[German]Users of a Microsoft Surface Pro 7 suffer from the problem that the devices simply switch off. Causes are unknown, and workarounds do not work for all users.

I got back to the topic, via a tweet from German site Golem, who covered this issue within a separate article.

Microsoft: Surface Pro 7 fährt sporadisch ohne Grund herunter #Surfacepro7 https://t.co/EKFGFt50MH

— Golem.de (@golem) February 13, 2020

The problem: The Microsoft Surface Pro 7 devices running Windows 10 simply switch off sporadically during operation for reasons incomprehensible to the users. This becomes clear in this Microsoft Answers forum thread. The first post is dated 20 December 2019.

Surface Pro 7 shutting down randomly

If the device stays ideal for a minute it directly shuts down. I have checked all the sleep and power settings and that’s not an issue. I see this was an issue in previous versions too. Any fix?

Within a few days more users confirm the behaviour of the still new devices. The replacement of the devices by Microsoft support does not really seem to help. In a post a user explains that he has solved the problem for himself in this way:

My Surface Pro 7 issues are seems to be solved by adjusting sleep time and screen off time. No more shutdown and freezing of the screen. 

MS support offered to replace but I don’t think this is hardware issue. Will replace if problem occurs again.

In the power settings, he has adjusted the waiting time until the screen goes dark and from when the device goes into sleep mode. The following screenshot from the forum shows the settings.

(Source: MS Answers-Forum)

The thread on the Microsoft Answers forum already has four pages, and MVP Barb Bowman is also there as a community moderator to gather more details. There does not seem to be a solution yet. In this thread, a user complains about the same error and gets only helpless advice from the Microsoft moderators.

A German user, who also suffers from the bug, has contacted German site Golem. The shutdown is documented in the event log with an entry, there is no reason for it. MVP Barb Bowman has listed more forum posts about the problem in this MS Answers forum post. There is a vague hint that Microsoft is investigating the problem and working on a fix.

If you search the Internet for ‘Surface shutting down randomly’, you will find that this error is common to the entire Surface series and older models also had the error. Microsoft cannot get the problems under control. It’s like similar cases, like the screen problems with the Surface Pro 4 – for which I have published several blog posts. After Microsoft didn’t get this fixed, a German blog reader there came up with a working solution, which he described here. He installed Linux on the part and is happy since then – no more screen flickering at all. If I search for ‘Surface’ here in the blog, I come across a horror cabinet of cruelties.

Similar articles:
Surface Pro 7/Laptop 3: Fix for 640 x 480 Mode update issue
Surface Pro 7/Laptop 3: Update causes 640 x 480 Mode issue
Surface Laptop users trapped in Windows 10 S Mode
Surface Books and the swollen battery problem
Surface Pro 7: Firmware update for Battery and USB Dock
Surfaces Updates and Surface Pro 7 battery issues
Wi-Fi issues with Surface Pro 7/Surface Laptop 3 [Workaround]
Caution with Surface Pro 7 Wi-Fi driver
Surface Book 2: CPU- and dGPU issues fixed
Surface RT/Surface 2: Update KB4516067 revokes certificates

[German]Well, it’s only February 2020 – but Microsoft is already reminding people that support with updates for Windows 10 version 1809 will expire soon. Here are a few details about Windows 10 version 1809 end of life.

Through this post I became aware of the Microsoft support article 4541558 dated February 12, 2020. According to the Windows Lifecycle Information Sheet, Windows 10 version 1809 reaches the 18-month service end on May 12, 2020.

This applies to the Windows 10 variants listed below, which by the way were first released in October 2019, but then withdrawn again:

• Windows 10 Home Version 1809
• Windows 10 Pro Version 1809
• Windows 10 Pro for Education Version 1809
• Windows 10 Pro for Workstations Version 1809
• Windows 10 IoT Core Version 1809

In contrast, Windows 10 Enterprise and Windows 10 Enterprise Education, which is intended for enterprise use, will receive 30 months of support and will be supported until May 11, 2021. Once the end-of-life date is reached, the versions will no longer receive updates and will be forced to be upgraded to the next Windows 10 build via feature updates.

[German]Not only Windows 7 users may be affected by the recently reported shutdown blockade. Even those who are running Windows 10 could suddenly find themselves in a situation where Windows reports that they have no permission to shut down.

Some Background

It’s a short story: Since about February 6th, 2020, there have been Windows users who experience a nasty surprise when trying to shut down Windows. Initially it was only Windows 7 users who received the message:

You do not have permission to shutdown this computer

The shutdown procedure is denied. I had reported in detail about this in the blog post Windows 7 / 10 prevents shutdown / restart (Feb. 2020). A workaround is to log off and then use the shutdown function shown on the login page to shut down Windows 7. These details and a fix are described in the article above.

But Windows 10 users are also affected

Through my reports – also in the English language blog – I was informed by a user via the following tweet that the error can also occur under Windows 10.

Yes, it’s Adobe. And it isn’t just Win 7, look on a recently installed machine with Adobe CC. Hrm… pic.twitter.com/O81Awlgcae

— The Horne Depot (@hornedepot) February 11, 2020

This is suddenly a new quality, because before I only knew about people with Windows 7 SP1.

(*sorry for typos*) Anyway, all my clients are architects, so everyone is running into this issue–or, rather, everyone on Win 7 (a few here and there) and even some on Win 10, which is the bulk of our OSes. Clerical help, etc, ie non-adobe users…no issues.

— The Horne Depot (@hornedepot) February 11, 2020

In the above tweet the user states that many of his customers from the architectural sector are affected.

Three suspects so far

The exciting question for me now is, what is the cause of this error or what can trigger it. The problem cannot be fixed at a Windows update, because there were no updates in the period in question. From today’s point of view, three potential candidates are emerging:

• I have several confirmations (including comments here within my German blog), that the problems occur when the Adobe Creative Cloud (CC) is installed. The ‘Adobe Genuine Monitor Service’ for product verification seems to be causing the effect. Disabling the service fixes the problem (see also my Windows 7 / 10 prevents shutdown / restart (Feb. 2020)).
• On bleeping computers there is this user comment stating that BitDefender Total Security 2020 (probably updated on Feb. 6, 2020) causes these symptoms. Uninstalling the software solves the problem. I also encountered this on Microsoft Answers in a forum post. A more detailed discussion can be found here.
• In another forum post on Microsoft Answers someone claims that the update KB4503575 – Microsoft 4.8 Framework (dated January 15, 2020) causes the problem.

I can’t say if and which of the three mentioned candidates is responsible or if all three are causal. But maybe the clues will help affected people to dig in the right direction.

[German]Little addendum from the weekend. Microsoft has added an update KB4541091 for Windows 10 for Windows Insider. This raises the build to 19564.1005.

