March madness here we come

Topic

New Reply

Ready or not – here comes the March updates. Remember by this time you need to have a backup and defer updates (unless you are one of the souls who li
[See the full post at: March madness here we come]

Susan Bradley Patch Lady

6 users thanked author for this post.

lmacri, TechTango, Microfix, Alex5723, abbodi86, geekdom

Reply | Quote

Replies

AKB 2000003 has been updated for Group B Win7 and Win8.1 on Mar 14, 2023.

See #2543438 and #2543439 for information on updates (Logged in Member access required).

3 users thanked author for this post.

SueW, Microfix, abbodi86

Reply | Quote

Guinea Pig Update (great moments in guinea pig history)
Version and build after update: Win11Pro 22H2.22621.1413

WuMgr downloaded and installed:

• 2023-03 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5023706)
• Windows Malicious Software Removal Tool x64 – v5.111 (KB890830)

Installed without error and the system rebooted without error.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefender

1 user thanked author for this post.

Lars220

Reply | Quote

Regarding CVE-2023-23397, do Microsoft 365 desktop apps have the fix applied? I imagine that would be Version 2303.

Reply | Quote

The click to run do (even though they have yet to release their release notes) and keep in mind that the vulnerability does not exist if Outlook is connecting to online email or Exchange online.  So it’s Outlook connecting to an Exchange server (on premises)

Susan Bradley Patch Lady

2 users thanked author for this post.

dglenn, nelsonhd87

Reply | Quote

If your mailbox is hosted in Exchange online but your environment is in hybrid mode you can still be susceptible if using on prem components in any manner.

Reply | Quote

https://www.ghacks.net/2023/03/14/microsoft-windows-security-updates-march-2023-what-you-need-to-know-before-installation/

Reply | Quote

kb5023696 CU W10 Pro x86 and x64 installed on both systems.
OBSERVATION: Post installation upon restart, the indicator seemed to pause for a while at 41% on both devices and eventually continue as normal.
Event viewer ok
SFC verifyonly ok
DISM scanhealth ok
O&O Shutup 10++ no changes (on both devices)
Preliminary checks show no issues…yet? 😛

No re-introduction of ChrEdge either, happy days!
Persistance is paying off, so far..so good

Win8.1 test project (2012 R2 patching) ongoing..
EDIT: ..now complete for this month without issue, although I’m holding off the Win Server 2012 R2 SSU kb50237990 for now. (February SSU kb50229922 is suffice)

Keep IT Lean, Clean and Mean!

7 users thanked author for this post.

Lars220, CAS, ECWS, TechTango, geekdom, deuxbits, Alex5723

Reply | Quote

Is there a reason to run SFC /Scanonly instead of SFC /scannow?

Also what are you looking for in Event Viewer?

Do you do a cleanup via Storage and Disk Cleanup? Or do you wait on these?

Thanks.

1 user thanked author for this post.

Microfix

Reply | Quote

@ECWS
My preference is to use the verifyonly switch so I can manually check the created .cbs file and see where the issue arises from, should there be one or more. I like to know, not just fix and forget YMMV

I’ve found Event Viewer a good source to find any issues regarding patch installation and what is affected. I usually have resmon (resource monitor) running during patch installation to keep an eye on things, purely out of geeky interest.

I do a complete system disk clean-up followed by a DISM winsxs redundancy cleanup after a week or so after patching, assuming all is ok to ensure a leaner OS without the excess baggage. Then I’ll do a manual SSD trim once per month.
Three out of four weeks per month running a tight ship can’t be bad over four different MSFT systems 😉

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

ECWS

Reply | Quote

Thanks – very helpful information.  I have (in the past) run SFC /Scannow then trying to figure out what it fixed – this is a better option.

What is the command for the DISM redundancy cleanup?

Also – you prefer a manual SSD trim vs waiting on automatic?

1 user thanked author for this post.

Microfix

Reply | Quote

ECWS wrote:

What is the command for the DISM redundancy cleanup?

rather than trying to remember, I use this 26kb portable utility for DISM commands
simple interface with commands within, works in Win8.1 onwards..
https://www.paehl.de/?GUI_for_DISM
Enjoy 😉

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

ECWS

Reply | Quote

Thanks for the helpful utility!

