Microsoft has released cumulative update KB3194798 on October 11, 2016, for Windows 10 and Windows Server 2016. Some users are reporting serious install issues (update hung or will be rolled back).

KB3194798 stalls with error 0x800F0922 (Win Server 2016)

Some administrators are facing error 0x800F0922 during installing cumulative update KB3194798 (Windows 10 Version 1607). The update won’t download or stalls during installation. A Windows Server 2016 users has created this Technet forum thread, reporting error code 0x800F0922 during install. Uninstalling Remote Server Administration Tools (RSAT) has solved this update install issue.

Update KB3194798 download hung

Some users are reporting, that update KB3194798 for Windows 10 Version 1607 hangs during download at 0 %, 95% or other values. On my test machine the download hangs at 95 %. I read in a German blog that third party antivirus software – and also Windows Defender – can be the root cause. Deactivating Windows Defender shall helps. Also someone reported, that disabling the internet connections for a short time may helps.

Other users are reporting, that it helps to wait a couple of hours (some system took several hours to download and install the update). On my system, download has been finished 5 minutes after I deactivated real time protection in Windows Defender.

Update KB3194798: error 0x8007025D

It’s possible to download KB3194798 manually and try to install it. Some users are reporting an install error 0x8007025d. In this case a disc check or checking Windows (see Check and repair Windows system files and component store) may helps.

Update KB3194798: error 0x80073712

That error indicates a corrupted update store(ERROR_SXS_COMPONENT_STORE_CORRUPT). Use this Microsoft KB article to fix your system.

Microsoft has released yesterday build 14946 of Windows 10 Insider Preview for PC and Mobile devices in Fast Ring. The announcement has be made by Dona Sarkar at Windows Blog. Here’s what to know about this new preview build.

What’s new

Microsoft introduced some new featrues for precision touchpads. When you go into Settings > Devices > Touchpad, you will now find a section called “Other gestures”.

(Source: Microsoft)

In this section, you now have basic customization options for your three and four finger gestures. For taps, you can select between Cortana, Action Center, play/pause or middle mouse button, and for left/right swipes, you can select between switching apps or switching virtual desktops.

There is also an updated Wi-Fi Settings page – you can now select a time under “Turn Wi-Fi back on” to have it turn on automatically.WLAN-Einstellungen modifiziert

(Source: Microsoft)

Microsoft noticed also the following improvements an fixes for Windows 10 Insider Preview Build 14946.

• Optional components such as Hyper-V and Bash should remain installed after updating to this build.
• We have fixed the issue where signing into games that use Xbox Live would not work. You should be able to sign-in to Xbox Live in games in this build.
• We fixed the issue causing Microsoft Edge to sometimes crash on launch, or when you type in address bar or try to open a new tab. You no longer need to run the PowerShell script.
• We fixed the issue causing touch scrolling to be too sensitive in Windows 10 apps, such as Microsoft Edge.
• We fixed an issue where Explorer.exe would hang when attempting to open considerably large .MOV files.
• We fixed an issue that could result in the network icon occasionally getting into a state where a red X would display in the taskbar despite an active internet connection, until the device had been restarted.
• We fixed an issue where if the device’s brightness was automatically adjusted after being woken from sleep, the brightness level shown in the Action Center’s Brightness Quick Action might not reflect the current brightness of the device.
• We fixed an issue leading to Narrator not tracking focus on the Start Menu All apps list or tiles.
• We fixed an issue potentially resulting in the “Open with…” dialog displaying with two entries for Calculator after tapping the Calculator key on a keyboard or running the Calculator app.

There are other minor changes and fixes within this build.

Known issues for PC

If you have 3rd party antivirus products such as Bitdefender, Kaspersky Antivirus, F-Secure Antivirus and Malwarebytes installed on your PC – your PC might not be able to complete the update to this build and roll-back to the previous build.

Also, larger Windows Store games such as ReCore, Gears of War 4, Forza Horizon 3, Killer Instinct and Rise of the Tomb Raider may fail to launch. And PCs that are capable of Connected Standby (Surface Book, Surface Pro 4) may drop a bluescreen while in Connected Standby.

[German]Microsoft has introduced Windows as a service in Windows 10, so two or three times within a year, new feature upgrades are available. Upgrades will be installed automatically via Windows Auto-Update. But how to decode install errors, which prevents an upgrade?

Microsoft has published a few new details about decoding upgrade errors within a Technet article Resolve Windows 10 upgrade errors. Windows 10 is using a staged installation for feature upgrades , consisting of 4 steps – and an optional error step for rollback.

(Source: Microsoft)

The schema shown above details a successful upgrade installation. The upgrade installation consists of the following phases:

• Downlevel phase: Run within the previous operating system. Installation components are gathered.
• Safe OS phase: A recovery partition is configured and updates are installed. An OS rollback is prepared if needed. During this phase error codes like 0x2000C, 0x20017 are possible.
• First boot phase: Initial settings are applied. Errors within this phase are 0x30018, 0x3000D and so on.
• Second boot phase: Final settings are applied to the so called OOBE boot phase. During this phase, error codes like 0x4000D, 0x40017 may occur.
• Uninstall phase: This phase occurs if upgrade is unsuccessful. Within this stage error codes like 0x50000 may be dropped.

Using these error code may give a clue in which phase the error has been stopped the upgrade installation.

What to do, if an upgrade fails to install?

Microsoft gives also so hints what to do, if the installation of a feature upgrade fails.

• Check all hard drives for errors and attempt repairs. To automatically repair hard drives, open an elevated command prompt, switch to the drive you wish to repair, and type chkdsk /F. You will be required to reboot the computer if the hard drive being repaired is also the system drive.
• Attept to restore and repair system files by typing the commands sfc /scannow and DISM.exe /Online /Cleanup-image /Restorehealth at an elevated command prompt. For more information, see Repair a Windows Image and my blog post Check and repair Windows system files and component store.
• Update Windows so that all available recommended updates are installed and uninstall all third party antivirus software (Windows Defender protects your system during the upgrade).
• Uninstall all nonessential software and verify compatibility information for antivirus sand other software, before installing it after the upgrade.
• Remove nonessential external hardware, such as docks and USB devices and update firmware and drivers.
• Ensure that “Download and install updates (recommended)” is accepted at the start of the upgrade process.

And verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS.

How to decode upgrade error codes?

But the most important part of the blog post is the section dealing with error code decoding. Those error codes may be found within Windows event manager. Also the .log files created during upgrade, may give some hints about the error code created during upgrade. The the blog post details where to find this log files and explains also what’s in those files.

And at least, the Technet blog post discusses the anatomy of several error codes dropped during upgrade. This is an addendum to my blog post How to decode Windows errors?. 

• 0x800xyyyy: The digit 8 stands for a Win32 error (see also my blog post How to decode Windows errors?). The last four digits yyyy of the error code specifies the HRESULT code. I discussed within my blog post, linked above, how to find a description of these HRESULT codes,
• 0xC1900yyy: Errors with the digit C signals a NTSTATUS message, where the last four digits yyyy are detailing the root cause for the rollback.

Error code 0xC1900101 is a generic error, just reporting a rollback has been made. The reason for the rollback is given in the extended error code (like in 0xC1900101 – 0x4000D). The first digit within the extended error code  is a hex digit (the letter following the x) stands for the phase, where the rollback has been initiated.

The last two digits of the extended error code contains the details for the rollback cause. The following table contains the status codes published by Microsoft.

The Technet articles also contains a collection of error codes descriptions of common upgrade errors. Overall this Technet blog post is really helpful for people trying to shed light into an upgrade error. 

Similar blog posts
Windows 10 Wiki
Windows 10 Anniversary Update – FAQ and Tips
Windows 10 Anniversary Update trouble shooting
How to decode Windows errors?
Check and repair Windows system files and component store
Windows 10: Upgrade error 0xC1900101 – 0x20004
Windows 8 Upgrade: Troubleshooting and analysis
Windows 10: Update error 0x80070057
Windows 10: Rollback to Windows 8.1 is ‘missing’

Microsoft warns about October 2016 rollup update KB3192392 issued for Windows 8.1 and Windows Server 2012 R2. The rollup package contains a bug that kills System Center Operations Manager (SCOM) 2012 R2.

Rollup update KB3192392 (October 2016 security only quality update for Windows 8.1 and Windows Server 2012 R2) has been released at October 11, 2016. It closes several vulnerabilities (kernel mode drivers, Internet Explorer, authentication etc.) in Windows 8.1, and Windows Server 2012 R2.

On systems with System Center Operations Manager (SCOM) 2012 R2 installed, rollup update KB3192392 is causing SCOM crashes. In a technet post, Microsoft confirms the problem. The only workaround known till now is uninstalling rollup update KB3192392.

[German]Oracle  has released the quarterly update for JAVA, so Java SE 8 Update 111 and Update 112 are available. Both updates ships security fixes for vulnerabilities, that can be used within a browser. 

The fixed vulnerabilities are documented in Oracle’s Critical Patch Update Advisory – October 2016. Downloads for the new versions for Linux, OS X, Solaris and Windows may be obtained from this Oracle site.

Java SE 8 Update 111 is the version for end users. Java SE 8 Update 112 is a version for developers, which additionally contains some extended API support.

The release notes are available at this Oracle site. If JAVA isn’t used under Windows, my recommendation is, to uninstall JAVA SE via control panel.

Just a warning: If you are using the JAVA updater shown in the dialogs above, take care to uncheck the “Adware” offer (like the Yahoo start page) shown above.

Microsoft has released Preview Quality Rollups KB3192403 (Windows 7) and KB3192404 (Windows 8.1) on October 18, 2016.

The Preview Quality Rollups has been announced – see my blog post Windows 7/8.1-Update: What to expect from October onwards. Preview Quality Rollups contains non- and security relevant updates, that will be shipped in the next months rollup update. Now the Preview Quality Rollups has been released for the first time for Windows 7 SP1 and Windows 8.1 (and its corresponding Server variants).

Preview Quality Rollups KB3192403 for Windows 7

Update KB3192403 (October 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) will be offered via Windows Update, Microsoft Update Catalog and Microsoft Download. The Update history details what’s been fixed:

• Addressed issue with revised daylight saving time.
• Addressed issue that prevents pushed-printer connections and printer connections from trusted servers from being installed in Point and Print scenarios after installing MS16-087.
• Added a new Root Certificate type needed to support Catalog V2 for Windows 7 Embedded systems.
• Improved support to specify proxy and enable upload of telemetry and download of settings in an authenticated proxy environment.

The package contains fixes for rollup KB3185330 from October 11, 2016. Also this update adds new diagnose- and telemetry services. Details are available at Microsoft’s site KB3192403.

32-Bit-Windows 7 Download
64-Bit-Windows 7 Download

x64 Windows Server 2008 R2 Download
IA-64 Windows Server 2008 R2 Download

Preview Quality Rollups KB3192404 for Windows 8.1

Update KB3192404 (October 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2) is available via Windows Update, Microsoft Update Catalog and via Microsoft Download Center. The Update history lists fixes for the following issues:

