[German]Microsoft has released the cumulative update KB4535996 in the Insider Preview Release Preview Ring for Windows 10 V190x on February 26, 2020. Addendum: The update has been released to all users, see Windows 10 Version 190x: Update KB4535996 (Feb. 27, 2020).

The update is available for Windows 10 version 1903 and version 1909. The update raises the builds 18362/18363 to the subbuild .693.

What exactly has been changed is unclear. But it’s not a security update – you may be tampering with the problem of broken user profiles (see Windows 10: Update KB4532693 kills user data/profile). Possibly it will be generally released tonight (2/27/202020). via

[German]Microsoft has finally released the cumulative update KB4535996 for Windows 10 version 1903 and version 1909 on February 27, 2020. Here are some details about the respective updates.

A list of the updates can be found on this Microsoft website. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001 (if it is not up to date, please check the Microsoft Update Catalog for Servicing Stack Updates).

Update KB4535996 for Windows 10 Version 190x

Cumulative Update KB4535996 had already been released for insiders in the preview ring a few hours ago (see Windows 10 Version 190x: Update KB4535996 for Insider). Now it is officially listed in the update history, so it is available for all users. The update raises the OS build to 18362.693 (Windows 10 V1903) or 18363.693 (Windows 10 V1909). The update is available for Windows 10 version 1903, for Windows 10 version 1909, and for Windows Server version 1903 and Windows Server version 1909. Here is the list of improvements, called highlights by Microsoft:

• Updates an issue that prevents the speech platform application from opening for several minutes in a high noise environment. 
• Updates an issue that reduces the image quality in the Windows Mixed Reality (WMR) home environment. 
• Updates an issue that might prevent ActiveX content from loading.
• Improves the battery performance during Modern Standby mode. 
• Updates an issue that causes Microsoft Narrator to stop working when a user session is longer than 30 minutes. 
• Addresses an issue that adds an unwanted keyboard layout as the default after an upgrade even if you have already removed it. 
• Updates an issue that prevents the Windows Search box from rendering properly. 
• Updates an issue that prevents the printer settings user interface from displaying properly. 
• Updates an issue that prevents some applications from printing to network printers.

And there are the following fixes and improvements to Windows 10 version 1909, which are identical to the 1903 version

• Addresses an issue that prevents the speech platform application from opening for several minutes in a high noise environment. 
• Addresses an issue that reduces the image quality in the Windows Mixed Reality (WMR) home environment. 
• Improves Urlmon resiliency when receiving incorrect Content-Length for a PeerDist response. 
• Addresses an issue with rendering PeerDist-encoded content in Internet Explorer and Microsoft Edge. 
• Addresses an issue that might prevent ActiveX content from loading. 
• Addresses an issue that might cause Microsoft browsers to bypass proxy servers. 
• Improves the battery performance during Modern Standby mode. 
• Addresses an issue that prevents Centennial apps from opening in certain scenarios. 
• Addresses an issue that prevents the OpenFile() function in the KernelBase.dll library from handling file paths longer than 128 characters. 
• Addresses an issue that prevents a user from upgrading or uninstalling some Universal Windows Platforms (UWP) apps in certain scenarios. 
• Addresses an issue that causes Microsoft Narrator to stop working when a user session is longer than 30 minutes. 
• Addresses an issue that adds an unwanted keyboard layout as the default after an upgrade or migration even if you have already removed it. 
• Addresses an issue with editing the properties of .mov files. 
• Addresses an issue that causes usbvideo.sys to stop working intermittently when a device resumes from Suspend or Sleep after using the Camera app or Windows Hello. 
• Addresses an issue that might prevent the “Allow uninstallation of language features when a language is uninstalled” Group Policy from taking effect. 
• Addresses an issue that prevents the Windows Search box from rendering fully in the space allotted for it. 
• Addresses an issue that prevents the Input Method Editor (IME) user dictionary from being used when leveraging folder redirection with user profiles. 
• Addresses an issue that might prevent the Windows Search box from showing results. 
• Addresses an issue that causes the installation process to stop responding when installing Windows on a VMware guest machine that has a USB 3.0 hub attached. 
• Addresses an issue with Windows Autopilot self-deploying mode and white glove deployment. 
• Addresses an issue in which re-running PowerShell workflows might fail with compilation errors for long sessions. 
• Improves Event Forwarding scalability to ensure thread safety and increase resources. 
• Addresses an issue in the Windows activation troubleshooter that prevents users from reactivating their copy of Windows using the product key stored in their Managed Service Account (MSA). 
• Addresses an issue that prevents some applications, which are deployed using the Microsoft Installer (MSI) from being installed using the mobile device management (MDM) platform. This issue occurs because of a missing property in the MSI metadata. 
• Addresses an issue that generates an “unknown username or bad password” error when attempting to sign in. This occurs in an environment that has a Windows Server 2003 domain controller (DC) and a Windows Server 2016 or later DC. 
• Addresses an issue with sign in scripts that fail to run when a user signs in or signs out. 
• Addresses an issue that continues to collect IsTouchCapable and GetSystemSku data when they should no longer be collected. 
• Addresses an issue that causes some Azure Active Directory (AAD) joined systems, which were upgraded to Windows 10, version 1903, to erroneously rejoin the AAD domain. 
• Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically. 
• Addresses an issue that causes the wrong printer name to be selected when you click the Print button in the SQL reporting service. 
• Addresses an issue that prevents the printer settings user interface from displaying properly. 
• Addresses an issue in the Network Profile Service that might cause a computer to stop responding. 
• Addresses an issue that prevents some applications from printing to network printers. 
• Addresses an issue that might cause a printer to be a hidden device in Device Manager after a restart. 
• Addresses an issue that causes Host Networking Service (HNS) PortMapping policies to leak when the container host is reinstated after a restart. 
• Addresses a stop error (0x000000CA) that occurs when you mount a Resilient File System (ReFS) volume without a physical device. This might occur in some backup solution scenarios. 
• Addresses an Open Database Connectivity (ODBC) issue that causes an infinite loop in the retry logic when there are several lost connections in the connection pool. 
• Addresses an issue that causes the Local Security Authority Subsystem Service (LSASS) to stop working and triggers a restart of the system. This issue occurs when invalid restart data is sent with a non-critical paged search control. 
• Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit event 5125 to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request.
• Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES”. This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests.
• Addresses an issue that corrupts a log file when a storage volume is full and data is still being written to the Extensible Storage Engine Technology (ESENT) database.
• Addresses an issue that causes _NFS4SRV_FILE_CACHE_ENTRY and DirectoryCacheLock to stop responding and leads to error 9E.
• Addresses an issue that prevents Server Message Block (SMB) Multichannel from working within a cluster network that has IPv6 Local-Link addresses.
• Addresses an issue that might cause Storage Migration Service inventory operations on a Windows Server 2003 source computer to fail in clustered environments.
• Addresses a timing issue that may cause stop error 0x27 in mrxsmb20!Smb2InvalidateFileInfoCacheEntry. This issue occurs when you rename or delete files that have certain extensions and are stored on a network share that has client-side caching enabled.
• Addresses an issue in the Storage Migration Service that causes the Cutover stage to stop working during migration if an administrator assigns a static IP address to the source adapter.   
• Addresses an issue in which canceling a deduplication (dedup) job to rebuild hotspots prevents other deduplication PowerShell commands from responding. 
• Addresses an issue that might cause Remote Desktop sessions to disconnect because a leak in system memory occurs when the client window is minimized or maximized. 
• Addresses an issue that makes the Windows Defender Application Control’s Code Integrity-based events unreadable. 
• Addresses an issue with certificate validation that causes Internet Explorer mode on Microsoft Edge to fail.