Reply | Quote

See AskWoody Newsletter 18.9.0 – Freeware Spotlight for a full description of this little utility and the equivalent commands for each button in the GUI.

1 user thanked author for this post.

ECWS

Reply | Quote

ECWS wrote:

What is the command for the DISM redundancy cleanup?

dism /online /cleanup-image /startcomponentcleanup /resetbase

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

We all have our own reasons for doing the things that we do. We don't all have to do the same things.

Computer Specs

2 users thanked author for this post.

Microfix, ECWS

Reply | Quote

ECWS wrote:

What is the command for the DISM redundancy cleanup?

bbearren wrote:

dism /online /cleanup-image /startcomponentcleanup /resetbase

I’ve never seen the “/resetbase” argument in this command. What does it do when included in comparison to when it is not included?

Reply | Quote

Without it: superseded components (in WinSxS folder) are delta compressed
With it: superseded components are removed, and updated components become the new base + updates become permanent

resetbase is disabled in Windows 10/11 by default

2 users thanked author for this post.

WCHS, PKCano

Reply | Quote

abbodi86 wrote:

Without it: superseded components (in WinSxS folder) are delta compressed
With it: superseded components are removed, and updated components become the new base + updates become permanent

And what would govern your decision, one way or the other?
In other words, why would you choose the command without the argument? or with the argument? Are there any problems down the road in losing the superseded components? Or any advantage to having the superseded components delta compressed?

Reply | Quote

@WCHS –

By delta compressing the superseded components, they still remain on the computer, albeit taking up a LOT less space, and potentially available for re installation by removing the update that superseded them, I would think (don’t know for sure because I’ve never had to try and “revive” a superseded update).

By removing the superseded components, they are no longer on the computer and no longer available for re installation, thereby making the newer components the new baseline installation and irremovable.

In other words, if you use the /resetbase argument, you’ll be forever linked to the latest update(s) you’ve installed and forever unable to go back to a prior installation successfully, because the items that would normally allow you to do that by being on your computer (but very compressed) won’t be there. From what I’ve read in this thread, IMHO the /resetbase argument should only be used if you’re absotively posolutely sure you’re NEVER going to need to go back to a prior version of windows 10, say back to last month’s patch level or earlier.

Clear things up for you a bit?

Absotively and posolutely were a deliberate use of those altered words in order to add emphasis.

2 users thanked author for this post.

WCHS, abbodi86

Reply | Quote

No issue with using resetbase from Windows 8.1 up to Windows 10 v1803.
From Windows 10 v1809 onwards, resetbase breaks installation of future cumulative updates.

Reply | Quote

abbodi86 wrote:

From Windows 10 v1809 onwards, resetbase breaks installation of future cumulative updates.

Doesn’t do that for me on Win10 Pro.

I’ve been using that exact command approx every 6 month’s since Win10 1909 to clean out the old “superseded” updates right before installing the new monthly cumulative update.

When it’s done, I reboot and then install the new update and have never had an update fail to install after using it!

Reply | Quote

Did you enable “change” registry setting DisableResetbase?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Configuration]

Reply | Quote

abbodi86 wrote:

Did you enable “change” registry setting DisableResetbase?

Nope, just checked and it’s still set to 1 (i.e. disabled.)

However, I’ve never had that command generate any sort of error when I’ve used it and the size of the component store is always smaller (by ~6 — 8GB or so) after I run it so it’s obviously doing something.

Reply | Quote

abbodi86 wrote:

From Windows 10 v1809 onwards, resetbase breaks installation of future cumulative updates.

At Clean Up the WinSxS Folder, it says:

All existing update packages can’t be uninstalled after this command is completed, but this won’t block the uninstallation of future update packages.

“This command” refers to

Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase 

Reply | Quote

WCHS wrote:

abbodi86 wrote:

From Windows 10 v1809 onwards, resetbase breaks installation of future cumulative updates.

At Clean Up the WinSxS Folder, it says:

All existing update packages can’t be uninstalled after this command is completed, but this won’t block the uninstallation of future update packages.

