• It’s time for those August updates to be deferred

    Home » Forums » Newsletter and Homepage topics » It’s time for those August updates to be deferred

    • This topic has 80 replies, 25 voices, and was last updated 3 weeks ago.
    Author
    Topic
    #2468775

    Annnndddd here we go again…. It’s Second Tuesday of the Month and Microsoft is releasing their updates: Remember first and foremost to always update
    [See the full post at: It’s time for those August updates to be deferred]

    Susan Bradley Patch Lady

    8 users thanked author for this post.
    Viewing 32 reply threads
    Author
    Replies
    • #2468782

      AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on August 9, 2022.

      There is a Security-only Update for those with Win7 ESU subscriptions.
      There is an August IE11 CU KB5016618  for Win7 ESU subscriptions.

      August Rollup KB5016676 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

      You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

      There is a July 2022 Servicing Stack KB5016057– Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

      There are .NET Framework updates listed for Win7. See #2468767.

      4 users thanked author for this post.
      • #2468825

        Note for 8.1 — the .net security issue originally fixed in May is rolled up into this:

        Aug 9, 2022

        To comprehensively address this vulnerability, Microsoft has released Monthly Rollup KB5016268 for .NET Framework 3.5 installed on Windows 8.1 and Windows Server 2012 R2. Microsoft strongly recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2468806

      (KB5016629) 2022-08 Cumulative Update for Windows 11 for x64-based Systems
      (KB5012170) 2022-08 Security Update for Windows 11 for x64-based Systems
      (KB890830) Windows Malicious Software Removal Tool x64 – v5.104

      Installed, no hiccups, via Windows Update > Check for updates.

      Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
      We all have our own reasons for doing the things that we do. We don't all have to do the same things.

      1 user thanked author for this post.
      • #2468989

        Overnight my NAS got the push,

        (KB5016616) 2022-08 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems
        (KB5012170) 2022-08 Security Update for Windows 10 Version 21H2 for x64-based Systems
        (KB890830) Windows Malicious Software Removal Tool x64 – v5.104

        Installed, no hiccups.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        We all have our own reasons for doing the things that we do. We don't all have to do the same things.

        3 users thanked author for this post.
        • #2469001

          Downloaded all updates for 21H2. Easy download and install. No impact with printer or elsewhere . Upgraded to 21H2 (OS 19044.1882.)

          Peace, CAS

          3 users thanked author for this post.
          • #2469146

            Win 10 21H2 – 19044.1889 if updated

            1 user thanked author for this post.
        • #2469679

          I booted into the B side of my Windows 11 Pro dual boot and got the same updates, with the same results, no hiccups.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          We all have our own reasons for doing the things that we do. We don't all have to do the same things.

    • #2468811

      Windows 11 x64 Beta Test (Guinea Pig)

      • 2022-08 .NET 6.0.8 Security Update for x64 Client (KB5016990) Succeeded
      • Windows Malicious Software Removal Tool x64 – v5.104 (KB890830) Succeeded
      • 2022-08 Security Update for Windows 11 for x64-based Systems (KB5012170) Succeeded
      • 2022-08 Cumulative Update for Windows 11 for x64-based Systems (KB5016629) Failed

      Installed via WUMgr with one update as noted failing.
      Rebooted without error.

      ________________

      • 2022-08 Cumulative Update for Windows 11 for x64-based Systems (KB5016629) Succeeded

      Installed via WUMgr.
      Rebooted without error; at 30% the update rebooted without prompting and without error; finished updating to 100% without error.

      It’s time to cleanup the detritus.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      online▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.521 x64 i5-10210U SSD Firefox106.0b4 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.521 x64 i5-9400 RAM16GB HDD Firefox106.0b4 MicrosoftDefender
    • #2468820

      I match geekdom using WUMgr and having to Clk Install TWICE for Win 10 21H2 = Failed Install. 2nd time quickly showed 3/3 (CU was 3rd in list) at about 70% Green Progress bar & the last 30% took 15-20 minutes. I NEVER have CU issues so I was due – but All is Well, so far.

      W10 Pro 21H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

      1 user thanked author for this post.
    • #2468821

      that new KB5012170 secure boot dbx update replaces the KB4535680 update as noted by Microsoft in support article 5012170

      although the older KB4535680 update is for 64bit Windows OSes only and KB5012170 covers both 32bit & 64bit Windows OSes

      1 user thanked author for this post.
    • #2468822

      Running Windows 10 Home x64 OS

      Getting Error Code: “0x800F0922”: Failed to install “Security Update for Windows (KB5012170)”

      Tried a few online fix tips but still fails to install.

      1 user thanked author for this post.
      • #2468824

        Susan Bradley Patch Lady

        • #2468830

          Thanks for the tip, but nothing worked to fix the issue.  Drive is more than big enough, and Method 3 in your tips failed to change the outcome.  BTW, there is a typo in Method 3, Step 2 in your tip, but I figured it out.