So the update doesn’t fix the broken/deleted user profile bug – but has a fix for the Windows Search box from rendering bug. This update is offered via Windows Update and can be downloaded and installed via a link. This update is also available in the Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system before you install the latest cumulative update (LCU). Microsoft does not report any known issues with this update.

In addition, Microsoft has released an update directly to the Windows Update client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and is not an LTSC variant and updates have not been blocked by GPO.

Similar articles:
Adobe Flash Player 32.0.0.330 released
Microsoft Office Patchday (February 4, 2020)
Microsoft Security Update Summary (February 11, 2020)
Patchday Windows 10-Updates (February 11, 2020)
Patchday: Updates for Windows 7/8.1/Server (Feb. 11, 2020)
Patchday Microsoft Office Updates (February 11, 2020)
Windows 10 and Windows 8.1 Updates (Feb. 25, 2020)

[German]Some February 11, 2020 update kills the user profile during installation. Where do we stand regarding the bug at the end of February 2020 after the C and D Week updates are out?

Windows 8.1: Update KB4537821 kills user profile

The update KB4537821 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) for Windows 8.1 and Windows Server 2012 R2, which was released on February 11, 2020, causes some users to load a temporary user profile after installation.

I had reported this issue in the blog postWindows 8.1: Update KB4537821 kills also user profiles. The situation is unpleasant for administrators of Windows Server 2012/R2 if they run into the problem. Here is a user comment on this:

Yes, the problem also occurs on our server 2012 R2. It only affects the user account that was active during the installation of the update. All other user accounts do not seem to be affected.

he hope was that Microsoft is now sitting on a fix. On February 25, 2020, Microsoft released the monthly Preview Rollup Update KB4537819 (Preview of Monthly Rollup for Windows 8.1 and Windows Server 2012 R2). In the update change log (see Windows 10 and Windows 8.1 Updates (Feb. 25, 2020)) I didn’t read anything about fixing the profile bug. User Ankephalos confirms in a comment that this update does not fix the profile bug. So the update is a total failure in this respect. 

Windows 10: Update KB4532693 kills the user profile

The cumulative update KB4532693, released of February 11, 2020 for Windows 10 versions 1903 and 1909 shows the same behavior. For some users, the desktop was gone or the files and icons disappeared after installation. For most users, Windows 10 used a temporary user profile after the update was installed the next time they logged on. I had reported about this in the blog post Windows 10: Update KB4532693 kills user data/profile. .

Windows 10 KB4532693 Update Bug Reportedly Deletes User Files – by @LawrenceAbramshttps://t.co/2jqX7PNLVR

— BleepingComputer (@BleepinComputer) February 19, 2020

In the above tweet, Bleeping Computer points out that for some users, the user profile files were completely deleted during the update installation. Then these files could only be restored from backups. And this comment says the same. 

In the meantime, Microsoft has released Update KB4535996 for Windows 10 Version 190x (see Windows 10 Version 190x: Update KB4535996 (Feb. 27, 2020)). The update unfortunately does not fix the bug with the broken/deleted user profile – but at least includes a correction for the bug with the display of the Windows search box.

Similar articles:
Windows 8.1: Update KB4537821 kills also user profiles
Windows 10: Update KB4532693 kills user data/profile
Windows 10 and Windows 8.1 Updates (Feb. 25, 2020)

[German]Another short report from the middle of the month. Microsoft has back-ported the Tamper Protection feature for Defender from Windows 10 version 1903 to earlier Windows 10 versions. 

The Defender Tamper Protection

In Windows 10 May 2019 Update (Version 1903), Microsoft has implemented tamper protection for Windows Defender. This protection is designed to protect Defender against tampering by malware. It should not be possible for a malicious program to turn off Windows Defender via registry entries, command prompt program commands, tools or group policies.

I had already pointed out this feature, which can cause problems, a year ago in the blog post Windows 10 V1903 get Windows Defender Tamper-Protection (see this Microsoft post about Preview Build 18305 in the Windows blog). Therefore the tamper protection was not automatically activated at first.

In the blog post Windows 10 V1903: Microsoft activates Tamper Protection in mid-October 2019, Microsoft pointed out that they would now enable the tamper protection feature in Windows Defender by default. In this Techcommunity post, Microsoft explains the details.

Backporting also for older Windows 10 versions

On February 19, 2020, Microsoft announced that Defender tamper protection would be available for all versions of Windows 10.

Tamper protection for Defender has been backported for earlier versions of Windows 10, too. https://t.co/EyrbzCmcvp

— Kevin Beaumont (@GossiTheDog) February 19, 2020

Tamper Protection is now also available for earlier Windows 10 versions and can be managed via Intune, for example. In this Techcommunity article Microsoft provides details. 

Similar articles:
Windows 10 V1903 get Windows Defender Tamper-Protection
Windows 10 V1903: Microsoft activates Tamper Protection

[German]Microsoft has just outlined how they envision the Cortana service in future versions of Windows 10. Cortana will be upgraded and music, Connected Home and third-party features will be removed.