German blog reader Christoph W. had e-mailed me on Sunday morning and sent me the following screenshot. But he was offline and on the road (so only comments were enabled for mobile use).

On Sunday, the update KB4541091 for Windows 10 arrived on his machine, which is in the Insider program. This patch raises the build to the mentioned version 19564.1005. You can read about it in the Windows Blog:

After installing Build 19564.1000, Windows Insiders will be offered Build 19564.1005 (KB4541091) as a Cumulative Update via Windows Update. This Cumulative Update does not include any new code and is designed to help us test our servicing pipeline.

Microsoft has just released the Feature Experience Pack for Windows 10 X. It is an app that can be downloaded from the Microsoft Store.   

Windows 10 X is the new operating system that Microsoft is developing for dual screen devices. The Feature Experience Pack is available for Windows 10 X, which can currently be tried out via an emulator. New features for the operating system could be added later via the Feature Experience Pack.

Windows 10X Feature Experience Pack https://t.co/8owE9gmbkT

— WalkingCat (@h0x0d) February 17, 2020

The Windows 10X Feature Experience Pack was brought to my attention by the above tweet. It is a 2 MByte app that is available in the store. 

[German]Microsoft has just revised its driver update process. Hardware partners can now distribute drivers to Windows machines via Windows Update. In addition, a new settings page for Windows 10 will be added, where optional driver updates can be selected by the user.

I didn’t discuss it further here in the blog: But Microsoft experimented with Windows 10 insiders in late 2019. Occasionally, there was a new options page under the Windows Update settings, where optional drivers could be selected for installation. But the option disappeared again.

And in January 2020 I’ve published the blog post Windows 10: Microsoft allows feature and driver update blocks. There I explained some new features for hardware manufacturers. OEM partners have the possibility to block the distribution of feature updates if incompatibilities with drivers are known. Furthermore Microsoft has announced blocking intervals for the distribution of drivers from the manufacturers around the patchday or an OS rollout. This is to avoid collisions of driver updates with Windows updates or function updates.

Manufacturers can ship drivers via Windows Update

Delivering drivers and updating them can be a complicated story. In addition, there are several ways to roll out or update drivers for Windows (through driver updaters, via Windows Update, or manually by the user). Therefore, Microsoft has established a new mechanism for the distribution of drivers by hardware partners and announced its availability in this Techcommunity article. 

All hardware partners of Microsoft now have the opportunity to submit drivers to Microsoft for distribution via Windows Update. The publication can be specified by the partner as ‘Automatic’ or ‘Manual’. Publishing via Windows Update makes it easier to obtain the drivers, not only for users. The Microsoft driver distribution mechanisms provide partners with new possibilities.

In the future, partners will be able to roll out drivers to specific machines in waves. This mechanism is currently known from function updates, which are also rolled out in waves by Microsoft. In the case of drivers, this step-by-step rollout should enable partners to detect problems earlier and take corrective action if necessary.

Automatic or manual publication

When submitting the drivers, partners can specify whether this should be distributed and installed automatically or manually. If the ‘Automatic’ publishing option is specified by the partner, the driver is distributed as a Critical Update (CU) via Windows Update. At the same time, Microsoft also offers the driver as a dynamic update (DU). These updates can be requested during setup or when resetting Windows 10.

In a manual delivery, the user can select the drivers for installation. To do this, there will be a page for optional driver updates in the settings under Windows Update (see figure). Checkboxes allow the user to select which drivers to download and install when the button is selected.

Currently, I am not sure in which Windows 10 versions this optional page is available. Windows 10 version 2004 will provide this option, I assume. On my test machine with Windows 10 version 1909 I don’t see anything yet. Whether there will be a backport for older Windows 10 versions that can be upgraded is open. I have asked Microsoft in the Techcommunity article, but have not received an answer yet. Further details, including what changes will be made to the API for hardware partners when submitting drivers, can be found in the Techcommunity article.

[German]Just a short note for Windows 10 user. It seems that Microsoft is foring now also German users of Windows 10 Home Edition to create a Microsoft Account during setup.

First attempt at Microsoft account enforcement

At the end of September, the topic was already popped up at the Windows 10 Insider Preview Build 18363. A US user had noticed that he couldn’t set up a local user account when reinstalling Windows 10 Home Preview in this build. He was practically forced to create a Microsoft account during setup. He had posted this behavior on reddit.com, but I hadn’t posted a blog post about it, because only US users were affected and it was an Insider Preview.

But already in November 2019 the topic came up again here in the blog in the post Windows 10 V1909: Missing local user account during setup. But it wasn’t really tangible, it probably affected US users who reinstalled Windows 10 Home and suddenly had no option to create a standard user account in the setup wizard. There was still talk of an A/B test and I wrote:

So the conclusion: Microsoft’s swerve does not {probably] affect European users so far, or at least not on a broad front. The sense of the whole thing remains obscure to me as an observer. Actually, Microsoft’s management announces at every opportunity ‘We want to be as open and transparent as possible’ – the current action is exactly the opposite. The bottom line is that a new unit of measurement for ‘Bangemann’ – defined by Microsoft as ‘the distance between two Windows 10 flops’ – is emerging for me – or what do you think?

Meanwhile I have to admit that I am overtaken by reality on the right side.

Microsoft account enforcement for German users?

My colleague Martin Geuß has just taken up the subject on German site Dr. Windows. His finding: If you grab installation media from Microsoft’s Windows 10 Home Edition and set up a system, you will now be forced to set up a Microsoft account during setup if you have an existing Internet connection. The option to create a standard account instead no longer exists.

This is what happened to Martin when he wanted to install systems with Windows 10 Home in his family circle. The option to create an offline account was missing. Instead, there was an information page that indicated via the hyperlink Further Information that the set up Microsoft account could be removed later. Here is the German info text:

Mit einem Microsoft-Konto anmelden

Einfach anmelden und loslegen!

Nehmen Sei Ihre Lieblings-Apps und Ihre Sicherheits- und Voreinstellungen einfach auf einem beliebigen Gerät mit, wenn sie sich mit Ihrem Microsoft-Konto anmelden.

Durch die Anmeldung mit einem Microsoft-Konto müssen Sie Ihren Benutzernamen und Ihr Kennwort weniger oft eingeben, und gleichzeitig werden Schutz und Sicherheit ihrer Daten erhöht. Sie können Ihr Microsoft-Konto außerdem verwenden, um Ihre Dateien, Fotos und mehr ohne jeden Zeitverlust auf Ihrem PC sowie auf iOS- und Android-Geräten bereitzustellen. Melden Sie sich einfach einmal an, und wechseln Sie problemlos zwischen Ihren bevorzugten Microsoft-Diensten.

Gute Nachrichten – wenn Sie schon Office365, Xbox Live, OneDrive oder Outlook.com genutzt haben, verfügen Sie möglicherweise bereits über ein Microsoft-Konto.