          It appears to be failing on the install part, so maybe the download was bad.  Maybe I should be looking to purge the download and redownload the patch again.  Is this possible?

          • #2468957

            According to the release notes for KB5012170, some OEM firmware might not allow installation of this update.  It doesn’t mention how it might fail or corresponding errors.

            Can you tell us more about your system?  Maybe you could check your OEM support site to see if there is any guidance.

            4 users thanked author for this post.
        • #2469405

          I see that Win 8.1 has similar problems with KB5012170. Seems to be related to whether disk was partitioned with MBR as opposed to GPT. Could be reason it won’t install in Win 10. I bet it’s partitioned with MBR, not what you would expect with a Win 10 installation.

          • #2469424

            Might be, if it was an upgrade from Win7/8.1 with MBR boot.

          • #2469427

            There is at least one comment in this topic that would suggest it can successfully install on a Win10 MBR boot system

            1 user thanked author for this post.
        • #2469486

          Successfully installed KB5012170 on Win10 21H2 (build 19044.1826) yesterday with no problems and it uses MBR (OS was “in-place” updated from Win7 to Win10 back in 2019.)

          So MBR vs GPT shouldn’t be the real reason it’s failing to install.

          BTW, I haven’t bothered converting my MBR drive to GPT (although I “did” verify it’d work using the mbr2gpt /validate /allowFullOS command) simply because I don’t use BitLocker or Secure Boot.

          Of course, if I ever decide to upgrade to Win11 (which, the way things currently stand, ain’t gonna be any time soon) I’ll have to convert to GPT and enable Secure Boot.

          3 users thanked author for this post.
        • #2470054

          Microsoft admits there is a problem with KB5012170 and is working on a solution, to be released soon. Whoop-dee-doo!

          https://www.neowin.net/news/microsoft-warns-about-windows-update-fails-uefi-update-might-be-necessary-to-fix/

          1 user thanked author for this post.
    • #2468834

      The issues with Windows Media Center introduced in the July cumulative update (KB5015861) have not been solved for Windows 7 in the CU for August (KB5016676). I presume that goes for Windows 8.1 too.
      https://www.askwoody.com/forums/topic/ms-defcon-4-july-updates-make-some-hot-and-bothered/#post-2465862

      ASRock Beebox J3160 - Win7 Ultimate x64
      Asus VivoPC VC62B - Win7 Ultimate x64
      Dell Latitude E6430 - Win7 Ultimate x64
      Dell Latitude XT3 - Win7 Ultimate x86
      Asus H170 Pro Gaming - Win10 Pro 20H2 x64

    • #2468894

      https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug

      Windows 8.1 is Issues-Free 🙂
      well, except that Secure Boot update

      1 user thanked author for this post.
      • #2468958

        Although offered, I don’t have secure boot on the Win8.1 test device..alarm bells rung! IIRC the last secure boot update eventually disappeared from WU by some MS miracle..hmmm
        So the kb5012170 Secure Boot DBX update is in the WU sin-bin for now, otherwise a painless Win8.1 update experience this month.
        So far, so good: no SFC errors, event viewer clean and WinSxS analysis is good after a post patch purge.imaged prior to updates 😉

        3 users thanked author for this post.
    • #2468944
      1 user thanked author for this post.
    • #2468947

      XPS documents with non-English language characters might not open

      After installing KB5014666 or later updates, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. When encountering this issue, you may receive an error, “This page cannot be displayed” within XPS Viewer or it might stop responding and have high CPU usage with continually increasing memory usage. When the error is encountered, if XPS Viewer is not closed it might reach up to 2.5GB of memory usage before closing unexpectedly.

      This issue does not affect most home users. The XPS Viewer is no longer installed by default as of Windows 10, version 1803 and must be manually installed.

      Next steps: We are working on a resolution and will provide an update in an upcoming release…

    • #2468997

      Win 11 Pro now at build 22000.856 after

      2022-08 Cumulative Update for Windows 11 for x64-based Systems (KB5016629)

      2022-08 Security Update for Windows 11 for x64-based Systems (KB5012170)

      2022-08 .NET Core 3.1.28 Security Update for x64 Client (KB5016987)

      2022-08 .NET 6.0.8 Security Update for x64 Client (KB5016990)

      Windows Malicious Software Removal Tool x64 – v5.104 (KB890830)

      No Problems

      --Joe

      1 user thanked author for this post.
    • #2469045

      Successful update on 3 Win 10 Pro machines (2 Desktop 1 Laptop).
      Win 10 Pro 21H2 – 19044.1889
      W10-Aug-Updates
      No install or operational problems.
      HTH

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      3 users thanked author for this post.
    • #2469172

      Updated Dell Optiplex 9020 to the latest KB5016616 and the other updates that came with windows update. Windows 10 21H2, no issues, stable machine.