In the blog post Cortana in the upcoming Windows 10 release: focused on your productivity with enhanced security and privacy Microsoft discusses the revamping of Cortana. According to Microsoft, the artificial intelligence in Microsoft 365 is leading to a significant change in the way users interact with Microsoft 365 applications.  Cortana enables users to use a personal productivity wizard in Microsoft 365 to keep track, save time and optimize work.

In the blog post, Microsoft announces an updated Cortana functionality in Windows 10 that provides more help from the wizards in Microsoft 365. This next step in the development of Cortana will bring an improved, seamless personal productivity assistant as a free update to the latest version of Windows 10 Version 2004, which will be released this spring.

Features for the USA

Cortana should help English-speaking users (United States) to better manage schedules and tasks. Users can use voice messages or text input to make requests to find people or files, or to quickly create or retrieve emails. Users can also easily check their calendar, set a reminder or add lists in Microsoft To Do. And Cortana is designed to help users get answers from Bing, set alarms and timers, open apps, customize settings and more.

Features for the rest of the world

Outside the United States, the upgraded Cortana version in Windows 10 Version 2004 will include answers from Bing and the ability to chat with Cortana. However, Microsoft plans to expand the international experience with more productivity-based capabilities in the future.

Only with Cortana online account, Music & Co. removed

As part of the evolution of Cortana into a Personal Productivity Assistant in Microsoft 365, users will therefore experience some changes in the way Cortana works in the latest version of Windows 10. Microsoft has changed access to Cortana so that users must log in with their work or school account or a Microsoft account before using Cortana.

At the same time, functions such as Music, Connected Home and third-party functions are being phased out. Furthermore, Microsoft is terminating support for Cortana in older Windows versions that have reached their end-of-service date. Microsoft encourages customers to upgrade their devices to the latest version of Windows 10 to continue using Cortana. Microsoft will also disable Cortana services in the Microsoft Launcher for Android by the end of April 2020. (via)

[German]A short tip for administrators who want to administer Windows 10 via SCCM and distribute the Remote Server Administration Tools (RSAT) for Windows 10.

The Remote Server Administration Tools (RSAT) for Windows 10 are now available as Features on Demand. Ben Whitmore has taken up this topic and shows how to add them with the System Center Configuration Manager (SCCM) to a Windows 10 build.

Hey @byteben, I used your post to add RSAT to a Windows 10 1909 install (1903 FOD iso). It worked great except for DHCP. Is there something I missed for that snapin?https://t.co/364HRs2q1s

— Ryan Engstrom (@ryandengstrom) February 25, 2020

I came across the above tweet because this person had issues, caused by permissions problems. Maybe someone can use this.

[German]Microsoft released the cumulative update KB4535996 for Windows 10 version 1903 and 1909 on February 27, 2020. But some users are facing serious issues with this optional update.

I introduced update KB4535996 in the blog post Windows 10 Version 190x: Update KB4535996 (Feb. 27, 2020). This update fixes a whole range of problems. This solves the bug with missing printers. Also the broken search in the taskbar should be fixed. But the problem with the temporary user profiles is not fixed (see following text).  

But it is an optional update, the download of which must be explicitly initiated by the user. So if you don’t suffer from a bug that is indicated as fixed, you should wait with the update installation.

Still ‘Temporary Profile’ Bug

It appears that by installing update KB4535996, certain users are running into the temporary user profile problem. I described the bug in the blog post Windows 10: Update KB4532693 kills user data/profile for the previous update. 

Last weekend EP left a comment (thanks), which referred to this Dutch forum. There are discussions about issues with the temporary profile caused by update KB4535996. Woody Leonhard started this thread on this topic.

Within my German blog post Windows 10 Version 190x: Update KB4535996 (published yesterday) I got then another comment confirming the temporary profile issue. At German site Dr. Windows is an article about this update, where I read another user comment with the same issue:

On Friday evening the new updates installed and this morning a temporary profile…

Anyone else who has run into this problem with temporary user profiles?

Update causes write bursts to SSD

German blog reader Steffen refers in this comment to this article comment on hothardware.com. A user describes the following effect:

After I installed this update, I noticed that the “System” process was hammering my SSD with disk writes. The disk usage was 100%, at a rate of writing 1.5 GB/s. I left it for a few hours thinking it would stop. 6 terabytes written later (!!!), and I uninstalled the update. The writes to disk immediately stopped. Beware of this update!

But I haven’t seen more posts with this error description.

‘Update requires attention’ notification

In Tens forum I found this comment from a user who made a strange observation:

Since updating my machines they now all show “Windows Update Attention Needed” on the settings front page. But checking for updates they’re up to date and there are no notifications or messages to say what the problem is.
Anyone else seen this?

He constantly gets the hint that a Windows Update needs attention, but there is no information where it is stuck. We have had this behavior

Audio issues

In the Tensforum there is this comment of the user canibal, who criticizes a degraded audio quality.

My audio Quality becomes distortion and very bad like a trash after installed this cumulative update. this cumulative I kicked it from my system.

Within my German blog I got this comment, where a user reported, that the sound output has stalled after installing the update.

Installation errors and problem reports

Some users are not offered the update or there are installation errors. In this article there are mentions, that the update hangs between 0 and 99% during installation. Some users get the error codes 0x800F0922, 0x80070003 (ERROR_PATH_NOT_FOUND), 0x800f0922, 0x8000ffff and 0x800f0826 (see also).

Just a suspicion: Installed third-party virus scanners could be the cause of such error messages.

Here (and here) are posts in German Microsoft Answers forums reporting install errror 0x800f0988. Error code 0x800f0988 notifies about error within the registry and/or in files located in WinSxS folder and stands for:

PSFX_E_INVALID_DELTA_COMBINATION

In a German comment here by Ulf here in the blog, the installation error 0x800f0900 is complained about. For both error codes I did not find any further explanations in my sources. Inspecting the CBS.log file could help to find out the root issues for this error. German blog reader Karl Heinz mentioned here a BSOD after 20 minutes. And within this MS Answers forum thread users complain about freezing or boot issues on their systems or flickering screen after login. There are also problem reports on Windows Report, but they are still related to the preview.