Wenn Sie es vorziehen, Ihrem Gerät kein Microsoft-Konto zuzuordnen, können Sie es entfernen. Schließen Sie die Installation von Windows ab, klicken Sie auf die Schaltfläche Start, und wechseln Sie zu Einstellungen > Konten > Ihre Informationen. Wählen Sie dann ‘Stattdessen mit einem lokalen Konto anmelden’ aus.

It praises the advantages of an online account, but says also, that the user is able to delete the forced Microsoft account after installation and change it to a local account.

Final thoughts

A power user may circumvent this by simply disconnecting the machine from the Internet during the setup of a Windows 10 system. Then the option to create an ‘offline account’ is still provided. But I find Microsoft’s approach particularly perfidious – because users who deliberately want a standard account without Microsoft connection are now forced to create a Microsoft account or have to use additional tricks. This can be downgraded to standard afterwards. But the approach is clear: laziness wins, a user who finally gets his Windows 10 up and running will not.

BTW: In Windows 10 Pro and in corporate environments, the above detour is not an issue, there an administrator can assign the accounts as he needs them.

On February 20, 2020 Microsoft released a new Windows 10 Insider Preview Build 19569.1000 in the Fast Ring. Within the Windows Blog Microsoft lists the changes, bug fixes and known issues of this build.

Oh, and I need to mention: We have a ‘killer feature’ – after 4 years Microsoft has found out that new icons in the Fluent design are needed. And it seems that Microsoft is running out of space in their blogs, because if they announced this new feature on medium – it’s now reflected as a top news in many websites all over the world – what the fuck.

Windows 10 build 19569 brings in Secure Encrypted Virtualization (SEV) Secure Nested Paging (SNP) (tfs/vso 23356523)

More info https://t.co/NBGfbsjRXg

— Rafael Rivera (@WithinRafael) February 20, 2020

Addendum: The real beef has been mentioned by Rafael Rivera in a series of Tweets. This build comes with support for Secure Encrypted Virtualization (SEV) Secure Nested Paging (SNP). There is more, as he tweeted here.

[German]A German blog reader has pointed out recently a problem with Windows 10 and Windows Server 2019 regarding poor network performance (low throughput) in connection with Hyper-V guests (but also on bare metal Windows 10 clients without virtualization). The reason is a change by Microsoft in the TCP stack, which causes problems. I’m preparing this in an article, because there is a simple solution in form of PowerShell scripts.

Blog reader Flying Sorcerer wrote me the days by email to address the issue (thanks for that).

Since I haven’t found it anywhere else, here’s a hint.
A colleague asked me at the beginning of the week about problems with server 2019 and hyper guests in the network area.

After a somewhat longer search I came across two threads.
Microsoft has made some crap in Server 2019 and Windows 10 since 1709…

The blog reader then sent me various links with places to be found on the web, which deal with the low network throughput of Hyper-V guests on the mentioned operating system platforms.

This problem exists with Hyper-V guests

If a guest operating system under Microsoft’s Hyper-V virtualization solution is set up on a host running Windows 10 (version 1709 or higher) or Windows Server 2019, the network throughput for Hyper-V guests is extremely modest. On German site administrator.de someone has already taken up this issue in spring 2019 within this post. Here is an excerpt translated in English:

I have a problem here with extremely slow network connections from multiple VMs.

Hardware are two almost identical new machines (MB Supermicro X11SPM-F with 2x 1 GB Intel X722 onBoard NIC and sep. IPMI, Intel Xeon Silver 4110, 96 GB RAM, local SSD storage, as far as nice) on each of which Windows Server 2019 hrs with activated Hyper V role as host is installed.

Drivers are all original from the manufacturer what Supermicro provides (Intel MB chipset, Intel Pro 23.2 and others). The machines have a sep. IPMI NIC, the first X722 NIC from the server I use for the Hyper V management interface, the second as HV switch for the external connection of all VM. .

• When I install Windows Server 2019 hrs. in a VM everything is fine, everything runs as it should.
• If I install Windows Server 2016 hrs. or Server 2008R2 hrs. in a VM on the host, these VMs have a very slow connection to other physical hosts.

Between the VMs the transfer rate is as desired (iperf. almost 10 GBit/s), from the VM to the host as well (since this is done externally via a switch only about 1 GBit/s […].

To the physical computers on the outside – in the real network – I only get 5-10 Mbps on one machine and 20-120 Mbps on the other, with a strongly fluctuating tendency – depending on the machine.

The affected person has tested some things in the laboratory, and his conclusion is: As soon as a Server 2019 runs as Hyper V on the host, and in a VM the guests are not Windows Server 2019 (he tested it with Windows Server 2016 and Windows Server 2008 R2), the network connection of this VM via the onBoard NIC Intel X722 to the outside is extremely slow. But the CPU performance does not increase either, there are no error packets at the hardware switch, but there is no network throughput.

Temporary solution: separate PCIe NIC

The affected person then solved the problem temporarily by installing another separate physical PCIe NIC (a simple Intel i210) on the host. He tied this NIC to a Hyper-V switch and allowed all VMs with their guests to run over this switch network-wise. In this scenario the network throughput is as desired.

A second case

The blog reader pointed out, that in mid-January 2020 another affected person documented this problem on Spiceworks. There was a lot of testing and documentation published. The following figure shows a protocol of the network throughput. 

(Source: Spicework)

Then the person concerned came up with the glorious idea of disabling Virtual Receive Side Scaling (vRSS) on the server and on the client. Then he deactivated Receive Segment Coalescing (RSC) on the Windows Server 202012. And suddenly he got the expected values for network throughput between Hyper-V guests and the host. .

In further steps he then came up with how to optimize network throughput in Windows Server 2019 (and Windows 10) as a Hyper-V host. The problem is due to a significant change in the TCP stack by Microsoft (keywords: CongestionProvider, CUBIC, see also this Spiceworks post with PowerShell output). 

Solution via PowerShell Script

After many tests the affected person wrote a powershell script called “THE HOLY NGIS VM-WS2019 NETWORK BACK OPTIMIZATION SCRIPT V1.0” and published it on Spiceworks (a slimmed down version can be found at German site administrator.de). 

The script has to be executed on Windows Server 2019 acting as host via Run as Administrator. It resets various network settings so that Microsoft’s mechanisms no longer work. The network throughput then reaches the desired speed.

The creator notes that this should not be used in running productive environments. Because the PowerShell script restarts the NIC. Therefore a restart of the server is necessary to make all changes effective. However, this is something you would rather not do in a productive Windows Server environment. Also note this post from a Microsoft representative with additional information.