“This command” refers to

Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase 

So no contradiction there then.

Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

Reply | Quote

abbodi86 wrote:

From Windows 10 v1809 onwards, resetbase breaks installation of future cumulative updates.

b wrote:

So no contradiction there then.

So, what does “breaks installation of future cumulative updates” mean? To me it means “you can not install future cumulative updates.”

Reply | Quote

WCHS wrote:

abbodi86 wrote:

From Windows 10 v1809 onwards, resetbase breaks installation of future cumulative updates.

b wrote:

So no contradiction there then.

So, what does “breaks installation of future cumulative updates” mean? To me it means “you can not install future cumulative updates.”

Your quote from the documentation about UNinstallation after /ResetBase doesn’t refer only to 1809+.

Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

Reply | Quote

There is
they should mention that “ResetBase” is disabled in Windows 10/11 by default and has no effect

why do you think they disabled it?
because:
a) it breaks installation of future cumulative updates on Windows 10 1809 and later
b) it breaks “Reset this PC” feature on all Windows 10/11

Reply | Quote

abbodi86 wrote:

they should mention that “ResetBase” is disabled in Windows 10/11 by default and has no effect

Have you told them?

Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

Reply | Quote

abbodi86 wrote:

why do you think they disabled it (i.e., /ResetBase)?
because:
a) it breaks installation of future cumulative updates on Windows 10 1809 and later

But, Alejr at #2546589 says that post v 1803 he has been using /ResetBase and he’s been able to subsequently install new updates and has never had them fail.

Is he just plain lucky?? I’m confused.

Nevermind … I think I get it now … even though the command has the “/ResetBase” argument, it doesn’t work because it’s disabled, and because it’s disabled and doesn’t work, the command is really absent the “/ResetBase” argument, and so subsequent new updates WILL install. Right?

Reply | Quote

abbodi86 wrote:

resetbase is disabled in Windows 10/11 by default

Does that mean the /resetbase option “has no effect”, as it doesn’t produce any error and is documented at https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/clean-up-the-winsxs-folder?view=windows-11#:~:text=Use%20the%20/ResetBase%20switch%20with%20the%20/StartComponentCleanup%20parameter (and everywhere else that I can find).

Disabled “by default” must mean it can be enabled, right?

Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

Reply | Quote

It has the same effect without that switch + it additionally make installed updates permanent

yes, DisableResetbase registry (see above) can be changed to restore old behavior

—
in Windows 10 v1903 and later, Cumulative Updates are service-pack alike
each one directly replace inbox system packages and components
meaning, when you run /StartComponentCleanup command or Update Cleanup from Disk Cleanup, it automatically remove inbox superseded components
/ResetBase switch is not really needed for that

Reply | Quote

abbodi86 wrote:

It has the same effect without that switch + it additionally make installed updates permanent

If /ResetBase does that by default, it’s not really disabled is it?

abbodi86 wrote:

yes, DisableResetbase registry (see above) can be changed to restore old behavior

What’s the difference between new and old behaviour?

Oh, hang on. Now you’ve said /ResetBase has no effect by default. That’s what I was trying to clarify before:

b wrote:

abbodi86 wrote:
resetbase is disabled in Windows 10/11 by default

Does that mean the /resetbase option “has no effect”, as it doesn’t produce any error and is documented …

Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

Reply | Quote

After doing a Check for Updates and installing on Windows 10 22H2 the update package (2023-03 (KB5023696) seems to install and then returns to regular screen not requesting a restart ?? Tried Checking for updates again after the updates installed  and then it came back to a Restart now button and screen and Tray ICON for pending restart. Did this on 2 different machines.

9 users thanked author for this post.

WCHS, deuxbits, ECWS, Microfix, Lars220, lmacri, unstablecomic, TechTango, geekdom

Reply | Quote

Can confirm this – saw this exact same behavior on our test machine.

7 users thanked author for this post.

CAS, ECWS, Microfix, Lars220, unstablecomic, TechTango, geekdom

Reply | Quote

Also experienced the same behavior within update Windows 10 22H2…it downloaded the MRT tool, was installing that, then began to download the KB5023696 update…got to about 50% or so and the interface switched back to the check for updates button. I let it go for awhile, then clicked check for updates, as it was checking for updates, the “Restart” button appeared.