       

      I got the Secure boot update also, though my machine is legacy MBR. I will probably convert to GPT and UEFI at some point, or not.

      2 users thanked author for this post.
    • #2469528

      Updated Win 21H2.
      All well.

      1 user thanked author for this post.
    • #2469602

      I updated my wifes computer this morning. Everything installed fine, Windows 10 Home 21H2.

       

      After the update I attempted to boot from a bootable flash drive with my backup utility I use that I have used for 10 years. Upon selecting the boot device, I was surprised to see the message, “Invalid signature detected – Check secure boot policy in setup”.

      I have never had that happen on her machine. She has  UEFI mode secure boot system enabled, but I have been using this bootable flash drive to back up her system for years.

      Only thing I can figure out is the update for Secure Boot KB5012170 has caused this. Anyone else have this happen? I shouldn’t have to go into BIOS and disable secure boot just to boot a properly setup USB flash drive. Should I uninstall the secure boot update?

      I’m just looking for some advice, as I have never seen this error come up before on her machine when trying to boot the flashdrive. The backup utility is “Image for Linux” from Terabyte Unlimited. Never had issue with it until installing the secure boot update this morning.

      Thank you for any advice…

      1 user thanked author for this post.
      • #2469676

        After the update I attempted to boot from a bootable flash drive with my backup utility I use that I have used for 10 years. Upon selecting the boot device, I was surprised to see the message, “Invalid signature detected – Check secure boot policy in setup”. I have never had that happen on her machine. She has UEFI mode secure boot system enabled, but I have been using this bootable flash drive to back up her system for years.

        I’m just looking for some advice, as I have never seen this error come up before on her machine when trying to boot the flashdrive. The backup utility is “Image for Linux” from Terabyte Unlimited. Never had issue with it until installing the secure boot update this morning.

        I use Image For Windows, and I’m on Windows 11 Pro.  I just tried my TBWinRE USB boot drive via Settings > Windows Update > Advanced options > Recovery > Advanced startup > Restart now.  It booted correctly.

        However, I update my TBWinRE USB drive with every update of Image For Windows.  My understanding (unconfirmed) is that TeraByte keeps abreast of Windows updates and puts out a new version of Image For Windows frequently.  I’m currently on Version 3.53 made available on June 13, 2022.

        Have you updated your Image for Linux USB flashdrive to the latest version?

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        We all have our own reasons for doing the things that we do. We don't all have to do the same things.

        • #2469683

          Thank you for your comment and help.

          I have been using IFL 2.99 is the latest. You do have a point, but I never had secure boot issues on my wifes machine before the KB5012170 update.

          I am overdue to update, no question, but the “invalid signature detected” message never happened with my boot flash drive.

          I guess I will first try and uninstall that update, see if it fixes the problem. I really appreciate your thoughts, my main concern now is if uninstalling the secure boot update will cause other boot issues. I guess I will find out.

          • #2469690

            I have been using IFL 2.99 is the latest.

            IFL is now on version 3.53.  The jump to v3.xx can’t be upgraded from v2.99, you’ll have to buy a new license to upgrade.

            I am overdue to update, no question, but the “invalid signature detected” message never happened with my boot flash drive.

            That is due to Secure Boot.  On the other hand, I do have Secure Boot enabled, and I have no issues with booting IFW or BootIt UEFI USB drives.  Updating your imaging software will update its signature as well, and Secure Boot will allow it to boot without issue.

            Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
            We all have our own reasons for doing the things that we do. We don't all have to do the same things.

            • #2469762

              Thanks again…it is time to buy the latest version. I remember they have a great upgrade policy, I bought their suite in Feb. of 2012, and got free upgrades up until IFL 2.99 I think from 2016 or 2017?

              What you say makes sense, that a newer version would have updated signature. As mentioned, my wifes computer is secure boot enabled, so the new DBX of the update probably cleaned out the older versions?

              I really appreciate you taking the time to help and advise me. I do wonder if uninstalling KB5012170 would harm anything, what are your thoughts? I am going to upgrade my IFL, it is an awesome backup imaging app. Have a great weekend bbearren.

            • #2469777

              I do wonder if uninstalling KB5012170 would harm anything, what are your thoughts?

              Unless the PC is having issues other than the IFL USB flashdrive not booting, I would not uninstall KB5012170.  I think the IFL upgrade will take care of that issue.

              Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
              We all have our own reasons for doing the things that we do. We don't all have to do the same things.