• Addressed issue with a shared drive that becomes unavailable and takes up to 20 minutes to recover. 
• Addressed issue with memory leaks that occur in the ISCSI WMI Provider. The WMI service fails to perform certain WMI queries, and the provider terminates, which can cause an outage.
• Addressed issue where printing from some applications is not possible when the cached entry for the network printer is not available in the client side rendering (CSR) registry key. The error message is “Startdocprinter Call was not issued”.
• Improved support for networks by adding new entries to the Access Point Name (APN) database.
• Addressed issue that prevents pushed-printer connections and printer connections from trusted servers from being installed in Point and Print scenarios after installing MS16-087.
• Addressed issue with revised daylight saving time.
• Addressed issue with Version 2.0 Performance Counters that don’t return data for a clustered Microsoft Message Queuing (MSMQ) resource after the resource fails over. 
• Addressed issue where a client with an Internet Protocol (IP) reservation receives options with incorrect values from the Dynamic Host Configuration Protocol (DHCP) server or options are missing. The option for BootFileName is missing, which means the client won’t boot from the correct boot file. 
• Addressed issue where inbound replication on domain controllers is blocked with Error 8409 “A database error has occurred”, after the Tombstone Lifetime (or the Recycle Bins DelLifetime) is expired for a deleted Active Directory object having about 100,000 links or more.
• Addressed issue where client queries for Canonical Name records (CNAMEs) that point to Delegation Name records (DNAMEs) sporadically fail in a two tier (caching -> authoritative server) arrangement. 
• Addressed issue where syncing a recycled Active Directory object causes “Server for NIS” service to crash. This issue typically is only applicable to the domain controller servers where Server for NIS is installed and Active Directory Recycle Bin is also configured. 
• Addressed issue where LSASS would consume 100% CPU on domain controller role machines due to the intersecting of large database indexes when handling a search request from LDAP clients. 
• Addressed issue where the integration of Office 365 with Windows Server Essentials 2012 R2 fails due to an insufficient output buffer that blocks the retrieval of Office 365 subscriptions.
• Addressed issue where Microsoft Distributed Transaction Coordinator (MS DTC) is restarted and SQL Server instances might not be able to reconnect to MS DTC successfully. Therefore, distributed transactions might fail with an error message until you restart the SQL server instances.
• Addressed issue where the user profile disk (UPD) does not get unmounted when a user logs off. Therefore, users get temporary profiles and are not able to work with their own profiles during their next logon. The Event ID 20491 with a description of “Remote Desktop Services could not disconnect a user disk for the user account with a SID of <SID>. The error code is 0xAA.93” will be logged. 
• Addressed issue with weekly scheduled tasks failing to execute. Error: ERROR_REQUEST_REFUSED (0x800710e0). 
• Addressed issue where virtual machines (VMs) on a Hyper-V failover cluster causes instability and crashes.
• Improved the upload of telemetry and download of telemetry settings in an authenticated proxy environment.

The package fixes some issue in October Rollup KB3185331 and adds newdiagnose- and telemetry services. Details are published at KB3192404.

32-Bit-Windows 8.1 Download
64-Bit-Windows 8.1 Download

x64 Windows Server 2012 R2 Download

Similar articles:
Microsoft October 2016 Patchday Summary
Windows 7/8.1-Update: What to expect from October onwards
Windows 10 Update KB3194798 install issues
Windows 10: Analyze upgrade errors
Microsoft’s warning about Oct update KB3192392
Microsoft: Installing Windows Updates – just trust us …
Windows 10 V 1607 fails with Windows Update error 0x80D05001
No support for new Intel CPUs in Windows 10 LTBS
Fix for faulty Windows 10 Update KB3194496 & new Update KB3197356

Oracle has released Virtualbox Version 5.1.8, which is a maintenance release of this virtualization software for Windows , Linux and Mac OS.

The change log list the following fixes and improvements for Virtualbox 5.1.8.

• GUI: fixed keyboard shortcut handling regressions (Mac OS X hosts only; bugs #15937 and #15938)
• GUI: fixed keyboard handling regression for separate UI (Windows hosts only; bugs #15928)
• NAT: don’t exceed the maximum number of “search” suffixes. Patch from bug #15948.
• NAT: fixed parsing of port-forwarding rules with a name which contains a slah (bug #16002)
• NAT Network: when the host has only loopback nameserver that cannot be mapped to the guests (e.g. dnsmasq running on 127.0.1.1), make DHCP supply NAT Network DNS proxy as nameserver.
• Bridged Network: prevent flooding syslog with packet allocation error messages (bug #15569)
• Audio: now using Audio Queues on Mac OS X hosts
• Audio: fixed recording with the PulseAudio backend (5.1 regression)
• Audio: various bugfixes
• Snapshots: fixed regression in 5.1.4 for deleting snapshots with several disks (bug #15831)
• Snapshots: crash fix and better error reporting when snapshot deletion failed
• Storage: some fixes for the NVMe emulation with Windows guests
• API: fixed initialization of SAS controllers (bug #15972)
• Build system: make it possible to build VBox on systems which default to Python 3
• Windows hosts: detect certain cases of REGDB_E_CLASSNOTREG errors and print a helpful error message
• Windows hosts: adapted to changes in Windows 10 build 14901 (bug #15944)
• Windows hosts: better support for processor groups on Windows 7 and later which is required on certain hosts with many CPUs
• Windows installer / Additions: added option to prevent creating of start menu items (bug #15922)
• Windows Additions / VGA: if the guest’s power management turns a virtual screen off, blank the corresponding VM window rather than hide the window
• Windows Additions: fixed a generic bug which could lead to freezing shared folders (bug #15662)
• Linux hosts / guests: fix for kernels with CONFIG_CPUMASK_OFFSTACK set (bug #16020)
• Linux Additions: don’t require all virtual consoles be in text mode. This should fix cases when the guest is booted with a graphical boot screen (bug #15683)
• Linux Additions: added depmod overrides for the vboxguest and vboxsf kernel modules to fix conflicts with modules shipped by certain Linux distributions
• X11 Additions: disable 3D on the guest if the host does not provide enough capabilities (bug #15860)

Virtualbox is free for private use on Windows, Mac OS and Linux and may be downloaded here. Note that also an updated version of Oracle VM VirtualBox Extension Pack is required.

[German]Finally Microsoft has removed the ActiceX dependency in Microsoft Update Catalog. So you can use nearly any browser beside Internet Explorer to access Microsoft Update Catalog.

In the past, visiting the Microsoft Update Catalog website in other browsers like Google Chrome or Firefox, ends with a message, that only Internet Explorer is supported. But Microsoft has announced in August 2016 within this Technet blog post, that they will removing the ActiveX requirements.

Microsoft Update Catalog

The Microsoft Update Catalog website is being updated to remove the ActiveX requirement so it can work with any browser. Currently, Microsoft Update Catalog still requires that you use Internet Explorer. We are working to remove the ActiveX control requirement, and expect to launch the updated site soon.

