Enable Retpoline on Windows 10 1809 and Server right now

Microsoft has tested Retpoline, a new mitigation method against Spectre variant 2 by Google, on Windows 10 Insider Builds for some time now. The company brought Retpoline to Windows 10 version 1809 by including it in the March 1 cumulative update KB4482887 for the version of Windows 10.
Tip: use the free InSpectre program for Windows check the vulnerability status.
Retpoline promises improved performance compared to the previous mitigation method used by Microsoft in its operating systems. Microsoft monitored the performance of Windows 10 systems and determined that Retpoline improved the launch time of Office applications by about 25% among other benefits.
When all relevant kernel-mode binaries are compiled with retpoline, we’ve measured ~25% speedup in Office app launch times and up to 1.5-2x improved throughput in the Diskspd (storage) and NTttcp (networking) benchmarks on Broadwell CPUs in our lab.
Retpoline is not enabled by default on production devices even though it is included in the March 1 update. Microsoft plans to roll out the mitigation over the course of the coming months.
Administrators who don’t want to wait can enable Retpoline right away provided that the devices run Windows 10 version 1809 and have the latest cumulative update installed.
Microsoft employee Mehmet Iyigun describes the process on the Tech Community site. Note that it is recommended that you back up the system and data before you apply the change.
Windows 10 Clients

Note: Microsoft did not enclose the Registry key path with “”. If you copy paste Microsoft’s command you will receive an error.

Open an elevated command prompt, e.g. by opening Start, typing cmd.exe, right-clicking on the result, and selecting run as administrator.
Run the following two commands:

reg add “HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management” /v FeatureSettingsOverride /t REG_DWORD /d 0x400

When prompted to overwrite the existing value, select Y for yes.

reg add “HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x400

When prompted to overwrite the existing value, select Y for yes.

Restart the PC.

Alternative: use the following Registry file to make the change with a double-click on it:
Regpoline Windows 10 Client

Windows 10 Server

Open an elevated command prompt.
Run the following two commands:

reg add “HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management” /v FeatureSettingsOverride /t REG_DWORD /d 0x400
reg add “HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x401

Restart the PC.

And here is the Registry file for Windows 10 Server versions:
Windows 10 Server Regpoline
Note that you can make the changes in the Registry editor directly as well if you prefer to do so.
Verification

You may use the Get-SpeculationControlSettings PowerShell cmdlet to verify the status of Retpoline. BTIKernelRetpolineEnabled and BTIKernelImportOptimizationEnabled should be returned as True in the output.
Microsoft notes that Skylake and newer generations of Intel processors are not compatible with Retpoline; these will only return BTIKernelImportOptimizationEnabled as enabled when the command is run.
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Enable Retpoline on Windows 10 1809 and Server right now appeared first on gHacks Technology News.
Source: ghacks.net

How to block the automatic cleaning of Windows 10's Thumbnail Cache

Microsoft’s Windows operating system uses a thumbnail cache for thumbnail icons used in Explorer to speed up the display of icons when a user opens a folder with cached items.
Microsoft changed how the thumbnail cache works in the Fall Creators Update for Windows 10. Starting with that release, Windows 10 clears the thumbnail cache automatically using a feature called Automatic Maintenance.
Automatic Maintenance
Automatic Maintenance performs a large number of tasks, from synchronizing the time and maintaining Windows Defender to defragmentation of drives and clean-up operations.
Tip: Open PowerShell and run the command Get-ScheduledTask | ? {$_.Settings.MaintenanceSettings} | Out-GridView to display all Automatic Maintenance tasks and the status of each in a listing.
One such task is called SilentCleanup. The task launches the built-in Disk Cleanup tool using the parameter /autoclean which makes the tool read Registry values to determine what to clean.
Cleaning the cache may free up storage on the device but it comes at the cost of having to renew the cache when File Explorer is used.  Windows 10 users who keep lots of photos in a single folder may experience issues when those folders are opened in File Explorer as it may increase the CPU load for the time it takes to generate and cache the thumbnails.
You can visit the hidden folder %userprofile%AppDataLocalMicrosoftWindowsExplorer in Explorer to display the cache.
Option 1: Making changes to the Registry