It appears the update went fine, I’ve just never experienced the update interface going back to check for updates, even though it was updating.

Thank you guys for letting us know you experienced this also. Askwoody is the only place I could find others seeing this behavior. The restart and everything else went fine, but odd update behavior I haven’t seen before while doing a cumulative update.

4 users thanked author for this post.

deuxbits, ECWS, Microfix, Lars220

Reply | Quote

FYI

This weird behavior is also reported in Reddit/r/Windows10 – Cumulative Updates: March 14th, 2023 :

Quotes:

The Windows Update is acting weird today. It starts to install the update and suddenly displays the You’re up to date screen while the installation is still in progress. It already happend on three different computers.

If you close the settings and then reopen it, it’ll show what’s still in progress

Yes. The same happened to me.

HTH.

Reply | Quote

Clicking on check for updates also ‘helps’, after a bit of waiting the update process is shown again. It all feels quite shabby to me. Besides, after updating the print server crashed after logging in. Not much new here though, guess the world according to Microsoft is a printerless one. Oh well, last machines here slowly phasing out, already largely replaced by Mac’s en Linux systems.

Reply | Quote

I’ve seen this new behavior with the Windows Update interface on multiple Win10 21H2 machines. Downloading KB5023696, then pending install, then it appears that nothing is happening, then finally a pending restart, with restart notification.  It’s a little unnerving. Since I don’t have time to sit there and watch every test machine as it goes through its paces I thought I was missing something… Good to know others have seen this new behavior.

Like, I saw WU was going to install the update, what happened to the install phase status?

I suspect that this could be their fix to the glitch we’ve seen with premature restart notifications when there is a .NET update also. The .NET update would finish first, and before the normal OS Q&S update would finish, a restart notification was triggered…. If you did restart at that time, it would trash the normal OS Q&S update, requiring you still apply it after the restart. Correct but inefficient. Not sure I like this new method though.

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

Reply | Quote

Would this clicking on ‘Check for updates” a second time impact items hidden in Winshowhide?

Reply | Quote

If the updates do not show in Windows Update before, whatever is hidden in wushowhide should not show up in the WU queue.

1 user thanked author for this post.

Deo

Reply | Quote

Hardened Windows user successfully installed:

KB5023706 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems
KB890830 Windows Malicious Software Removal Tool x64 – v5.111

Now running Windows 11 Pro Version 22H2 (OS Build 22621.1413)

No hiccups.

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

We all have our own reasons for doing the things that we do. We don't all have to do the same things.

Computer Specs

2 users thanked author for this post.

Lars220, geekdom

Reply | Quote

My NAS got the push after Active Hours.

KB890830 Windows Malicious Software Removal Tool x64 – v5.111
Installed 3/14/23
KB5023696 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems
Installed 3/16/23

Now running Windows 10 Pro Version 22H2 (OS Build 19045.2728)

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

We all have our own reasons for doing the things that we do. We don't all have to do the same things.

Computer Specs

1 user thanked author for this post.

geekdom

Reply | Quote

On https://www.askwoody.com/wp-content/uploads/2023/03/2023-03-14-March.htm it says:

Version 22H2  5023706  3/14/2023   Defer   Install IF you have 22H2  Cumulative update  Note I recommend holding off and not installing the feature release

I am confused by the Install IF … followed by the Note.  Which is it?  Does mean do not install if on 21H2?  If so, would that not be clearer?  I am on 22H2.  The reports of success are encouraging, but…

Hanging fire… advice appreciated.

[Moderator note:] please don’t “copy/paste” info from another web page as that will cause problems with how your reply appears (the unacceptable HTML code in your post was modified.)

Reply | Quote

Received the Windows MSRT again for my Windows 8.1 machine. Looks like MS still looks at something for 8.1. For how long?…who knows…

Will probably install it again this month.

2 users thanked author for this post.