Now the Microsoft Update Catalog website doesn’t depends on ActiveX anymore. Visiting the site in Google Chrome Browser shows this page.

Entering the KB number into the search box allows to search for the update package. After clicking Search, the related results are listed.

Just click the Download button, to open the windows shown below. This windows contains also the download link for the .msu file.

What has been removed is the old ActiveX feature to collect several update packages within a bag and download it at one time. Also accessing the Microsoft Update Catalog creates an error, if cookies are blocked within the browser. Overall it’s a nice change allowing to use other browsers to download items from Microsoft Update Catalog.

Microsoft has released Preview Quality Rollup KB3192406 for Windows Server 2012 on October 18, 2016.

Update KB3192406 (October 2016 Preview of Monthly Quality Rollup for Windows Server 2012) is available via Windows Update, Microsoft Update Catalog and via Microsoft Download Center. The Update history lists the following fixes:

• Addressed issue that causes high CPU usage whenever a significant number of files are opened simultaneously and folders are being renamed.
• Addressed issue with revised daylight saving time.
• Addressed issue where some DFS namespace reparse points that are in the DFS server’s root share are unexpectedly deleted during a full synchronization with the Primary Domain Controller (PDC). 
• Improved the reliability of Windows Kernel.
• Addressed issue that prevents pushed-printer connections and printer connections from trusted servers from being installed in Point and Print scenarios after installing MS16-087.

The update fixes also the issue, that update KB2979933 is gone lost during installation of update KB3084426.

Microsoft has released on C-patchday (10/18/2016) cumulative updates for several Windows 10 builds. These updates fixes some issues – especially the SCOM bug.

After shipping security patch MS16-126 on October 11, 2016, administrators are reporting crashes of System Center Operations Manager Management Console (SCOM). Microsoft has confirmed this within the technet blog post System Center Operations Manager Management Console crashes after you install MS16-118 and MS16-126. The two cumulative updates listed below are fixes this SCOM crashes after installing update KB3192440.

Update KB3200068 for Windows 10 Version 1511

Update KB3200068 (Cumulative Update for Windows 10 Version 1511: October 18, 2016) contains fixes for several issues and replaces update KB3192441. The installation requires a restart. The patch addresses the following issues:

• Fix for SCOM crash caused by KB3192440.
• After you install KB3185319 and set Microsoft Internet Explorer 11, Internet Explorer 10, or Internet Explorer 9 as the default browser, you receive a File Download – Security Warning prompt when you try to access the Favorites menu.

The update is available via Microsoft Update Catalog. The size is 549 MB (x86) and 1.057 MB (x64).

Update KB3199125  for Windows 10 RTM

Also update KB3199125 (System Center Operations Manager management console crashes after you install KB3192440 in Windows 10) addresses the SCOM crash after installing update KB3192440. The update is available via Windows Update and via Microsoft Update Catalog. The installation requires a restart.

Microsoft has updated article System Center Operations Manager Management Console crashes after you install MS16-118 and MS16-126 and describes the hotfix.

[German]Windows Live Essentials 2012 will be retired at January 10, 2017, because the end of live has been reached.

Windows Live Essentials is a suite containing several programs Windows Live Mail, Windows Live Writer, Windows Movie Maker, Windows Live Photo Gallery etc. Microsoft Windows Live Essentials has been available for free in several versions 2009, 2011, 2012. Especially  Windows Live Mail has been rather popular in Windows 7, because Microsoft didn’t ships a Mail client. Also Movie Maker has been the first choice for several video enthusiasts. I’m using Windows Live Writer to create my blog posts.

But since Windows Live Essentials 2012 release, the development has been frozen Windows Live Writer has been released as Open Source. Now some US tech sites pointing out, that Windows Live Essentials will be discontinued from January 2017 (see release notes on this Microsoft site). After January 10, 2017 Windows Live Essentials 2012 web installer download will be removed. So users can’t install Windows Live Essentials 2012 anymore. Already installed modules are still working after that date.

My tip: If you plan to use Windows Live Essentials 2012 after January 2017, download the standalone full installer wlsetup-all.exe from here (see also Scott Hanselmann’s blog post here).

Microsoft has released this night Windows 10, Build 14951, as Insider Preview for PCs and mobile devices in fast ring. The announcement has been made from Dona Sarkar within the Windows-Blog.

Build 14951 comes with several improvements and some new features. Last week we have had Build 14946 with some improvements for precision touchpads (see Windows 10 Insider Preview Build 14946 in Fast Ring). Now Microsoft has refined this functionality. A shortcut picker allows to record keyboard shortcuts in the Advanced gestures page. Also gestures to change audio and volume options are implemented, and the reset button to now has a progress circle and display a check mark when it is finished.

(Quelle: Microsoft)

Windows Ink Improvements (PC): Microsoft has added several improvements; Windows Ink Workspace has pen dropdowns that will let change both color and width. Microsoft also introducing Stencils. Windows Ink protractor tool combines functions of both protractor and compass into one. The Photo app comes with inking additions. Details like Ubuntu 16.04 Support or the possibility to launch Windows binaries from Windows Subsystem for Linux (WSL) may be found in Microsoft’s blog post.