SilentCleanup checks the data of each Autorun Dword value under HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCaches and HKLMSOFTWAREWOW6432NodeMicrosoftWindowsCurrentVersionExplorerVolumeCaches to determine whether it should include that cache in the cleanup operation.
A value of 0 blocks the maintenance task from deleting the cache, a value of 1 allows it to to so.
Here is how you configure Windows 10 to block or allow the clearing of the cache:

Open Start, e.g. by clicking on the icon or tapping on the Windows-key on the keyboard.
Type regedit.exe.
Confirm the UAC prompt that Windows displays.
Go to HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesThumbnail Cache
Double-click on the Autorun Dword value.
Set it to 0 to prevent Windows from clearing the cache, or to 1 to allow it to do so.
Go to HKLMSOFTWAREWOW6432NodeMicrosoftWindowsCurrentVersionExplorerVolumeCachesThumbnail Cache
Double-click on the Autorun Dword value.
Set it to 0 or 1 accordingly.
Optional: repeat the steps for any other cache listed under VolumeCaches.
Restart the PC.

Windows won’t delete the cache anymore as part of Automatic Maintenance if you set both entries to 0.
Option 2: The Task Scheduler

You may disable the entire SilentCleanup task or even Automatic Maintenance in the Task Scheduler. Disabling SilentCleanup may be an option if you don’t want Windows to clear the cache automatically.
You may still run Disk Cleanup or any third-party tool that supports the cleaning of Windows caches to do so. Note that used disk space my increase if you don’t as Windows won’t run the cleanup task anymore.

Open Start.
Type Task Scheduler and load the result. You may also search for taskschd.msc directly if Windows Search acts up and does not reveal the right result in the search results.
Use the navigation in the sidebar to go to Task Scheduler Library > Microsoft > Windows > DiskCleanup
Right-click on the SilentCleanup task on the right and select Disable from the context menu; this turns the task off so that it is not run automatically anymore.

Tip: You can turn the task back on at any time by following the steps described above and selecting Enable from the context menu.
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post How to block the automatic cleaning of Windows 10's Thumbnail Cache appeared first on gHacks Technology News.
Source: ghacks.net

KB4482887 for Windows 10 version 1809

Microsoft released the cumulative update KB4482887 for Windows 10 version 1809 yesterday. The update brings the build of that particular version of Windows 10 to 17763.348.
Microsoft appears to test updates for the latest version of Windows 10 in the Release Preview ring before it pushes them out using Windows Update and other means. The practice delays the release of the update; all other supported versions of Windows 10 received updates in mid-February 2019 already.
KB4482887 is available on Windows Update already; devices configured to download and install updates automatically will pick up the update eventually. You may run a manual check for updates to speed up the process, or download the new cumulative update for Windows 10 from the Microsoft Download Catalog site instead.
Issues in KB4482887
Microsoft lists two issues on the support page.

Users may receive “Error 1309” when installing or uninstalling certain MSI or MSP files. Microsoft asks users to ignore the error.
Internet Explorer 11 authentication issues when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons.

KB4482887 for Windows 10 version 1809

The update is a bug fix update only (Microsoft calls it an update that improves the quality of the operating system). It includes no new features and no security fixes.