Usually only a) not installing the optional Windows 10 Update KB4535996 can help here, because this must be explicitly initiated for download. And b) if it was installed, the update has to be uninstalled. To do this, go to the settings page and click on ‘Update and Security’- Windows Update’. There is a hyperlink to display the update history and on this page you will find a command to uninstall a selected update.

Similar article:
Windows 10 Version 190x: Update KB4535996 (Feb. 27, 2020)
Windows 8.1: Update KB4537821 kills also user profiles
Windows 10: Update KB4532693 kills user data/profile
Windows 10 and Windows 8.1 Updates (Feb. 25, 2020)
Windows 8.1/10: What’s the status of the user profile bug?

[German]Microsoft released version 0.15.0 of PowerToys for Windows 10 users a few hours ago. It is a maintenance update that fixes bugs and improves compatibility.

PowerToys were free programs under Windows 95/98, with which certain Windows features could be optimized or adapted. Inspired by the PowerToys project under Windows 95, some developers dared to restart. The intended was to give power users the ability to get more efficiency out of the Windows 10 shell and customize it for individual workflows. The announcement tool place at the beginning of May 2019 (Windows 10: PowerToys will come as Open Source). More information can be found in the articles linked at the end of this blog.

(PowerToys Settings)

The PowerToys known from Windows 9x are also available in the version for Windows 10 Open Source and free of charge.

Bugfix update to PowerToys 0.15.0 available

I had already noticed it a few hours ago because Clint Rutkas posted another nebulous statement on Twitter. Asked him to put finally the beef on the table, because I’m tired about the latest announcements in January/February (it’s something we called vapor ware in the 90ties). A short time later he released the PowerToys 0.15.0.

Heads up #WindowsInsiders @ClintRutkas just hit publish on PowerToys 0.15! Over 100 bug fixes and some awesome improvements! https://t.co/hDcIS2cVHm

— Brandon LeBlanc (@brandonleblanc) March 3, 2020

The release notes indicate that the developers’ goal was to invest in infrastructure, quality, stability, and work on a way to automatically update PowerToys. Therefore, bugs in the individual modules have been fixed. The requirement to always run PowerToys with administrative privileges has also been dropped. The updated version of PowerToys 0.15.0 and the MSI installer can be found on GitHub.

Within this GitHub post they are outlining their plans for the PowerToys Settings v2.

Similar articles:
PowerToys v0.13 released
PowerToys v0.12 Beta released
Windows 10: First Open Source PowerToys released
Windows 10: PowerToys will come as Open Source
PowerToys 0.14.0 released
PowerToys 0.14.1 released

[German]In a webcast for Windows Insiders Microsoft gave a statement, that the live tiles used in Windows 10 start menu should (still) remain for users and developers. Maybe the plug will pulled later.

There was a rumor in the past that Microsoft will ban the old ‘Live Tiles’ in the start menu entries of Windows 10. In January 2019 there was an article from Windows Central with a swan song of live tiles, because the functionality had not been updated for ages.

Insider Webcast in Microsoft Mixer Channel

Yesterday evening (CET) there was a webcast for Windows Insider on the Microsoft Mixer channel. Extremely long with 1 hour 48 minutes, where they talked about the new PowerToys etc. You don’t have to view this to yourself! It reminds me a bit of a kindergarten where coffee cups and beverage cans are placed next to the notebooks – and of course someone has splilled some water over his keyboard. From timecode 48:00 on, the Microsofters have cleand their desk and the Notbook from the water that someone has poured over his keyboard – these are the real world problems that obviously keep the Windows Insider group busy.

Startmenü evolution: Live Tiles (still) alive

I have embedded the recording of the webcast, which can be accessed by everyone via the Microsoft Mixer page.

(Windows Insider Mixer-Webcast)

Starting at minute 48, the developers discuss the evolution of the Start menu and Live Tiles in Windows 10. The following screenshot shows the evolution of the Start menu between the old design (left) and an internally tested new design concept.

(Old and new start menu of Windows 10)

The picture at the top right shows that the “Tile” area of the start menu has been visually redesigned to better integrate with the dark or light mode selected by the user.  This way the Start menu should look consistent with both a dark and a light theme. The new tiles should not only have an icon, but also a background color and rounded corners. Microsoft wants to use colors to highlight the icons in the tiles instead of displaying additional information in the live tiles.

But it’s all more or less still an internal experimentation area, where the developers try out what will work. But it becomes visible that Microsoft internally moves away from the live tiles. Because in the new Start menu (in the picture on the top right) a number of icons for Windows 10 applications are shown that no longer contain live tiles. So there is a big visual change compared to the previous Start menu.

The important point: In the webcast, the Windows Design Team makes it clear that live tiles will remain available to developers and users. In other words, developers can continue to provide live tiling for their applications. But my impression is that live tiles die a slow death and are eventually buried. So this is the quintessence of 4.5 years of Windows 10 developent.

I would not have cateched that beef, because I quit the webcast after a few minutes (to time consuming and boring). But someone from Windows Latest has described it here. I came across the information at MSPU. The message I’m extracting now is: At some point Microsoft might tilt the live tiles, but currently the fidgeting tiles continue to live. Do any of you still use the live tiles?

On March 5, 2020, Microsoft released the Windows 10 Insider Preview Build 19577 (20H2 development branch) for Insiders in the Fast Ring. In the Windows Blog, Microsoft lists the bug fixes and known issues of this build.

[German]Microsoft has published a support article on how to fix an issue, that drivers are blocked from getting loaded by the security feature ‘core isolation’ introduced in Windows 10.

The Windows 10 Core Isolation

Core Isolation is a security feature introduced in Defender starting with Windows 10 version 1803. It is available on systems with Intel VT-X or AMD-v virtualization supported CPUs.

Core Isolation isolates critical parts of the operating system core from drivers and software running in user mode. Core isolation provides additional protection against malware and other attacks by isolating computer processes from the operating system and device. It is designed to prevent malware or exploits from gaining access to the secure kernel to bypass security controls and inject malicious functions into memory. One subsystem is memory integrity.

Microsoft has published this support article with information about this security feature. In 2018 I had published the article Windows 10 V1803: HCVI causes driver error code 39 about an already fixed bug.

Drivers are not loaded due to core isolation

Due to the core isolation, Windows may not be able to load a driver into memory. This results in an error message of the type ‘A driver cannot be loaded on this device’. Microsoft has published the support article KB4526424 and the article KB4526428 about this issue. 

You are receiving this message because the Memory integrity setting in Windows Security is preventing a driver from loading on your device. The reason for blocking the driver is that it does not comply with Microsoft’s specifications and tries to access the isolated kernel directly. However, this is prevented by the protection mechanism. As a result, the driver is not loaded and the missing driver causes Windows to malfunction.

Microsoft suggests in the KB article some options that can be tried out to use this driver after all:

• Check,  if an updated and compatible driver is available through Windows Update or from the driver manufacturer. This is the preferred solution.
• If that doesn’t work, you can try disabling the memory integrity setting in Windows Security.

For the latter option, go to the Core isolation page of Windows Security (Windows Defender Security Center) settings page. Under Device Security you can then disable the Memory Integrity option. If necessary, restart Windows 10 again so that the driver can be loaded. The collegues at Bleeping Computer has also published an article about that topic.

Similar articles
Windows 10 V1803: HCVI causes driver error code 39
Windows 10: Update KB4517211/KB4522015 breaks VMware Workstation
Windows 10 gets Sandbox for applications

[German]In future Windows 10 versions, Microsoft intends to ‘rename’ the options for telemetry data acquisition – but the content will not change. This is stated in the announcement for the last Insider Preview.

New Telemetry options

At the end of last week, Microsoft released the Windows 10 Insider Preview 19577 for testers (I mentioned it briefly in the blog post Windows 10 Insider Preview Build 19577 without going into much detail). But in the Windows Blog, there is a short note that will be relevant for Windows 10 users in the future:

Diagnostic data changes in Settings

As part of the Microsoft initiative to increase transparency and control over data, we’re making some changes to the Settings app and Group Policy settings that will start showing up in Windows Insider builds this month.

Basic diagnostic data is now known as Required diagnostic data and Full diagnostic data is now Optional diagnostic data. If you’re a commercial customer and choose to send Optional diagnostic data, we will also be providing more granular Group Policy settings to configure the data that’s collected within your organization.

We’ll publish more specifics around the new policies when we get closer to the retail release, and in the meantime, check out the Microsoft Privacy Report for more information around our data collection practices.

As part of the initiative ‘Improve transparency and control over data’ Microsoft is changing some entries in the Settings page.

• The previous option Basic for collecting minimal telemetry data in Windows 10 is now called Required – an allusion to the fact that this data collection is considered indispensable.
• The option currently named as Full will be named as Optional in future versions of Windows 10.

I don’t quite understand the sense of this whole action – nothing changed under the hood. And if you test in the Windows Insider Preview, you have to set the telemetry data collection to Full before you upgrade to build 19577. Otherwise you will not get any more Insider Builds in the future.

Only companies will be able to use Group Policies in future,  to define which telemetry data – in addition to the required data – is collected in the Optional level. The option to completely disable telemetry, which I mentioned in the article Windows 10 V1909 Enterprise: Telemetry can be deactivated, seems to be taken back.

Similar articles:
Windows 10 V1909 Enterprise: Telemetry can be deactivated
Windows 10, the telemetry and the GDPR privacy problem…
Windows 10 Enterprise: Updates and the Telemetry trap
Windows 7: Security-only Update KB4516033 with Telemetry

[German]Microsoft has announced new details about the changed automatic device driver rollout via Windows Update. Frequently used devices should get these drivers first.

Review: What we know so far

Microsoft is working on improving the supply of drivers for Windows systems and minimizing problems. Already in January 2020 I had reported in the article Windows 10: Microsoft allows feature and driver update blocks that OEM partners have the possibility to block the distribution of feature updates if incompatibilities with drivers are known. Furthermore Microsoft has announced blocking times for the distribution of drivers from the manufacturers around patchday or an OS rollout. This is to avoid collisions of driver updates with Windows updates or function updates.

In February 2020, Microsoft announced the next step: Manufacturers can distribute drivers via Windows Update. Microsoft gave all hardware partners the opportunity to submit drivers to Microsoft for distribution via Windows Update. The publication can be specified by the partner as ‘Automatic’ or ‘Manual’.

(Source: Microsoft)

• In a manual delivery mode, the user can select the drivers for installation. To do this, there will be a page for optional driver updates in the settings under Windows Update (see figure above).
• In an automatic delivery mode, the driver will be rolled out and installed directly on the machine via Windows Update. The user has no way to prevent the driver updates.

Publishing the drivers via Windows Update should not only make it easier for users to obtain the drivers. Partners are given new options via Microsoft’s driver distribution mechanisms. I had reported that within the blog post Windows 10: Changes in driver updates. Microsoft has told me, the new approach will be applied to the upcoming Windows 10 version 2004.

New information from Microsoft on the subject

Microsoft has published the Techcommunity article Updates to Gradual Rollout, which contains some further details about the upcoming plans. Starting in March 2020, Microsoft will improve its gradual rollout process for Windows drivers via ‘intelligent distribution’.

• The automatic release of driver updates via Windows Update will initially be for a small group of users or devices. Microsoft writes that the rollout of first wave drivers for this group of devices may take up to eight calendar days.
• Only when it is clear that there are no problems with the drivers on these devices will Microsoft extend the rollout of the drivers to all suitable devices or users worldwide.

Microsoft forms clusters of devices with hardware ID (HWID) and computer hardware ID (CHID). The selection of devices in the first test group from these clusters is aimed at systems that are representative of this group. First, highly active devices get the driver updates. Microsoft believes that there is a higher probability of receiving diagnostic data from these devices. This should enable early fault detection.

Microsoft’s goal is to obtain specific clusters of HWID/CHID combinations for testing. There, the quality of the driver will be evaluated in order to be able to draw conclusions about the entire device population. Microsoft also carries out a risk assessment for each driver in question and assigns it an individual rollout. There are a few typical driver release rollout schemes:

• immediately throttled to 100% of the retail Windows population
• There are a few typical driver release throttle curves
• throttle with an initial set of its eligible population that are highly active (see above)

In the latter scenario, the rollout of first-wave drivers for this device group can take up to eight calendar days. In this article, Microsoft provides guidance on how to measure and evaluate each step for successful driver installation. When the rollout reaches 100%, a new driver is available on all systems supplied by Windows Update from Windows 10 version 1709 on. This is distinct compared to my explanations in the article Windows 10: Changes in driver updates. Microsoft had confirmed to me explicitly that the new driver rollout via Windows Update will only be available for Windows 10 version 2004 and that no backport is planned. What this means exactly is currently unclear to me and I asked Microsoft.

(Driver Rollout Windows 10, source: Microsoft)

Following the complete rollout of a new driver via Windows Update, Microsoft will then monitor the driver over a period of up to 30 days. For more details and an FAQ on the phased introduction of drivers, see Program Details in the Hardware Dev Center. And because Microsoft likes to spread some details within distinct articles, the article New measures to understand Windows Update success states that these measures are currently being evaluated. Only from April 13, 2020, on a decision will be made whether the new methods will be used to determine a successful (driver) update.

Similar articles:
Windows 10: Microsoft allows feature and driver update blocks 
Windows 10: Changes in driver updates
Fix: Windows 10 driver blocked by core isolation

[German]On March 10, 2020 (second Tuesday of the month, Patchday at Microsoft) several cumulative updates for the supported Windows 10 builds were released. Here are some details about the respective updates.

A list of the updates can be found on this Microsoft website. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001 (if it is not up to date, please check the Microsoft Update Catalog for Servicing Stack Updates). 

Updates for Windows 10 Version 190x

Microsoft provides the same update packages for the Windows 10 builds 1903 and 1909 that were released in 2019. The following updates are available for the Windows 10 May 2019 Update (Version 1903) and the Windows 10 November 2019 Update (Version 1909).

Update KB4540673 for Windows 10 Version 190x

Cumulative Update KB4540673 raises the OS build to 18362.719 (Windows 10 V1903) or 18363.719 (Windows 10 V1909). The update is available for Windows 10 version 1903, for Windows 10 version 1909, and for Windows Server version 1903 and Windows Server version 1909. It contains quality improvements but no new operating system features. Here is the list of improvements, referred to by Microsoft as highlights: 

• Updates to improve security when using Microsoft Edge and Internet Explorer.
• Updates for verifying user names and passwords.
• Updates to improve security when using external devices (such as game controllers, printers, and web cameras).

The following fixes and improvements has been added to Windows 10 version 1909, which are identical to version 1903 (update is also available for the Hololens)

• Addresses an issue that prevents certain users from upgrading the OS because of corrupted third-party assemblies.
• Security updates to Windows App Platform and Frameworks, Windows Media, Windows Silicon Platform, Microsoft Edge, Internet Explorer, Windows Fundamentals, Windows Authentication, Windows Peripherals, Windows Update Stack, and Windows Server.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system before you install the latest cumulative update (LCU). For this update, Microsoft reports a known issue with 32-bit applications in the support article.

Microsoft has also released an update directly to the Windows Update client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and is not an LTSC variant and updates have not been blocked by GPO.

Servicing Stack Update KB4541338

On March 10, Microsoft also released the SSU KB4541338 for Windows 10 versions 1903 and 1909. Microsoft writes about this:

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) makes sure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

The SSU should be installed before installing further cumulative updates.

Updates for Windows 10 Version 1809

The following updates are available for Windows 10 October 2018 Update (Version 1809) and Windows Server 2019.

Update KB4538461 for Windows 10 Version 1809

Cumulative update KB4538461 raises the OS build (according to MS) to 17763.1098 and includes quality improvements but no new operating system features. Here is the list of improvements, called highlights by Microsoft: 

• Updates to improve security when using Microsoft Edge and Internet Explorer.
• Updates for verifying user names and passwords.
• Updates to improve security when Windows performs basic operations.
• Updates for storing and managing files.
• Updates to improve security when using external devices (such as game controllers, printers, and web cameras).

The following fixes and improvements were added to the Windows version:

Security updates to Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Media, Windows Silicon Platform, Microsoft Edge, Internet Explorer, Windows Fundamentals, Windows Authentication, Windows Kernel, Windows Core Networking, Windows Storage and Filesystems, Windows Peripherals, Windows Update Stack, and Windows Server.

This update is automatically downloaded and installed by Windows Update. This update is also available in the Microsoft Update Catalog. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system before you install the latest cumulative update (LCU). Microsoft lists several known issues that this update causes. For details, see the KB article. 

Microsoft has also released an update directly to the Windows Update Client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates have not been blocked by GPO.

Updates for Windows 10 Version 1507 till 1803

For Windows 10 RTM up to version 1803, various updates are available for the LTSC versions and, if necessary, the Enterprise versions. The Home and Pro versions, however, have been dropped from support. Here is a short overview.

• Windows 10 Version 1803: Update KB4540689 is only available for Enterprise and Education. The update raises the OS build to 17134.1365. It includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1709: Update KB4540681 is only available for Enterprise and Education. The update raises the OS build to 16299.1747. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4540670 is now available only to Enterprise LTSC. The update raises the OS build to 14393.3564. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1507: Update KB44540693 Update KB44540693 is available for the RTM version (LTSC) The update raises the OS build to 10240.18486. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download in the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article. Details can be found in the KB article.

There was no update for Windows 10 V1511 and V1703, because these versions were dropped from support. Details about the above updates can be found in the respective Microsoft KB articles.

Similar articles:
Microsoft Office Patchday (March 2, 2020)
Microsoft Security Update Summary (March 10 2020)
Patchday: Updates für Windows 7/8.1/Server (March 10 2020)
Patchday Windows 10-Updates (March 10, 2020)

[German]Microsoft has released on March 12, 2020 an out-of-band security update KB4551762 for the SMBv3 vulnerability CVE-2020-0796 in Windows 10 and Windows Server.

The SMBv3 Vulnerability CVE-2020-0796

On March 10, 2020 a serious but unpatched vulnerability (CVE-2020-079696) in the Windows SMBv3 protocol has become public. This vulnerability could allow the spread of worms, but is not currently believed to be exploited. Microsoft had stopped the release of a security update to close the vulnerability at the last second, but could not prevent the information from being published. Therefore, a security advisory ADV200005was issued on March 10, 2020.