It also affects Windows 10 machines without Hyper-V

In an addendum, the blog reader notes that this network throughput problem also affects simple Windows 10 clients from version 1709 onwards due to the ‘optimized TCP stack. He writes about this:

We had here the case that we copied from client to client with 80 KB (!!!) data, after execution of the PowerShell script from Administrator.de (the Windows 10 version) with 80 MB…

The script in the english forum is for Server 2019 (Server, Hyper-V and guests), the one in the german forum is for Windows 10.

A PowerShell script for Windows 10 hosts which solves the problem was published by user MysticFoxDE at administrator.de. My thanks to the blog reader for the hint. Maybe he helps the one or other server administrator or annoyed Windows 10 power users.

Similar articles
Patchday: Windows Server 2008 R2 boot in Recovery mode
Windows Server 2012 goes into update loop
Pending Update Issue with Windows Server 2012
Windows Server 2016: Security-Bug in Profile Security Settings

[German]Quick question to end the ‘after-patchday’ week (2/21/2010): Did any of you Windows 10 users get the update KB4023057? And if so, were there any issues?

The zombie comes in the form of a new version of the reliability update KB4023057 for Windows 10, Version 1507 till Version 1809.  I have seen on askwoody.com gesehen, that it will probably roll out again for Windows 10 version 1809 and earlier. The KB article has been updated to February 19, 2020.

Update KB4023057 is well known

Update KB4023057, titled ‘Update to Windows 10, versions 1507, 1511, 1607, 1703, 1709 and 1803 for update reliability’, is cyclically re-released by Microsoft. It is available for Windows 10 V1507 (RTM version) up to version 1803 (but not for version 1809 upwared). Microsoft writes within the support article that this update brings improvements in the reliability of the Windows Update service.

This update includes reliability improvements to Windows Update Service components in Windows 10, versions 1507, 1511, 1607, 1703, 1709, and 1803. It may also take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

This update includes files and resources that address issues that affect the update processes in Windows 10 that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows 10.

This is in fact the same text as for the previous releases. So Microsoft leaves its users pretty much in the dark as to what exactly is to be improved in detail. But the update is also available in Microsoft Update Catalog – but as an old version from August 2019.

What you should know about the update

It should be noted that Microsoft does not distribute this update in corporate environments. What I also find strange are the Windows 10 versions 1507, 1511, 1607, 1703, 1709 and 1803 mentioned by Microsoft in the blog post to which this update applies. But Windows 10 versions 1507 through 1703 will only get updates in the Enterprise versions (see my blog post Patchday Windows 10 Updates (May 14, 2019)). So it might be an attempt, to upgrade these old systems to Windows 10 Version 1903.

The update deeply interferes with the existing Windows 10 installation, cleans user-set update blockers, creates free disk space on the system drive if necessary, resets the network connection and more. More details about this cyclically released update can be found in the article Windows 10: Update KB4023057 re-released (02/14/2019). Another special feature is that this update is installed as an app and may cause installation errors (see my older blog post Windows 10: Update KB4023057 re-released (01/16/2019)).

Similar articles:
Windows 10: Update KB4023057 released (Dec. 7, 2018)
Windows 10 reliability update KB4023057 (02/08/2018)
Windows 10: Update KB4023057 re-released
Windows 10 Updates KB4295110/KB4023057 (08/09/2018)
Windows 10: Update KB4023057
Windows 10: What is REMSH.exe for?
Windows 10: Update KB4023057 released (Sept. 6, 2018)
Windows 10: What are Rempl.exe, Remsh.exe, WaaSMedic.exe?
Windows 10: Update KB4023057 re-released (01/16/2019)

[German]ACROS Security has ported its micropatch for the CVE-2020-0674 vulnerability in Internet Explorer to Windows 10. In addition, a test page has been set up where users can test whether the micropatch has closed the CVE-2020-0674 vulnerability in Internet Explorer.

The Internet Explorer vulnerability CVE-2020-0674

Microsoft has issued advisory ADV200001  on a 0-day vulnerability (CVE-2020-0674) in Internet Explorer on January 17, 2020. A memory corruption vulnerability exists in the scripting engine that is also used by Internet Explorer. When objects are executed by the Scripting Engine in Internet Explorer, memory overflows or corruption may occur. As a result, attackers can use prepared Web pages to corrupt IE’s memory in such a way that remote code can be infiltrated and executed.

An attacker who successfully exploited the vulnerability would only be granted the same user rights as the current user. However, if the current user is logged on with administrative user rights, the attacker has the option of taking control of an affected system. An attacker could then install programs, display, change, or delete data, or create new accounts with full user rights. The vulnerability affects IE 9, 10, and 11, and affects virtually all versions of Windows (since Internet Explorer is included as a browser).

Windows 10 Bugs in February Update prevents patch

Microsoft has closed the vulnerability as of February 11, 2020, with the Internet Explorer security update KB4537767 for Windows 7/8.1 and various cumulative updates for Windows 10 (see also Internet Explorer Security Update KB4537767 (Feb. 2020) and Patchday Windows 10-Updates (February 11, 2020)).

However, some users cannot install the February 2020 cumulative update on Windows 10 V1903 and 1909. This is because the update causes users to be logged on with a temporary user profile. The system can no longer be used afterwards. If you cannot solve this problem, you have to block the security update – it is therefore protected when using Internet Explorer.

0patch solution for affected Windows 10 users

The vendor Acros Security had already released an 0patch solution to close the CVE-2020-0674 vulnerability before Microsoft released the security update. After reporting the problem of user profiles in conjunction with the cumulative updates for Windows 10 version 1903/1909, Acros Security responded.

In light of functional issues with latest Windows 10 v1903/v1909 cumulative update, and due to high risk of exploitation, we have ported our micropatch for CVE-2020-0674 to these Windows 10 versions to protect users who decided to delay application of this update. (PRO only) https://t.co/1sLcNqk9qi

— 0patch (@0patch) February 21, 2020

0patch has ported the micropatch for the CVE-2020-0674 vulnerability for Windows 10 version 1903 and version 1909. Windows 10 users who do not want to install a cumulative update of the above issues can put it on hold. Instead of the Microsoft update the micropatch is available for all 0patch subscribers (also Free subscription) to close the vulnerability. I reported about the patch for Windows 7 in the blog post 0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674.

If Windows Servers are affected by the above issue: Kaspersky states on this page that they are protected by Kaspersky Security 10.x against the CVE-2020-0674 vulnerability.

0patch has set up an IE test page

To test whether Internet Explorer on a system is protected by the 0patch micropatch, people have set up a test page.

We also set up a test web page for our users to check if micropatch for CVE-2020-0674 is properly getting applied on their computers. Note: must visit with IE11 on Windows 7, Server 2008 R2 or Windows 10 v1903/v1909. https://t.co/NenaYm8HKg

— 0patch (@0patch) February 21, 2020

If this is called up in Internet Explorer 11 under one of the mentioned operating systems, a display is shown with the information whether the browser is protected.

