Microsoft Acknowledges Internet Error in Windows 10 Cumulative Update KB4535996

Microsoft has confirmed it’s investigating a new bug in a Windows 10 cumulative update, but this time it’s not one of the very most recent releases, but an update that was originally published in February.

The Redmond-based software giant explains that cumulative update KB4535996 could cause Web connection error on Windows 10 devices where it’s installed, so it’s now looking into reports trying to figure out what happens.

“After installing KB4535996 on a Windows 10 device with a wireless wide area network (WWAN) LTE modems, you may be not able to get to the internet although the Network Connectivity Status Indicator (NCSI) in the notification area shows as attached to the internet,” the company says.

This cumulative update is aimed at Windows 10 version 1903 and Windows 10 version 1909, because the two share a substantial area of the code and for that reason get the same updates. Both of them are affected by the problem, and Microsoft says a similar Internet connection error could also be experienced on Windows Server version 1903 and Windows Server version 1909.

Another bug within the same cumulative update

At this point, there’s very little you can do, but Microsoft claims it’s already working on an answer and this you might be shipped in mid-July. In other words, you really shouldn’t hold your breath for that fix, as it could go live in some 8 weeks as part of the July 2020 Patch Tuesday cycle.

Exactly the same cumulative update also comes with another issue that Microsoft has acknowledged and which in turn causes Windows 10 Pro Education to actually get a genuine edition of Windows 10 Education when activating a license.

“Windows 10 editions for education customers, Windows 10 Pro Education develops the commercial version of Windows 10 Pro, and Windows 10 Education builds on Windows 10 Enterprise. This bug isn’t likely to introduce any negative experiences for purchasers,” Microsoft says.

A treatment for this bug is also on its way, Microsoft confirms.

The simplest Fix for the Latest Security Vulnerabilities in Windows

Microsoft has recently acknowledged two zero-day vulnerabilities in Windows, confirming that it’s aware of attacks happening in the wild already.

Specifically, the font parsing remote code execution bugs in Windows come from the Adobe Type Manager Library, which Microsoft uses to render fonts in the operating system.

“Two remote code execution vulnerabilities exist in Microsoft Windows once the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” Microsoft says.

Despite attacks already happening in the wild, there’s no rush to patch the flaws, it seems, and Microsoft says a fix will probably land next month. What this means is we might need to hold back until April 14 when the next Patch Tuesday updates go live officially for all Windows users.

“Microsoft understands this vulnerability and working on the fix. Updates that address security vulnerabilities in Microsoft software are usually released on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance also it planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers,” Microsoft says.

There are several methods to exploit the vulnerability, and something of these is opening a crafted document specifically created to make use of the bug within the Windows Explorer preview pane.

So technically, the workaround is dependant on this: disabling the preview pane and also the details pane in File Explorer.

This workaround pertains to all Windows versions, as File Explorer is offered as the pre-loaded file manager within the operating system. The steps, however, really are a quite different with respect to the version of Windows that you simply run on the unit.

Windows 10, Windows Server 2016, Windows Server 2019

Open File Explorer on the tool and then follow these steps:

View tab > Clear Details pane + Preview Pane > Options > Change folder and search options > View > Advanced settings > Always show icons, never thumbnails

At this point, the preview ought to be disabled, so you need to relaunch File Explorer in order to save your settings.

Windows 8.1, Windows 7, older Windows Server versions

Nearly exactly the same steps work because well, having a small difference:

File Explorer > Organize > Layout > Clear Details pane + Preview pane > Organize > Folder and check options > View > Advanced settings > Always show icons, never thumbnails

What you ought to do know is when you make these changes, File Explorer won’t display OTF fonts automatically, to want to reset these steps when a patch is published. To do this, just follow the aforementioned steps and uncheck the last option.

“Disabling the Preview and Details panes in Windows Explorer prevents the automated display of OTF fonts in Windows Explorer. Although this prevents malicious files from being viewed in Windows Explorer, it does not prevent a local, authenticated user from managing a specially crafted program to exploit this vulnerability,” Microsoft explains.