The vulnerability (CVE-2020-0796)in Microsoft implementation of the SMBv3 protocol (version 3.1.1) affects the following versions of Windows:

• Windows Server Version 1903 (Server Core Installation)
• Windows Server Version 1909 (Server Core Installation)
• Windows 10 Version 1903 for 32-bit Systems
• Windows 10 Version 1903 for ARM64-based Systems
• Windows 10 Version 1903 for x64-based Systems
• Windows 10 Version 1909 for 32-bit Systems
• Windows 10 Version 1909 for ARM64-based Systems
• Windows 10 Version 1909 for x64-based Systems

I had reported in detail in the blog post Windows SMBv3 0-day vulnerability CVE-2020-0796.

Security update KB4551762 patches CVE-2020-0796

I received a security advisory from Microsoft regarding the SMBv3 vulnerability from Microsoft a few hours ago, announcing a security update. Furthermore, blog reader deoroller has pointed this out here (thanks for that).

Das Microsoft Security Update Releases March 12, 2020

The two documents CVE-2020-0796 and ADV200005 have been revised because the update is available.

– CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
– Version: 1.0
– Reason for Revision: Information published. CVE-2020-0796 resolves the issue
discussed in ADV200005.
Customers who have already installed the updates released on March 10, 2020
for the affected operating systems should install KB4551762 to be protected from
this vulnerability.
– Originally posted: March 12, 2020
– Updated: N/A
– Aggregate CVE Severity Rating: Critical

– ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression
– Version: 2.0
– Reason for Revision: CVE-2020-0796 has been published to address this
vulnerability. Please see CVE-2020-0796 – Originally posted: March 10, 2020
– Updated: March 12, 2020
– Aggregate CVE Severity Rating: N/A

Update KB4551762 for Windows 10

Update KB4551762 is available for Windows 10 Version 1903, Windows Server Version 1903, Windows 10 Version 1909, and Windows Server Version 1909 and raises the build to 18362.720 (Windows 10 V1903) and 18363.720 (Windows 10 V1909).

(Click to zoom)

The Download button in the figure above appears (according to the blog reader deoroller) on the Windows Update page only when a timed connection is used. Otherwise the update should be downloaded and installed automatically. The update only fixes the vulnerability in the compression of the SMB 3.1.1 protocol. The protocol is used when sharing files and printers on the network.

Important: If you applied the workaround to turn off compression from my blog post Windows SMBv3 0-day vulnerability CVE-2020-0796, re-enable compression. Otherwise, performance issues may occur. For instructions on how to undo the workaround, see the blog post.

Similar articles:
Windows SMBv3 0-day vulnerability CVE-2020-0796.
Scanner für Windows SMBv3-Schwachstelle CVE-2020-0796

On March 12, 2020, Microsoft released the Windows 10 Insider Preview Build 19582 (20H2 development branch) for Insiders in the Fast Ring. In the Windows Blog, Microsoft lists the new features, bug fixes and known problems of this build.

[German]In a blog post, Microsoft talked about the question of rolling out updates in enterprise environments from a practical point of view. How to ensure that devices and users in your environments remain protected and productive. They released a collection of practical guide lines to optimize Windows 10 update rollout.

Since the initial introduction of Windows 10 in 2015, many administrators have found that they can barely keep up with update and upgrade cycles. They may be looking for efficiencies in rolling out feature updates and monthly updates to ensure that the devices and users in your environments remain protected and productive. Microsoft is probably involved in discussions and receiving feedback from enterprise customers around the world. The point is that the way to keep devices up to date, and in particular to increase “update speed”, is not always clear.

Real-world practices to optimize Windows 10 update deployments#Windows10 #Microsoft365 #StayCurrenthttps://t.co/JzmWuEN9g2

— Per Larsen #MSFT #MSIntune (@PerLarsen1975) March 14, 2020

In the above tweet, Per Larsen points to a contribution by Microsoft to the Techcommunity, which is dealing with corresponding questions. The article entitled Real-world practices to optimize Windows 10 update deployments merely points out that Microsoft has published a detailed guide to optimizing the deployment of Windows 10 updates. This guide is intended to provide IT professionals who manage Windows 10 environments with clarity about how to proceed. 

The Optimizing the Deployment of Windows 10 Updates guide provides procedures and tips to help increase the speed of Windows 10 updates. In creating this guide, Microsoft has focused on gathering best practices from real-world experience that can help enterprise administrators improve update speeds while keeping devices protected and productive. The guide is available for download as a PDF document here and refers to Windows 10. 

[German]Microsoft has announced that the number of 1 billion Windows 10 units worldwide is reached. Here are a few insights and some thoughts about the new figures.

Microsoft announced the new number

This figure of 1 billion active computers running Windows 10 was announced by Microsoft on 16 March 2020. “We are pleased to announce today that over one billion people in 200 countries have chosen Windows 10, resulting in more than one billion active Windows 10 devices,” writes Yusuf Mehdi, corporate vice president of Modern Life and the Search & Devices Group of Microsoft. “We couldn’t be more grateful to our customers, partners and employees for helping us get here.” Then Yusuf Mehdi continues:

With the release of every new build of Windows 10, we have seen customer satisfaction improve as we have made fixes and added new capabilities and experiences. We are humbled that customers are choosing and loving Windows 10, and there has never been a more important time for a secure, reliable platform that can empower people to create, educate and communicate wherever they are.

which reminds me on the parallel universe of Donald Trump. Just to remember: We have had the first year of Windows 10 with forced upgrades from Windows 7/Windows 8.1 – and class action suites against Microsoft. And we have had the disaster with pulled Windows 10 Version 1809 and Windows 10 Version 1903. And we have a monthly update mess with Windows 10 – not to mention the latest move described in the blog post Windows 10 V1903/1909: Nag Screen ‘Let’s make Windows even better …’. Perhaps it’s the cultural gap between me, a sober European and an overwhelming US citizen. But writing ‘We are humbled that customers are … loving’ seems to me a total lost of reality.

This figure of 1 billion Windows 10 systems includes everything that could be swept together: PCs, laptops, Xbox One consoles and HoloLens devices. With a neutral presentation of the facts, I would now have congratulated Microsoft on this figure. But now I just link to the most embarrassing advertising statements I’ve personally ever read from Redmond.

Redmond has a duty, does they fulfill that?

Oh, and one more thing, from now on it’s time to slap Redmond on the wrist for every shit, they release. Because with 1 billion Windows 10 systems, Microsoft has an immense responsibility – and bullshit bingo is no longer tolerable. I’ve expressed some thoughts in my yesterday post The homemade structural IT crisis.