In the figure above, the test page reports that the micropatch is not present – which is correct. However, I installed the IE 11 security update from February 11, 2020 on the machine – so it is protected.

Additional Informationen about the IE 11 Test

After writing the article (it was night here in Europe) I asked Mitja Kolsek what they were testing and why the IE 11 with ESU patch came back with the result shown above. Here is his answer:

Our test page executes a sort(sortfunction) function on an array [2,1,3] and checks the result: if the result is [3,2,1] then the sortfunction was used, which means our micropatch (which blocks this functionality) was not in place. If the result is [1,2,3], our micropatch did its job and prevented the use of sortfunction.

However, if you have February 2020 updates applied, it’s safe to allow sort(sortfunction) to execute and our micropatch doesn’t get applied.

This is explained in the text of the test page and we also added “(unless you visited this page on Windows with February 2020 or later updates applied)” to the “You’re vulnerable” message to avoid confusion. I hope this clears it up?

Thanks, Mitja

Sounds logical and is logical. And in an addendum, he writes:

If we wanted to create a generic online test for CVE-2020-0674, we’d have to publish a POC (which would crash a vulnerable browser, but not a not-vulnerable one), but that would also help attackers and we want them to have to do the extra work. We have no ideas on how to make a generic test without effectively publishing a POC.

That too is logical for me and very easy to understand.

Similar articles
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
Internet Explorer Security Update KB4537767 (Feb. 2020)
Microsoft Security Update Summary (February 11, 2020)
Patchday Windows 10-Updates (February 11, 2020)
Patchday: Updates for Windows 7/8.1/Server (Feb. 11, 2020)

[German]Here’s an article about App-V and a problem that publishing App-V applications fails because a UserConfig file is used. Windows returns the error code 0x0FD0A725-0000000057 in the log file when the App-V packages are delivered.

What is App-V?

The abbreviation App-V stands for Microsoft Application Virtualization and is Microsoft’s solution for application virtualization. The applications are streamed from a server to a client in a virtualized way and then executed in a virtual environment in a sandbox. The Wikipedia has some explanations on this topic.

The advantage is that you can start on an almost ‘software-free’ computer and access all App-V applications provided by the server without having to install anything. Only an App-V client is required, which has to be installed on the computer. In addition, a fast network connection should be available to load the application into the sandbox. However, the user can already use the application shortly after the start of the stream, as additional program parts are loaded in the background.

The virtualized applications can be Win32 applications. The whole thing is available in the Enterprise versions from Windows 10 version 1607. Microsoft has published some documentation about App-V.  The applications (App-V package) are made available via MSI files (MSI = Microsoft Installer format), which are then loaded by the App-V client. This Microsoft document contains some information about deploying App-V packages, which includes configuration files, reporting files, and so on, in addition to the MSI file.

App-V publishing fails due to UserConfig file

As it looks now, there are occasional problems with App-V deployment failing because of the UserConfig files used. Microsoft has probably received some reports from customers in late 2019 that application publishing fails when using a user configuration file applied to these packages. The following tweet refers to this issue.

New #AppV blog from SGERN – App-V Publishing Fails If You Apply UserConfig Files – https://t.co/UuTaMUw0EY

— Steven Thomas #Windows10 #AppCompat #WaaS #MSIX (@madvirtualizer) February 21, 2020

If the publication fails when using a UserConfig file in the App-V management console, the following entry is found in the detailed log files:

5756 [7]14D4.4320::12/10/19-08:28:34.9973489 [Microsoft.Windows.AppMan.AppV] LOGLEVEL=1, MESSAGE=Catalog: Failed to set the last modification time on policy file ‘C:\Users\sgern\AppData\Roaming\Microsoft\AppV\Client\Catalog\Packages\{1D45F06B-874D-4A85-86EF-2330B430E47D}\{DB5DE6F6-15E8-4932-A7CF-2DA12EA5B068}\DynamicConfiguration.xml. Error code: 0x0FD0A725-00000057, FUNCTION=AppV::Client::Catalog::DocumentStoreImpl::SavePolicyDocumentToFile, LINENO=1078, UTCReplace_AppSessionGuid=true

Windows returns the error code 0x0FD0A725-0000000057, which means “Wrong parameters”. After some research, Microsoft specialists were able to outline the problem, the root cause and the solution for this error.

In short summary: It is related to timestamps and a change in SQL Server 2016 and higher versions, where a time field is filled with values between 1-9 instead of zeros. Sebastian Gernert, Escalation Engineer for App-V, has published a separate article about this in the Techcommunity, which deals with the details. There are workarounds that Gernert describes. Maybe it helps if someone in the enterprise environment runs into this bug.

Intel has released a new HD graphics driver for the GPUs of various CPUs. It raises the version to 26.20.100.7870 and is available for Windows 10. You can download it here, a description of the changes can be found at softpedia.

[German]Administrators who are customizing Windows 10 operating system images and distribute them using SCCM should be careful. There is probably a pitfall can cause trouble, when integrating 2020 updates into an image.

I’m going to pull out an information that German blog reader Hauke Buder had briefly linked in the discussion area of my German blog – since the comments will be deleted within my discussion section after a while (the discussion section is provided for comments not related to topics I covered already with articles). And English reader won’t catch, what Hauke wrote within his comment. So I’ve compiled and translated, what Hauke wrote:

Since I haven’t read about it here yet and had pain, a link to my 5-6 reader blog about 2020 Win 10 updates and Windows installation, since there are a few more people reading it here who might find it helpful.

Hauke has linked to his German blog post. German blog reader HessischerBub has added:

I mean to have read forum posts about Windows 10 1909, WSUS and not installed updates.

After switching from Windows 10 1809 to 1909 I have now computers where you first have to click on the Download and install link in the Windows Update page, before the updates are installed. This does not happen with the other clients with 1809 and 1903, there download and installation of updates is applied automatically.

To to spread the words broader about the topic, which Hauke raised in his blog post, here are some details I prepared. Maybe it’s helpful for affected people.

Some Background details

The blog reader currently uses the System Center Configuration Manager SCCM version 1910 to manage updates and system images. The also tries to integrate cumulative updates released by Microsoft for Windows 10 into the images.

However, with the Windows 10 November 2019 update (version 1909), he went into serious issues. He tried to integrate the updates released in 2020 into the system image. Afterwards, however, in SCCM (1910), according to his experiences (documented in this blog post) the task sequences hung in the section “Setting up Windows and ConfigMgr”.

Because he had done some work on CAs (certificates) and group policies at the same time – troubleshooting became a bit difficult. Hauke suspects that the problem is related to certificate requests and does not occur with pure HTTP installations of SCCM.