    • #2469714

      Hi Susan:

      Windows Update successfully installed the following Aug 2022 Patch Tuesday updates on my Win 10 Pro v21H2 laptop and I haven’t noticed any negative effects so far:

      • KB5016616: 2022-08 Cumulative Update for Win 10 Version 21H2 x64 (OS Build 19044.1889)
      • KB5012170: 2022-08 Security Update for Secure Boot DBX for Win 10 x64
      • KB890830: Windows Malicious Software Removal Tool x64 – v5.104

      I did not receive this month’s KB5015733 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, but that’s expected since I have the Windows Update settings in my Local Group Policy Editor configured to only deliver stable .NET Framework updates that include a security patch.

      Regarding the KB5012170 security update for Secure Boot DBX, also note that my BIOS Mode is UEFI and my system supports Secure Boot. I checked the status of Secure Boot in System Information (I entered msinfo32 in a Run dialog box) and confirmed that Secure Boot was disabled both before and after my Aug 2022 Patch Tuesday updates were installed (see attached image).

      The only minor glitch I noticed this month was that it took several minutes for the status of KB5016616 [2022-08 Cumulative Update for Win 10 Version 21H2 x64 (OS Build 19044.1889)] to change from “Downloading – 100%” to “Pending Install“, but this isn’t unusual on my machine – I’ve reported this before for previous Patch Tuesdays. I also took the extra precaution this month of temporarily disabling my Malwarebytes Premium real-time protection after Windows Update started downloading my Aug 2022 Patch Tuesday updates – I don’t think this was necessary but some Win 11 users reported <here> in the Malwarebytes forum that Malwarebytes interfered with installation of KB5015814 during last month’s July 2022 Patch Tuesday updates.
      ———–
      Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867

      2 users thanked author for this post.
      • #2469735

        Windows Update successfully installed the following Aug 2022 Patch Tuesday updates on my Win 10 Pro v21H2 laptop and I haven’t noticed any negative effects so far…

        Hi Susan:

        Further to my post # 2469714, I use MS Outlook 2019 (MS Office Home & Business 2019 Version 2017 Build 15427.20194) and so far I have not noticed the issue described in the 11-Aug-2022 MS support article Outlook Closes Shortly After It Is Opened. My free Microsoft Outlook email account (<username>@live.com) uses Microsoft Exchange.
        —————
        Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867

    • #2469725

      Regarding the KB5012170 security update for Secure Boot DBX, also note that my BIOS Mode is UEFI and my system supports Secure Boot. I checked the status of Secure Boot in System Information (I entered msinfo32 in a Run dialog box) and confirmed that Secure Boot was disabled both before and after my Aug 2022 Patch Tuesday updates were installed (see attached image).

      Hi @Imacri,
      On my Dell laptop (Inspiron 5482) Win 10 Pro v21H2, System Information says, too, that BIOS Mode is UEFI and that Secure Boot is ON. The BIOS is up-to-date — 2.15.1 I am Windows 10. I still have KB5012170 hiddden, so it hasn’t run yet. I wonder what will happen, were it installed?

      According to my notes, when the previous Secure Book DBX was issued (KB4535680, released Jan 12, 2021) via WU, I was still on version 1909. I hid that KB file and on Jan 25, Dell issued a new BIOS (2.9.0), which I installed 5 days later after receiving it via Dell Update. After that, the KB4535680 no longer appeared among the hidden updates. I have no idea as to what the status of Secure Boot was at that time. Maybe, it was ON then, too. I just don’t know.

      I am guessing that the same thing will happen this time, but it is only a speculation.

      Do you have any idea about either of these two things: a) installing it now? b) waiting to see if Dell issues a new BIOS (presuming that the new BIOS had something to do with the KB WU no longer being available)?

      • #2469756

        I still have KB5012170 hiddden, so it hasn’t run yet. I wonder what will happen, were it installed?

        Hi WCHS:

        Sorry, I have no idea how a BIOS update might effect the installation of KB5012170 (Security Update for Secure Boot DBX: August 9, 2022) or the status of Secure Boot on your Dell computer. Our models use different Dell BIOS versions – the support page <here> for your Inspiron 5482 2-in-1 recommends Dell Inspiron 5480/5488/5482/5580/5582 and Vostro 5481/5581 System BIOS v2.15.1 (released 21-Jul-2022), while the support page <here> for my Inspiron 5584 laptop recommends Dell Inspiron 5583/5584 System BIOS v1.20.0 (released 04-Aug-2022).

        I reset my Inspiron 5584 to factory condition on 30-Aug-2020, which rolled my Win 10 Pro OS back to v1903.  The attached image of a Belarc Advisor report captured a few days later shows my Secure Boot was already disabled in Sept 2020.  I’m not certain, but as far as I know Secure Boot was disabled by default on my Inspiron 5584 when it shipped from the factory in Aug 2019 (see my 13-May-2021 post in DanDaMiniFig’s Dell G7 17 7790 Possible SupportAssist Error in the Dell forum for further information). Also note that I’m currently using Dell Inspiron 5583/5584 System BIOS v1.18.0 (released 13-Apr-2022) and don’t plan to update my BIOS to the latest v1.20.0 until I’m sure my August 2022 Patch Tuesday updates haven’t caused any adverse effects.
        —————
        Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 * Inspiron 5583/5584 BIOS v1.18.0

        1 user thanked author for this post.
    • #2469791

      No issues after installing the Monthly Rollup (KB5016681) on two Windows 8.1 Pro desktops. The End of Support (EOS) notification tasks remain disabled (as reported in last month’s July updates).