Retpoline enabled on certain devices to improve the performance of Spectre variant 2 mitigations. See this detailed tech article on Retpoline.
Fixed an issue with Action Center appearing on the wrong side of the desktop before appearing on the right side.
Fixed an issue when saving PDFs with inked content in Microsoft Edge; some content would not be saved.
Storage class memory (SCM) disks are no longer listed as Unknown in the Server Manager.
Fixed a Remote Desktop access issue to Hyper-V Server 2019.
Fixed republication Branch Cache take up more space than assigned.
Fixed a Remote Desktop connection performance issue when connecting from a web Remote Desktop client to Windows Server 2019.
Addressed an issue that caused the screen to remain black after resuming from Sleep. Also, fixed an issue that caused the main laptop screen to flash when resuming from Sleep.
Fixed an issue that caused overwrites of files on shared folders to fail with Access Denied errors.
Bluetooth radios support peripheral role.
Fixed printing of PDF documents failing during Remote Desktop sessions.
Fixed certain VPN connections causing a black screen and Remote Desktop sessions from responding.
Chile time zone information updated.
Fixed an issue with registering USB cameras with Windows Hello.
Fixed an issue that prevented the Microsoft enhanced Point and Print compatibility driver from installing on Windows 7 clients.
Fixed an issue that caused Teamservice to stop working if Remote Desktop uses hardware encoder for Advanced Video Coding.
Fixed an issue that caused user accounts to get locked when moving applications to a shared platform using App-V.
UE-VAppmonitor reliability improvements.
Fixed an issue that prevented App-V apps to start with error 0xc0000225 in the log. Admins may set a Dword to customize the maximum time for the driver to wait for a volume: HKLMSoftwareMicrosoftAppVMAVConfigurationMaxAttachWaitTimeInMilliseconds
Fixed a compatibility status evaluation issue.
Fixed an issue that made F1 Help work incorrectly in some apps.
Fixed an issue that caused flickering after using User Profile disk setup on Windows Server 2019 Terminal Server.
Fixed an issue that blocked a user hive from being updated when using Connection Groups.
Improved performance of case-insensitive string comparison functions.
Fixed Mp4 compatibility issues in regards to parsing and playing.
Addresses an issue that occurs with the Internet Explorer proxy setting and the out of box experience (OOBE) setup. The initial logon stops responding after Sysprep.
Fixed an issue with desktop lockscreen and wallpaper background images not updating.
Fixed TabTip.exe touchscreen keyboard not working in some scenarios.
Fixed Miracast banner remaining open after closing a connection.
Fixed an issue with virtual disks going offline.
Additional Japanese era name fixes.
Fixed Internet Explorer not loading certain images that use a “” character in their relative source path.
Fixed a Jet database issue with Microsoft Access 95 files.
Addresses an issue in Windows Server 2019 that causes input and output timeouts when querying for SMART Data using Get-StorageReliabilityCounter().

Lots of fixes in the update. Did you update your system recently? What’s your take on update quality right now?
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post KB4482887 for Windows 10 version 1809 appeared first on gHacks Technology News.
Source: ghacks.net

Windows 10 Update Study: too complex and not enough control

How are updates perceived by users of Windows 10 Home? A new study, “In Control with no Control: Perceptions and Reality of Windows 10 Home Edition Update Features” by a group of researchers from University College London suggests that updates are complex and that many users don’t know about certain features that could improve the updating behavior.
Microsoft changed the update model with the release of Windows 10. The company switched to a system of cumulative updates for all supported editions of Windows 10. Microsoft switched to a cumulative update model for previous versions of Windows in 2016.
Updates are released on the second Tuesday of each month and sometimes out of schedule. Microsoft releases two feature updates for Windows 10 that upgrade the operating system to a new version.
Windows 10 Home users have less control over the updating than Pro, Enterprise, or Education users. Up until recently, it was not possible to pause updates or delay feature updates on Windows 10 Home devices officially; this meant that updates were installed as soon as they were picked up by Windows Update and that the devices had to be restarted to complete the updating process.
The only option that Home users have when it comes to controlling updates is to set Active Hours, a feature designed to prevent automatic restarts of the system during the period.
 