Other improvements and fixes for PC

• Microsoft fixed the issue causing PCs that are capable of Connected Standby such as the Surface Book and Surface Pro 4 to sometimes bugcheck (bluescreen) while in Connected Standby.
• Am issue resulting in Forza Horizon 3, Gears of War (and some 3rd party games) failing to install from the Store with the error code 0x80073cf9 when the system’s app install location was set to drive with native 4k Sectors (or 4k sector sized drive) has been fixed.
• Microsoft fixed an issue resulting in larger Store games such as ReCore, Gears of War 4, Forza Horizon 3, Killer Instinct and Rise of the Tomb Raider possibly failing to launch.
• Microsoft fixed an issue where the console window (which hosts Command Prompt, PowerShell, and other command-line utilities) might not snap correctly to the inside edges between two monitors with different DPI scaling.
• Microsoft fixed an issue where all agenda items in the taskbar’s Clock and Calendar flyout were using the primary calendar’s color, rather than matching their respective calendar’s colors as selected in the Outlook Calendar app.
• Microsoft fixed issue where the Add PIN button in Settings > Accounts > Sign-in Options was sometimes unexpectedly greyed out for domain-joined devices.
• Microsoft fixed an issue resulting in Groove crashing if you tried to reorder the songs in a very large playlist.
• Microsoft has updated our migration logic to now include custom scan code mappings. That means that going forward from this build, if you’ve used Registry Editor to remap certain keys (for example, Caps Lock key to null), that change will persist across upgrades.
• Microsoft fixed an issue Insiders may have experienced resulting in Adobe Photoshop Express crashing after clicking on the ‘correct’ button when trying to edit a cropped image.
• Microsoft fixed an issue resulting in .csv or .xlsx files downloaded from Microsoft Edge sometimes unexpectedly appearing to be locked for editing by “another user” when SmartScreen was enabled.
• We fixed an issue where enabling the RemoteFX adaptor for a Virtual Machine would result in it failing to power on with the error ‘Unspecified error’ (0x80004005).

Known issues for PC

• Signing into apps such as Feedback Hub, Groove, MSN News, etc. with your Microsoft Account if you sign out or get signed out of these apps will not work. If this happens to you and you cannot sign in to Feedback Hub, you can send us feedback via the forums.
• You may experience a crash while using the protractor in Sketchpad – we’re working on a fix.
• If you have a 3rd party antivirus product installed on your PC – your PC might not be able to complete the update to this build and roll-back to the previous build.

[German]Some Windows updates are installed as permanent and doesn’t offer an uninstall option. This blog post shows how to force uninstalling such update packages (works from Windows 7 up to Windows 10).

The problem is …

If an update causes issues, it’s possible to open control panel, go to Programs and Features and select Installed updates. All installed updates are listed.

Selecting an update shows an Uninstall button (see screenshot above). If an update causes issues, it’s possible to uninstall it and test, whether the issues are solved of not. But for some update packages, an Uninstall button isn’t available. I was becoming aware of this after installing servicing stack update KB3177467 (from October 11, 2016). Some users are reporting issues. Investigating the update mentioned indicates, that there is no Uninstall button for the patch entry in Installed updates list (see screenshot below).

Microsoft has published a document explaining, in which cases a patch isn’t uninstallable. The options available are “try to rollback the system in a state before installing the update using either system restore or a system backup”. But what to do, if that options are not available?

Why and how Microsoft makes updates uninstallable?

Some updates are essentials for Windows and are integrated deeply into the system. Servicing Stack updates are mandatory to install further updates – also installer updates are uninstallable. Microsoft declares such updates as “permanent” within the .msu file, while ordinary update packages are quoted as “removable”. Sometime a KB article mentions that the update is uninstallable (see).

Controlling whether an update is permanent or removable is done within .mum files (mum stands for Microsoft Update Manifest) shipped whithin a .msu package. A .mum may be found after installing an update with the folger C:\Windows\servicing\Packages\.

.mum files are simple XML files containing information about the update (KB numer, language requirements, restart after installation required and so on – see the screenshot below).

The XML attribute permanency=”permanent” quotes an update as not uninstallable, while a missing attribute or an XML attribut value permanency=”removable” quotes an update as uninstallable. Only updates with a missing or permanency=”removable” attribute are uninstallable via control panel or via dism (Windows 8 and above).

I found this information here (too short) and within a MS-Answers forum thread (post from PhilipdayWF).

Stop: Uninstalling updates quoted as “permanent” bears the risk, that further updates can’t be installed due to serious errors like STATUS_SXS_COMPONENT_STORE_CORRUPT – see comments from magicandre1981 here and here. Hints to analyze Update errors based on Servicing Corruption may be found within the Technet post Advanced guidelines for diagnosing and fixing servicing corruption. Analyzing update errors is covered here. Some information about the structure of .msu and .cab files may be found here.

How to mark an update package as ‘uninstallable’?

After I’ve warned about the risk of uninstalling uninstallable updates (create a restore point or an image backup before trying the steps given below) it’s time to use the know how, discussed above. We need to open the update`s .mum file and change the XML attribute permanency=”permanent” to “removable”. This can be done using Windows editor notepad.exe.

There is only one problem: Only TrustedInstaller has full access to .mum files. The web site linked above indicates that the access rights needs to be altered for the .mum file in order to edit its content. But this is complex (it can be done via Security tab of the file’s properties) and under Windows 7 I was ending assigning the ownership of a .mum file to group Users. Overall I don’t like to alter system files access rights.

A solution to avoid the access right conflict is to run Windows editor notepad.exe with TrustedInstallers credentials.

1. Go to website sodrum.org and download the portable freeware PowerRun, unpack the ZIP archive to a local folder.

2. Launch PowerRun (Smartscreen filter creates a warning, that the tool is unknown, so you need to confirm and also confirm UAC), select notepad.exe, and click the context menu command Run file.

3. Select in notepad’s window File – Open and set the file filter to All files (*.*).

4. Navigate in the open dialog box symbol bar to folder C:\Windows\servicing\Packages.

5. Enter the search expression into the search box (for instance KB3177467*.mum), to filter the relevant files.

6. Select the first .mum file found and click the Open button to load the .mum file.

7. Seach the entry permanency=”permanent” and change it to permanency=”removable”

8. Store the altered .mum file – this should be possible, because Windows editor runs with TrustedInstaller privileges.

9. Repeat the steps give above for all .mum files associated with the update package (the screenshots given above for Windows 7 Servicing Stack update KB3177467 shows 3 .mum files).

After altering all .mum files, you can try to uninstall the package using control panel. Go to Programs and Features and select Installed updates. Select the update package, and now an Uninstall button should be available. Uninstall the package and test, whether the issues are gone. Uninstalling also should be possible within an administrative console window using the following command:

wusa /uninstall /kb:3177467 /quiet /norestart

where 3177467 stands for the KB number of the update (see here and here). This approach should work in all Windows versions from Windows 7 up to Windows 10. Afterward it’s possible to check the system for damaged system files using sfc /scannow (Windows 7) within an administrative command prompt window. From Windows 8 and up use the article Check and repair Windows system files and component store.