The next Patch Tuesday, due on April 14, will likely resolve the vulnerabilities within the supported Windows versions. This is actually the most essential thing, as despite Windows 7 also being vulnerable, it’s no longer getting updates, therefore it’ll remain open to attacks.

Windows 7 reached no more support in January this season, so users still running it are recommended to switch to Windows 10 for security reasons. All Windows 10 versions can get cumulative updates around the next Patch Tuesday, albeit only the newest are supported for home users.

Windows 10 Build 18362.207 Offline Installers Available, Download Now

Microsoft just released Windows 10 Build 18362.207 using the update KB4501375 update. The update earns lots of fixes and improvements. You’ll find the KB4501375 update direct download links below.

Among other improvements, the KB4501375 update mainly fixes issues with Windows Night Light feature. In the event you don’t the most recent May 2019 update broke the night time Light feature and caused it to not focus on most systems.

Download KB4501375 Offline Installer

For those regular Windows update, Microsoft provides offline installers through the Microsoft update catalog website.

Below are the official direct download links for KB4501375 update. Simply click around the download link based on your system architecture and the download will begin immediately. Once downloaded, you are able to do the installation like every other Windows software. i.e, double-click on the installer and stick to the on-screen instructions.

For simplicity of use, I’ve included as well the Windows 10 update size for both 32-bit and 64-bit installers.

KB4501375 x86 (32-bit) offline installer (download size: 98.5 MB)
KB4501375 x64 (64-bit) offline installer (download size: 218.8 MB)

If you want KB4501375 download links for Windows Server or ARM64 based systems, go to the Microsoft update catalog website to find the appropriate links. All you have to do is click the Download button near the appropriate version.

After install the KB4501375 update, the Windows 10 version number will jump to 18362.207.

KB4501375 Change Log

Addresses an issue that fails to display the cursor whenever you hover over the keyboard magnifier.
Addresses an issue with looping redirects between Microsoft Edge and Ie 11.
Addresses an issue with Scalable Vector Graphics (SVG) marker display.
Addresses an issue with programmatic scrolling in Internet Explorer 11.
Addresses an issue with displaying portions of a website which has many elements and multiple nesting levels under certain conditions in Internet Explorer.
Addresses an issue that could cause “Error 1309” while installing or uninstalling certain kinds of .msi or .msp files on the virtual drive.
Addresses an issue that may cause Night light, Color Management profiles, or gamma correction to prevent working after closing a tool.
Addresses an element that only shows grey scale in the camera during Windows Hello enrollment.
Addresses an element that could cause playback of some video content generated by iOS devices to fail.
Addresses a desktop and taskbar flickering issue on Windows Server 2019 Terminal Server that occurs when using User Profile Disks.
Addresses an issue that allows users to disable the sign-in background image when the “Computer\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image” policy is enabled.
Addresses a disconnection issue when using fitness software with an Android phone that has the Your Phone application installed.
Addresses an issue that prevents the Windows Event Log service from processing notifications the log is full. This will make event log behaviors, for example archiving the log if this reaches a maximum file size, impossible. Additionally, the Local Security Authority (LSA) cannot handle CrashOnAuditFail scenarios once the Security log is full, and events cannot be written.
Addresses an element that causes Office 365 applications to stop working after opening when they’re deployed as App-V packages.
Addresses an element that prevents Container Hosts from receiving an address from the Dynamic Host Configuration Protocol (DHCP) server.
Addresses an element that prevents some upgrades from Windows 7 from completing successfully when third-party antivirus software is installed.
Reinforces the Certificate Revocation List (CRL) on Internet Key Exchange version 2 (IKEv2) machines for certificate-based virtual private network (VPN) connections, for example Device Tunnel, within an Always On VPN deployment.
Addresses an element that triggers a Group Policy update even when there aren’t any changes to our policy. This problem occurs when using the client-side extension (CSE) for folder redirection.
Addresses an element that prevents the Preboot Execution Environment (PXE) from starting a tool from the Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection towards the WDS server to terminate prematurely while downloading the look. This issue does not affect clients or devices that aren’t using Variable Window Extension.
Addresses an issue that may display the mistake, “MMC has detected an error inside a snap-in and will unload it.” whenever you try to expand, view, or create Custom Views in Event Viewer. Additionally, the applying may stop responding or close. You may even get the same error when using Filter Current Log in the Action menu with built-in views or logs.
Addresses a problem with WinHTTP registrations that boost the registry size and delay the operating system’s startup. This happens on devices that use proxy auto-config (PAC) files to define how web browsers and agents select a suitable proxy server. To prevent the incremental growth of the registry, update the following:
Path: HKEY_CURRENTUSER\”Software\Classes\Localettings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings”
Setting: CleanupLeakedContainerRegistrations
Type: DWORD
Value: 1
A value of 1 removes preexisting registrations; something of 0 (default) retains existing registrations.