      The Security update for Secure Boot DBX (KB5012170) did show up in Windows Update. But I don’t use or need the feature so I did not install it (instead right click and hid it).

      2 users thanked author for this post.
    • #2469818

      Updated two laptops running Windows 10 Pro 21H2.

      No issues so far.

      As usual, did a disk image backup on both beforehand.

       

       

       

    • #2469993

      Successful updates so far:

      x1 Win11 Pro on ARM Insider Beta 22H2 (KB5016694 22622.575, MSRT)
      x1 Win11 Pro 21H2 (KB5016629 CU 22000.856, Security update KB5012170, MSRT)
      x4 Win10 Pro 21H2 (KB5016616 CU 19044.1899, Security update KB5012170, MSRT)
      x2 Win8.1 Pro (KB5016681 Rollup, KB5016740 .NET Rollup, MSRT)
      x2 Win7 Pro (KB5016676 Rollup. KB5016367 .NET 4.8, MSRT)

      NOTE: I allowed KB5012170 on my Win10 and Win11 installations, but NOT on my Win8.1 installations (hidden). So far, I have seen no problems, touch wood.

      NOTE ALSO: None of my Win10/11 installations are Bitlocker encrypted.

      4 users thanked author for this post.
    • #2470009

      Updated my test machines with no issues noted so far:
      3 win11 and 6 win10. All 21H2

      Never Say Never

    • #2470582

      Win 11 Pro

      2022-08 Cumulative Update for Windows 11 for x64-based Systems (KB5016629)

      Install error – 0x80073701

      Pushed through Windows Update and tried direct download with identical result.

    • #2470655

      Hi Susan:

      I’m not sure if this is related to KB5012170 (Security Update for Secure Boot DBX: August 9, 2022) but there are Dell users posting in ecarpenter’s 11-Aug-2022 Inspiron 7391 Bios Update Enabled Bitlocker that they have been unable to boot their machines and log into Windows since their August 2022 Patch Tuesday were installed because they are seeing a message saying “Bitlocker needs your recovery key to unlock your drive because Secure Boot Policy has unexpectedly changed“. Both users insist that BitLocker has never been enabled before on their system and neither has any idea what their recovery key is.

      The OP ecarpenter suspects a BIOS update triggered the problem on their Inspiron 7391 (“Literally the only thing I was doing was Windows updated and decided to do the Dell BIOS update last“), but user nobox posted <here> that they’re sure it was a Windows update that triggered this problem on their Vostro 5515.

      Everything still looks fine on my Inspiron 5584 per my post # 2469714.
      —————-
      Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 * Inspiron 5583/5584 BIOS v1.20.0

      1 user thanked author for this post.
      • #2470657

        It has been my experience that Win10 and Win11 Pro turn on Bitlocker in the OOBE by default (at least the ones I have dealt with in the last year plus). The average user has no clue that this is happening, what Bitlocker is, or that there is even a Bitlocker key. And, if a Local ID is chosen over a Microsoft account, the key is not recorded without effort on the User’s part.

        To me, this is setting up a disaster waiting to happen for that User. It’s not IF, it’s WHEN.

        2 users thanked author for this post.
        • #2470663

          Not just Pro, but it’s suspended until the key is backed up:

          When a clean installation of Windows 11 or Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points.

          BitLocker device encryption

          Windows 11 Pro version 22H2 build 22621.607 +Microsoft 365 +Edge

          1 user thanked author for this post.
          • #2470671

            I have a Win 10 Pro laptop and when I performed a reset to factory condition in August 2020 I vaguely recall now that I had to opt out of BitLocker encryption during the initial OBEE setup of my system.  Prior to my reset to factory condition I had deliberately enabled BitLocker but found it caused some unexpected issues (luckily, I had the recovery key backed up on a USB thumb drive and kept a hard copy printout of the key stored in a safe place) and decided not to use BitLocker after the reset.

            That MS support article Overview of BitLocker Device Encryption in Windows also states that “Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby.  My post # 2444880 in “Modern” Standby in Newer PCs shows that my Inspiron 5584 does not support the Modern Standby sleep state, which might be another reason why BitLocker encryption was not enabled on my system after my reset to factory condition.
            ————–
            Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 * Inspiron 5583/5584 BIOS v1.20.0

          • #2470673

            I keep “Bitlocker Drive Encryption Service”, “Storage Service” and “Storage Tiers Management” disabled in Services.

            Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
            We all have our own reasons for doing the things that we do. We don't all have to do the same things.

        • #2470681

          I don’t consider myself a techie but neither do I consider myself a typical user. As someone who has recently been forced to deal with Windows 10 I find all this BitLocker stuff quite confusing. I neither want nor need encrypted drives. Is there some simple language somewhere that someone can direct me to that will explain how to keep encryption from being enabled. Within the next week I’ll be setting up a couple of Win 10 Pro machines and never having done it before (for Win 10) I’d like to get it right but I don’t want to get an advanced degree in BitLocker/drive encryption.

          • #2470708

            I’ve got a Win8.1 to move over to Win10 in the coming weeks for family members as well as a Win7 to Win10..looking forward to the challenge!
            Hacksaw, scalpel and USB toolkit at the ready 😛

            1 user thanked author for this post.
          • #2470729

            I neither want nor need encrypted drives. Is there some simple language somewhere that someone can direct me to that will explain how to keep encryption from being enabled.

            If you’re confident that laptops will never be lost or stolen, then:

            Microsoft recommends that BitLocker Device Encryption be enabled on any systems that support it, but the automatic BitLocker Device Encryption process can be prevented by changing the following registry setting:

            Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker
            Value: PreventDeviceEncryption equal to True (1)
            Type: REG_DWORD

            BitLocker device encryption

            Windows 11 Pro version 22H2 build 22621.607 +Microsoft 365 +Edge

            2 users thanked author for this post.
            • #2470732

              Thanks for the link.

              I’m quite confident my computers will not be lost or stolen. But even if I wasn’t, it’s not Microsoft’s place to tell me I need encryption. I’m not a toddler or someone who needs or wants parental oversight. And while I might venture into the registry, I know many people who don’t even know what the registry is. What those people need is a clear explanation of what encryption is, what are it’s pros and cons, and a clear simple way to override the default encryption if they decide that action is in their best interests. To be honest, I would like all of that, too.

          • #2470739

            Windows 10 doesn’t automatically encrypt unless it’s specific units like Surface/certain Dell units.

            If you want to bitlocker a drive, you have to enable it.

            Susan Bradley Patch Lady

            1 user thanked author for this post.
            • #2470745

              Thanks. That was very helpful.

            • #2470762

              Search the net for Microsoft device encryption. This will lead to Microsoft support info on Bitlocker and Windows device encryption (for Home). The unwary can enable it inadvertently on their first signon to a Microsoft account.

              For Windows 10, Convertible laptops are susceptible (modern standby for touch screens). On setting up my wife’s new 2020 HP Envy X360 15 with Windows 10 Home pre-installed and a Local admin account, I started to tinker with a few settings. On looking at Disk Management, I was startled to discover that Bitlocker was ready to go on my boot drive.  After discovering and reading the support article, I was able to turn off encryption/Bitlocker before it became active (Phew).

              HTH

              Regards, Phil

              1 user thanked author for this post.
      • #2470928

        I’m not sure if this is related to KB5012170 (Security Update for Secure Boot DBX: August 9, 2022) but there are Dell users posting in ecarpenter’s 11-Aug-2022 Inspiron 7391 Bios Update Enabled Bitlocker that they have been unable to boot their machines and log into Windows since their August 2022 Patch Tuesday were installed because they are seeing a message saying “Bitlocker needs your recovery key to unlock your drive because Secure Boot Policy has unexpectedly changed“….

        Hi Susan:

        Richard Speed’s 15-Aug-2022 Microsoft’s Secure Boot Fix Sends Some PCs Into BitLocker Recovery on theregistry.com seems to confirm that KB5012170 is the cause. That article states in part:

        Register reader Anthony got in touch to tell us that out of the 400 PCs his company managed, 2 percent (all Windows 11) booted to a BitLocker recovery screen after the update….The recovery process restores access to data and requires the user to supply a lengthy password (or a domain administrator can get the password via Active Directory Domain Services). Anthony told us he was able to log into Azure and retrieve the recovery keys.

        Kudos to ann_droid for posting a link to that article in ecarpenter’s Inspiron 7391 BIOS Update Enabled Bitlocker in the Dell forum.
        ————-
        Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.13.208-1.0.1740 * Macrium Reflect Free v8.0.6867 * Inspiron 5583/5584 BIOS v1.20.0

    • #2470814

      OoB Patches:
      Some may be interested in the following (via catalog only) if enabled.
      August 16, 2022-KB5015447 Update for .NET Framework 3.5 for Windows 11
      https://support.microsoft.com/en-gb/topic/august-16-2022-kb5015447-update-for-net-framework-3-5-for-windows-11-f4ee2423-bd02-4326-ba53-2bd1e5c668a0

      There are also various server updates in the catalog of the same issue date.
      https://www.catalog.update.microsoft.com/Search.aspx?q=2022-08

      Nothing for Win10

    • #2471333

      Ran into a very strange problem trying to install KB5016616 on my 2 Win10 Pro 21H2 PC’s

      Got the following error both using the auto-update and manual update.