Complex Updates
The researchers asked the participants of the study a number of questions. Among them whether the updating behavior of Windows 10 was easier and caused less interruptions than in previous versions of Windows.
53% said that updating was easier and 43% agreed that updating caused less interruptions. Only 8% stated that updating was more complicated and 21% said that updating caused more interruptions.
About half of the study’s participants reported that they experienced unexpected restarts because of updates; 42% said that updates took longer than expected and 70% stated that they became more concerned the longer an update took to complete.
The researchers discovered that the Active Hours feature was set inappropriately for a large number of survey participants and that most users were unaware of the existence of the feature.
Only 28% of survey participants knew about feature and its default setting — 8AM to 5PM- was unsuitable for 97% of all users. The default Active Hours period is appropriate for businesses and may need to be adjusted even there.
Home users, on the other hand, at least those who participated in the study, used their computers on weekday evenings in the majority of cases; outside Active Hours.
Another key finding of the research is that many survey participants could not make distinctions between cumulative security updates and feature updates.
The researchers recommend to improve the Active Hours feature, either by providing users with direct information about it and its controls, or by using automation to pick appropriate Active Hours based on usage automatically.
Closing Words
A low number of participants, 97, participated in the study. It might be necessary to run a study with more users to verify the findings.
Now You: What is your take on Windows and updating? (via ZDNet)
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Windows 10 Update Study: too complex and not enough control appeared first on gHacks Technology News.
Source: ghacks.net

Microsoft brings Windows Defender Advanced Threat Protection to Windows 7 and 8.1

Microsoft announced the general availability of Windows Defender Advanced Threat Protection (ATP) on devices running Windows 7 or Windows 8.1 on Friday.
Microsoft introduced Advanced Threat Protection in the Fall Creators Update for Windows 10 and made it a Windows 10 exclusive feature at the time.
The company revealed a few months later that it would bring Windows Defender Advanced Threat Protection support to the older Windows versions Windows 7 and Windows 8.1.
Plans to launch a preview in Spring 2018 and the final version in Summer 2018 were delayed. Microsoft did launch a preview of Advanced Thread Protection in 2018 but general availability was delayed.
Last week, Microsoft announced that the feature is now generally available for organizations that run Windows 7 or Windows 8.1 on devices.

Windows Defender ATP events show up in Windows Defender Security Center, the central administrative location to manage endpoints.
Windows Defender ATP for Windows 7, and Windows 8.1 provides deep visibility on activities that are happening on endpoints, including process, file, network, registry and memory activities, providing security teams with rich, correlated insights into activities and threats happening on older versions of Windows.
Advanced Threat Protection remains an Enterprise and Pro only feature. It can be used on devices running Windows 7 Service Pack 1 Pro or Enterprise, and Windows 8.1 Pro or Enterprise.
It requires System Center Endpoint Protection and installation of the Microsoft Monitoring Agent (MMA).
Administrators find additional setup information in the onboarding instructions.
Why is Microsoft bringing ATP to older versions of Windows?
Microsoft made some features Windows 10 exclusive when it launched the operating system in 2015. Features like Microsoft Edge, support for certain hardware, or security features were not ported to older supported versions of Windows.
In some cases, features were made available on non-Microsoft operating systems such as Android instead.
Microsoft notes that it brings ATP to older versions of Windows to “help customers stay secure while upgrading to Windows 10”.
Support for Microsoft’s Windows 7 operating system ends in January 2020. Enterprise customers may extend the support period by up to three years. Payments double each year up to a maximum of $200 per device in the third year for Windows 7 Pro devices.
Enterprise customers may use Windows 7 until 2023. Support for Microsoft’s Windows 8.1 operating system ends in January 2023. Microsoft has yet to announce whether Enterprise customers may extend the support period for that operating system as well; it seems likely that the option will be made available.
Related articles

Add file or folder exclusions to Windows Defender with Defender Injector
Windows Defender Antivirus: Controlled Folder Access
Windows Defender Browser Protection for Google Chrome first look
Windows Defender System Guard in Windows 10 Spring Creators Update