What worked for him

In his blog post, Hauke Buder then writes that creating a new operating system image with all integrated updates up to and including December 2019 will result in the task sequence working properly again.

He mentions that there was already a similar issues with Windows 10 version 1803. At that time, his Windows 10 clients still communicated via HTTP instead of HTTPS in test environments – and were probably not affected by the bug. But in production mode they will use communication over HTTPS, so there are the problems mentioned above.

This bug in Windows 10 version 1803 was, according to Buder, only fixed in Windows 10 October 2019 Update (version 1809). Hauke Buder’s prognosis is therefore: For a solution, it will probably be “Wait for 2003” – by which he means the release of Windows 10 Version 2004 this spring.

Similar articles:
LDAP Channel Binding: Change is coming 2nd half of 2020
Sophos SafeGuard Enterprise and LDAP Channel Binding
Patchday: Issues with SCCM, McAfee & Crypt32.dll (Jan 2020)?
Windows 10: SSU issue addressed in SCCM UserVoice
Microsoft Desktop Analytics for SCCM available
June Update KB4503276 blocks PXE boot on SCCM DPs
Windows 7 upgrade to Windows 10 with SCCM fails on OEM

[German]Strange behavior: Windows 10 reports, that no Internet connection is available. However, users can surf the Internet with a web browser and viee web pages without any problems.

Blog reader Martin U. drew my attention to the problem, which I take up in this blog post, by mail with the subject Internet despite the display “No Internet” in WIN10 (thanks for that).

‘No Internet’ error message, although surfing works

Background is this Microsoft Answers forum thread from January 30, 2020, where a user writes:

DNS manually assigned – now win10 thinks there’s no internet. But it works while surfing.

As soon as I enter manual DNS server addresses in the IP4 protocol of the network adapter, WIN10 believes after restarting that there is no internet connection.

Bottom right globe with prohibition sign. Spotify reports offline etc. But I can surf the internet very fast with all browsers.

I set the DNS server address back to automatic, restart, Internet is displayed and everything works.

The manual DNS servers are much faster, so I would like to use them.

My question. Why does WIN10 claim that there is no internet with manual DNS servers or how does it recognize manual DNS addresses?

The user was a bit perplexed at this point and asked if anyone else had a trick / tip for him.

Blame a Registry entry

In the forum thread, the user later reported and suspected that probably a registry entry in the key:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NlaSvc\Parameters\Internet

will cause this behavior. And on January 29, 2020 there was a resolution that the DWORD value EnableActiveProbing = 0 was set. This deactivated the respective test of Windows on manually set DNS addresses.

When the registry value was set to EnableActiveProbing = 1, manual DSN server addresses could be entered after a restart and the Internet display worked again. Maybe it helps someone.

[German]Exciting story: It seems possible to pause Updates in Windows 10 Version 1903 and 1909 for more than 35 days. This works for the Home version, but also for the Pro version. 

Pausing Updates in Windows 10 V1903 and above

Starting with Windows 10 May 2019 Update, Version 1903, Microsoft grants its users the option of deferring quality updates by 5 x 7 days (35 days) in both the Home and Pro versions.

(Update options in Windows 10 V1903)

Just click on the settings Windows Update page on the entry Pause update for 7 days. Click on Advanced options on the same page to go to the next page with the same name. On the Advanced options page, users are then offered the settings shown below. 

Advanced update options in Windows 10 V1903

I’ve discussed this briefly within my German blog post Windows 10 Home bekommt wohl ab V1903 Update-Pause. But once the maximum interval of 35 days is reached, you can’t extend the period, can you?

In Windows 10 Pro there is the possibility to use Group Policy with gpedit.msc under Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update to control updates. Allows you to defer quality and feature updates up to 35 or 365 days. I’ve discussed things within the blog post Windows 10 V1903: The ‘broken’ defer update options. I think that Microsoft has patched something there in the meantime, but I haven’t followed it in detail anymore. 

Tip: Reset the update delay interval

Once a user has activated the update pause, he will notice at the end of the pause interval, that this period cannot be extended. You can’t get beyond the 35 days – because Microsoft has built in a lock.

We have an anonymous post that seems to include a method for exceeding the 35-day “Pause updates” limit for Win10 1903 and 1909. Clever trick. Can you confirm? https://t.co/W8muoGsKEZ

— Woody Leonhard (@AskWoody) February 24, 2020

I just stumbled across the above tweet from Woody Leonhard. An anonymous user has found a trick how to reset this 35 day period and set a new 35 day interval. Woody describes it like this in this post:

1. As soon as you are close to the end of the 35-day update pause interval, you should disconnect the Internet connection.

The tipster uses the Metered Connections mode in its Windows 10 and puts the machine into Airplane mode to prevent contact with the Microsoft Update servers. I think it is sufficient to disconnect the LAN cable or temporarily disable the network connection.

2. Then navigate to the Windows Update page in the settings and click on the button Resume Updates (see the German screenshot above).

Then the start date of the 35-day period is reset and you can schedule again such an interval. Works for Windows 10 190x Home and Pro – here some users confirm this. If it works, perhaps you can give us a feedback. 

Similar articles:
Windows 10 May 2019 Update brings back Update control
Windows 10 V1903: The ‘broken’ defer update options

[German]On February 25, 2020, Microsoft released a monthly preview rollup for Windows 8.1 as well as optional updates for older Windows 10 versions.

Updates for Windows 10

These are so-called C-Week Updates, which are released as optional updates in the third week of a month. A list of the updates can be found on this Microsoft website. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001 (if it is not up to date, check the Microsoft Update Catalog for Servicing Stack Updates).

Update KB4537818 for Windows 10 Version 1809

Update KB4537818 raises the OS build (according to MS) to 17763.1075 and includes improvements and bug fixes but no new operating system features. Here is the list of improvements:

• Addresses an issue that prevents the speech platform application from opening for several minutes in a high noise environment. 
• Improves the accuracy of Windows Hello face authentication. 
• Improves Urlmon resiliency when receiving incorrect Content-Length for a PeerDist response. 
• Addresses an issue that might prevent ActiveX content from loading. 
• Addresses an issue that might cause Microsoft browsers to bypass proxy servers. 
• Improves the battery performance during Modern Standby mode. 
• Addresses an issue that causes the power dependency coordinator (PDC) driver to unnecessarily drain the battery in certain scenarios. 
• Addresses an issue that prevents a user from upgrading or uninstalling some Universal Windows Platforms (UWP) apps in certain scenarios. 
• Addresses an issue that causes attempts to take a screenshot of a window using the PrintWindow API to fail. 
• Addresses an issue that adds an unwanted keyboard layout as the default after an upgrade or migration even if you have already removed it. 
• Addresses an issue that fails to return search results in the Start menu Search box for users that have no local profile. 
• Addresses an issue that causes the installation process to stop when installing Windows on a VMware guest machine that has a USB 3.0 hub attached. 
• Addresses an issue in which re-running PowerShell workflows might fail with compilation errors for long sessions. 
• Improves Event Forwarding scalability to ensure thread safety and increase resources. 
• Addresses an issue in the Windows activation troubleshooter that prevents users from reactivating their copy of Windows using the product key stored in their Managed Service Account (MSA). 
• Addresses an issue that generates an “unknown username or bad password” error when attempting to sign in. This occurs in an environment that has a Windows Server 2003 domain controller (DC) and a Windows Server 2016 or later DC. 
• Addresses an issue with sign in scripts that fail to run when a user signs in or signs out. 
• Addresses an issue that continues to collect IsTouchCapable and GetSystemSku data when they should no longer be collected. 
• Addresses an issue that might cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd). 
• Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically. 
• Addresses an issue that prevents some applications from printing to network printers. 
• Addresses an issue that causes the wrong printer name to be selected when you click the Print button in the SQL reporting service.  
• Addresses an issue that might cause a printer to be a hidden device in Device Manager after a restart. 
• Addresses an issue that prevents the Background Intelligent Transfer Service (BITS) from downloading files; the error is “0x80190191.” 
• Addresses an issue that causes the Windows firewall to drop network traffic from Modern apps, such as Microsoft Edge, when you connect to a corporate network using a virtual private network (VPN). 
• Addresses an issue that causes Host Networking Service (HNS) PortMapping policies to leak when the container host is reinstated after a restart. 
• Addresses an issue that causes some systems to stop responding when operating embedded MultiMediaCard (eMMC) storage devices. 
• Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears. 
• Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group. 
• Addresses an issue that causes the Local Security Authority Subsystem Service (LSASS) to stop working and triggers a restart of the system. This issue occurs when invalid restart data is sent with a non-critical paged search control. 
• Addresses an Open Database Connectivity (ODBC) issue that causes an infinite loop in the retry logic when there are several lost connections in the connection pool. 
• Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.” This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests.
• Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request. 
• Addresses an issue that prevents Server Message Block (SMB) Multichannel from working within a cluster network that has IPv6 Local-Link addresses. 
• Addresses an issue that might cause Storage Migration Service inventory operations on a Windows Server 2003 source computer to fail in clustered environments.
• Addresses an issue in which canceling a deduplication (dedup) job to rebuild hotspots prevents other deduplication PowerShell commands from responding. 
• Addresses an issue that causes window ordering to fail after displaying tooltips in the RemoteApp window. 
• Addresses an issue in which the Remote Desktop (RD) Licensing Diagnoser shows an incorrect version of the Remote Desktop Session Host (RDSH) and the Remote Desktop Licensing Server (RDLS).
• Addresses an issue with certificate validation that causes Internet Explorer mode in Microsoft Edge to fail.

At a glance I noticed fixes for the update error 0x8019019 in the BITS service, as well as for printing problems (printers disappear). Also an ODBC error was corrected.

This update is optional and can only be downloaded and installed after a search in Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system before you install the latest cumulative update (LCU). Microsoft lists several known issues that this update causes. For details, see the KB article.

Microsoft has also released an update directly to the Windows Update Client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates are not blocked by GPO

Updates for Windows 10 Version 1507 till 1803

For Windows 10 RTM up to version 1803, various updates are available for the LTSC versions and, if necessary, the Enterprise versions. The Home and Pro versions, however, have been dropped from support. Here is a short overview. 

• Windows 10 Version 1803: Update KB4537795 is only available for Enterprise and Education. The update raises the OS build to 17134.1345. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1709: Update KB4537816 is only available for Enterprise and Education. The update raises the OS build to 16299.1717. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4537806 is now available only to Enterprise LTSC. The update raises the OS build to 14393.3542. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.

There was no update for other Windows 10 versions. In case of doubt, details about the above updates can be found in the respective Microsoft KB articles

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a Preview Monthly Rollup has been released. The update history for Windows 8.1 can be found on this Microsoft page.

KB4537819 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4537819 (Preview of Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes from the latest updates and a preview of the March 2020 updates. The preview update addresses the following issues. 

• Addresses an issue that might prevent ActiveX content from loading.
• Addresses an issue that causes a system to stop responding when unmounting a volume.

This update is offered and installed via Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. In case of a manual installation, the latest Servicing Stack Update (SSU KB4524445) must be installed before. 

It’s not know, whether this update fixes the issue described in article Windows 8.1: Update KB4537821 kills also user profiles has been fixed. The update also has a know issue.

Certain actions, such as renaming, that you perform on files or folders that are located on a cluster shared volume (CSV) may be affected by the

“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”

fail. This occurs when you perform the action on a CSV owner node from a process that does not have administrator rights.

See the KB article for details.

Similar articles:
Patchday Windows 10-Updates (February 11, 2020)
Patchday: Updates for Windows 7/8.1/Server (Feb. 11, 2020)
Patchday Microsoft Office Updates (February 11, 2020)
Windows 10: Update KB4524244 pulled

[German]Microsoft has begun with the rollout of the Chromium-based Edge Browser via Windows Update. Currently it only affects Windows Insider in the Release Preview Ring. The browser will be rolled out on more machines in the coming weeks.

Microsoft released a new security update for the Chromium Edge last night, which closes several critical vulnerabilities (see Security Update: Edge 80.0.361.62 released).

Edge rollout via Windows Update to Insider

I hadn’t noticed it – but the colleagues here spotted it: Last night, the Windows Insider team announced on Twitter that they had opened the floodgates to the Chromium Edge.

Heads-up #WindowsInsiders, we have begun rolling out the new #MicrosoftEdge to the Release Preview ring. See this blog post from @kylealden with more info on Windows Update rollout plans: https://t.co/lLOKhUtnPE

— Windows Insider (@windowsinsider) February 25, 2020

Participants who are registered in the Windows Insider program in the Release Preview will receive the new Edge Browser via Windows Update under Windows 10. With this step, Microsoft is testing on a limited group of users whether the rollout works.

Addendum: Microsoft has released article KB4541302 with more details about the ne browser. The new Edge will be rolled out to systeme with Windows 10 Version 1903 and 1909. This update contains the quality improvements below:

• Start menu pins, tiles, and shortcuts for the current version of Microsoft Edge will migrate to the new Microsoft Edge.
• Taskbar pins and shortcuts for the current version of Microsoft Edge will migrate to the new Microsoft Edge.
• The new Microsoft Edge will be pinned to the taskbar. If the current version of Microsoft Edge is already pinned, it will be replaced.
• The new Microsoft Edge will add a shortcut to the desktop. If the current version of Microsoft Edge already has a shortcut, it will be replaced.
• By default, most protocols that Microsoft Edge handles will be migrated to the new Microsoft Edge.
• The current version of Microsoft Edge will be hidden from UX surfaces in the OS. This includes settings, applications, and any file or protocol support dialog boxes.
• Attempts to start the current version of Microsoft Edge will redirect to the new Microsoft Edge.
• The First Run Experience (FRE) will auto-launch the first time that a device restarts after the new Microsoft Edge is installed.
• Data from earlier versions of Microsoft Edge (such as passwords, favorites, open tabs) will be available in the new Microsoft Edge.