Warning: Use the steps given above as a “last shot” (if system restore isn’t available) at your own risk. In best case you can fix an issue caused by the faulty update. In worst case you ruins your Windows installation, because without the uninstalled update further updates can’t be installed due to an STATUS_SXS_COMPONENT_STORE_CORRUPT error.

Similar articles
Windows 7/8.1: Preview Quality Rollups KB3192403/KB3192404
Microsoft Update Catalog finally supports different browsers
Windows 10: Analyze upgrade errors
How to decode Windows errors?
Windows 10: Open command prompt window as administrator
Check and repair Windows system files and component store

Adobe has discovered a serious vulnerability within it Flash Player and has issued an out-of-band security update. Also Microsoft has issued security updates for Windows 8.1 and Windows 10.

Adobe Flash Player Update

Adobe reported in Security Bulletin APSB16-36 (October 26, 2016) the following Flash-Player versions as outdated and vulnerable.  

The installed Flash version may be checked on this Adobe website. If Flash has been installed manually (Windows Vista, Windows 7, Linux, Mac OS), auto-update shall install the newest version. The table below shows the newest Flash Player versions for different platforms. 

Microsoft Security Update for Flash (10/27/2016)

Also Microsoft has released an extraordinary security update to fix the vulnerability within Adobe Flash Player in Windows 8.1, Windows 10, and in the corresponding Server variants.

MS16-128: Security Update for Adobe Flash Player (3201860)

This critical security update resolves a vulnerability in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

  – Affected Software:
    – Windows 8.1 for 32-bit Systems:
      – Adobe Flash Player
    – Windows 8.1 for x64-based Systems:
      – Adobe Flash Player
    – Windows Server 2012:
      – Adobe Flash Player
      (Windows Server 2012 Server Core installation not affected)
    – Windows Server 2012 R2:
      – Adobe Flash Player
      (Windows Server 2012 R2 Server Core installation not affected)
    – Windows RT 8.1:
      – Adobe Flash Player
    – Windows 10 for 32-bit Systems:
      – Adobe Flash Player
    – Windows 10 for x64-based Systems:
      – Adobe Flash Player
    – Windows 10 Version 1511 for 32-bit Systems:
      – Adobe Flash Player
    – Windows 10 Version 1511 for x64-based Systems:
      – Adobe Flash Player
    – Windows 10 Version 1607 for 32-bit Systems:
      – Adobe Flash Player
    – Windows 10 Version 1607 for x64-based Systems:
      – Adobe Flash Player
  – Impact: Remote Code Execution
  – Version Number: 1.0

Update KB3201860 shall be distributed via Windows Update or WSUS, may also be downloaded here. If you use Google Chrome, check also for a browser update.

[German]A new security vulnerability in Adobe Flash has been closed by Adobe with a Flash player update (see Important: Updates for Flash player (10/27/2016)). Now Microsoft also released a Flash security update for Windows 8.1, Windows 10, and corresponding Windows Server versions.

MS16-128: Security Update for Adobe Flash Player (3201860)
This security update fixes a critical vulnerability in Adobe Flash in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, und Windows 10.

  – Affected Software:
    – Windows 8.1 for 32-bit Systems:
      – Adobe Flash Player
    – Windows 8.1 for x64-based Systems:
      – Adobe Flash Player
    – Windows Server 2012:
      – Adobe Flash Player
      (Windows Server 2012 Server Core installation not affected)
    – Windows Server 2012 R2:
      – Adobe Flash Player
      (Windows Server 2012 R2 Server Core installation not affected)
    – Windows RT 8.1:
      – Adobe Flash Player
    – Windows 10 for 32-bit Systems:
      – Adobe Flash Player
    – Windows 10 for x64-based Systems:
      – Adobe Flash Player
    – Windows 10 Version 1511 for 32-bit Systems:
      – Adobe Flash Player
    – Windows 10 Version 1511 for x64-based Systems:
      – Adobe Flash Player
    – Windows 10 Version 1607 for 32-bit Systems:
      – Adobe Flash Player
    – Windows 10 Version 1607 for x64-based Systems:
      – Adobe Flash Player
  – Impact: Remote Code Execution
  – Version Number: 1.0

Security update KB3201860 are distributes via Windows Update, and can also be downloaded here.

[German]Google published a previously publicly-unknown vulnerability in Windows kernel and closes it in Google Chrome browser.

Google has discovered and reported at 10/21/2016 two 0-day vulnerabilities — previously publicly-unknown vulnerabilities – to Adobe and Microsoft. The Adobe Flash vulnerability has been patched by Adobe (see Important: Updates for Flash player (10/27/2016)) and Microsoft (see Microsoft Flash security update for Windows (10/27/2016)).

Now Google has revealed some insides. The Flash vulnerability has been discovered by Google’s project zero and has been reported at 10/21/2016 to Adobe. After a 10 day period Google has made this issue public and mentioned that Google Chrome updates the integrated Flash player.

Much more of interest is the 2nd part of Googles annoncement: There is also a critical vulnerability in Windows, that is actively used in the wild. So Google also released the information. The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape.

Google writes, that it can be triggered via the win32k.sys system call NtSetWindowLongPtr(), if the index GWLP_ID on a window handle with GWL_STYLE is set to WS_CHILD. Sounds pretty esoteric to end users. But in brief: There is a vulnerability in Windows kernel and it’s used in the wild. Google has hardened the Google Chrome browser (Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability). So be careful, which browser you use in Windows 10, until Microsoft issued a patch for this vulnerability.

BTW: here is Microsoft’s statement (via)

“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” a Microsoft spokesperson told VentureBeat. “Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”

Sources close to Google told venturebeat also, that the mitigation requires an unpatched Flash Player. So, we have to wait, use Google Chrome, and see, what’s Microsoft has in stack.

Microsoft has released a couple of security updates for Windows at November patchday. Also CVE-2016-7255 reported by Google has been fixed. Here is an overview.

