January 2019 Patch Tuesday Update for Windows 10 1803 Prohibits Pinning Web Links

Microsoft has begun to deliver its security updates for exposed bugs for its regular Patch Tuesday for January 2019. In doing so, Windows 10 1803 comes with an annoyance that users should be aware of:

After installing this update, some users cannot pin a web link on the Start menu or the taskbar.

Microsoft is working on a fix and promises to deliver this fix sometime near the end of January.

Windows 10 Patch Tuesday Updates Come with Inability to Authenticate Hotspots

UPDATE: Microsoft has now solved this issue through new updates for Windows 10 1803, 1709 and 1703.

Original article…

Microsoft today is delivering its Patch Tuesday updates for the various products suffering from security woes. However, those that want to deploy the updates for Windows 10 right away, may want to hold off and test.

All supported versions of Windows 10 come with the following bug:

After installing this update, third-party applications may have difficulty authenticating hotspots.

Microsoft is working on a resolution and estimates a solution will be available late January.

Incidentally, this issue also affects Windows 8.1, Windows Server 2012 R2 and Windows Server 2012, Windows Embedded 8 Standard.

In the Next Update, Windows 10 Will Set Aside at Least 7GB Disk Space for Updates, Cache

Microsoft is working now on a feature for Windows 10 that will set aside ‘reserve space’ on every computer. Microsoft hopes this reserve space will help make Windows 10 computers more reliable, allowing updates, apps, cache, and temporary files to have an adequate environment to operate.

The company says that reserve space will begin at about 7GB but will act dynamically to increase when needed based on how often and how much the computer is used.

Without reserved storage, if a user almost fills up her or his storage, several Windows and application scenarios become unreliable. Windows and application scenarios may not work as expected if they need free space to function. With reserved storage, updates, apps, temporary files, and caches are less likely to take away from valuable free space and should continue to operate as expected. Reserved storage will be introduced automatically on devices that come with version 1903 pre-installed or those where 1903 was clean installed. You don’t need to set anything up—this process will automatically run in the background. The rest of this blog post will share additional details on how reserved storage can help optimize your device.

Details: Reserving disk space to keep Windows 10 up to date

Microsoft Preps January Update to Resolve Another Windows 10 1809 Bug that Disables an Admin Account

Originally released on October 2018, the glory of Windows 10 1809 continues to plague customers into 2019.

In a Microsoft Japanese blog post, Microsoft has confirmed an issue for blocking an Admin account when upgrading from Windows 10 1803 to Windows 10 1809.

Until a fix is ready (possibly this month), Microsoft suggests creating a second Admin account and using that prior to upgrading…

…if you need to upgrade before the patch is released, please confirm that you can surely sign in with a user with administrative privileges other than the built-in administrator, before you upgrade Please do 

However, if you’ve already upgraded and have been bitten by the bug, do this…

…if you have already upgraded and you have invalidated the built-in Administrator, you are signed in as a user with administrator privileges other than the built-in Administrator, activate the built-in Administrator.

No New Windows Update Offline Scan File for Windows 10 1809 Until January 2019

As most are packing up to head home for the Christmas holiday, there’s a tidbit of information that may have been overlooked when Microsoft delivered its December 19 cumulative update for Windows 10 1809 to solve an actively exploited bug in Internet Explorer.

Per KB4483235:

For customers using Windows Update offline scan file, Wsusscn2.cab, no new December scan cab will be issued. You will need to download the December 2018 WSUS scan cab and then manually download this KB from Microsoft Update Catalog to deploy. An updated scan file that includes this KB will be available in the next security release in January 2019.

A Delta package for this update will not be available. Customers using Delta package updates need to apply the Full Update. Customers who do not apply the Full update, and only the December Delta package update from December 11, 2018 will experience an update failure when installing the January Delta Update. The January Full update will install correctly.

Intel Updates Its Modern Drivers to Support More Games

In late November, Intel finally released hardware drivers to support Windows 10 1809’s new Modern Driver feature. Prior to this release, those attempting to install Windows 10 1809 would suffer from bugs and glitches, particularly for games. Microsoft had to place an upgrade block on Windows 10 1809 due to the problem. The November release helped solve customer problems and help put Windows 10 1809 back into play.

Now, Intel has updated those drivers. There are further bugs fixes in the new drivers, but the company is highlighting the release as something that supports more games. The release works for Windows 10 1709, 1803, and 1809.

The download is available from here: Intel Graphics – Windows 10 DCH Drivers

Microsoft Delivers Out-of-Band Security Update for Internet Explorer

Microsoft has identified a vulnerability in Internet Explorer and is delivering an update today to close a remote code execution hole.

CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The update is now available through Microsoft Update and from the following link:

http://catalog.update.microsoft.com/v7/site/search.aspx?q=KB4483187

The vulnerability exists in all current versions of Internet Explorer including 9, 10, and 11 on Windows 10, Windows 8.1, Windows 8.1 RT, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008.

Windows Sandbox to Become an Add-on Feature for Windows 10, Provide Clean Environment to Run Apps

Similar to the old Spoon.net (now Turbo.net), Microsoft is building a ready-made Windows virtual environment that can be added to the operating system through the Windows Features component.

Per Microsoft the Windows Sandbox will offer the following features:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

 

Requirements to run:

  • Windows 10 Pro or Enterprise build 18305 or later
  • AMD64 architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • At least 1 GB of free disk space (SSD recommended)
  • At least 2 CPU cores (4 cores with hyperthreading recommended)

 

The more interesting part of Windows Sandbox is that it creates a dynamic virtual Windows environment. It does not require a VHD. Instead, it generates a new environment based on the currently running Windows 10 on the PC. Microsoft utilizes something like this now, allowing internal testers to determine if software behaves.

Also, of interest, is that it requires the AMD64 architecture, which means there’s a long list of hardware that won’t be able to run Windows Sandbox currently.

December 17 Marks Microsoft’s Official Re-re-release Date for Windows 10 October Update

If you watch the communities, customers have been asking if Windows 10 1809 is yet safe for consumption for a couple of months. Windows 10 1809 might go down as Microsoft’s worst update since Windows 10 began back rolling out to customers in July 2015. This nightmarish update revealed new bugs almost weekly and Microsoft eventually had to pause the delivery.

On December 17, 2018, the company finally put the stamp of approval back on the update. From the Windows 10 Update History page:

Rollout Status as of December 17, 2018: Windows 10, version 1809, is now fully available for advanced users who manually select “Check for updates” via Windows Update. 

The update history page still cites four upgrade blocks that are in place.  Those include Cisco AMP for Endpoints,  Intel display drivers, F5 VPN clients, Trend Micro’s OfficeScan, and  AMD Radeon HD2000 or HD4000 series video cards.

Despite these upgrade blocks, Microsoft still believes Windows 10 1809 is ready for prime time. But is it? We should soon find out. It was customers that uncovered the bugs before, and now with more customers available for testing, things could still get interesting.

Microsoft Clarifies “C” and “D” Releases as Optional Updates

In a recent blog post-Microsoft introduced many to its “C” and “D” releases (see: Windows monthly security and quality updates overview). These releases are essentially for those tasked with testing updates for their company. Included in these updates are non-security components that will show up in the next Patch Tuesday full update (Microsoft labels this as the “B” release). Normal users – or, for clarity, those that don’t manually check for updates – will never see the “C” and “D” releases. Only those that go into Settings > Update & Security > Windows Update and click the “Check for updates” box will be presented with these particular updates.

So, essentially, if you don’t want to be a guinea pig for updates, don’t manually check for updates. Manually checking for updates, opts you into beta testing Patch Tuesday updates and can have a negative impact.

However, despite the attempt at clarity, Microsoft missed a couple points in the blog post. Particularly, customers wondered how these updates were considered “optional” and why anyone would want to install them.

Microsoft’s John Wilcox says this

You are correct, with Windows 10, all releases, Quality and Feature are cumulative, so subsequent releases are built on and contain all previous releases. 

To minimize end-user reboot disruption, most of our self managed customers, and as default for the devices we manage, configure to update once a month, to get the latest security patches. These are the B releases.

We refer to the “C” and “D” releases as “optional” because”

  • They only include quality fixes, not security fixes and therefore don’t have the zero-day exposure implications.
  • The fixes will come to you in the next “B” release, which is what we and most of you are focused on getting quickly installed when they come out. So unless there is a specific fix that you’re blocked on, and thus need quickly, you will get the improvements with the next “B”, along with the new security fixes, and then only have on reboot. 

“C” and “D” are there too so that if you want, you can deploy them early with your first flighting rings and have data and visibility to the changes before deploying the “B” release.

The fixes themselves are not optional, as you correctly called out, we only have cumulative updates now, but the specific update package that you deploy to get a set of fixes, and when is optional. 

Tip: Using PowerShell to Retrieve the Original Windows 10 Product Key

If you need to quickly identify the original Windows 10 product key for a system, use the following command in a PowerShell CMD window:

“(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey”

Of course, if you use a centralized management tool like System Center Configuration Manager you can create a query to report on the SoftwareLicensingService WMI Object.