This new Microsoft Edge does not support uninstalling of this update. To view supported features, please see the Microsoft Edge Platform Status.

Rollout in waves

The new Microsoft Edge Browser has been available since 15 January 2020 for supported versions of Windows and macOS as a Chromium variant and in more than 90 languages. But until now, you had to download and install the browser manually because Microsoft delayed the rollout. Microsoft had chosen the approach described in the blog post Microsoft Microsoft Chromium-Edge released:

• Interested customers could get the Microsoft Edge as a download for Windows 7 to Windows 10, macOS, Android and iOS since that date.
• The automatic rollout via Windows Update was planned for private customers (with Windows 10) from February 2020. First, Windows Insiders were supposed to get their turn in the Release Preview Ring – which happened now.
• Depending on what the telemetry reports back, other users will then be able to enjoy the new browser via Windows Update in the coming weeks.

The rollout in waves can take months. It should also be mentioned that this only affects Windows 10 systems with Home and Pro in unmanaged environments. Windows 10 Enterprise installations and Pro systems running in corporate environments do not yet get the new Edge via Windows Update (see Chromium-Edge: Issues and no Auto Update for Enterprises). How to prevent the auto-update – even during operation – is described in the blog post Microsoft’s Chromium Edge will be distributed via update soon.

Similar articles:
Microsoft’s Chromium Edge will be distributed via update soon
Microsoft Chromium-Edge released
Chromium-Edge: Issues and no Auto Update for Enterprises
Run old and new Edge in Side-by modus
Edge and its poor installer security

[German]Microsoft has released another batch of microcode updates for Windows 10 version 1507 to 1909 on February 25, 2020 (it seems, it’s old updates). In addition, a reader informed me, that he received another USB 2.0 microphone bug fix update via WSUS on February 26, 2020. Here is some information about these updates.

Windows 10: Intel Microcode-Updates (02/25/2020)

To the microcode updates of Intel I had seen a reader note. Microsoft documents all Microcode updates for Windows 10 here. The updates apply to Intel CPUs from the following series: Denverton, Sandy Bridge, Sandy Bridge E, EP, Valley View and Whiskey Lake U. Only for these CPUs should the microcode updates be installed. Here is a short overview with links to the KB articles:

• KB4497165: Windows Server Version 1903, Windows 10 Version 1903, Windows Server Version 1909, Windows 10 Version 1909
• KB4494174: Windows Server Version 1809, Windows 10 Version 1809
• KB4494452: Windows 10 Version 1709
• KB4494453: Windows 10 Version 1703
• KB4494175: Windows Server 2016, Windows 10 Version 1607
• KB4494454: Windows 10 1507 (LTSC)

The download links for the updates can be found in the respective KB articles. The colleagues at deskmodder.de have also linked them here. Addendum: Received a comment from deskmodder.de that the updates are old, although Microsoft has changed the date of their KB article – what the fuck.

Updates also in WSUS

German blog reader Markus B. informed me bia mail that he already had the microcode updates in the Microsoft Update Catalog last week and received another update on WSUS:

Microsoft has released another special update about WSUS today.

Update to address issues which cause USB Audio 2.0 multi-channel microphones to fail (Windows 10, version 1903 Windows 10, version 1909)

This only affects the 1909 clients. Interesting, does not come via the catalog, but only via Windows Update and WSUS.

He also writes that several Intel Microcode updates from Microsoft came in via WSUS today (26.2.). KB4497165: Intel microcode updates. Markus comments on this:

Last week they only had them in the Microsoft Update Catalog and you could import them manually. Now they came in via WSUS normally. This is not the first time this has happened. This time they come in for all operating systems:

[German]Microsoft released on Feb. 25, 2020 the Insider Preview Build 19041.84 of Windows 10 Version 2004 – the upcoming Windows 10 feature update – for WSUS.

I reported yesterday (see Windows 10 Version 2004 ISO image for Insider avaible) that Microsoft has released an Insider Preview build 19041.84 as ISO installation file for Windows Insider in the Fast Ring. That night I had read that this build is also distributed via WSUS. Blog reader EP pointed out this fact to me in this comment too.

Insider Preview Build 19041.84 in WSUS

Microsoft announced within the blog post Releasing Windows 10 Insider Preview Build 19041.84 to WSUS the release of Windows 10 Insider Preview Build 19041.84 from the development branch 20H1 via WSUS. I had already pointed out in the article Windows 10 Version 2004 ISO image for Insider avaible that Microsoft included the update KB4539080 from February 12, 2020. In the announcement above this is also the case, because Microsoft writes:

We have released 20H1 Build 19041.84 via WSUS that contains the latest security fixes for organizations to prepare for releasing Windows 10 version 2004 in their organizations.

So the latest security fixes have been incorporated into this build 19041.84 so that administrators in corporate environments can prepare for the release of the spring update Windows 10 Version 2004.

Additional information about feature updates in WSUS

Microsoft had already published the article Publishing pre-release Windows 10 feature updates to WSUS  in the Techcommunity in September 2019. Allegedly in response to customer feedback, it was announced that it would provide pre-release updates for Windows 10 features to IT administrators using the Windows Server Update Service (WSUS). The goal is to give enterprise administrators the ability to validate the required industry-specific applications, business-critical functionality and policies, and to evaluate new business functionality before the official release of a feature update.

(Source: Microsoft)

I had reported about this approach in the blog post Windows 10 previews are distributed via WSUS. To distribute the preview builds, on the Products tab under Software Update Point Component Properties, select the check box next to Windows Insider Pre-Release. (Note: Although this option is visible in every version of Configuration Manager, you must run Configuration Manager 1906 or later to select it).

Is the Spring 2020 feature update ready?

I already mentioned it in yesterday’s article Windows 10 Version 2004 ISO image for Insider avaible will be the first feature update in 2020. I expect the release in March, latest April 2020. The development branch was already feature frozen in December 2019 and the developers are now only working on bug fixes.

So it is quite possible, because Microsoft can close still found bugs with cumulative updates. Then the now delivered Insider Preview build 19041.84 would be something like the Final of Windows 10 version 2004.

Similar articles:
Windows 10 Version 2004 ISO image for Insider avaible
Windows 10 previews are distributed via WSUS