Critical security updates (November 2016)

MS16-129: Cumulative Security Update for Microsoft Edge (3199057)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

This security update is rated Critical for Microsoft Edge on Windows 10 and Windows Server 2016. The update addresses the vulnerabilities by:

• modifying how Microsoft browsers handles objects in memory
• changing how the XSS filter in Microsoft browsers handle RegEx
• modifying how the Chakra JavaScript scripting engine handles objects in memory
• correcting how the Microsoft Edge parses HTTP responses

MS16-130: Security Update for Microsoft Windows (3199172)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.

This security update is rated Critical for all supported releases of Microsoft Windows. The security update addresses the vulnerabilities by:

• Correcting how the Windows Input Method Editor (IME) loads DLLs.
• Requiring hardened UNC paths be used in scheduled tasks.

MS16-131: Security Update for Microsoft Video Control (3199151)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

MS16-132: Security Update for Microsoft Graphics Component (3199120)
This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-141: Security Update for Adobe Flash Player (3202790)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-142: Cumulative Security Update for Internet Explorer (3198467)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Important security updates (November 2016)

MS16-133: Security Update for Microsoft Office (3199168)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-134: Security Update for Common Log File System Driver (3193706)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context.

MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-136: Security Update for SQL Server (3199641)
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

MS16-137: Security Update for Windows Authentication Methods (3199173)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests.

MS16-138: Security Update to Microsoft Virtual Hard Disk Driver (3199647)
This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

MS16-139: Security Update for Windows Kernel (3199720)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.

MS16-140: Security Update for Boot Manager (3193479)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.

More Details may be found at Microsoft’s site Microsoft Security Bulletin Summary for November 2016.

Similar articles
Rollup Updates KB3197867, KB3197868 (Windows 7), and KB3197873, KB3197874 (Windows 8.1)

Microsoft has released cumulative updates KB3200970 (Windows 10 Version 1607), KB3198586 (Windows 10 Version 1511), and KB3198585 (Windows 10 RTM). This updates are also available for Windows Server 2016.

An overview may be found at Microsoft’s web site Windows 10 and Windows Server 2016 update history.

Update KB3200970 for Windows 10 Version 1607

Cumulative update KB3200970 changes the build number for Windows 10 Version 1607 to 14393.447. This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include:

• Improved the reliability of multimedia audio, Remote Desktop, and Internet Explorer 11.
• Addressed issue that prevents users from connecting to a virtual private network (VPN).
• Addressed issue with a scheduled task that doesn’t run in Task Scheduler after reenabling.
• Addressed issue to update the Access Point Name (APN) database.
• Addressed issue with Japanese characters that are missing when converted by the Input Method Editor.
• Addressed issue with the system tray showing no Wi-Fi connection even when Wi-Fi is present.
• Addressed issue with Windows devices that disconnect from the Internet prematurely before users can complete their paid Wi-Fi purchase.
• Addressed issue to update the new Belarusian ruble symbol to Br and the new ISO 4217 code to BYN.
• Addressed additional issues with multimedia, Windows kernel, packaging release management, authentication, Microsoft Edge, Internet Explorer 11, Remote Desktop, Active Directory, wireless networking, Windows shell, graphics, enterprise security, and Microsoft HoloLens.
• Security updates to Boot Manager, Windows operating system, kernel-mode drivers, Microsoft Edge, Internet Explorer 11, Microsoft Virtual Hard Drive, Common Log File System driver, Microsoft Video Control, Common Log File System driver, Windows authentication methods, Windows File Manager, and the Microsoft Graphics Component.

More information about the complete list of affected may be read at KB3200970.

Update KB3198586 for Windows 10 Version 1511

Cumulative update KB3198586 changes the build number of Windows 10 Version 1511 to 10586.679. This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include:

• Improved the reliability of the Windows shell, Microsoft Edge, and Internet Explorer 11.
• Addressed issue with Japanese characters that are missing when converted by the Input Method Editor.
• Addressed issue with systems that randomly stop applying UNC Hardening group policy, leaving systems vulnerable until restarted.
• Addressed issue with proxy authentication that causes Windows Update downloads to fail.
• Addressed issue that prevents users from accessing network resources after logon after they’ve installed KB3185614.
• Addressed issue with point rendering in Internet Explorer 11 and Microsoft Edge.
• Addressed issue where users can’t navigate to Internet sites when a network is configured to use Web Proxy Auto Discovery (WPAD).
• Addressed issue where users can’t access Microsoft Store in an authenticated proxy environment.
• Addressed additional issues with enterprise security, Internet Explorer 11, Remote Desktop, datacenter networking, Windows shell, filter driver, the Access Point Name (APN) database, and wireless networking.
• Security updates to the Windows operating system, kernel-mode drivers, Microsoft Edge, Boot Manager, Internet Explorer 11, Common Log File System driver, Microsoft Virtual Hard Drive, Microsoft Video Control, Windows authentication methods, Windows File Manager, OpenType, and the Microsoft Graphics Component.

More information about the complete list of affected may be read at KB3198586. 

Update KB3198585 for Windows 10 (RTM)

Cumulative update KB3198585 changes the build number of Windows 10 RTM to 10240.17190. This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: 

• Addressed issue to update the Access Point Name (APN) database.
• Addressed issue with deadlocks occurring after a user password reset.
• Addressed issue with point rendering in Internet Explorer 11 and Microsoft Edge.
• Addressed issue with Japanese characters that are missing when converted by the Input Method Editor.
• Addressed additional issues with filter drivers, enterprise security, Windows shell, and Internet Explorer 1.
• Security updates to the Windows OS, Microsoft Edge, Internet Explorer 11, Windows File Manager, Microsoft Graphics Component, Windows authentication methods, kernel-mode drivers, Microsoft Virtual Hard Drive, Microsoft Video Control, OpenType, and the Common Log File System driver.

More information about the complete list of affected may be read at KB3198585. Details about the security bulletins may be found within my blog post Microsoft Patchday November 8, 2016.

Similar articles

Microsoft Patchday November 8, 2016
Rollup Updates KB3197867, KB3197868 (Windows 7), and KB3197873, KB3197874 (Windows 8.1)

Microsoft has released a couple of Rollup updates for Windows 7, Windows 8.1 and the corrospending Server variants at November 8, 2016. Here are the details, what’s inside.