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Microsoft brings Windows Defender Advanced Threat Protection to Windows 7 and 8.1 appeared first on gHacks Technology News.
Source: ghacks.net

Microsoft bringing PC and Xbox gaming closer together

Remember the mysterious test that Microsoft wanted Windows 10 Insider Build testers to run recently without revealing anything about it?
Microsoft wanted users to report any issues found during the installation and launch of State of Decay, but did not reveal any information other than that.
Turns out that Microsoft could have had testers install the Xbox One version of State of Decay, or at least a large part of it, on the Windows 10 device.
Brad Sams over on Thurrot suggests that the State of Decay test was Microsoft’s first public test at making available an Xbox One game as the “primary installation for Windows”.
Microsoft did not confirm nor deny that; Sams discovered that the game installer downloaded the data from an Xbox Live domain and not from the usual server that Microsoft Store apps and games were offered from.
There is more evidence. It turns out that the downloaded files used the .xvc format. Microsoft created the format for the Xbox One but it seems the company added support for it to the upcoming version of Windows 10.

The State of Decay installer, which you can run from PowerShell as Sams notes, loads a legacy DirectX installation setup routine which installs the required DirectX components on the computer.
Microsoft has an interest in pushing the company’s Xbox One system and gaming on Windows 10. Making it easier for game companies to develop games that work on Xbox One and Windows 10 with little overhead will certainly help with that.
While it is certainly easier to develop games that run on PCs and consoles, thanks to consoles becoming more like PCs in many regards and improving development options, improving that process further could give Microsoft the boost it needs to compete with Sony and Nintendo in the console market, and increase Windows 10’s attractiveness as well.
It is unclear at this point whether the functionality will find its way into Windows 10 version 1903, the next feature upgrade version. It seems unlikely, considering that we are just 1-2 months away from the release of that version.
Microsoft could plan to have everything ready before the launch of its next console (Xbox Two, maybe). This would give it ample time, a year at least, to test and integrate the functionality in the operating system.
Closing Words
More Xbox games on PC is a good thing for PC gamers; most would probably prefer that Microsoft would not make the games Microsoft Store exclusive. Another concern that some gamers may have is that developers might use shortcuts by launching the Xbox One version in its unmodified or nearly unmodified state on PC; this could be problematic in regards to controls, graphics, and other functionality.
Now You: what is your take on this?
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Microsoft bringing PC and Xbox gaming closer together appeared first on gHacks Technology News.
Source: ghacks.net

Windows 10 1903: support for filenames and folders with beginning dot character

The next feature update for Windows 10, Windows 10 version 1903, will support filenames and folders that begin with a dot character in Explorer.
The news may not be super exciting for users of Linux or other operating systems that supported filenames  or folders with dots in the beginning for decades, but for Windows, it is certainly a milestone.
When you try to create a filename or folder that begins with a dot character, you may notice that Windows won’t allow that filename or folder to be picked for the file if you use Explorer to do so.
The error “you must type a file name” is displayed (yes also for folders) and the only option the dialog provides is to select ok to restore the old filename or folder name (if you create a new file on Windows using Explorer, a file extension is added automatically).

The limitation applies only if you don’t add at least one additional dot to the file. Windows’ File Explorer won’t allow the creation of “.htaccess”, but it does allow the creation of “.silly.filename.txt”, or “.htaccess.”. Similarly, it won’t allow the creation of the folder “.test” but it does allow “.test.”
Windows Explorer makes the creation of filenames without extension difficult. The file manager adds a file extension to new files that you create automatically. While you may remove the file extension to create a file without one, it is probably not something that most users of Windows do regularly.
Webmasters and developers might, especially if they work with web servers or Linux systems. It is not possible to create a .htaccess file from scratch using the Windows file manager, but you can copy a file like .htaccess to the Windows system and use it just like any other file that is on the system.
A double-click opens the file, and it saves just fine as well once you are done with the editing.
The same is true for names such as.gitignore or .nomedia which some users may make use of.
Windows 10 users who run Insider Builds can test the new functionality already; the change is live in the most recent Windows 10 version 1903 Insider Build and in the Skip Ahead build as well.
The change does not remove the limitation to use reserved names for files:  CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9. Files or folders with these included cannot be created.
Now You: What is your take on the change? Did you run into file name or folder name creation issues in the past? (via Deskmodder)
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Windows 10 1903: support for filenames and folders with beginning dot character appeared first on gHacks Technology News.
Source: ghacks.net