That’s it.

Microsoft Patches NSA Security Vulnerability in Windows 10

Microsoft has released patches for Windows 10 and Windows Server to solve a vulnerability reported through the NSA and which may allow a malicious actor to operate malware disguised as a legitimate app.

The flaw, which before the discharge of the patches was describes as “extraordinarily scary,” affects the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

An effective exploit technically gives the attacker the power of conducting a man-in-the-middle attack and then have the ability to decrypt sensitive information.

“An attacker could exploit the vulnerability using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user might have not a way of understanding the file was malicious, because the digital signature would seem to become from the trusted provider,” Microsoft says.

NSA warns of “severe” consequences

The vulnerability was handed an “important” severity rating, with Microsoft explaining that exploitation is much more likely. However, the company isn’t conscious of any attacks happening within the wild.

However, the NSA has published its very own advisory from the flaw, urging everyone to patch devices as soon as possible.

“The vulnerability places Windows endpoints in danger to some broad range of exploitation vectors. NSA assesses the vulnerability to become severe which sophisticated cyber actors will comprehend the underlying flaw quickly and, if exploited, would render the items discussed platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will probably be made quickly and widely available,” the NSA says.

If enterprise-wide patching isn’t possible, the NSA says, devices that perform TLS validation, DNS, VPN, increase servers should be prioritized.

All Windows 10 versions released so far may take a hit, along with Windows Server 2016, Windows Server 2019, and Windows Server version 1809, 1903, and 1909. The patches are one of them month’s cumulative updates.

NVIDIA STUDIO and Quadro Graphics Driver 431.86 Is Available – Download Now

NVIDIA has announced the availability of the new STUDIO and Quadro graphics driver, namely version 431.86, which provides an ideal experience for the latest releases of top creative apps, for example Maxon Cinema 4D, Adobe Lightroom, Adobe Substance Designer, DaVinci Resolve Studio 16, and Unreal Engine 4.

In addition to that, the 431.86 build also removes a bug that caused a system crash while installing the drivers on a system with GPUs from mixed architectures (for example Fermi and Pascal).

Regarding compatibility, the STUDIO release is suitable for desktop and notebook configurations, but only the ones running within 64-bit variant of Microsoft’s Windows 10 operating-system. Also, take into account that there are two available packages: one standard and one DCH driver.

As for the Quadro update, the producer has provided several downloadable files targeted at the 64-bit architectures of Windows 7, 8, 8.1, and 10 platforms (both desktop and notebooks), in addition to at Microsoft’s Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, and Server 2019 OSes (just for desktops).

Therefore, save the appropriate executable for the computer’s operating system, run it, watch for all files necessary for the installation to become extracted, and follow all instructions shown on the screen for a complete and successful upgrade.

Once finished, be sure to execute a system reboot to permit all changes to take effect properly. If this task isn’t requested automatically by the wizard, it might be smart to carry on with it manually to ensure that any troubles are avoided.

Having said that, download NVIDIA STUDIO Graphics Driver 431.86 or download NVIDIA Quadro Graphics Driver 431.86, apply it on your device, and try to check our web site to stay “updated one minute ago.”