And we should also mentioned, that the 1 Billion Windows 10 system has been announced by Terry Myerson at BUILD 2015 for the year 2018. 

(Source: Microsoft)

It took 2 years longer to reach this value. Although I actually expected that Microsoft would go public with the number 1 billion in January 2020. That’s when the support for Windows 7 ended. It tool Microsoft another two months, until the figures seems to be clear. Mehdi also mentioned 17.8 Million Windows Insider testers – but that’s just a figure with no real impact (imho). I won’t write anything more about this number – everyone may answer the question what these numbers have brought to Windows 10 in terms of quality and bug fixes.

[German]On March 17, 2020, Microsoft released a monthly preview rollup for Windows 8.1 as well as optional updates for older Windows 10 versions (1607 up to 1809).

Updates for Windows 10

These are so-called C-Week Updates, which are released as optional updates in the third week of a month. A list of the updates can be found on this Microsoft website. I have extracted the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001 (if it is not up to date, check the Microsoft Update Catalog for Servicing Stack Updates). 

Update KB4541331 for Windows 10 Version 1809

Cumulative Update KB4541331 raises the OS build to 17763.11315. It contains improvements and bug fixes but no new operating system features. The following highlights are mentioned:

• Updates an issue that causes an error when printing to a document share. 
• Updates an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password. 
• Updates an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone. 
• Improves application and device compatibility with Windows updates.

Here is the list of improvements provided by this update:

• Addresses an issue that causes an error when printing to a document repository. 
• Addresses a drawing issue with the Microsoft Foundation Class (MFC) toolbar that occurs when dragging in a multi-monitor environment. 
• Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password. 
• Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast. 
• Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH. 
• Addresses an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone. 
• Addresses an issue with reading logs using the OpenEventLogA() function. 
• Addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is “The server’s clock is not synchronized with the primary domain controller’s clock.” 
• Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines. 
• Addresses an issue that causes authentication to fail when using Azure Active Directory and the user’s security identifier (SID) has changed. 
• Addresses an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS.<forest root domain> DNS zone. This occurs when DC computer names contain one or more uppercase characters. 
• Addresses an issue that causes authentication in an Azure Active Directory environment to fail and no error appears. 
• Addresses an issue that causes high CPU utilization when retrieving a session object. 
• Addresses high latency in Active Directory Federation Services (AD FS) response times for globally distributed datacenters in which SQL might be on a remote datacenter. 
• Improves the performance for all token requests coming to AD FS, including OAuth, Security Assertion Markup Language (SAML), WS-Federation, and WS-Trust. 
• Addresses a high latency issue in acquiring OAuth tokens when AD FS front-end servers and back-end SQL servers are in different datacenters. 
• Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname. 
• Addresses an issue to prevent SAML errors and the loss of access to third-party apps for users who do not have multi-factor authentication (MFA) enabled. 
• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
• Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) settings from roaming to enable the signature files that are used for new messages, forwarded messages, and replies.
• Addresses an issue with high CPU usage on AD FS servers that occurs when the backgroundCacheRefreshEnabled feature is enabled.  
• Addresses an issue that creates the Storage Replica administrator group with the incorrect SAM-Account-Type and Group-Type. This makes the Storage Replica administrator group unusable when moving the primary domain controller (PDC) emulator.
• Addresses an issue that prevents some machines from automatically going into Sleep mode under certain circumstances because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
• Addresses an issue that prevents some machines from running Microsoft Defender ATP Threat & Vulnerability Management successfully.
• Improves support for non-ASCII file paths for Microsoft Defender ATP Auto IR.

• Addresses an issue that, in some scenarios, causes stop error 0xEF while upgrading to Windows 10, version 1809.

This update is optional and must be downloaded and installed (after a search if necessary) in the Windows Update settings page. This update is also available in the Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system before you install the latest cumulative update (LCU). Microsoft lists a known problem. If a machine has the KB4493509 update installed, installing the update may cause the error code:

0x800f0982 = PSFX_E_MATCHING_COMPONENT_NOT_FOUND

when certain Asian Language Packs are installed. In this case, all subsequently installed Language Packs must be uninstalled and the cumulative update KB4493509 installed. Details can be found in the KB article. 

Microsoft has also released an update directly for the Windows Update Client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates have not been blocked by GPO.

Updates for Windows 10 Version 1507 till 1803

For Windows 10 RTM up to version 1803, various updates are available for the LTSC versions and, if necessary, the Enterprise versions. The Home and Pro versions, however, have been dropped from support. Here is a short overview.

• Windows 10 Version 1803: Update KB4541333 is only available for Enterprise and Education. The update raises the OS build to 17134.1399. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, also for known issues are may be found in the KBb article.
• Windows 10 Version 1709: Update KB4541330 is only available for Enterprise and Education. The update raises the OS build to 16299.1775. It includes the fixes mentioned in the KB article. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4541329 is now available only to Enterprise LTSC. The update raises the OS build to 14393.3595. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.

There was no update for other versions of Windows 10. Details about the above updates can be found in the respective Microsoft KB articles in case of doubt.

Updates for Windows 8.1/Windows Server 2012 R2

For Windows 8.1 and Windows Server 2012 R2 a Preview Monthly Rollup has been released. The update history for Windows 8.1 can be found on this Microsoft page. 

KB4541334 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4541334 (Preview of Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes from the latest updates and a preview of the following month’s updates. The Preview Update addresses the following issues.

Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.

This update is offered and installed via Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. In case of a manual installation, the latest Servicing Stack Update (SSU KB4540725) must be installed before. The update also has a known issue: 

Certain actions, such as renaming, that you perform on files or folders that are located on a Cluster Shared Volume (CSV) can cause the

“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”

fail. This occurs when you perform the action on a CSV owner node from a process that does not have administrator rights. See the KB article for details.

Similar articles:
Microsoft Office Patchday (March 2, 2020)
Microsoft Security Update Summary (March 10 2020)
Patchday: Updates für Windows 7/8.1/Server (March 10 2020)
Patchday Windows 10-Updates (March 10, 2020)
Patchday Microsoft Office Updates (March 10, 2020)

On March 18, 2020, Microsoft released the Windows 10 Insider Preview Build 19587 (20H2 development branch) for Insiders in the Fast Ring. In the Windows Blog, Microsoft lists the new features, bug fixes, and known issues of this build.