      0xc004000d one or several parent features are disabled so current feature can not be enabled.

      DISM, sfc and Windows Update Troubleshooter found no problems!

      Dug thru the CBS logs and all it showed was the same error message with no indication as to exactly which “parent feature(s)” were disabled and causing the problem.

      I thought about it for a bit and realized I’d removed some of Windows “built-in” apps (i.e. features) over a year ago.

      Stuff like Cortana, Windows.Photos, WindowsAlarms, WindowsCamera, WindowsMaps, YourPhone, and all the Xbox junk.

      None of that had previously caused any problems with installing the monthly updates but, this month’s update was also listed as a “feature update” so maybe…

      I ran the Reinstall Preinstalled Apps powershell script I got from somewhere (might have been here at AskWoody) to reinstall all those “features” and that did the trick!

      Update successfully installed.

      Have no idea exactly which one of the features I removed was causing the problem (though I sorta suspect it might have been Cortana) but for anyone else out there who encounters this error, the fix is to ensure all the standard Windows apps are installed before trying to reinstall KB5016616.

      • #2471338

        Strange..I hardly have any provisioned apps in Win10 21H2 (x86 and x64) and the August CU went in fine without a glitch on both systems.
        The main ones I do have are Edge (must), the Store (must), Store purchase, app installer, experience and viewer types. (framework etc excluded as they are required) DISM and sfc reports no errors or violations.

        • #2471358

          Like you, I’d removed all the “built-in” apps, except those that simply can’t be uninstalled, way back in May 21 and hadn’t experienced any problems with installing previous monthly updates.

          I was very surprised when it turned out to be at least one of those apps that caused the problems I encounter with this month’s update (why should this month be any different than all the prior months )

          Anyway, once I “know” the update hasn’t caused any other problems, I’ll go back and removed those apps again.

          • #2471379

            Surprised isn’t how I’d describe that scenario in having to reinstall apps> patch> then deprovision all over again…grrr 🙂
            Time to check your GP settings?
            Telemetry related?

      • #2471365

        I had the same experience as @Microfix . I have deprovisioned all the built in apps except the few like he left – on both x4 Win10 and x1 Win11. They have been gone since around the time I published this, on the Win10 installations, over a year ago:
        https://www.askwoody.com/forums/topic/removing-built-in-apps-from-win10-2004-20h2-21h1/
        No problem with the updates since then, including Aug updates this year.

        DeprovisionedApps

    • #2471476

      I’ve been reading the various comments regarding KB 5012170 and the risk of ‘triggering’ BitLocker and being asked for the recovery key.  As a precaution, I reviewed Susan’s ‘tasks for the weekend’ from September last year regarding BitLocker and checked through File Explorer: I don’t have BitLocker on at all, nor does it seem to be available for my laptop.

      I have a Lenovo S340 Ideapad running Windows 10 Home 21H2. I checked BitLocker settings again under ‘about your PC’ and it stated that BitLocker is only available for my laptop if I upgraded to either Win 10 Pro or Win 11 Pro: is this still correct?  I have no intention of upgrading to either Win 10 Pro or Win 11 Pro.

      Have there been any instances of KB 5012170 triggering BitLocker on Win 10 Home pcs? I’m very concerned about being ‘locked out’ of my laptop.

      Appreciate any advice or suggestions on this matter.

       

      GeoffB

       

      App

    • #2471483

      KB5012170 : Some devices might start up into BitLocker Recovery

      Some devices might enter BitLocker Recovery on the first or second restart after attempting to install Security update for Secure Boot DBX ( KB5012170), released August 9, 2022. Note: This issue only affects the Security update for Secure Boot DBX ( KB5012170) and does not affect the latest cumulative security updates, monthly rollups, or security only updates released on August 9, 2022.

      Workaround: If your device is prompting for a BitLocker Recovery key, you will need to supply it to start up Windows. For more information, see Finding your BitLocker recovery key in Windows.

      If you have not installed KB5012170 yet and have BitLocker enabled on your device, follow the instructions below to temporarily suspend BitLocker before installing.

      If you have installed KB5012170 and have not yet restarted your device or have only restarted your device once, temporarily suspend BitLocker using the instructions below.

      Important: If you have restarted your device two times or more after installing KB5012170, your device is not affected by this issue

      To temporarily suspend BitLocker, or to avoid a BitLocker recovery when deploying KB5012170, follow these steps:…

      2 users thanked author for this post.
      • #2471515

        I’ve read the directions, but it’s not clear about what to do if you do NOT have Bitlocker enabled, you want to keep BitLocker disabled, and you have NOT yet installed KB5012170.

        In this case, if you DO install the KB, will it prompt for a BitLocker Recovery key (in which case you would follow the directions)?