Massive April 2019 Patch Tuesday Targets 16 Critical Flaws in Microsoft Products

The April 2019 Patch Tuesday rollout includes updates for a total of 74 different vulnerabilities in Microsoft products, including for 2 flaws which are already being exploited in the wild.

Out of the 74 security holes, no less than 16 of them are rated as Critical, with scripting engines and browsers (Ie and Microsoft Edge) accounting for 8 of these.

First and foremost, IT admins should prioritize the deployment of patches for CVE-2019-0803 and CVE-2019-0859, the two Win32k vulnerabilities allowing for privilege escalation. Microsoft says the issues already are being exploited and explains that the successful attack allows a malicious actor to obtain full charge of a compromised host.

However, it’s worthwhile to learn that an attacker would first need to get on the machine before exploiting this flaw.

All Windows versions are impacted, including the Windows 10 October 2018 Update, which is the newest stable release at this time.

Windows 10-specific flaw”

Additionally, Microsoft says there’s additionally a privilege escalation vulnerability in the Windows Appx Deployment Service (AppXSVC) that is getting used for installing Microsoft Store apps. This flaw is detailed in CVE-2019-0841, and Microsoft says Windows 10 version 1703 and newer, in addition to Windows Server 2019 and Windows Server version 1709 and 1803, are impacted.

“An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An assailant who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data,” the software giant notes.

Microsoft also resolves two different remote code execution (RCE) flaws in GDI+ and IOleCvt, as well as in both cases, an assailant could get full charge of the affected system. All Windows versions are affected as well.

The April 2019 Patch Tuesday updates can be found now from Windows Update, and at the time of penning this article, there are no reports of failed installs or issues experienced after the update.

Microsoft Releases Windows Update KB4471331 to Patch Flash Player Zero-Day

After Adobe resolved a zero-day vulnerability in Flash Player the 2009 week, Microsoft also published an out-of-band patch to deliver the fix to users on Windows systems.

Flash Player has been offered like a built-in component on Windows 8.1 and Windows 10, so Microsoft needs to ship stand-alone patches via Windows Update each time a vulnerability is fixed.

This is what happened this week after Adobe addressed a Flash Player flaw that could have allowed attackers to compromise a Windows host using little else than a malicious Microsoft Office document.

The zero-day code can be baked into Word and Excel documents, but also in other files which are then deployed on vulnerable Windows systems. Adobe warned it’s conscious of several exploits in the wild and urged people to patch their systems as quickly as possible.

Microsoft’s security update is KB4471331 and it is being delivered to all Windows 10 versions available, but also to Windows 8.1, Window RT 8.1, Windows Server 2019, and Windows Server 2016.

“New security updates coming next week”

The organization warns that in the case of Windows 10 version 1607, updates might not be installed automatically, and users are suggested to head to Windows Update to check on for the security patch manually.

Obviously, Windows 10 version 1809 (October 2018 Update) gets the security update as well, and all users are suggested to set up it as soon as you possibly can.

Microsoft will release new cumulative updates containing security fixes next week as part of the monthly Patch Tuesday rollout. However, given that this Flash Player vulnerability has already been being exploited, customers aren’t recommended to obstruct the patching.

However, if system admins can’t install the brand new security patch, they are recommended to bar the opening of documents originating from untrusted sources, but additionally to restrict access to websites that could attempt to deploy malicious payloads in an attempt to exploit the vulnerability.

Microsoft releases Windows Server Insider Preview build 18317

Microsoft released Windows Server Insider Preview build 18317 today, and also the build number corresponds to last week’s client build in the Fast ring. It is the first new build in over a month, as build 18298 was launched on December 18.

There are a few new features to notice in the new build. To begin with, there’s now a dark theme preview. Users can activate it by entering the experiment key msft.sme.shell.personalization in global settings under the advanced tab. Microsoft can also be requesting that users don’t report bugs on it, becasue it is a “work in progress”.

There’s two new PowerShell modules for automating Windows Admin Center, not to mention, there are new Windows Admin Center features. The preview released today is version 1812, and it offers the following features:

Power configuration tab around the server settings page, where you can change the configured power profile.