Windows 7 Update KB3197867 (Security-only update)

According to Microsoft’s Update-History this update includes only security updates for Windows 7 and Windows Server 2008 R2 SP1. No new operating system features are being introduced in this update. Key changes include:

• Security updates to Microsoft Graphics Component, kernel-mode drivers,
• Microsoft Video Control, Common Log File System driver,
• Windows authentication methods, Windows operating system,
• Windows File Manager, Windows registry, OpenType,
• Internet Explorer 11, and Windows Component.

A list of affected files may be found at KB3197867 – here is the list of security patches included.

• MS16-142 Cumulative security update for Internet Explorer
• MS16-139 Security update for Windows kernel
• MS16-137 Security update for Windows authentication methods
• MS16-135 Security update for Windows kernel-mode drivers
• MS16-134 Security update for common log file system driver
• MS16-132 Security update for Microsoft graphics component
• MS16-131 Security update for Microsoft Video Control
• MS16-130 Security update for Microsoft Windows

Details about the security patches may be found at Microsoft Security Bulletin Summary for November 2016.

Windows 7 Update KB3197868 (Monthly Rollup)

According to Microsoft’s Update-History this update includes security updates and quality improvements Windows 7 and Windows Server 2008 R2 SP1. No new operating system features are being introduced in this update. Key changes include: 

• Security updates to Microsoft Graphics Component, kernel-mode drivers,
• Microsoft Video Control, Common Log File System driver,
• Windows authentication methods, Windows operating system,
• Windows File Manager, Windows registry, OpenType,
• Internet Explorer 11, and Windows Component.

A list of affected files may found at KB3197868 – here is the list of security patches included.

• MS16-142 Cumulative security update for Internet Explorer
• MS16-139 Security update for Windows kernel
• MS16-137 Security update for Windows authentication methods
• MS16-135 Security update for Windows kernel-mode drivers
• MS16-134 Security update for common log file system driver
• MS16-132 Security update for Microsoft graphics component
• MS16-131 Security update for Microsoft Video Control
• MS16-130 Security update for Microsoft Windows

Details about the security patches may be found at Microsoft Security Bulletin Summary for November 2016.

Windows 8.1  KB3197873 (Security-only update)

According to Microsoft’s Update-History this update includes only security updates for Windows 8.1 und Windows Server 2012 R2. No new operating system features are being introduced in this update. Key changes:

• Security updates to Microsoft Graphics Component, kernel-mode drivers,
• Microsoft Video Control, Common Log File System driver,
• Windows authentication methods, Windows operating system,
• Windows File Manager, Windows registry, OpenType,
• Internet Explorer 11, and Windows Component.

A list of affected files may be found at KB3197873 – here is the list of security patches included.

• MS16-142 Cumulative security update for Internet Explorer: November 8, 2016
• MS16-140 Security update for boot manager: November 8, 2016
• MS16-138 Security update to Microsoft virtual hard drive: November 8, 2016
• MS16-137 Security update for Windows authentication methods: November 8, 2016
• MS16-135 Security update for Windows kernel-mode drivers: November 8, 2016
• MS16-134 Security update for common log file system driver: November 8, 2016
• MS16-132 Security update for Microsoft graphics component: November 8, 2016
• MS16-131 Security update for Microsoft Video Control: November 8, 2016
• MS16-130 Security update for Microsoft Windows: November 8, 2016

Details about the security patches may be found at Microsoft Security Bulletin Summary for November 2016.

Windows 8.1 KB 3197874 (Monthly Rollup)

According to Microsoft’s Update-History this update includes security updates and quality improvements for Windows 8.1 und Windows Server 2012 R2. No new operating system features are being introduced in this update. Key changes include: 

• Security updates to Boot Manager, Microsoft Video Control, Common Log File System driver, Microsoft Edge, Microsoft Graphics Component,
• Windows authentication methods, kernel-mode drivers,
• Windows operating system, OpenType, Microsoft Virtual Hard Drive, and Internet Explorer 11.

A list of affected files may be found at KB3197874 – here is the list of security patches included.

• MS16-142 Cumulative security update for Internet Explorer: November 8, 2016
• MS16-140 Security update for boot manager: November 8, 2016
• MS16-138 Security update to Microsoft virtual hard drive: November 8, 2016
• MS16-137 Security update for Windows authentication methods: November 8, 2016
• MS16-135 Security update for Windows kernel-mode drivers: November 8, 2016
• MS16-134 Security update for common log file system driver: November 8, 2016
• MS16-132 Security update for Microsoft graphics component: November 8, 2016
• MS16-131 Security update for Microsoft Video Control: November 8, 2016
• MS16-130 Security update for Microsoft Windows: November 8, 2016

Details about the security patches may be found at Microsoft Security Bulletin Summary for November 2016.

Similar articles

Microsoft Patchday November 8, 2016
Windows 10: Updates KB3200970, KB3198586, KB3198585
Rollup Updates KB3197867, KB3197868 (Windows 7), and KB3197873, KB3197874 (Windows 8.1)

Browser add-on Web of Trust (WoT) has been harvesting an selling user’s surfing data without anonymising it. After this incident was uncovered, WoT was dropped from Firefox and Google.

Last week I’ve repored within my German blog about a #surfgate (see Datenskandal: ‘bist Du gläsern?’ Millionen Daten von deutschen Surfern offen gelegt). Journalists from German TV broadcasting revealed that Web of Trust Services (WoT) collected surfe data from Million users and selled it to data brokers.

In an ivestigative report, journalists reveled, that a data sample received from data brokers contains millions of user data obtained from surfing history. The data hasn’t been anonymised, so the journalists was able to identifiy journalists, politicans, managers and other people and gain access to their most privacy secrecies.

The data was harvested and sold by Web of Trust (WoT), a service and a rather popular browser plugin. After uncovering data harvesting, WoT was dropped by Firefox and Google. Some details may be obtained from this The Register article and this neowin.net article.