Microfix, geekdom

Reply | Quote

Are you aware that MSRT has a telemetry ‘heartbeat’ sent to MSFT/ affiliate?
I killed MSRT off many years ago. As Win8.1 is now officially ‘out of support’ you may wish to consider the options to keep or block it..

To block it via the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
“DontOfferThroughWUAU”=dword:00000001
“DontReportInfectionInformation”=dword:00000001

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Reply | Quote

I never really understood the significance of the telemetry “heartbeat” talked about here on AskWoody. I read people here saying they don’t really know what the “heartbeat” telemetry does or sends.
The Malicious Software Removal Tool, I thought, was necessary and a good thing. It is “an anti-virus tool that scans the computer for specific widespread malware and tries to eliminate the infection” isn’t it? So, in the past, I decided to go ahead with it.
I haven’t installed this months yet. I installed it last month when it appeared unexpectedly and another AskWoody’s member indicated they installed it with no problems. Now you got me reconsidering. Also, I try not to change the registry at all since it has been said, here, not to unless you know exactly what you’re doing and know how to back out if necessary.

Anyways,thanks for your response.

Reply | Quote

FYI. Win7, EOL for more than three years now, still gets the monthly MSRT through Windows Update.
I think the old version of Windows Defender on Win7 still gets updates as well.
So I’m not surprised that Win8.1 also gets the updates for MSRT through WU too.

Reply | Quote

Thank you PKCano

Reply | Quote

Magniber ransomware actors used a variant of Microsoft SmartScreen bypass

Financially motivated threat actors used an unpatched security bypass to deliver ransomware without any security warnings

(Patched with March updates)

Google’s Threat Analysis Group (TAG) recently discovered usage of an unpatched security bypass in Microsoft’s SmartScreen security feature, which financially motivated actors are using to deliver the Magniber ransomware without any security warnings. The attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return an error that results in bypassing the security warning dialog displayed to users when an untrusted file contains a Mark-of-the-Web (MotW), which indicates a potentially malicious file has been downloaded from the internet.

TAG reported its findings to Microsoft on February 15, 2023. The security bypass was patched today as CVE-2023-24880 in Microsoft’s Patch Tuesday release.

TAG has observed over 100,000 downloads of the malicious MSI files since January 2023, with over 80% to users in Europe — a notable divergence from Magniber’s typical targeting, which usually focuses on South Korea and Taiwan. Google Safe Browsing displayed user warnings for over 90% of these downloads…

Reply | Quote

Now running Windows 11 Pro 22621.1413

2023-03 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5023706)

2023-03 .NET 7.0.4 Update for x64 Client (KB5024672)

Windows Malicious Software Removal Tool x64 – v5.111 (KB890830)

All installed without incident.

--Joe

2 users thanked author for this post.

geekdom, Lars220

Reply | Quote

When I used WuMgr to hide this Patch Tuesday updates, it only found the Malicious Software Removal Tool and not the 2023-03 Cumulative Update, so I hid the MSRT and closed WuMgr, then re-ran WuMgr and it found the 2023-03 CU on the second time. I hid it also, now waiting for Patch Lady advice to install these March 2023 updates. Thank you early patchers for volunteering to be our community “Beta Testers” – your input, good or bad is appreciated. Hopefully no one has this picture experience…

6 users thanked author for this post.

GeeBeeDee, deuxbits, IT Manager Geek, Susan Bradley, geekdom, SueW

Reply | Quote

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

Summary
Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure.

Impacted Products

All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected….

CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No user interaction is required.

The connection to the remote SMB server sends the user’s NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication…

2 users thanked author for this post.

roy_scc, creem

Reply | Quote

The attacker makes the user’s outlook reach out to a notification sound file – and then they use it to harvest ntlm hash values in a network.

Susan Bradley Patch Lady

2 users thanked author for this post.

Alex5723, deuxbits

Reply | Quote

If I’m understanding your post correctly, Microsoft Apps for Enterprise is not affected by CVE-2023-23397?

Reply | Quote

If you are using Outlook to connect to Online email through Microsoft 365 the underlying triggering event can’t occur.