        I am inclined to think that it will not prompt for a key and the directions do not apply. Is this correct?

        I am Win10, 21H2, Secure Boot State is ON.

        • #2471534

          … but it’s not clear about what to do if you do NOT have Bitlocker enabled, ….I am Win10, 21H2, Secure Boot State is ON.

          Hi WCHS:

          Further to alejr’s post # 2471526, I believe the Bitlocker Recovery prompt that says “BitLocker needs your recovery key to unlock your drive because Secure Boot policy has unexpectedly changed” will only appear on some devices after KB5012170 (Security Update for Secure Boot DBX: August 9, 2022) is installed if:

          • You have a Windows 11 OS, and
          • BitLocker drive encryption is enabled (see the makeuseof.com article How to Check BitLocker’s Status in Windows 10 and the attached image that shows what Control Panel | System and Security | BitLocker Drive Encryption used to look like when I had BitLocker drive encryption enabled on my Win 10 Pro machine).

          So far, I haven’t heard of any Win 10 machines that are affected by this issue.

          Unlike the Windows 11 v21H2 list of Known Issues <here> which specifically documents the KB5012170 / BitLocker Recovery prompt issue, the Windows 10 v21H2 list of Known Issues <here> only notes that the KB5012170 might fail to install with a 0x800f0922 error. This issue is still under investigation but the details <here> show that this 0x800f0922 installation error (which can occur with both Win 10 and Win 11) can sometimes be fixed “by updating the UEFI bios to the latest version before attempting to install KB5012170“.
          ————-
          Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.13.208-1.0.1740 * Macrium Reflect Free v8.0.6867 * Inspiron 5583/5584 BIOS v1.20.0

          2 users thanked author for this post.
          • #2471575

            Thanks for the clarification. My bad. I did not scroll upwards when looking at the link in the post of @Alex5723 to see that header said “Windows 11 known issues” and I had not read closely enough in other sources (i.e., at BleepingComputer and at Neowin) to discern that the BitLocker problem has been reported by Win 11 users, but not by Win 10 users. Clearly mistakenly applying the rubric that this KB# (KB5012170 — a Security Update) was like a monthly CU, which is specfic to a particular Win edition. And, still pushing Win11 to the back of my mind!

    • #2471526

      I am inclined to think that it will not prompt for a key and the directions do not apply. Is this correct?

      Correct!

      If Bitlocker isn’t enabled, you can’t get the prompt because there’s no Bitlocker service running to complain that the “Secure Boot Policy has unexpectedly changed”

    • #2471550

      In this case, if you DO install the KB, will it prompt for a BitLocker Recovery key (in which case you would follow the directions)?

      If you don’t use BitLocker you have nothing to worry about.
      You can’t get request for BitLocker where there is none.
      KB5012170 will install just fine.

    • #2471562

      I ran wushowhide to see what was in the WU chute, and KB5012170 was pre-checked in the hide section. That was the first time that I got the result with an update pre-checked. I don’t have Bitlocker enabled but opted to hide the update for now.

      1 user thanked author for this post.
    • #2471581

      I checked to see if I had BitLocker encryption option or enabled on my laptop.  It is not listed in my device encryption options under Control Panel>Systems & Security.  Also  under Security & Updates>Device Encryption the info link for BitLocker says BitLocker is not available for Win 10 Home Edition, which is what I have.  My device is protected by other device encryption which is turned on.

      1 user thanked author for this post.
    • #2471657

      Audio might stop working

      KB5015878 OS Build 19044.1865
      Resolved: 2022-08-19, 19:36 PT

      After installing KB5015878 or later updates, some Windows devices might have issues with audio not working. Some affected Windows devices might have no audio, but other affected Windows devices might only have issues on certain ports, certain audio devices or only within certain applications. Most affected audio devices drivers have the “audio enhancements” setting disabled before installing KB5015878 or the sound device driver has issues with the “audio enhancements” feature.

      Workaround: This issue can be mitigated differently depending on your symptoms and if you have installed the update already…

      Resolution: This issue is resolved using Known Issue Rollback (KIR). Note: This KIR will prevent the issue on Windows devices which have not installed KB5015878 but will have no effect on devices already affected by this known issue...

      1 user thanked author for this post.
    • #2475670

      I am Win10/Pro 21H2 on two laptops.

      I’ve now installed the August Patch Tuesday patches — CUKB5016616 as well as the August MSRT. One had nothing for ‘enable audio enhancements’ under the Advanced tab at Settings>System>Sound>Output or Input>device properties>additional device properties. The other had a box which I unchecked before the CU update. No audio problems on either machine.

      So, it’s 19044.1889 for both of them now.

      I did not install the Bootloader KB5012170 on either machine.

    Viewing 32 reply threads
    Reply To: It’s time for those August updates to be deferred

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: