[German]Microsoft has released several updates for Windows 10 Anniversary Update (V1607), Windows 10 Spring Creators Update (V1703) and Windows 10 Fall Creators Update (V1709) as of June 21, 2018. Here is some information about these updates.

Update KB4284822 for Windows 10 Version 1709

Cumulative Update KB4284822 (June 21, 2018) for Windows 10 Version 1709 changes OS build to version 16299.522. This update improves quality and addresses this topics.

• Addresses an application performance degradation issue in operating system functions. This degradation locks and frees large blocks of memory (such as VirtualLock and Heapfree) after installing KB4056892 and superseding fixes.
• Addresses performance regression in App-V that slows many actions in Windows 10.
• Adds a new MDM Policy, “DisallowCloudNotification”, for enterprises to turn off Windows Notification traffic.
• Changes the music metadata service provider used by Windows Media Player.
• Addresses an issue with the placement of text symbols in right-to-left languages.
• Addresses an issue with editing web password fields using a touch keyboard.
• Adds a Group Policy that provides the ability to hide recently added apps from the Start menu.
• Updates the Segoe UI Emoji font to use a water gun to represent a pistol emoji.
• Addresses a reliability issue with resuming from hibernation.
• Addresses an issue where SmartHeap doesn’t work with UCRT.
• Addresses an issue to ensure that Windows Defender Application Guard endpoints comply with regional policies.
• Increases the user account minimum password length in Group Policy from 14 to 20 characters.
• Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
• Addresses an issue where an Azure Active Directory account domain change prevents customers from logging on.
• Addresses an issue that displays unnecessary “Credential Required” and “Do you want to allow the app to access your private key?” messages. This issue occurs when running a Universal Windows Platform (UWP) application.
• Addresses an issue that causes the LSASS service to become unresponsive, and the system needs to be restarted to recover.
• Addresses an issue where client applications running in a container image don’t conform to the dynamic port range.
• Adds a new registry key that prevents access to the Internet using WWAN if a non-routable ethernet is connected. To use this new registry key, add IgnoreNonRoutableEthernet” (Dword) on HKEY_LOCAL_MACHINE\Software\Microsoft\Wcmsvc using regedit, and set it to 1.
• Adds a new registry key that allows customers to control access to the Internet using WWAN without using the default connection manager. To use this new registry key, fMinimizeConnections” (Dword) on HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\WcmSvc\Local using regedit, and set it to 0.
• Addresses an issue that prevented ISO/DVD mounts and eject from working using VM settings and Powershell because of menu transition issues in VMConnect.
• Addresses an issue where restarting the Hyper-V host with Hyper-V Replica (HVR) enabled could cause replication to stop. It may also require a manual restart to resume the replication from a suspended state. The replication state should be normal after the Hyper-V host/VMMS is restarted.
• Addresses an issue that might cause the Mitigation Options Group Policy client-side extension to fail during GPO processing. The possible errors are “Windows failed to apply the MitigationOptions settings. MitigationOptions settings might have its own log file” or “ProcessGPOList: Extension MitigationOptions returned 0xea.” This issue occurs when Mitigation Options have been defined using Group Policy, the Windows Defender Security Center, or the PowerShell Set-ProcessMitigation cmdlet.
• Addresses an issue that causes a connection failure when a Remote Desktop connection doesn’t read the bypass list for a proxy that has multiple entries.
• Addresses an issue where Windows Defender Security Center and the Firewall Pillar app stop working when opened. This is caused by a race condition that occurs if third-party antivirus software has been installed.

In the list above you can find some interesting fixes for several bugs in Windows 10 V1709. The update is provided via Windows Update (the update search must be initiated), WSUS or via the Microsoft Update Catalog. This update has some Known Issues, which are described in this KB article.

Update KB4135058 for Windows 10 Version 1709

Addendum: Microsoft has also released a dynamic update KB4135058 for Windows 10 Version 1709. This is a ‘Compatibility update for upgrading to Windows 10 Version 1709: June 21, 2018’ and shall improve the upgrade experience to Windows 10 V1709.

Update KB4284830 for Windows 10 Version 1703

Update KB4284830  (June 21, 2018) for Windows 10 Version 1703 changes OS build to version 15063.1182. This update improves quality and addresses this topics.

• Addresses performance regression in App-V that slows many actions in Windows 10.
• Addresses an issue with the soft keyboard’s input modes in WPF applications.
• Addresses an issue where SmartHeap doesn’t work with UCRT.
• Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
• Addresses an issue that displays unnecessary “Credential Required” and “Do you want to allow the app to access your private key?” messages. This issue occurs when running a Universal Windows Platform (UWP) application.
• Addresses an issue that causes the LSASS service to become unresponsive, and the system must be restarted to recover.
• Addresses an issue where client applications running in a container image don’t conform to the dynamic port range.
• Addresses an issue in MSXML 3.0 that causes the body of the request to be empty when the IXMLHTTPRequest send() method is called. This issue occurs when URL redirection causes the send() method to be invoked a second time with a different URL.
• Adds a new MDM Policy “DisallowCloudNotification” for enterprises to turn off Windows Notification traffic.

The update is provided via Windows Update (the update search must be initiated), WSUS or via the Microsoft Update Catalog. Microsoft is not aware of any issues related to this update

Microsoft has also released an update for the Windows Update Client to increase its reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business policy for delaying updates. This does not apply to LTSC installations.

Update KB4284833 for Windows 10 Version 1607

Cumulative update KB4284833 (June 21, 2018) is available for Windows 10 Version Version 1607 and Windows Server 2016. However, since Windows 10 Home and Pro have been out of support since April 10, 2018, only Windows 10 Enterprise and Windows 10 Education and the LTSC variants receive this update. The update raises the OS build to version 14393.2339 and addresses the following issues.

• Addresses a performance regression in App-V that slows many actions in Windows 10.
• Addresses an issue with the placement of text symbols in right-to-left languages.
• Addresses a system crash (Stop 3B) in win32kfull.sys when cancelling journal hook operations or disconnecting a remote session.
• Addresses an unexpected logon termination issue with a third-party Remote Desktop Service (RDS) application.
• Addresses an issue where customers had to press Ctrl+Alt+Delete twice to exit assigned access mode when autologon was enabled.
• Addresses an issue that causes the full-screen Start menu to stop working when logging in.
• Addresses an issue that causes the system to log negative events for valid binaries that should be trusted. This issue occurs when running the Windows Defender Application Control (Device Guard) in audit mode.
• Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
• Addresses an issue that displays unnecessary “Credential Required” and “Do you want to allow the app to access your private key?” messages. This issue occurs when running a Universal Windows Platform (UWP) application.
• Addresses an issue that causes the LSASS service to become unresponsive, and the system needs to be restarted to recover.
• Addresses an issue where client applications running in a container image don’t conform to the dynamic port range.
• Addresses a memory leak in RtlDosPathNameToRelativeNtPathName. The leak occurs when you turn on LongPathsEnabled in the registry and you call CreateFile or any other name-based Win32 API using a path that is longer than 260 characters.
• Addresses an issue where chkdsk doesn’t update the file size and the valid data length when it needs to shrink the Master File Table (MFT) attribute list. This prevents the mounting of the next volume because NTFS considers the volume damaged, and rerunning chkdsk won’t fix this.
• Addresses an issue that causes poor CPU performance when Virtual Switch Ports leaked during a machine’s live migration from one host to another.
• Addresses an issue where certain VMs with dynamic and startup RAM set at 32 GB restart with a blue screen. The error that appears is “PFN_List_Corrupt 0x4e”.
• Addresses a Windows 2016 Hyper-V environment issue in which creating a VM on a Server Message Block (SMB) 3.0 share may cause automatic registration to Hyper-V Manager to fail. This issue occurs when performing a backup for restoration to an alternate location. The error is “The Hyper-V Virtual Machine Management service encountered an unexpected error: The file or directory is corrupted and unreadable. (0x80070570).”
• Addresses a Windows Server 2016 Hyper-V host and guest migration issue in which a 2016 SQL file stream restoration fails with an “Event ID 11” error. The issue also causes the SQL process to stop working.
• Addresses an issue in which restarting the Hyper-V host with Hyper-V Replica (HVR) enabled could cause replication to stop. It may also require a manual restart to “resume the replication” from a suspended state. The replication state should be normal after the Hyper-V host/VMMS is restarted.
• Addresses an issue that sometimes prevents users from starting Microsoft Outlook after logging on to a Remote Desktop session.
• Addresses an issue in dfsutil.exe that occurs when exporting a DFS namespace as an XML file. The issue occurs when the namespace contains a link with a target that points to a shared folder that has an “&” character in its name. As a result, the generated XML does not correctly escape the “&” character, and dfsutil.exe cannot export the namespace.
• Addresses an issue that causes a connection failure when a Remote Desktop connection doesn’t read the bypass list for a proxy that has multiple entries.
• Addresses an issue that prevents VMs in an RD Pooled Desktop Collection from being recreated if the VMs are Gen2.
• Addresses an issue in a Remote Desktop VDI deployment that prevents a mounted UPD from disconnecting, which results in the creation of temp files.
• Addresses an issue in which the user interface for Windows Server 2016 Server Manager > File and Storage services displays the NVDIMM-N (memory) bus type as UNKNOWN.
• Addresses an issue in which the system event log receives many error events for IPRIP 29031 when the system receives the ERROR_OBJECT_ALREADY_EXISTS error.
• Addresses an issue that occurs when running Test-SRTopology between two clusters and their CSV paths. You may receive the error “Could not find file.”

The update is provided via Windows Update (the update search must be initiated), WSUS or via the Microsoft Update Catalog. Microsoft is not aware of any issues related to this update.

Microsoft has also released an update for the Windows Update Client to increase its reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business policy for delaying updates. This does not apply to LTSC installations.

Similar articles:
Adobe Flash Player version 30.0.0.113 available
Flash-Update KB4287903 for Windows released
Flash-Update KB4287903: Install issues with WSUS
Microsoft Office Patchday (June 5, 2018)
Windows 10 V1803: Update KB4338548 released
Microsoft Security Update Summary for June 12, 2018
Windows 10 V1511-1607: Privacy notification update KB4134662, KB4134663 and KB4134659Microsoft Office Patchday (5. Juni 2018)
Patchday: June 2018 Updates for Windows 7/8.1/Server
Patchday: Windows 10 updates June 12, 2018
Patchday Microsoft Office Updates (June 12, 2018)
Microsoft patchday: More updates (June 12, 2018)
Windows 7/8.1 Preview Rollup Updates (June 2018)

[German]Strange issue I recently recognized on Facebook. One MVP colleague complained that birthdays listed in Outlook app on his iPhone were displayed one day too early.

The MVP collegue wrote My Outlook App (2.81.0) for my iPhone shows birthdays one day too early. I checked time zone in my iPhone, the iCloud settings for calendar – all settings are ok. Outlook 2016 shows birthdays with the right dates, only the iPhone lists the birthdays one day too early.

Error known since 2011?

When I searched the web for the terms “Exchange Sync birthdays off by one day” I got exactly one hit in the Lenovo forum. In 2011, users there discussed the issue for Exchange. The solution was to open, change and save contact entries in Outlook.

A variation of the search resulted in a whole bundle of search hits. This old MS Answers forum thread from 2011 states that it is a known bug, based on an old date field in the Hotmail database. The solution is an update of the contact in question. The same can be found in this 2016 Apple Support Forum entry, which contains several fixes, from resetting the iOS device to adjusting the time zone settings. But here, too, changing the contact information and saving helped.

At Outlook User Voice you will learn even more. Since 2015, the contribution has received over 260 up votes. The issue probably only affects users using Exchange ActiveSync outside the US time zone settings.

Feedback of the person concerned

I had sent the above information to those affected on Facebook in advance. MVP colleague came back with the following feedback after I suggested to change the birthday entry:

I have now created new contacts with birthday in Outlook 2016. These were synchronized with https: // outlook. live. com/people/ – the birthday was displayed there one day earlier!! In the iPhone Outlook App the display under Contacts was like in Outlook 2016 and was displayed correctly in the calendar. Then I changed the date in the website to the right day. In the iPhone Outlook App and in Outlook 2016 it had no effect, so everything was ok.

For an existing birthday entry I was able to change the date in the website and it was inserted correctly into the calendar in the iPhone app. BUT the entry which is displayed incorrectly in the iPhone calendar app will remain! So I had 2 entries of which I could delete the wrong one.

So far, deleting the wrong entry has no effect on the contacts in the iPhone app, on the website, or in Outlook 2016, I hope it stays that way.

This allows me to conclude that all birthdays in the website have to be revised and then the wrong entry has to be deleted manually in the iPhone app. Not really user friendly, but this only seems to work that way.

It’s always strange to see how old bugs drag on over the years and annoy people.

[German]Today still a short contribution, to which a Blog reader drew my attention. The Adobe Acrobat Prof XI probably has side effects with Internet Explorer 11, where the favorites can no longer be edited under Windows 10.

A reader asked me

Recently I received a request from German blog reader Dekre, who had issues with Internet Explorer 11.

I know you don’t give e-mail support. A problem that has been bothering me for quite some time and I haven’t found anything on the Internet.

In IE 11 with Win 10, saving and managing favorites no longer works. I have completely reset the add-ons. Then I used the AdwCleaner for such cases. It’s no use. Do you have another idea?

That was the place where I scratched my head – because I ran out of ideas. Malware would have been removed by the AdwCleaner. Add-ons were supposedly disabled. Such a thing could easily be done with the :

“C:\Program Files\Internet Explorer\iexplore.exe” –extoff

The switch –extoff forces IE 11 launch without browsers add-ins. But the user wrote, that he had already deactivated add-ins.

Other suspects: Virus scanners & Co.

I could think of a foreign virus scanner or a security solution (as I read in several forum posts, mostly references to Kaspersky). My advice:  Remove third party antivirus software and execute a vendor’s clean tool.

The other assumption: A broken user profile with no longer appropriate access rights prevents changes to favorites from being saved. The easiest way to check this is to create a new local user account. And the user can try to reset IE 11. Microsoft has published this article for the case, that favorites can’t be stored.

And the culprit is: Adobe Acrobat Prof XI

After one day blog-reader Dekre has thankfully reported again. He had found the root cause:

I found the problem bear: I recently installed Adobe Acrobat Prof XI. This also installs the add-on in IE11. This add-on from Adobe is the reason that you cannot change, delete, manage or add the favorites in Win10 in IE11. 

The add-ons of Adobe Acrobat always cause problems, also with Outlook 2013 and Outlook 2010. IE11 and Adobe Acrobat are interesting because they work with Win7 and not with Win10.

Adobe Acrobat DC Prof I do not have, too expensive. Foxit is cheaper and better.

Small root cause, big effect. Maybe it helps another affected person and saves the time for troubleshooting. Thanks to Blog Reader Decree for the information.

[German]Microsoft has already admitted an issue with WSUS 5.0 (Windows Server 2016) in March 2018. Some or all Updates can’t be imported from the Microsoft Update Catalog in WSUS.

Administrators in WSUS environments may be aware of the issue. Importing updates in WSUS 5.0 from Microsoft Update Catalog fails. I’ve addressed this issue on June 8th 2018 within my German blog post Lösung: Updates in WSUS importieren. But Crysta T. Lacey (@PhantomofMobile) informed me last week via this Tweet about the topic.

WSUS Catalog import failures

Steve Henry [MSFT]

March 2, 2018

ICYMI: @SBSDiva @AdminKirsty @woodyleonhard @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @MPECSInc @etguenni @SwiftOnSecurity @pcper @SGgrc @MalwareJake @GossiTheDog @ryanshrout @JobCackahttps://t.co/C3DtuEIEZ6

— Crysta T. Lacey (@PhantomofMobile) 22. Juni 2018

Steve Henry from Microsoft points out at the March 2, 2018 that an update import problem is known at WSUS. The Technet blog post is entitled WSUS Catalog import failures. Microsoft writes:

We are currently working on a known issue with importing updates on WSUS 5.0 (Windows Server 2016) from the Microsoft Update Catalog, which fails with the following error: “This update cannot be imported into Windows Server Update Service because it is not compatible with your version of WSUS,” as shown in the image below.

(Source: Microsoft, Click to zoom)

Microsoft states in its blog article that the developers are aware of the issue and are currently working on a solution. In the meantime, the following workarounds are proposed to unlock the deployment:

• After clicking on the “Import Updates…” option in the WSUS console, an Internet Explorer window will open on the following URL: http://catalog.update.microsoft.com/… &Protocol=1.20
• Before proceeding with importing the updates, change the “1.20” protocol value in the URL to the previous protocol value “1.8”. The URL should look like this when you’re done: http://catalog.update.microsoft.com/… &Protocol=1.8

Microsoft’s team wrote: Going forward, please visit the Tech Community Windows 10 Servicing Page for future WSUS-related posts

Another workaround

When I went through the information given above, I thought: Wait a minute, there was something, you once addressed it in one of your blogs. On June 8, 2018 I published the article Lösung: Updates in WSUS importieren, but only within my German blog – I just became aware, I missed it to post also an English article. There I did not only mention the issue in Windows Server Update Services (WSUS) when importing, but also published workarounds. Beside the workaround outlined above, there is another case, where this approach didn’t work.

No IE present, another workaround

German user RedBullmachtfit has mentioned within this thread another hint, to overcome the situation, when no Internet Explorer is available on a machine. Here is his post, which I’ve translated:

Just discovered another way to import updates into WSUS on a core server.

….

Download the update and save it on the server, copy the UpdateID of the URL of the update catalog; Import with Powershell.

The user refers to the article Import the convenience update into WSUS. There, a WSUS administrator was faced with the problem of importing the Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP from the Microsoft Update Catalog. But there was no Internet Explorer installed on the machine, and the download before importing wasn’t possible. So he downloaded the update package to one of his clients, and then copied it to the WSUS server.

There he had the problem that he could not import this update into WSUS. However, MSDN described an IUpdateServer.ImportUpdateFromCatalogSite method that can also be used from the PowerShell with the following import instructions.

$MSUfile = 'C:\Temp\windows10.0-kb4090007-v2-x64_c…896.msu' 
(Get-WsusServer).ImportUpdateFromCatalogSite('efce6cbe-7b1a-479e-a5b3-15135938cebb',$MSUfile)

You can read the details in the linked articles. Maybe it’ll help. From the tweet mentioned above I can see, however, that the problem has still not been solved by Microsoft. So we have the crazy situation, that Microsoft are servicing us every six months, or twice a year, a WaaS (Windows as a service) feature update – but they are not able to fix an issue, occurring since 5 months at least. Or is that bug fixes? Any comments?

Similar articles:
November 2017: Patchday issues (WSUS, IE …)
Windows 10 V1703: Update error 0x8024000d (on WSUS)
Windows 10: Issues with WSUS and Store (V1803)

Microsoft has made some minor revisions to update descriptions as of June 22, 2018. I stumbled uppon the corresponding information on seclists.org. Here are the unedited details.

********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: June 22, 2018
********************************************************************

Summary
=======

The following CVE has been revised in the June 2018 Security 
Updates.

* CVE-2018-0978
* CVE-2018-8113
* CVE-2018-8249
* CVE-2018-8267

Revision Information:
=====================

CVE-2018-0978

 - Title: CVE-2018-0978 | Internet Explorer Memory Corruption
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reasons for Revision: This CVE has been revised to announce
   a detection change to correct an offering issue for the Internet
   Explorer Cumulative update. This is a detection change only.
   There were no changes to the update files. Customers who have
   already successfully installed the update do not need to take
   any action.
 - Originally posted: June 12, 2018
 - Updated: June 22, 2018
 - CVE Severity Rating: Important
 - Version: 1.1

CVE-2018-8113

 - Title: CVE-2018-8113 | Internet Explorer Security Feature Bypass
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reasons for Revision: This CVE has been revised to announce
   a detection change to correct an offering issue for the Internet
   Explorer Cumulative update. This is a detection change only.
   There were no changes to the update files. Customers who have
   already successfully installed the update do not need to take
   any action.
 - Originally posted: June 12, 2018
 - Updated: June 22, 2018
 - CVE Severity Rating: Important
 - Version: 1.1

CVE-2018-8249

 - Title: CVE-2018-8249 | Internet Explorer Memory Corruption
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reasons for Revision: This CVE has been revised to announce
   a detection change to correct an offering issue for the Internet
   Explorer Cumulative update. This is a detection change only.
   There were no changes to the update files. Customers who have
   already successfully installed the update do not need to take
   any action.
 - Originally posted: June 12, 2018
 - Updated: June 22, 2018
 - CVE Severity Rating: Critical
 - Version: 1.1

CVE-2018-8267

 - Title: CVE-2018-8267 | Scripting Engine Memory Corruption
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reasons for Revision: This CVE has been revised to announce
   a detection change to correct an offering issue for the Internet
   Explorer Cumulative update. This is a detection change only.
   There were no changes to the update files. Customers who have
   already successfully installed the update do not need to take
   any action.
 - Originally posted: June 12, 2018
 - Updated: June 22, 2018
 - CVE Severity Rating: Critical
 - Version: 1.1

Small hint for administrators who (must) responsible for distributing Windows updates in business environments. There is a survey (not from Microsoft, but from MVP colleague Susan Bradley), which deals with the satisfaction with Windows Update in this area..

Susan Bradley  is an administrator in the business environment, is active at Microsoft Answers, has been awarded the MVP title by Microsoft and acts as patch lady at Askwoody. In addition, it operates a mailing list in the area of updates. Susan Bradley once wrote a petition a long time ago on the subject of auto-updating under Windows 10. So Susan Bradley knows what this is about.

The survey titled ‘Windows satisfaction – a survey for business patchers and consultants’ queries several items in the area of busines patches. Maybe an opportunity for you administrators to give feedback.

[German]Microsoft intends to tighten the ‘thumbscrews’ at Office and force enterprises customers to subscribe to Office 365. On the other hand, a large number of companies using Office 365 complain about performance issues.

Microsoft pushes traditional office users to Office 365

Microsoft offers its Office 365 as a subscription model with monthly payments. But there are still single user licenses that can be purchased as Office 2016. Such Office packages have the advantage that you only have to buy the license once and can then use Office for life.

Gartner analysts Michael Silver and Stephen Kleynhans now point out that the days of Office 2016 are more or less are limited. Microsoft is increasing the pressure on companies to switch to Office 365.

By the end of 2020, Microsoft will announce, according to Gartner, that only Office 365 ProPlus will have access to the Office 365 online services. Traditional Office packages, on the other hand, are not supported. Companies are therefore forced to switch to Office 365 as a rental model.  Greg Keizers summarized this in this article on ComputerWorld.

Office 365: Users are claiming performance issues

The above information with the compulsion to switch to Office 365 may be noticed – who cares. But I came across an interesting German article by Michael Kroker earlier this month. Here is the essence of this article.

• Zscaler, a California-based cloud security provider, has conducted a survey of Office 365 users through the polling institute TechValidate. It was about the challenges companies face when deploying Office 365, and the result is not so flattering for the Microsoft cloud solution.
• Many users experience negative network performance after the introduction of Office 365. This means that the productivity advantages hoped-for cannot be exploited.

About 69% of participants within the survey see the increased latency times as a problem with Office 365. This is because Office permanently keeps 12 to 20 network connections open per user. This network traffic runs in many companies via a central security gateway (which makes sense). As a result, latencies occur and companies struggle with bandwidth issues. This is so noticeable to users that the relevant office functions become slow. The result is available as a study in PDF format here.

What are your experiences in business environments? Is Office 2016 the preferred solution, or is there a shift towards Office 365? Can the bandwidth issues within the network be confirmed? Is the fact that Microsoft Office forces telemetry data a problem? And how is it seen that Microsoft Office will also update twice a year (similar to Windows 10)?

[English]Microsoft released the cumulative update KB4284848 for Windows 10 April Update (V1803) on June 26, 2018. Here are some hints what the update changes. And there has been a Servicing Stack Update KB4338853 released for Windows 10 V1803.

Cumulative Update KB4284848

Cumulative Update KB4284848 is available for Windows 10 V1803 and raises the OS build to 17134.137. The update does not introduce any new operating system functions, but only makes quality improvements. Here is the list of changes or addressed bugs.

• Addresses an issue that causes the Video Settings HDR streaming calibration slider to stop working. This is caused by a conflict with the panel brightness intensity settings configured by certain OEMs.
• Addresses streaming compatibility issues with certain live TV streaming content providers.
• Addresses an issue where media content previously generated by Media Center doesn’t play after installing the Windows 10 April 2018 update.
• Addresses an issue in which SmartHeap didn’t work with UCRT.
• Addresses performance regression in App-V, which slows many actions in Windows 10.
• Addresses an issue that causes Appmonitor to stop working at logoff if the Settingstoragepath is set incorrectly.
• Addresses an issue that causes Appmonitor to stop working at logoff, and user settings are not saved.
• Addresses an issue where client applications running in a container image don’t conform to the dynamic port range.
• Addresses an issue where the DNS server might stop working when using DNS Query Resolution Policies with a “Not Equal” (NE) condition.
• Addresses an issue with T1 and T2 custom values after configuring DHCP failover.
• Addresses an issue that causes the latest versions of Google Chrome (67.0.3396.79+) to stop working on some devices.
• Addresses issues with the Remote Desktop client in which pop-up windows and drop-down menus don’t appear and right-clicking doesn’t work properly. These issues occur when using remote applications.
• Addresses an issue that causes a connection failure when a Remote Desktop connection doesn’t read the bypass list for a proxy that has multiple entries.
• Addresses an issue that may cause Microsoft Edge to stop working when it initializes the download of a font from a malformed (not RFC compliant) URL.
• Addresses an issue where some users may receive an error when accessing files or running programs from a shared folder using the SMBv1 protocol. The error is “An invalid argument was supplied”.
• Addresses an issue that causes Task Scheduler tasks configured with an S4U logon to fail with the error “ERROR_NO_SUCH_LOGON_SESSION/STATUS_NO_TRUST_SAM_ACCOUNT”.

If previous updates are installed, only the new fixes in this package are downloaded and installed on the device. Microsoft indicates that there are no known issues with this update.

The update is delivered via Windows Update as soon as the update search is started. Alternatively, the update can be downloaded and installed via the Microsoft Update Catalog.

When installing both the servicing stack update (SSU) KB4338853 and the latest cumulative update (LCU) from the Microsoft Update Catalog, install the SSU before installing the LCU.

Servicing Stack Update KB4338853

Microsoft has also released Servicing Stack Update KB4338853. This update brings stability improvements to Windows 10 V1803 Servicing Stack.

Similar articles:
Patchday: June 2018 Updates for Windows 7/8.1/Server
Patchday: Windows 10 updates June 12, 2018
Patchday Microsoft Office Updates (June 12, 2018)
Microsoft patchday: More updates (June 12, 2018)
Windows 7/8.1 Preview Rollup Updates (June 2018)
Windows 10 V1607-V1709: Updates from June 21, 2018

Mozilla’s developers have released Firefox version 61 for Windows, Linux and macOS. Besides some improvements and support for TLS 1.3 there is also a dark theme in the browser.

According to the changelog, the new version brings the following changes to Firefox version 61:

• Enhanced performance:

  • Faster page rendering with Quantum CSS improvements and the new retained display list feature
  • Faster switching between tabs on Windows and Linux
  • WebExtensions now run in their own process on MacOS

• Convenient access to more search engines: You can now add search engines to the address bar “Search with” tool from the page action menu when on a webpage that provides an OpenSearch plugin

• Share links from Firefox for MacOS more easily: You can now share the URL of an active tab from the page actions menu in the address bar

• Improved security:

  • On-by-default support for the latest draft of the TLS 1.3 specification
  • Access to FTP subresources inside http(s) pages has been blocked

• A more consistent user experience: Improvements for dark theme support across the entire Firefox user interface

• More customization for tab management: added support to allow WebExtensions to hide tabs

• Improved bookmark syncing

Changes

• The settings for customizing your homepage and new tab page in Firefox have been added to a new Preferences section that can be accessed from Firefox at about:preferences#home. The settings can also be accessed via the gear icon on the New Tab page.

An article about the new functions can be found at Bleeping Computer.

[German]Microsoft has kept its word and delivered the fix for the broken SMBv1 protocol in Windows 10 April Update (V1803) with update KB4284848 in June 2018.

What’s the SMBv1 issue?

Microsoft had already announced since summer 2017 that support for the SMBv1 protocol in Windows 10 will expire. The abbreviation SMB stands for Server Message Block (former names are LAN Manager or NetBIOS protocol), a network protocol for file, print and other server services in computer networks. Version 1 (SMBv1) of the network protocol designed over 30 years ago, and especially the Microsoft implementation, is considered very error-prone and security-critical (see Microsoft plans to deactivate SMBv1 in  Windows 10 V1709 and StopUsingSMB1)..

In the meantime there are SMBv2 and SMBv3, so that the use of SMBv1 in Windows networks is no longer absolutely necessary. For example, Windows Vista is no longer dependent on SMBv1 because SMBv2 is used there.

In May 2018 Microsoft released the updates KB4103721 (05/08/2018) and KB4100403(05/23/2018) for Windows 10 V1803. However, after upgrading to Windows 10 V1803 or installing these updates, users of Windows 10 April Update seem to experience issues when using the SMBv1 protocol. I noticed postings in the Microsoft-Answers forums, where my hint to try to activate SMBv1 once did not brought success. I couldn’t figure it out at first, until Microsoft has added the following paragraph in the ‘Known issues’ section of the two KB articles mentioned above.

Some users running Windows 10 version 1803 may receive an error “An invalid argument was supplied” when accessing files or running programs from a shared folder using the SMBv1 protocol.

I’ve addressed this issue within my blog post Microsoft plans a Windows 10 V1803 SMBv1 fix on June 2018.

Update KB4284848 brings the SMBv1 Fix

On June 26, 2018 Microsoft released the cumulative update KB4284848 for Windows 10 V1803 (see Windows 10 V1803: Update KB4284848 (June 26, 2018)). And within the list of fixes you will find the following note: 

Addresses an issue where some users may receive an error when accessing files or running programs from a shared folder using the SMBv1 protocol. The error is “An invalid argument was supplied”.

Exactly the error described above is promised to be fixed. The question remains: Was someone affected by this bug and can it be determined that the problem has been fixed?

[German]Microsoft has released an ominous update KB4315567 for Windows 10 V1803 Enterprise on June 26, 2018. But what is behind this ominous update?

I don’t really understand Microsoft’s update description. The update KB4315567 is called a Compatibility update for upgrading to Windows 10 Version 1803: June 26, 2018 and is only available for Windows 10 Enterprise Version 1803. It’s not available within the Microsoft Update Catalog. The description in the KB article is extremely brief:

This update makes improvements to ease the upgrade experience to Windows 10 Version 1803.

You can deduce everything and nothing from it. An update is offered for Windows 10 version 1803 Enterprise to facilitate the upgrade to Windows 10 version 1803? Quite meaningless the explanation from Microsoft, but not quite unusual. 

At askwoody.com you can find a discussion of which I distill a quintessence: Basically, it doesn’t matter if you let a cat run over your computer’s keyboard and read the excerpt – or if you try to understand one of the KB articles with an update description from Microsoft. The result is the same: incomprehensible and meaningless gibberish. Or can one of you elicit something useful from the KB article by Microsoft?

After the Mozilla developers released an update to Firefox browser 61 on June 26, 2018, the Tor project has followed and updated the Tor bundle to Version 7.5.6.

The Tor browser 7.5.6  is available since June 26, 2018 for all platforms. Here are the changes:

• Update Firefox to 52.9.0esr
• Update Tor to 0.3.3.7
• Update Tor Launcher to 0.2.14.5
• Bug 20890: Increase control port connection timeout
• Update HTTPS Everywhere to 2018.6.21
• Bug 26451: Prevent HTTPS Everywhere from freezing the browser
• Update NoScript to 5.1.8.6
• Bug 21537: Mark .onion cookies as secure
• Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
• Bug 25721: Backport patches from Mozilla’s bug 1448771
• Bug 25147+25458: Sanitize HTML fragments for chrome documents
• Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp
• Windows
  * Bug 26424: Disable UNC paths to prevent possible proxy bypasses

[German]Microsoft has introduced a new file format (.SettingContent-ms) for Windows 10 in 2015. However, this file format proves to be a weak point, as any commands and applications can be defined for execution via the underlying XML structures.

Introduced in 2015 with Windows 10, the.settingContent-ms file format provides shortcuts to the settings managed in the Settings app. This is supposed to replace the Windows Control Panel. 

.SettingContent-ms files can be abused

Normally, all efforts are made to prevent the exploitation of vulnerabilities via various file formats. Therefore, the execution of macros in Office documents or the use of scripts etc. is blocked. Security researcher Matt Nelson at SpecterOps now writes that the SettingContent-ms file format weakens Windows 10 security because it allows commands to be included and executed.

(Source: SpecterOps)

The screenshot above shows an excerpt from the XML structure in which the DeepLink XML node contains a command to call the calculator. The command will be hidden behind a link in the settings. If the user selects such a supposed link, the command is executed. 

An attacker who manipulates the XML file in question has the option of placing virtually any executable commands in DeepLink nodes there. This would allow to insert PowerShell commands. Matt Nelson has published an example of a modified file on GitHub.

 (Source: YouTube)

The video above shows how to call such a file to access the command prompt or the computer. If I understood it correctly, SettingContent-ms files can be integrated into Office documents. This of course enables various attack scenarios via OLE from Office documents. Matt Nelson sent his findings to the Microsoft Security Response Center in February 2018. They have confirmed the findings, but nothing can be fixed. And now it gets interesting: Commands that are called by the user through a modified SettingContent-ms file do not block either the Windows Defender or the security feature ASR (Attack Surface Reduction).

Microsoft has released Windows 10 Insider Preview Build 17704 for PCs in Fast Ring. The announcement has been made within the Windows Blog. There are a number of new features for the Microsoft Edge browser, the Diagnostic Data Viewer and, and, and. However, Microsoft has also hidden a bitter pill: The long time hyped sets have been thrown out – Thank you for your continued support of testing Set. The list of bugs is also quite long. If you are interested in this stuff, you can find out about the bugs and known quirks of this build here.

[German]Users of Windows seem to have been startled in the last few weeks by false alarms from Windows Defender. Defender suddenly believed to have detected the Trojan Win32/Bluteal.B!rfn in regular files.

First reports end of May 2018

In recent days, several users have reported false alarms on the forums of Bleeping Computer and other websites such as Tom’s Hardware. For Tom’s hardware, a user writes on June 1, 2018:

So yesterday Windows Defender notified me saying it found Bluteal.B!rfn trojan which I got it to quarantine and then remove. I couldn’t find a lot of info after googling the trojan so decided to hopefully get some advice here.
I received the notification about the trojan when I was loading up Unity and Visual Studio, it said that the affected file was:

C:\Windows\assembly\NativeImages_v4.0.30319_32
\Microsoft.Vde5ed89a#\457b4a4c20bed2246e03f1f9e5eaa1a5
\Microsoft.VisualStudio.Utilities.Internal.ni.dll

Could Windows Defender be getting confused and it’s just a false positive? I thought I had read somewhere that Windows Defender is okay for protection these days but maybe I should go back to Avast or Avira?
I’ve run a scan with Malware Bytes and a standard scan with Windows Defender but should I use something else to do a deeper scan if this was in fact a legit trojan? I’ve since made sure to update Windows 10 in case that has any part of this.

In the Technet forum there is this tread, which was started on June 1, 2018. A Trojan was also reported there in the Visual Studio component. The case is confirmed in this forum thread by several users. The developer community has already had this thread since May 31, 2018, which indicates the case.

Report at Bleeping Computer

At Bleeping Computer there is a forum post from a user reporting possible false alerts of Trojan:Win32/Bluteal.B!rfn in Windows Defender. Lawrence Abrams addressed this within this article. Windows Defender flags the following file, which is a legit Windows file.

C:\Windows\assembly\NativeImages_v4.0.30319_64
\Microsoft.C26a36d2b#\daf01e12fa59ed340363c44b7deff15e\
Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll

(Source: Bleeping Computer)

Also at Microsoft Answers there is this thread where a user reported sporadic false alerts from Windows Defender.

been getting this trojan message through windows 10 defender periodically today which gets quarantined by defender. malewarebytes, microsoft safety scanner and adwcleaner do not find anything, is Trojan:Win32/Bluteal.B!rfn a false positive by windows 10 defender

At reddit.com there is this thread just started a few day ago, dealing also with the false alarm that file Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll is a trojan. Microsoft created a page about Trojan:Win32/Bluteal.B!rfn on May 18, 2018 (seems the date, where the definition is added to Defender).

I’m assuming it’s a false alarm. There is no official statement from Microsoft. However, Microsoft has confirmed a false alarm to Bleeping Computer. It is recommended to check for new Defender updates. Then the problem should be solved. Were any of you concerned?

[German]Windows 10 April Update (V1803) seems to have several issues in the area of the network and RDP connections. It seams that no NIC adapter bindings for the network can be uninstalled via GUI. Also RDP and the file mstscax.dll cause problems. Microsoft has described these two problems in KB articles and also provides workarounds.

Error 0x80071779 removing Microsoft network client

This cause is a bit exotic and will probably not be encountered by many users. Error code 0x80071779 stands for ERROR_FILE_READ_ONLY and occurs when you try to uninstall the client for Microsoft networks in the properties of a network adapter. 

I’ve used German screenshots below, because I’m to lazy to install another language set and switch my German Windows 10 to English. But I assume, the explanations given here are sufficient to understand the issue.

In which scenario you will see the error??

To get this error, an administrator need to try to uninstall the client for Microsoft networks using the properties of a network connection (or another adpter binding). You can try the following steps:

1. Go to the control panel, invoke Network- and Sharing Center and go to  Adapter settings.

2. Right click a network connection (see screenshot above) and select the context menu command Properties

3. Within the network’s properties window select Client for Microsoft Netzworks and click the Uninstall button.

This is a sequence of steps that probably few Windows 10 users need, because then the client for the Microsoft networks will be removed. Network access will then no longer work. On Windows 10 V1803, however, these steps are not performed and ends with an error message “The Feature Client for Microsoft Networks could not be removed” and error 0x80071779 will be displayed.

At this point, I like to mention that removing other entries in the properties of a network connection returns the same error. MS Answers has this entry where the link layer responder should be uninstalled and the process triggers the same error. This Technet forum post addresses the error when trying to uninstall the QoS Packet Scheduler. There is a hint from another poster, that this is ‘by design’.

Blocking uninstallation of inbox drivers is by design, however.  We do not support using this UI to remove built-in drivers.  We don’t test in that configuration, and we know that uninstalling drivers breaks things.

As you’ve probably already noticed, uninstalling a driver from this UI was never permanent.  E.g., if you uninstalled a driver from Windows 7, then upgraded to Windows 8, it would get reinstalled.  Maybe more disconcertingly, a monthly security update that affected that particular driver could reinstall it.  The reason is that the OS’s servicing stack isn’t really aware of this UI, and doesn’t realize when this UI is removing drivers.  The OS’s servicing stack will reinstall the driver any time the driver is serviced.

Microsoft has now documented the above error in a kb article Error 0x80071779 when removing network components in Windows 10, version 1803. It is confirmed that this is by intention. Neither the Control Panel (GUI) nor netcfg supports uninstalling protocols or the build-in driver.

A workaround via PowerShell

owever, you can use the PowerShell cmdlet Disable-NetAdapterBinding to remove the protocol. The German colleagues at deskmodder.de have indicated the following steps:

1. Press Windows+X and launch PowerShell command prompt window.

2. Enter Get-NetAdapterBinding and press Enter.

The command lists all adapter bindings. ms_msclient addresses the Microsoft client, while ms_pacer addresses the QoS packet planner. Then the following command can be used to delete a network protocol:

Disable-NetAdapterBinding -Name „Ethernet0“ -ComponentID ms_msclient

Use your network name instead of the placeholder Ethernet0 (in my environment, the name will be WLAN). Then the adapter binding should be uninstalled.

The mstscax.dll issue

When using the Remote Desktop Protocol (RDP) for remote connections, the mstscax.dll file version does not match error message may be shown when using RDP client in Windows 10. This is, because the file version of mstscax.dll does not match the version expected by Windows 10.

If you search the internet for this error, you will find several hits that do not only refer to Windows 10. Here is a case discussing this issue in Windows 7. The error may occur after installing an update such as KB4284835 (see). Microsoft has published KB article 4340846 (mstscax.dll file version does not match error when using RDP client in Windows 10) on June 25, 2018. But the link to this article is broken – I have extracted the following text from the Google Cache version – which is now gone too.

mstscax.dll file version does not match error when using RDP client in Windows 10

Applies to: Windows 10

Symptom
After you install an update on a Windows 10-based computer, you can’t use a Remote Desktop Protocol (RDP) client. Additionally, you receive the following error message:

Remote Desktop Connection
The Remote Desktop Services ActiveX control (mstscax.dll) does not match the version of the client shell.

Cause
This issue occurs on computers where mstsc.exe and mstxcax.dll files were replaced with a previous version of these files. Replacing files from earlier versions of the operating system is not supported and can lead to unexpected behavior. As a result, when future updates such as KB4284835 are installed, file mismatch errors occur.

For example: On a Windows 10, version 1803-based computer, say you replaced mstsc.exe and mstscax.dll with files from Windows 10, version 1709. After update KB 4284835 is installed, the issue occurs because update KB 4284835 updates mstsc.exe and does not update mstscax.dll.

Resolution
Replacing binaries from a previous version is unsupported. These steps may help but should only be used on client computers that had mstsc.exe and mstscax.dll replaced with older versions.

To resolve this issue, go back to original file versions, and then install KB 4284835. To do this, follow these steps:

1. Take ownership and give full control permission for mstsc.exe and mstscax.dll.
2. Uninstall the update that caused the issue.
3. Restore the original Windows 10, version 1803 files (mstsc.exe and mstscax.dll) to the %windir%\system32 folder.
4. Restart the computer.
5. Reinstall the update.
6. Restart the computer.

Microsoft suggests to exchange the files mstsc.exe and mstxcax.dll with an earlier version from Windows 10. (via)

Similar articles:
Patchday: Windows 10 updates June 12, 2018
Windows 10 V1803: Install issues with update KB4284835
Windows 10 Version 1803: Network environment empty
Windows 10 V1803 is ‘Semi-annual’ ready – seriously?
Fix: Windows 10 hangs in update installation loop

[German]Just a brief note: It seems, that Windows Defender won’t receive automatic updates since a few days (June 18th 2018). But there are defender updates available, as a search for updates confirms. Here are a few details what I’ve found out so far.

Some error description

After I posted the blog post Windows Defender meldet fälschlich Trojaner (English version here), a German blog reader mentioned an observation. Here is his comment, which I’ve translated:

A little off topic, but I’ve noticed under Windows 7 since days that Windows Update doesn’t report Defender updates anymore, because it doesn’t find any via Windows Update. I just started an extra Windows update manually again, although it already ran automatically 3 hours ago, and again nothing.

The strange thing is that every Friday I have the Defender do a quick check and have it set up so that it checks for updates and installs them right away.

Now I started the Defender once and the last version of the definitions was 1.269.1075.0 from June 11, 2018, 16:50 o’clock (German time). After clicking on “Check for updates now” 1.271.193.0 from June 28, 2018 was installed at 21:10.

Very strange! Has anyone else observed this problem?

Shortly later I received confirmation from other users. They observed a similar behavior – Windows Defender didn’t receive updates automatically. And I found a few minutes ago this forum post at askwoody.com (which triggered my decision, to write this blog post).

In normal cases Windows Defender is disabled

I tried to check this issue on my Windows 7 machine, where also Microsoft Security Essentials is installed. Calling Windows Defender via start menu’s search box ends here with the following message box.

The German text says, that Windows Defender is deactivated (disabled). There is a link to enable Defender. But I doesn’t see a necessity for that. Depending on the installed third party anti virus software, this situation may be different und Windows Defender is enabled. I receive the feedback from my German blog readers, that Malwarebytes antivirus and some other antivirus vendors allows Windows Defender running in parallel.

Nailing it down to the root cause?

Searching the web I didn’t found other posts or an explanation at first. But gladly my German blog readers helped to nail it down. German blog reader Ralf Lindemann posted a comment with a strong hint:

I’ll follow up with a little thesis: On my computer, the Windows 7 Defender runs parallel to a “full-fledged” AV product. The Windows 7 Defender was and is activated and was regularly supplied with current definition updates via Windows Update until June 18.

What happened on 18/06? – On 18/06 I started installing the updates from June patchday (a little late) on my private Win 7 computer. Immediately before installing KB4284867 (Security Only) Windows Defender received his last definition update. Since the installation of KB4284867 no updates for Windows Defender are detected. Collateral damage? Or deliberately switched off by Microsoft, so ‘by design’?

But [if that’s true] why can definition updates be obtained via the separate updater in Defender? You don’t know. But it’s not really a problem …

Ralf informed me later, that the update log just contained an entry claiming, that Windows Defender searched successful for update, but found no new updates:

„2018-06-29 10:23:19:454+0200 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows Defender Success Software Synchronization Windows Update Client successfully detected 0 updates

Then blog reader Martin also confirmed, that he also checked the Windows 7 update history. He found out, that Windows Defender receiving automatically updates stalled after installing the June 12 2018 rollup update. Seems reasonable, but unfortunately, it’s not true – see below.

The theory, that Microsoft disabled that auto-update thing by intention isn’t logical to me. During writing my blog post I stumbled upon my older blog post Windows 7/8.1 receiving Windows Defender ATP support. If Microsoft intends to add some functionality, it doesn’t make sense, to stop updates now. So I guess, it’s just a collateral damage – or something else has changed on Microsoft’s update servers.

Addendum: Just another theory – servers-side issues

Just after I published this article, user Imacri left this comment at askwoody.com for me. He pointed out, that Windows Defender in Windows Vista also stopped receiving updates at the same time as Windows 7. A discussion may be found here. Here is the relevant observation (in Windows 7):

One thing all three machines have in common is I am using WxFC as discussed elsewhere by Noel Carboni. I am using a similar approach to what he is, in that I only allow a few very specific update servers and only allow this when I am actively manually checking for updates.

I noticed this time that both the Defender user interface and the svchost.exe are trying to get to both go.microsoft.com and http://www.microsoft.com. The former is using port 80, the latter both 80 and 443. Normally I have both of those blocked for all programs and svchost.exe (not specifically, but by exclusion). I noticed I was also getting requests (which I blocked) to go out to watson.microsoft.com, which I see when there is some type of issue and they want it reported to Microsoft.

I also noticed something new. Using the Defender user interface once it finished the ‘searching’ phase it popped up a line that says ‘Definition updates were found on the Microsoft Security Portal.’ In the past when definitions were available I have never seen this appear. After this point I then would get error 0x80072efd and ‘A connection with the server could not be established’.

I then allowed a connection to go.microsoft.com for both the interface and the svchost.exe, but still no go. One time it downloaded the definitions file (or so it said) and my bandwidth monitor confirmed it was downloading. It said it installed it and it did not take, it was right back where I started. Next I also allowed http://www.microsoft.com for the user interface. No go. I then also allowed http://www.microsoft.com for the svchost.exe and everything proceeded as normal and the updated definitions were installed and it showed the latest version. Further checks seemed to connect with no issue.

So, it seems they changed servers for doing Defender definitions updates? I strongly dislike the idea of allowing svchost.exe to go to a generic Microsoft address, because it seems to me that it could be doing just about anything, or more likely it could be than when going to a specific update server. I thought I had seen things in the past about not allowing go.microsoft.com, but I can’t find any notes on it. I use a block all, allow a few specific things at specific times approach, so I have no need to specifically block this address. For me, I think I would rather not update Defender than allow this, but even if Defender isn’t something I see a lot of value in, it has had critical exploitable flaws in the past requiring updates.

So my guess, that something may also be broken on Microsoft’s update servers seems not to be too wrong.

After I published the blog post in English, @VessOnSecurity confirmed that the theory of ‘broken update server’ is probably the most likely cause. In a reply to my post he wrote.

I can confirm that on Win7 machines, Windows Defender updates via WU no longer occur (since June 11).

However, this happens even if the June roll-up is NOT installed.

It’s not some update that has screwed things up; Microsoft has changed something server-side.

— Vess (@VessOnSecurity) 29. Juni 2018

An idea for a possible workaround

Well, personally I think, Windows 7 Defender is a kind of ‘blue pill’, especially, if a third party antivirus software protects the system. But in case you are intend to use Windows Defender to scan your system, blog reader Martin had a proposal, that might work.

He intend to set up a new task in task planner, that invokes Windows Defender cyclically and let the program search manually for updates. The command line parameters for Windows Defender has been documented here by Microsoft. Maybe it helps.

Similar articles:
Windows Defender reports Trojans as false positives
Windows Defender extension for Google Chrome
Temporary profile in Windows caused by Windows Defender?
Windows Defender ATP detects Finfisher spyware
Windows 7/8.1 receiving Windows Defender ATP support
Windows 10 V 1703: How to disable Windows Defender in Security Center

[German]Just a brief message for administrators supporting Windows Server 2016 installations. A cumulative update from May 2018 causes the System File Checker command sfc to stop working. June 2018 update didn’t fix this issue.

German blog reader Robert R. contacted me Friday (29.6.) in the late evening and reported problems with Windows Server 2016 (thanks for the info). He wrote::

SFC broken under Windows Server 2016 by MS Update

I verified this on my Windows 2016 servers, everyone has problems. Wasted a lot of time before I found the post. Maybe you can save others from this loss of time.

The blog reader pointed out to this Microsoft Technet forum post. A user described his findings:

May 17 + June 2018 Cumulative Updates: SFC Integrity violation: NlsData0000.dll

Installing the May 17 Cumulative Update for Server 2016  (OS Build 2273)
leads to the “SFC /scannow” command attempting to repair the file “NlsData0000.dll” in the Windows – SysWOW64 directory. The repair is reported as “successful”, but when running the command again, another repair is attemped.

In other words: SFC /scannow never succeeds without integrity violations.

Uninstalling the May 17 CU helps (reverting to April 10, 2018 Build 2189).
No more integrity violations are shown after that.

Reinstall the May 17 CU and voila, the error returns.
Should be straightforward to reproduce (did so with two servers and a VM).
Maybe the MS guys should have bothered running the SFC command before
publishing the update, but I guess that would count as “testing” ;)
Please fix this issue with the next update and make SFC work without errors again!

Thanks and best regards
Klaas Klever

EDIT: Still happens with the June 2018 Cumulative Update (KB4284880)

So sfc /scannow is going into a check loop: It tries to repair a file, reports success and begins to repair again during the next scan. Uninstalling cumulative May 2018 update fixes this issue. The cumulative update for June 2018 (KB4284880) didn’t fix this issue. The problem has been confirmed by several users. Maybe it’s helpful for you.

Similar articles:
Windows 10 V1709: Store broken (wrong manifest layout)
Check and repair Windows system files and component store
Spotify app blocks Windows 10 system restore
Windows 10: News about System restore error 0x80070091
Windows 10 V 1607: Fix for system restore error 0x80070091

[German]So far I haven’t written about all rumors on Microsoft’s project Andromeda. Now, however, there are new information that concretizes some things. Microsoft’s Project Andromeda could be a foldable surface smartphone for your pocket.

A tweet from the Surface boss

The first information I stumbled upon is the article Microsoft Surface Chief Panos Panay Hints At Revolutionary Dual-Screen Andromeda Mobile Device at Hot Hardware. They speak of a dual-screen interface, which is probably collapsible. This is fueled by a tweet that Microsoft’s surface boss Panos Panay has published:

Do you think they got the resemblance right?
Huge thanks to LG Display for the awesome caricature. #nailedit pic.twitter.com/vejlOIVuoK

— Panos Panay (@panos_panay) 28. Juni 2018

This is just a caricature of the LG display product team – and the question in the tweet is ‘Do you think they recognized the similarity correctly?’. Of course, the whole thing is an absolute teaser from Panos Panay, which really fuels the rumours about a dual-screen device. Could bee a great joke, of course.

Some information from a leaked e-mail

Tom Warren published the article Microsoft details secret ‘pocketable’ Surface device in leaked email at The Verge. Warren got a leaked internal e-mail that say, that Microsoft has been working on a new mysterious surface device codenamed Andromeda for at least two years. The device has appeared several times in patents, reports and operating system references and will feature a dual-display design. According to the Microsoft internal document that was leaked to Tom Warren, this is a surface device that you can put in your pocket.

@zacbowden @h0x0d @windowscentral #Surface Andromeda Render according to the latest patents pic.twitter.com/CmbvlfETtU

— David Breyer (@D_Breyer) 18. Dezember 2017

Already in December 2017 there were first render images posted by enthusiasts on Twitter based on patent descriptions. If you want to get an impression of what such a thing could look like, you will find it on this website.

Behance is probably a design company where young talents can realize their ideas. The concept presented by Ryan Smalley dates from 2017 and probably has nothing to do with Microsoft’s development. But Smalley does have an idea of what might come out of Andromeda – Microsoft can hardly show up with triangular cases.

According to The Verge, Intel has produced prototypes with dual displays. But Warren also points out that Microsoft could pull the plug at any time. This has already been done with the Surface Mini, which has virtually been knocked out of production.

[German]Marketing firm AdDuplex has released its latest Windows 10 distribution figures for June 2018. Looking at this figures brought me to the decision, that the whole thing is useless – nothing more than bullshit.

The data from the new AdDuplex report of June 2018 says that Windows 10 April Update has been rolled out to 3/4 of all Windows 10 systems.

(Windows 10: Distribution June 2018, Source: AdDuplex)

The figure shown above says, that 78,1 % of all Windows 10 Machines are on April Update (V1803). Windows 10 Fall Creators Update (FCU) is at 15,7%, and the other Windows 10 versions are at 2,4% and below 1%.

Sorry, another bullshit bingo

Sorry, that’s not trustable! Going back one month, in May 2018 AdDuplex has posted the diagram below.

(Windows 10: Distribution May 2018, Source: AdDuplex)

AdDuplex claimed, that Windows 10 V1803 has been installed on 50% of all Windows 10 machines. Within my article Windows and OS market share in May 2018 I shed a bit light on absolute figures. When Terry Myerson announced his departure from Microsoft, the number of 700 million Windows 10 systems was already mentioned. So 50% of 700 Million are 350 Million.

Within the article AI powers Windows 10 April 2018 Update rollout dated June 14, 2018, Microsoft published a 2nd figure. They wrote ‘With over 250 million machines on the Windows 10 April Update, we are seeing ….’. Hell, this 250 million Windows 10 V1803 machines, confirmed by Microsoft on June 2018 are far below of the 350 million AdDuplex is claiming End of May 2018. And now they are going to say 3/4 of all Windows 10 machines are already on Version 1803. What these guys are smoking?

Overall they use telemetry data from apps to estimate the amount of a Windows 10 version installed in the wild. This means, the figures they are receiving and reporting monthly are useless – just bullshit. There is no value looking at this figures – so I decided, not to publish additional blog posts about Windows 10 figures released by AdDuplex.