Updates for Windows 10 Version 1803

The following updates are available for Windows 10 Version 1803.

Update KB4480976 for Windows 10 Version 1803

Cumulative update KB4480976 raises the OS build to 17134.556 and contains quality improvements but no new operating system functions. Here is the list of fixes:

• Addresses an issue in Microsoft Edge that fails to trigger the focusin event if the focus event listener of an element shifts focus to another element.
• Addresses an issue that prevents sharing and timeline features and roaming settings from working for accounts that use Chinese, Japanese, and Korean languages.
• Addresses an issue that may prevent some applications from displaying the Help (F1) window correctly.
• Addresses an issue that causes power options to appear on the Windows security screen when the per user group policy to hide power options is set.
• Addresses an issue that prevents links for certain compressed file formats from resolving.
• Addresses an issue that causes BitLocker Network Unlock to fail on generation 2 virtual machines when it’s used in a network that only supports IPv4.
• Addresses a privacy issue with apps that obtain the BroadFileSystemAccess capability without a user’s consent.
• Addresses an issue in which WAM logging causes some applications such as Microsoft Office to stop working.
• Addresses an issue that causes catalog signed scripts, including those shipped as part of Windows, to incorrectly generate a Windows Defender Application Control (WDAC) failure audit event.
• Addresses an issue in which Windows Driver Frameworks causes high CPU utilization. As a result, the user-mode driver stops working when the device resumes from Hibernate (S4).
• Addresses an issue that may cause a 30-second delay when deleting or renaming a link in a Distributed File System (DFS) Namespace. Additionally, renaming a folder may take 30 seconds when multiple users work in a group share simultaneously, and File Explorer stops responding.
• Addresses an issue that prevents you from overwriting a file in a shared folder because of an Access Denied error when a filter driver is loaded.
• Addresses an issue that may cause third-party applications to have difficulty authenticating hotspots.
• Addresses an issue that may cause a blue screen to appear when a Thunderbolt storage device is attached.

The update is distributed via Windows Update, but should also be available via WSUS or the Microsoft Update Catalog. Manual installation of the update requires the current Servicing Stack Update (SSU) KB4477137 (Microsoft Update Catalog) to be installed. This is ensured when installing via Windows Update.

Known issue with this update

Microsoft is aware of the following issues with this update: An installed .NET Framework Preview des Quality Rollup dated September 11, 2018 causes problems. It may raise an exception when instantiating SqlConnection. For more information about this issue, visit the Microsoft Knowledge Base.

After installing this update, some users will no longer be able to place a web link in the Start menu or taskbar. Microsoft has been working on a solution to this problem since December and will release a fix in upcoming updates.

Furthermore, the bug when accessing Access 97 MDB databases in the Jet Database Engine is unfixed.

Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. he database will fail to open with the error, “Unrecognized Database Format”.

Microsoft promises a fix until the beginning of February 2019, but I am not sure whether an update will be come to the February 2019 patchday. Some workarounds are suggested in the KB article. What to think about it, I had discussed in the article Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates.

Updates for Windows 10 Version 1709

The following updates are available for Windows 10 Fall Creators Update (version 1709).

Update KB4480967 for Windows 10 Version 1709

Cumulative update KB4480967 for Windows 10 Version 1709 (Fall Creators Update) raises the OS build to 16299.936 and contains quality improvements as well as the following problem fixes:

• Addresses an issue in Microsoft Edge that fails to trigger the focusin event if the focus event listener of an element shifts focus to another element.
• Addresses an issue that may prevent some applications from displaying the Help (F1) window correctly.
• Addresses an issue that may cause an application to stop working when converting long Kana to Kanji using a combination of predictive and non-predictive input.
• Addresses an issue in a multi-monitor configuration that causes a window to unexpectedly move to a different monitor when reconnecting to an existing user session.
• Addresses an issue in which the desktop wallpaper image set by a group policy will not update if it has the same name as the previous image.
• Addresses an issue that causes BitLocker Network Unlock to fail on generation 2 virtual machines when it’s used in a network that only supports IPv4.
• Addresses an issue that causes catalog signed scripts, including those shipped as part of Windows, to incorrectly generate a Windows Defender Application Control (WDAC) failure audit event.
• Addresses an issue that causes Scheduled Tasks created in a disabled state to not run.
• Addresses an issue that prevents you from overwriting a file in a shared folder because of an Access Denied error when a filter driver is loaded.
• Addresses an issue that may cause third-party applications to have difficulty authenticating hotspots.
• Addresses an issue that may cause a blue screen to appear when a Thunderbolt storage device is attached.
• Addresses an issue that may display the error code “0x139” for the RNDISMP6!KeepAliveTimerHandler when connecting to a Remote Network Driver Interface Specification (RNDIS) device.

The update is distributed via Windows Update, but can also be downloaded via Microsoft Update Catalog. Manual installation of the update requires the current Servicing Stack Update (SSU) KB4477136 to be installed. This is ensured when installing via Windows Update.

Microsoft is aware of the following issues with this update: An installed .NET Framework Preview des Quality Rollup dated September 11, 2018 causes problems. It may raise an exception when instantiating SqlConnection. For more information about this issue, visit the Microsoft Knowledge Base.

Furthermore, the bug mentioned in the previous section is unfixed when accessing Access 97 MDB databases in the Jet Database Engine.

Updates for Windows 10 Version 1703

For Windows 10 Version 1703 there is the update KB480959, which is only available for Enterprise and Education. The update raises the OS build to 15063.1596. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but can be downloaded from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) must be installed before manual installation. Details, including known issues, can be found in the KB article.

Similar articles:
Microsoft Office Patchday (January 2, 2019)
Office 2010 Updates for January 2019 has been pulled
Microsoft Security Update Summary (January 8, 2019)
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Patchday Microsoft Office Updates (January 8, 2019)
Microsoft Patchday: Other Updates January 8, 2019

Windows 8.1 Preview Rollup Update KB4480969 (01/15/2019)

January 2019 patchday issues
Update KB971033/KB4480960/KB4480970 bricks Windows 7 Genuine (0xc004f200)
Microsoft explains the Windows 7 KMS activation issue
Network issues with updates KB4480970 and KB4480960
Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960

Windows January 2019 Updates breaks access to Access DBs
Microsoft confirms Access 97 MDB bug in Jet Database Engine caused by Windows January 2019 Updates

[German]Microsoft also released the update KB4487181 for the Windows 10 Insider Preview Build 18312 in Fast Ring on January 15, 2018. Here is some more information about this update.

I became aware of this update via Twitter the night before – Jen Gentleman from Microsoft announced this.

Hey #WindowsInsiders – we’re sending out a small update to Fast to address a few things with 18312. The update will be KB4487181 (18312.1007) – staggered rollout, if you don’t see it yet hold tight

Details here: https://t.co/5hvEvwcakv pic.twitter.com/yRvC1cvcym

— Jen Gentleman (@JenMsft) 15. Januar 2019

Details about that update may be read within the Windows Blog, where Windows 10 Insider Preview Build 18312 has been announded. Here are the fixes:

• We fixed an issue resulting in File Explorer unexpectedly having a lock on USBs when trying to safely eject them.
• We fixed an issue resulting in frequent bugchecks (GSODs) in the last two flights, citing an error with bindflt.sys.
• We fixed an issue where a password change can result in the next unlock hanging for AD users.

Cumulative update KB4487181 will raise the OS build to 18312.1007.

[German]Brief information for Windows 10 users: Microsoft has re-released its KB4023057 reliability update for Windows 10 (versions 1507 through 1803) on January 16/17, 2018. Some users are receiving an update error code 0x80070643.

I suppose, the re-release of the update KB4023057 should have to do with the resumption of the rollout (see Windows 10 V1809 announced as ‘general available’). At the moment the KB4023057 article hasn’t been changed – I got aware of the re-release via the hint at deskmodder.de. Here is some more information, what you should know.

What is Update KB4023057 for?

Update KB4023057, titled ‘Update to Windows 10, versions 1507, 1511, 1607, 1703, and 1709 for update reliability’, is cyclically rolled out by Microsoft. It is available for Windows 10 V1507 (RTM version) up to version 1803 (but not for the current version 1809). Microsoft writes within the KB article on the update that this brings improvements in the reliability of the Windows Update service.

This update includes reliability improvements to Windows Update Service components in Windows 10, versions 1507, 1511, 1607, 1703, 1709, and 1803. It may also take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

This update includes files and resources that address issues that affect the update processes in Windows 10 that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows 10.

This is in fact the same text as for the September and December 2018 releases. So Microsoft leaves its users pretty much in the dark as to what exactly is to be improved in reliability

Available via Windows Update

The update is only available via Windows Update, i.e. no download from the Microsoft Update Catalog or distribution via WSUS. Can also be interpreted in this way: Business users with WSUS & Co. won’t get this update – Windows 10 Home users are ‘guinea pigs’. Microsoft is testing the stuff on private customers and in small companies with individual Windows 10 Pro computers. Woody Leonhard also has a few words on the update at askwoody.com.

The update is causing issues

The update deeply interferes with the existing Windows 10 installation, cleans user-set update blockers, creates free disk space on the system drive if necessary, resets the network connection and more. More details may be found in my blog post Windows 10: Update KB4023057 released (Sept. 6, 2018). Within my blog post Windows 10: Update KB4023057 released (Dec. 7, 2018) I also gave some hints that this update (at least in some variants) will be installed as an app. 

Among other things, it causes people who have blocked the update to get it anyway – see my article for more details. In this article I also touched on some of the problems that users have experienced in the past when installing the update.

Update drops error 0x80070643

The colleagues from deskmodder.der mention in the article here that users who have already installed older versions of the update may receive the error code 0x80070643 (ERROR_INSTALL_FAILURE, Serious installation error) when reinstalling. The error also occurs in previous releases of this update in the forums (e.g. here and here). Remedy should be to uninstall the existing update and restart the system. 

Similar articles:
Windows 10: Update KB4023057 released (Dec. 7, 2018)
Windows 10 reliability update KB4023057 (02/08/2018)
Windows 10: Update KB4023057 re-released
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Windows 10: Update KB4023057
Windows 10: What is REMSH.exe for?
Windows 10: Update KB4023057 released (Sept. 6, 2018)
Windows 10: What are Rempl.exe, Remsh.exe, WaaSMedic.exe?
Windows 10 V1809 announced as ‘general available’

[German]Microsoft’s January 2019 updates are causing a network issue in all supported Windows 10 versions. A patch to correct the problem is expected in February 2019 or later. Here is some information about what is going on.

Some error reports

I confess, I wasn’t really aware of this issue, because I didn’t notice the real thing, when I first read this German comment on my German article Windows 7: Updates KB4480970 und KB4480960 verursachen Netzwerkprobleme published at German site heise.de. The user reported an ‘exotic flaw’ (here is my translation):

After the installation of the security updates 2019-01 (KB4480116) the Telekom Router (Speedport 925) could no longer be reached. After deinstallation, the Speedport router could be reached [within the browser] without problems as usual.

Some other German users mentioned DHCP issues within this forum thread. They recommended to assign a fixed IP address as a workaround. I haven’t tested this (because I’m not affected, currently my Windows 10 V1809 test machine can’t connect to Microsof’s update servers). Then I came across the mentions here and here by chance and started to consult Microsoft’s kb articles for all Windows 10 updates from January 2019.

Nearly all Windows 10 builds are affected

On January 17, 2019, Microsoft has updated the KB articles that describe the January 8, and January 15, 2019 updates for Windows 10. It affects the following patches:

• Windows 10 V1809 and Server 2019: KB4480116 from January 8, 2019
• Windows 10 V1803: KB4480966 from January 8, 2019 and KB4480976 vom 15. Januar 2019
• Windows 10 V1709: KB4480978 from January 8, 2019 und KB4480967 from January 15, 2019
• Windows 10 V1703: KB4480973 January 8, 2019 and KB4480959 January 15, 2019
• Windows 10 V1607 and Server 2016: KB4480961 January 8, 2019

Update KB4480977 for Windows 10 V1607 and Windows Server 2016, dated January 17, 2019 doesn’t mention the issue. Also update KB4480116 from January 8, 2019 for Windows 10 V1507 doesn’t mention the issue. It’s not clear whether it is only a lack of documentation or if the error has been fixed.

Microsoft confirms the network issue

Within the kb articles mentioned above, Microsoft added (probably at January 17, 2019) the following ‘known issue’.

After installing KB4480116, some users report that they cannot load a webpage in Microsoft Edge using a local IP address. Browsing fails or the webpage may become unresponsive.

The above KB number belongs to the article for Windows 10 V1809 update and changes depending on the Windows 10 version.

Microsoft proposes a workaround

Microsoft proposes the following steps as a workaround to enable access to local sites in Edge browser.

1. Open the Control Panel (enter control within taskbar’s search box, and click the control panel item shown within the start menu) and select Internet Options.

2. On the Security tab, select the Trusted Sites icon and click the Sites button.

3. Clear the check box for Require server verification (https:) for all sites in this zone.

4. In the Add this website to the zone: box, type the local IP address that failed to load, such as http://192.168.0.1 and click the Add button.

5. Select again the checkbox Require server verification (https:) for all sites in this zone, then confirm the Close button.

Then click the OK button to close the property page and restart Microsoft Edge. Afterward the local websites should be reachable within Microsoft Edge. Microsoft is working on a resolution and will provide an update in an upcoming release.

Similar articles:
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Network issues with updates KB4480970 and KB4480960
Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960
January 2019 patchday issues
Windows 10 V1607: Update KB4480977 (01/17/2019)

[German]Under Windows 10, several users seem to have problems installing HIDClass driver updates for HP devices. HID stands for Human Interface Device.

On Windows Latest there is this article reporting the problem. Apparently HP-HID drivers are rolled out via Windows Update for Windows 10. But their installation leads to the update error 0x800703e3.

HP HIDClass fails to install with error 0x800703e3 on Windows 10? Here’s the fix https://t.co/I8NWD7abKw pic.twitter.com/f6PFBi2zZs

— Windows Latest (@WindowsLatest) 18. Januar 2019

The above tweet is from Windows Latest and contains a screenshot of the issue. Here is another tweet. You can find this post in the HP-Forum:

Updating Error 0x800703e3

Product: HP Pavilion Laptop 14-Ce0xxx

Operating System: Microsoft Windows 10 (64-Bit)

I received some updates this morning but the HP Inc. – HIDClass – 10/30/2018 12:00:00 AM – 2.1.8.1 fails to update due to error 0x800703e3,

So I downloaded the file manually from http://www.catalog.update.microsoft.com/Search.aspx?q=hp+wireless+button but I don’t know how to install it.

Also on Twitter, users (mostly Asian sites) report installation problems and the update install error

HP Inc. – HIDClass – 10/30/2018 12:00:00 AM – 2.1.8.1 – Error 0x800703e3

Affects Windows 10 V1803 and also V1809 as far as I have seen.

Workaround: Install driver manually

If you have downloaded the desired driver manually (see the link above in the forum post quote), you can process the steps below.

1. Go to the Microsoft Update Catalog and look for the ‘hp wireless button’ update. You can also access the page from here.

2. On the page, locate the driver supported by your Windows 10 installation. You can download the driver as a .cab file.

3. Create a folder and double-click the .cab file. Then copy the three files from the .cab archive into the newly created working folder.

4. Right-click the .inf file and select the Install command from the context menu.

Follow the advices to install the driver. Afterward let Windows Update search for updates. Now you should be able to install the latest HP driver updates without an error. Maybe it will help.  (via)

Microsoft’s CEO Satya Nadella indicated last week in an interview with journalists that Microsoft 365 will also be available for consumers (i.e. outside corporate environments).

Microsoft introduced Microsoft 365 for corporate environments in mid-2017. It is a subscription based model in which companies can rent Windows 10, the Office 365 portfolio and Enterprise Mobility + Security (a collection of functions equipped with identity and device management tools) for their employees. 

The rumor that Microsoft is planning a Microsoft 365 product has been around for quite some time. In an interview with CNBC, Mr. Satya Nadella announced Microsoft’s plans. According to Nadella, Microsoft is carefully tracking the number of devices running Windows 10 and the number of people who have subscribed to Office 365. According to Nadella, it is conceivable that one or both of them could be part of Microsoft 365, which is aimed at end users.

But Mr. Nadella didn’t want to reveal any further details. Neither was there a release date, nor were there any details about the products included in Microsoft 365 or even a price for the subscription. Would you would rent Microsoft 365 on a monthly basis?

In Windows there is a Zero-Day-Exploit, which allows you to overwrite files without permission. 0patch provides a temporary micro-patch for this bug after Microsoft did not patch it in January 2019.

At the end of the year a new 0-Day bug in Windows has became known by a hacker using the alias SandboxEscaper. The vulnerability allows attackers to overwrite files (see my blog post Windows 10: 0-day bug enabled file overwrite).

We have just issued a micropatch for SandboxEscaper’s #angrypolarbearbug 0day. The vulnerability allows a low-privileged user to have any file overwritten with the content of a Windows Error Reporting XML file. This could potentially lead to arbitrary code execution as SYSTEM. pic.twitter.com/KWzJ1nUNIo

— 0patch (@0patch) 17. Januar 2019

Now the provider 0patch has announced the availability of a micro-patch for Windows on Twitter. These micro patches can be downloaded from this website by registered users. (via)

[German]Microsoft released the Windows 10 Insider Preview Build 18323 in Fast Ring. This is the version in the 19H1 development branch, and it is now anticipates as feature complete for the final release espected in April 2019. 

The announcement and a description of the new features can be found in the Windows Blog. I noticed the announcement on Twitter.

Heads up #WindowsInsiders we have published the blog post for Build 18323 that went to WIP Fast however note that availability of the flight will be spotty while we work out some issues with the build publishing systems. https://t.co/Fq2LSJa8nB https://t.co/zY4Vs094Un

— Brandon LeBlanc (@brandonleblanc) 24. Januar 2019

There are some new features that Microsoft lists for the new build. For example, support for the raw format has been improved for digital camera photo files.

(Source: Microsoft)

You can download a Raw Image Extension as Beta from Store and then view Raw files in Explorer. Furthermore the ‘Light Theme’ has been improved. The list of improvements is quite long:

• REMINDER: The new tamper protection setting in the Windows Security app protects your device by helping to prevent bad actors from tampering with the most important security settings. You may see a new recommendation in the Windows Security app suggesting you turn this setting on.
• We fixed an issue causing Update Orchestrator Service to stop working periodically. As a result of this issue, you might have seen an error on Windows Update Settings saying that the update failed to restart. This issue also resulted in restart using Update and Restart to sometimes just restart you back into the base OS.
• [UPDATED] We fixed an issue where clicking your account in Cortana Permissions didn’t bring up the UI to sign out from Cortana (if you were already signed in). This issue also impacted the Change My Name button.
• We fixed an issue resulting in night light not working recently.
• We fixed an issue where the quick actions section of Action Center would be missing sometimes recently.
• We fixed an issue where closing an open Excel window from the taskbar might cause Excel to go non-responsive.
• We fixed an issue an issue where the WIN + Ctrl + <number> hotkey wasn’t working.
• When using your accent color on the taskbar has been enabled, the taskbar and start jump lists will now also be accent-themed.
• For the time being we’re returning the Volume Mixer link in the volume button context menu to its October 2018 behavior while we look at improving the experience based on feedback.
• We fixed an issue where themes and Microsoft Edge extensions downloaded from Microsoft Store wouldn’t appear in their respective locations after the download finished.
• We fixed an issue impacting Action Center reliability in recent builds.
• We fixed an issue where you might see multiple Focus Assist notifications in the Action Center at a particular time.
• We’re adding Nearby Sharing to the list of default Focus Assist exceptions.
• We fixed a recent issue where if you used the screen snip quick action in the Action Center then the resulting screenshot would have the Action Center in it.
• We fixed a recent issue that could result in not being able to launch UWP apps from the Start menu sometimes.
• We fixed a recent regression resulting in File Explorer sometimes hanging when interacting with MP4s and folders that had MP4s in them.
• We fixed an issue where Cortana would close immediately if opened from the Start screen when using tablet mode.
• We fixed an issue impacting Snipping Tool reliability.
• We fixed an issue resulting in Ctrl + P not activating the Print command in Snip & Sketch in recent flights.
• We fixed an issue resulting in Snip & Sketch potentially crashing when closing many Snip & Sketch windows in a row.
• We fixed an issue where rebooting would set Nearby Sharing back to an off state if it had been turned on.
• We fixed an issue where the lock screen preview in Lock Screen Settings wasn’t showing in recent builds.
• We fixed an issue where the scrollbar in Settings was overlapping the text fields when manually configuring your IP address.
• We fixed a rare issue that could result in the screen locking up when using the Surface Dial.
• We fixed an issue where the tooltips in the Emoji Panel were truncated on the bottom.
• We fixed an issue where the Windows feature update might fail but would still be listed as a successful update in Windows Update history page.
• We fixed an issue where you might see a Windows Update icon in the notification area saying there was an update when no update was available.
• We fixed an issue where you couldn’t type on the touch keyboard when “Turn on Activate a window by hovering over it with the mouse” since focus would move away from the text field and set to the keyboard itself.
• We fixed an issue on certain devices that could sometimes result in the screen staying black on boot until CTRL + Alt + Del was pressed.
• We fixed an issue resulting in certain devices experience increased battery drain on the last few flights when in Disconnected Standby Mode.
• We fixed an issue for devices with multiple monitors resulting in Task View (WIN + Tab) sometimes showing UWP app thumbnails on the primary monitor rather than the monitor where the app was open.
• We fixed an issue where some key labels were cut off in Armenian full touch keyboard layout.
• We fixed an issue when using the full touch keyboard layout in Korean where pressing the FN key unexpectedly highlighted the IME ON/OFF key. We also fixed an issue for this language where tapping the tab key wouldn’t insert a tab.
• Thanks everyone who shared feedback about the new Japanese Microsoft IME we’ve been working on. With today’s build the IME and settings pages are returning to the ones that we shipped with the October 2018 Update, while we take your feedback into consideration.
• We fixed an issue where Narrator sometimes did not say anything when reopening Action Center after it was dismissed using the Esc key.
• We fixed an issue where Narrator did not speak the volume level value when using the hardware volume button to change the volume setting.
• We fixed an issue where Narrator command read from current location did not work when on a heading in Wikipedia.
• We fixed an issue where Narrator announced read-only at the end for links.
• We fixed an issue where Narrator continuous reading command read the last word of a sentence twice on a web page in Microsoft Edge.
• We fixed an issue impacting a small number of users enrolled in Microsoft Intune where they might not receive policies.
• We fixed an issue where signing out from inside Windows Sandbox resulted in a blank white window.
• We fixed an issue resulting in running c:\windows\syswow64\regedit.exe not launching regedit in recent builds.
• Settings header rollout update: This is now available across most regions for Insiders in Fast using Home edition and Pro editions of Windows that are not domain joined.
• Small app update: Thanks everyone who reached out about the grid alignment issue in the Calculator – this has been fixed with the 1812 version of the app.

But also the list of know issues is rather long. Happy testing.

[German]A few days ago, a German blog reader sent me a mail about an issue he was facing. After migrating from Windows 7 clients to Windows 10 V1809, the clients could not logon to a domain because the user profile service could not be loaded.

The error description

Blog reader Holger K. wrote that he has switched for one of his customers some clients from Windows 7 to Windows 10 1809. Afterward he wasn’t able to log in the Windows 10 clients to a domain controller (DC) running with Windows 2016. He received the following message on the clients:

“Error logging in with the user profile service. The user profile cannot be loaded”

He checked the clients, but all upgraded Windows 10 1809 systems are providing this message for the user account selected. Microsoft has already posted this article, but for Windows Vista and Windows 7 and for local clients.

The solution (workaround)

While searching the net for the root cause, blog reader Holger came across this Technet forum post. There a user describes the same scenario outlined above:

Some domain users get “user profile service failed” when trying to login after October Windows update

Some of my domain users can’t logon on any upgraded Win10 pro machine, whilst other users can logon to the upgraded machine fine. they see the error – windows couldn’t connect to the user profile service service.

There accounts can also not logon to other upgraded machines – they see the same error on other machines too.

The ‘fix’ seem to be rebuild their machine then stop the update happening – but what is the rel cause and proper fix?

i also on one occasion on one machine saw windows couldn’t connect to the System Event notification Service service

A user confirmed the issues with Windows 10 V1809 and rolled his clients back to Windows 10 version 1803. But user Gov PC Guy also provided a solution for a workaround:

found something, clearing the home drive path on the active directory user object. It allowed me to login. I then home drive mapping back on the object (it complains that the directory already exists, but I said ok) logged user off and back on again and it seems fine.

Blog reader Holger wrote, that user Gov PC Guy has reset the profile in the server’s AD to local and back again immediately. Windows will informed you, that the directory already exists. But then it asks, if you want to grant the user full access to the profile path. If this is confirmed, the profile path is set again.

According to blog reader Holger, afterward the user can then log in on any Win10 1809 client again. When comparing what’s different about this and another user profile, Holger noticed that the other user profiles have no “full access” for the user. The newly assigned user, on the other hand, already has this full access.

Holger suspects that Windows 10 intents to write new entries that did not exist before. He doesn’t know why the DC is acting now this differently, because he doesn’t know the history of this customer environment. Possibly the Domain Controller (DC) was migrated in the past. Maybe it has something to do with the issue I describe within my blog post Windows 10 V1803: Roaming profile not fully synchronized – I don’t know. Holger says: “It can be assumed that this problem will occur more frequently in the near future”. At this point thanks for the information, maybe the info will help others.

Similar articles:
Windows 10 V1809: Continous Warnings (Event ID 1534)
Windows 10 V1803: Roaming profile not fully synchronized
Temporary profile in Windows caused by Windows Defender?
Windows: Yes button in user account controls is disabled
Windows 10 V1607: Update KB4467684 kills Outlook search in Terminal Server

Microsoft has just opened the Skip Ahead-Ring for Windows Insiders interested to test the upcoming Windows 10 19H2 Windows Insider Builds. But there is a limited number of test seats.

It has been announced from Microsoft within the following tweet for instance.

Hello #WindowsInsiders, have opened up Skip Ahead again so those Insiders interested in trying out super-early builds from our dev branch. Note opt-in’s are limited and once Skip Ahead is full, you will no longer be able to opt-in. pic.twitter.com/Vy1J2bqakv

— Windows Insider (@windowsinsider) 30. Januar 2019

[German]Windows Defender anti-malware platform update KB4052623 from January 2019 prevents Windows 10 systems from starting with Secure Boot. In addition, an activated AppLocker blocks downloads. But there are workarounds for both issues .

First notifications of the issue

A few hours ago I posted the blog post Windows Defender with Update issues (01/30/2019)? on update issues with Windows Defender. These could have performance issues of the update servers as a root cause (I’m not sure). But within this article I also mentioned that another user reported boot issues with the update KB4052623. 

Windows Defender update (KB4052623) psbly causing problem with Boot Manager/Boot Loader startup on Server 2019. Repro’d in two Hyper-V environments. Only occurs after Start > Restart. Start > Shut down or Hyper-V Shut Down button no problem @mikael_nystrom @jarwidmark @NerdPyle pic.twitter.com/IFGQt7bLbV

— Troy L. Martin (@TroyMartinNet) 22. Januar 2019

This is an update for the Windows Defender antimalware platform, which was probably released on 28.1.2019. The user then noticed issues with the boot manager in a Hyper-V environment on Windows Server 2019.

A second confirmation by a reader

As a reaction to my blog post in English, a German user with the Twitter name @schätzer told me the following.

I believe I know the reason behind: https://t.co/bhx5N9mL6D We had approx. 100 clients that have not booted afterwards. #secureboot

— Schaetzer (@schaetzer) 30. Januar 2019

This user has about 100 clients that have ‘died’ due to the update and could not start after update install if Secure Boot is activated.

Microsoft confirms the issue

The user referred to the KB article KB4052623, which refers to Windows Defender on Windows 10 and Windows Server 2016 and discusses the update for the Windows Defender antimalware platform. The update is available since January 28, 2019 for:

• Windows 10 (Enterprise, Pro, and Home)
• Windows Server 2016

Within the KB article Microsoft meanwhile confirms a ‘know issue’ for this update. As soon as module version 4.18.1901.7 has been installed, Windows 10 clients no longer start when Secure Boot is activated. Microsoft is working on solving this problem and wants to release a fix in the future. 

A Workaround

If you are hit with this issue, try to deactivate secure boot on your Windows 10 clients an proceed the steps below.

1. On startup, invoke the BIOS/UEFI settings, disable the secure boot, and reboot the machine.

2. Once Windows 10 has been successfully restarted, switch to an administrative prompt and use the following command to remove the module version:

%programdata%\Microsoft\Windows Defender\Platform\4.18.1901-7\MpCmdRun.exe” -revertplatform

After that, wait a minute and then execute the following instructions in the administrative prompt. 

sc query windefend
sc qc windefend

The first command ensures that the Windows Defender service is running. The second command checks that Windows Defender no longer uses module version 4.18.1901.7. The machine must then be rebooted and the secure boot can be reactivated in the BIOS/UEFI. 

New path is causing AppLocker issues

Microsoft has changed the path to the updated Windows Defender module. This changed path blocks many downloads when AppLocker is enabled. To fix this issue,Microsoft suggests that you open the appropriate Group Policy. Then allow the setting of policies for the following path:

%OSDrive%\ProgramData\Microsoft\Windows Defender\Platform\*

This information can be found in KB Article 4052623.

Similar articles:
Windows Defender with Update issues (01/30/2019)?
Windows 7 Defender won’t receive updates (June 2018)
Windows 10 V1809: Defender shows wrong time
Windows Defender reports osk.exe as malware
Wrong language in Windows Defender Application Guard
Windows Defender in a sandbox