If the server has an IPMI-compatible BMC, you’ll find the BMC serial number along with a hyperlink to the IP address around the Server Overview page.

If Windows Admin Center is installed in service mode, you can now use PowerShell to automate the next (examples included below):

Import/export of connections (with tags)

Extension management

Finally, Windows Server includes a new feature called WDAC, “composable (stacked) code integrity policies for supporting multiple code integrity policies”. Here’s the changelog:

WDAC brings the capability to support multiple CI policies. Three scenarios are actually supported:

Scenario 1 – Deploy a “base” policy in enforcement mode and deploy another “audit” policy side-by-side to aid validation of changes to our policy before deploying in enforcement mode. (Intersection)
Scenario 2 – Enforce 2 or more “base” policies simultaneously to allow simpler policy targeting for policies with different scope/intent, e.g., Base1 corporate standard policy that is relatively loose to accommodate all organizations while forcing minimum corp standards (e.g. Windows works + Managed Installer + path rules). Base2 team specific policy that further restricts what’s permitted to run (e.g. Windows works + Managed Installer + corporate signed apps only) (Intersection)
Scenario 3 – Supplemental policies deployed to grow Base policy, e.g., Azure host baseline policy restricts tightly to just allow Windows and hardware drivers allows supplemental policies. Exchange Azure team supplemental policy adds only the additional signer rules required to support Exchange team signed code. (Union)

You are able to download Windows Server Insider Preview build 18317 and Windows Admin Center version 1812 here. Also available are downloads for Server Core App Compatibility FoD Preview Build 18317 and Server Language Packs Build 18317.

Manage Azure Virtual Machines Using Windows Admin Center

Since Windows Server 2019 is usually available, it seems like a good time to begin using Windows Admin Center (WAC) because the default management tool. WAC is really a web-based tool for managing local or remote servers using a gateway that utilizes PowerShell Remoting and Windows Management Instrumentation (WMI) over WinRM. And while Windows Server 2019 still includes Server Manager, Windows Admin Center is where Microsoft is now investing its efforts.

In this article, I’m going to demonstrate how to manage Windows Server 2019 running in an Azure VM. I’ll make use of a WAC gateway installed on my Windows 10 PC. This requires the VM you want to have the ability to possess a public Ip and you need to make the necessary management ports available over the Internet. Naturally, this isn’t the most secure option, but it is a quick way to start managing Windows Server. In case your VM doesn’t have a public Ip or you desire a safer method to manage your cloud servers, you’ll have to install a WAC gateway on an Azure VM and/or connect the local network towards the Azure VNet using ExpressRoute, Site-to-Site VPN, or Point-to-Site. But that’s past the scope of this article.

Configure Windows Firewall for Inbound WinRM

Let’s begin by configuring Windows Firewall to permit an inbound connection for WinRM.

Start the Windows Server 2019 Azure VM that you would like to handle while using Azure management portal.
Log in to the Windows Server 2019 virtual machine that you want to manage using Remote Desktop by clicking Connect on the Overview screen for the VM in the management portal.
In Windows Server, open a Windows PowerShell window with admin privileges.

Note that the Windows Server 2019 Azure marketplace image has WinRM enabled automatically. If you wish to manage another supported version of Windows Server, you may want to manually run winrm quickconfig within an elevated command prompt to allow WinRM.

Run the Set-NetFirewallRule cmdlet as shown below to allow inbound WinRM access with the Windows Firewall.

PowerShell
1 Set-NetFirewallRule -Name WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress Any

Configure Azure Networking to Allow Inbound WinRM

Before we are able to connect WAC to Windows Server, we also have to configure Azure networking to permit inbound WinRM connections.

Select your VM in the Virtual Machines portion of the Azure management portal.
On the VM’s page within the portal, click Networking under Settings.
Make sure that Inbound port rules is chosen and then click Add inbound port rule.
On the Add inbound security rule pane, type 5985 in the Destination port ranges
In the Name field, type Port_5985.
Click Add.

The brand new rule will now come in their email list of inbound rules.
Connect to Windows Server using WAC

Now all that’s left to complete is test whether I can connect to the server using WAC. I’ve already installed a WAC gateway on my Windows 10 PC. For additional info on installing a WAC gateway, check out Getting Started with the Windows Admin Center on Petri.

Connect for your WAC gateway from the supported browser.
On the All Connections screen, click + Add. Should you don’t see the All Connections screen, click Windows Admin Center within the top left corner.
In the Add Connections pane, click Add Server Connection.
In the Server name box, type the public Ip or DNS name of the server you want to manage.
If you use an IP address, select Don’t attempt to resolve the server name. You will get the Ip or DNS name from the VM around the Overview pane in the Azure management portal. If you haven’t assigned the VM a static Ip, don’t forget that the Ip will probably change every time the VM begins.

You may get an error message stating that the bond cannot be verified. This really is normal if you’re connecting to the VM the very first time and you can safely neglected.

Click Submit.
The server will now come in their email list of connections. Click the box to the left of the listing to pick it after which click Manage As.
On the Specify your credentials pane, click Use another account for this connection, enter webmaster user name and password for the Windows Server VM, and click Continue.
Select the server again within the list of connections after which click Connect.
You’ll be taken to the Server Manager screen for the remote server.

Microsoft is updating WAC on a regular basis, so it’s worth coming back to it often to check out what is new.

Microsoft Resumes Rerelease of Windows 10 Version 1809

Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also referred to as the “October 2018 Update.”

In addition to this Windows 10 rerelease, upgrades to Windows Server 2019 and Windows Server version 1809 (the “semiannual channel” form of the merchandise) were resumed on Wednesday, too, based on information added to the “Windows 10 and Windows Server 2019 Update History” page. This history page now includes more descriptive details about Microsoft’s OS releases, including when Microsoft may be blocking a release due to software flaws, bad drivers or application incompatibility issues.

Wednesday’s rollout constitutes the 2nd rerelease of Windows 10 version 1809. Microsoft first released it on Oct. 2. Later, Microsoft pulled that release due to loss of data issues, after which rereleased it on Nov. 13.

Microsoft is now resuming Windows 10 version 1809 releases in “phased rollouts,” and the new OS also will arrive to “seekers.” A so-called seeker is somebody that simply uses the “Check for Updates” capability that’s included in Windows interface, that will trigger a computerized download of the new OS, even if it’s unwanted.

Even though Jan. 16 is easily the most current release date of Windows 10 version 1809, organizations utilizing it will still have their update cycle clocks tuned by Microsoft towards the previous Nov. 13 release date, Microsoft previously explained. It’s an important planning detail for organizations, since Windows 10 must be upgraded after either 18 months or 30 months, with respect to the Windows edition used and if the release was a fall channel release or otherwise.

Based on the history page, there are still blocks in place for Windows 10 version 1809 for some systems, namely systems that have the next dependencies:

Intel display drivers versions 24.20.100.6344 and 24.20.100.6345.
F5 VPN clients which use a split-tunnel configuration.
Trend Micro’s OfficeScan and Worry-Free Business Security software.
AMD Radeon HD2000 and HD4000 series graphics processing units.

Those blocks remained as in effect from in December. Microsoft uses its “telemetry” data gathered from systems to evaluate whether or not they will be ready to get a new Windows OS upgrade or otherwise. Blocks get set when potential upgrade troubles are detected.

Woody Leonhard, a longtime Windows patch observer and Computerworld writer, advised caution in a article about permitting Windows 10 version 1809 upgrades to happen, even though Microsoft has spent about three months addressing its problems. Consumer users of the Home edition, though, do not possess easy options to block its arrival.

After problems with the discharge of Windows 10 version 1809 became apparent in November, Microsoft had announced intends to be more transparent about Windows 10 servicing and quality issues. A brief history page now seems to serve that function.

Microsoft has added a hyperlink within the history page to obtain feeds, which may be utilized in RSS readers to determine when this page gets updated. Clicking that link leads to this page, which provides the user an option to obtain the feed in either Atom or RSS formats. At press time, though, the Feed option for Windows 10 didn’t have any effect, so it’s apparently a piece happening.