Susan Bradley Patch Lady

1 user thanked author for this post.

roy_scc

Reply | Quote

arbrich wrote:

After doing a Check for Updates and installing on Windows 10 22H2 the update package (2023-03 (KB5023696) seems to install and then returns to regular screen not requesting a restart ?? Tried Checking for updates again after the updates installed  and then it came back to a Restart now button and screen and Tray ICON for pending restart. Did this on 2 different machines.

Doesn’t happen when using WUmgr.
Installed on Windows 10 Pro 22H2.
Installation went smoothly.
No problems.

CU (2023-03 (KB5023696) installs “twice“. First ‘Servicing Stack’ and then Security updates.

* Strange : checking ‘uninstall updates’ I see KB5022502 installed :
February 14, 2023-KB5022502 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows 10 Version 21H2 and Windows 10 Version 22H2
which didn’t appear in WUmgr list of updates.

Reply | Quote

* Only part of updates installed by WUmgr appear on ‘Uninstall Updates’ list of updates.

Reply | Quote

Looks like there’s problem that’s cropped up with latest win11 patches.

https://www.pcworld.com/article/1663285/windows-11-may-be-slowing-down-your-ssds-again.html

Reply | Quote

I updated Windows 8.1 with KB5023764, then discovered that I had forgotten to install the SSU, so I uninstalled KB5023764, to be safe, then installed the SSU, then reinstalled KB5023764.

Everything was normal afterwards.

Mark

 

Reply | Quote

Hi Susan:

arbrich wrote:

After doing a Check for Updates and installing on Windows 10 22H2 the update package (2023-03 (KB5023696) seems to install and then returns to regular screen not requesting a restart ??…

Windows Update successfully installed the following March 2023 Patch Tuesday updates on my Win 10 Pro v22H2 laptop and I haven’t noticed any negative effects so far:

• KB5023696: 2023-03 Cumulative Update for Win 10 Version 22H2 for x64 (OS Build 19045.2728)
• KB5024670: 2023-03 .NET 6.0.15 Update for x64 Client
• KB890830 : Windows Malicious Software Removal Tool x64 – v5.111

The was no Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Win 10 Version 22H2 this month so I didn’t encounter the early “Restart Now” glitch that I’ve reported for some past Patch Tuesday updates (see my 24-Feb-2023 post # 2536955 in Here Comes February’s Valentines of Patches for one example).

I also didn’t see the late “Restart Now” glitch reported in this thread by arbrich and a few other Win 10 users, although I did notice that the entire download and installation process was a bit slow this month  – the GUI appeared to get stuck for about 10 min at “Downloading – 100%” before the “Install Now” button was displayed even though Task Manager showed there was ongoing CPU and disk activity for the Windows Update service host.  However, I just left it alone and eventually saw the prompt to “Restart Now“ (see attached image) about 25 min after the initial check for updates started.

The release notes <here> for KB5023696 indicate a Win 10 Servicing Stack Update (SSU) v19045.2664 was delivered this month (the previous SSU v19045.2300 was delivered in Dec 2022), but I have no idea if that’s why my Patch Tuesday updates took so long to run to completion this month.
———–
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2728 * Firefox v111.0.0 * Microsoft Defender v4.18.2301.6-1.1.20100.6 * Malwarebytes Premium v4.5.24.248-1.0.1944 * Macrium Reflect Free v8.0.7279

1 user thanked author for this post.

geekdom

Reply | Quote

Windows monthly updates explained&lt

Starting in April 2023, non-security releases – formerly called “C” or “D” releases – will now target the fourth week of the month to ensure that our monthly patches are more effective than ever.

1 user thanked author for this post.

lmacri

Reply | Quote

alejr wrote:

abbodi86 wrote:

Did you enable “change” registry setting DisableResetbase?

Nope, just checked and it’s still set to 1 (i.e. disabled.)

However, I’ve never had that command generate any sort of error when I’ve used it and the size of the component store is always smaller (by ~6 — 8GB or so) after I run it so it’s obviously doing something.

Like I said, in that case, running /StartComponentCleanup with or without /ResetBase will have the same outcome.
For Windows 10 version 1903 and later, it will remove the superseded components nevertheless.

3 users thanked author for this post.

alejr, Alex5723, PKCano

Reply | Quote