How Windows Sandbox config files work

Microsoft is working on Windows Sandbox, a sandboxed environment for the Windows operating system, currently.
The feature is being tested in Windows 10 Insider Builds currently and it is possible that Windows Sandbox will find its way into Windows 10 version 1903.
The initial version of Windows Sandbox was quite basic: users could launch it on Windows 10 devices and use it, but that was about the scope of it.
Sandbox Config files

Starting with the latest builds, it is now possible to use config files to customize certain aspects. Config file support is basic at this point but it allows administrators and users to launch apps or scripts automatically in the sandbox. In other words: you may run something in the sandboxed environment automatically.
The config files use XML and have the extension .wsb. You may run any .wsb file with a double-click or by running it from the command line or by using scripts.
Windows Sandbox .wsb scripts support the following configuration options currently:

Enable or disable the virtualized GPU.
Enable or disable networking in the sandbox.
Share folders from the host.
Run a startup script or program.

Most options are straightforward at this point in time.
Virtualized GPU

<VGpu>Disable</VGpu> — Disables virtual GPU support in the sandbox. Software rendering will be used.
<VGpu>Enable</VGpu> — Enables virtual GPU support.

Networking:

<Networking>Disable</Networking> — Disables networking in the sandbox.
<Networking>Enable</Networking> — Enables networking in the sandbox.

Shared Folders:
<MappedFolder>
<HostFolder>path to the host folder</HostFolder>
<ReadOnly>value</ReadOnly>
</MappedFolder>
You need to specify a folder that you want to share with the host system, e.g. c:virtual, and whether you want it to be read-only or support write operations as well.
ReadOnly values are true (make it read-only) or false (read and write support).
Note that folders are always mapped under the path C:UsersWDAGUtilityAccountDesktop.
Command on Logon
<LogonCommand>
<Command>The command</Command>
</LogonCommand>
You may specify a file name and path or a script. The command explorer.exe would work, as would reference to a script, e.g. C:userswdagutilityaccountdesktopteststart.cmd.
Example XML file
<Configuration>
<VGpu>Disable</VGpu>
<Networking>Disable</Networking>
<MappedFolders>
<MappedFolder>
<HostFolder>C:UsersMartinDownloads</HostFolder>
<ReadOnly>true</ReadOnly>
</MappedFolder>
</MappedFolders>
<LogonCommand>
<Command>explorer.exe C:usersWDAGUtilityAccountDesktopDownloads</Command>
</LogonCommand>
</Configuration>
Save the file as something.wsb and launch it whenever you want to run the sandbox with this configuration. It is pretty basic: disables the virtual GPU and networking, maps the Downloads folder of the user account Martin, and launches File Explorer in the sandbox that displays the Downloads folder.
Closing Words
Config file support extends Windows Sandbox functionality significantly as you may use these files to share folders with the sandbox and run scripts. You could use it to map a downloads folder and run downloaded files in the sandbox for that extra bit of security.
We will update the guide when new features are introduced.
Now You: What is your take on the Windows Sandbox so far? What would you like to see?
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post How Windows Sandbox config files work appeared first on gHacks Technology News.
Source: ghacks.net

Microsoft: fix security issue with non-security update. Instructions point to non-existent KB page

Can things get any worse than this? Microsoft published a security advisory yesterday — ADV190005 | Guidance to adjust HTTP/2 SETTINGS frames — which affects Windows Server running Internet Information Services (IIS).
The security issue could be abused to cause CPU usage to increase to 100% until the malicious HTTP/2 “connections are killed by IIS”.
The advisory recommends to administrators that they install the February non-security updates for the version of Windows 10 that is installed on an affected device. Microsoft released cumulative updates for all supported versions of Windows 10 on the February Patch Tuesday that included security updates.
The updates that Microsoft refers to in the advisory were released this week for Windows 10 version 1607 to 1803 (the update for Windows 10 version 1809 is being tested in the Release Preview ring currently) and the related Windows Server versions.
No instructions available

It is not the first time that non-security updates update security related content. The main issue with the approach is that it weakens the already-very-weak distinction between the monthly security and non-security releases.
The approach is far from ideal especially for administrators and users who install security-only patches exclusively on devices.
Update: Microsoft published the support article in the meantime.
What makes this particular security advisory even more problematic is that Microsoft asks customers to review a Knowledge Base article that does not exist.
The security advisory was published yesterday, but the essential support article is not published yet (a day after the release). It is possible that Microsoft made an error when it added the link to the page, but someone would certainly have verified the link before hitting the publish button.
It is unclear whether the installation of the updates fixes the issues or if other steps are required to resolve it completely.
Closing Words
This is not the first time that Microsoft released updates or advisories without publishing their support pages. I published Microsoft, please publish support pages before updates in 2016 to raise awareness for the issue.
Users and administrators may encounter Windows updates and patches without option to find out what they actually do, may introduce issues, or have additional steps or requirements.
Administrators could install the patches and hope for the best in this particular case, or wait until Microsoft publishes the support page. Both options are not very pleasant; the first could mean that important steps to protect the server are not implemented because of missing instructions, the second that attacks could hit the server while the administrator waits for Microsoft to release the support page.
Now You: What would you do and what is your take on this? (via Ask Woody)
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Microsoft: fix security issue with non-security update. Instructions point to non-existent KB page appeared first on gHacks Technology News.
Source: ghacks.net

Windows 10 updates KB4487029, KB4487021, KB4487011 and KB4487006 released

Microsoft released several cumulative updates for different Windows 10 versions on February 19, 2019. The cumulative updates KB4487029, KB4487021, KB4487011 and KB4487006 update Windows 10 version 1803, 1709, 1703 and 1607 but not the current version 1809.
Only the Enterprise editions of Windows 10 version 1607 and 1703 are supported. Home and Pro editions of these versions of Windows 10 are no longer supported; in other words: you need to upgrade the operating system to a supported version to receive continued support with updates.
Note: These are not security updates; they fix stability and other issues only. It is recommended that you back up your system before you install the updates or wait if you are not affected by any of the listed issues.
And Windows 10 version 1809? Microsoft pushes cumulative updates for the current version of Windows 10 to the Release Preview ring first before release. It is likely that an update will be released in the coming days / week.
KB4487029  for Windows 10 version 1803

Windows 10 version 1803 is the most used edition of Windows 10. Microsoft launched Windows 10 version 1809 last year but bugs forced the company to stop the distribution of the operating system for weeks.
The update increases the build of the operating system to 17134.619. The following changes are listed in the changelog:

Media Content can play e-learning content with USB adapter cables on Microsoft Edge.
Windows ActiveX content in iframes scrolls with other content in Internet Explorer 11.
Fixed an issue that caused Registry keys that are app-specific to be deleted after updates.
Time Zone information for Chile updated.
Fixed an audio compatibility issue of games with 3D Spatial Audio modes.
Fixed an issue that prevented users from pinning web links to Start or the Taskbar.
Fixed an issue that prevented the lockscreen image from updating.
Improved the performance of case-sensitive string comparison functions.
Fixed an compatibility status evaluating issue.
Improved the reliability of the UE-VAppmonitor.
Fixed a user hive updating issue.
Fixed an issue that allowed protected files (by Windows Information Protection) to be transferred using Bluetooth.
Fixed an issue with Internet Explorer proxy settings that caused the initial logon to stop responding.
Fixed an issue that prevented the deletion of wireless network profiles.
Addressed the cause for error “STOP 0x1A”.
Fixed a Timeline issue that caused File Explorer to stop working.
Fixed an issue that caused the Photos app to stop working when used from within the Mail app.
Fixed a PLMDebug.exe tool issue that caused the losing of debug sessions.
Improved AOVPN (Always On VPN) reconnect and disconnect functionality.
Further Japanese era name issue fixues.
Fixed an issue that caused Internet Explorer to skip loading images that have a backslash character in their relative source path.
Fixed an issue that caused applications that use Microsoft Jet Databases with Microsoft Access 95 formats to stop working.

You can download the update manually from the Microsoft Update Catalog website.
KB4487021 for Windows 10 version 1709

The update includes some of the fixes found in the update for Windows 10 version 1803 but not all of them. It does include some fixes that are not included in the update for version 1803.
The update increases the build to 16299.1004.
The changelog lists the following fixes and improvements:

Time Zone information for Chile updated.
Improved the performance of case-sensitive string comparison functions.
Fixed an compatibility status evaluating issue.
Improved the reliability of the UE-VAppmonitor.
Fixed a user hive updating issue.
New Group Policy called “Policy Details” that disconnects any wireless connections immediately when a wired connection is detected and “Minimize simultaneous connections” is configured.
Additional Japanese era date and format fixes.
Fixed the Internet Explorer not loading images with backslash characters in path issue.
Fixed an issue that caused applications that use Microsoft Jet Databases with Microsoft Access 95 formats to stop working.

You can download the update manually from the Microsoft Update Catalog website.
KB4487011 for Windows 10 version 1703

The update is only for Windows 10 Enterprise and Education editions. The update brings the build to version 15063.1659.
It includes the same updates as KB4487021 with the exception of the following exclusive additions:

Fixed an issue that caused programs to stop responding if its threads share the same input queue.
Addressed an issue with a rooted pointer to an item identifier list (PIDL) in File Explorer

The update is available on the Microsoft Update Catalog website as a manual download.
KB4487006 for Windows 10 version 1607 and Windows Server 2016

The update bring the version of the operating system to 14393.2828. It is only available to Enterprise and Education editions.
The changelog lists the following improvements:

Chile Time Zone information update.
Fixed an issue that caused Remote Desktop Protocol client applications to display a black screen on login.
Improved the performance of case-sensitive string comparison functions.
Fixed an compatibility status evaluating issue.
Improved the reliability of the UE-VAppmonitor.
Fixed a user name display issue in the Routing and Remote Access Service (RRAS) servers.
Addressed an issue that caused updates to a relying party trust to fail when using PowerShell or the Active Directory Federation Services (AD FS) management console.
Fixed an issue that caused “specific error message for external complexity password changes” to display.
Fixed an issue that caused Microsoft Outlook to throw the error “The Operation Failed” when viewing Microsoft Exchange address books.
Fixed an issue that prevented the enabling of Storage Maintenance Mode.
Fixed a server stop working error when handling a compound client request that includes a rename.
Fixed error 0x165 when pausing a node and taking it down for maintenance.
Fixed a cause for Stop 24 error on a virtual Remote Desktop Service server.
Fixed an issue with Japanese era names.
Fixed a reliability issue with win32kfull.sys.
Fixed the Internet Explorer not loading images with backslash characters in path issue.
Fixed the Microsoft Jet database access issue.

Microsoft lists three known issues, all known already:

For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update.
After installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

The update can be downloaded manually from the Microsoft Update Catalog website.
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Windows 10 updates KB4487029, KB4487021, KB4487011 and KB4487006 released appeared first on gHacks Technology News.
Source: ghacks.net