• MS-DEFCON 4: Got 22H2?

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 4: Got 22H2?

    • This topic has 64 replies, 24 voices, and was last updated 4 months ago by Jim.

    ISSUE 20.30.1 • 2023-07-25 By Susan Bradley If you haven’t updated to Windows 10/11 22H2, now is a good time because I’m lowering the MS-DEFCON level
    [See the full post at: MS-DEFCON 4: Got 22H2?]

    Susan Bradley Patch Lady/Prudent patcher

    Viewing 26 reply threads
    • #2575676

      Tiny glitch in the automation – it’s fixed now, and the correct level is 4.

    • #2575677

      Home user. Two reboots. Each reboot I received repeated notifications from Microsoft to use Bluetooth for Phone Link (I believe four to five notifications each reboot.) I use Phone Link but do not use Bluetooth for the phone connection. ’nuff said.

    • #2575689

      No problem with installation.
      2 reboots – 1 after .NET 6 and the other after the main cumulative.

      Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3570), Microsoft 365 Version 2310 (16924.20088) Location: UK

    • #2575697

      Any idea why I haven’t been presented with the .NET update?  Win10 22H2

      • #2575698

        No @sheldon, I received bothe a .NET 6 and .NET 7 update with MSRT and the main cumulative.

        Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3570), Microsoft 365 Version 2310 (16924.20088) Location: UK

      • #2575699

        I also have not received any .Net updates for July.  Only the MSRT and the Cumulative Update.

        Also I got the Defender platform update separately.


      • #2575750


        I don’t know why your system didn’t do the .net update, but on my W10 22H2 system it wasn’t offered alongside the other updates but did show up after the other updates installed and the reboot was complete. Later the same day or after a shutdown and startup the next morning I can’t remember, but it showed up on its own in less than 24 hours post cumulative update.

        Just don’t re-engage the update deferment, use system as normal, it should show up in it’s own good time.

      • #2575794

        I also didn’t receive any .NET this time. I received .NET updates the last 2 times with WU but nothing this time.

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

    • #2575705

      July update KB5028166 stuck at 74% installing (over 2 hours and counting) any ideas

      Acer Aspire – Win 10 Home (22H2) – OS 19045.3086

    • #2575653

      Can I trust this topic? The web page header shows DEFCON 1 – Don’t Patch

    • #2575655

      Defcon meter seems to be out of whack atm!

      Regards Jim!

    • #2575721

      The Microsoft 365 Semi-Annual Channel is not deprecated.  And I would think you would agree with using it for the same reasons you recommend delaying installation of Windows updates.   The Current Channel and the Monthly Enterprise Channel might as well be called the beta tester channels. In addition, Microsoft states “If needed, security updates for Semi-Annual Enterprise Channel are released on the second Tuesday of the month.”  Therefore, you should be recommending the Semi-Annual Enterprise Channel.
      See:  https://learn.microsoft.com/en-us/deployoffice/updates/overview-update-channels

      You can change update channels at https://admin.microsoft.com/#/Settings/Services under “‎Microsoft 365‎ app installation options”
      See: https://learn.microsoft.com/en-us/deployoffice/updates/change-update-channels

    • #2575747

      MSFT Previews are out, for those who…. 🙂
      MSFT Catalog 25th July 2023

      NOTE: NOT included in MS-Defcon 4.

      Win8.1/R2 Hybrid lives on..
      • #2575893

        Outwith the realms of askwoody ethos, I installed W10 Preview kb5028244 out of curiosity.
        No errors in Event Viewer and system file integrity good.
        DISM reports system healthy.


        SSU updated to 19045.3266
        Few usual things switched back on in O&OShutup, re-introduced my config preference to rectify that.

        Quite a lot of non-security fixes within:

        Win8.1/R2 Hybrid lives on..
        • #2575907

          Microsoft confirms video codec issue on Windows 10 (KB5028244) and Windows 11 (KB5027303)

          Microsoft has confirmed that there is an issue plaguing WVC1 or VC-1 video codec at the moment. Windows 10 and Windows 11 apps using the codec may fail to playback, record, or capture videos, and the issue extends to cameras and webcams. The bug was introduced with Windows 11 update KB5027303 and Windows 10 users with update KB5028244.

          This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy. The special Group Policy can be found in Computer Configuration -> Administrative Templates ->.

          1 user thanked author for this post.
          • #2575937

            It probably won’t affect most users.  VC-1 has been largely superseded by newer video codecs such as H.264 and H.265/HEVC, which offer better compression efficiency and other advanced features. However, VC-1 remains a legacy codec that is still used in some applications, particularly in some video games.

            1 user thanked author for this post.
    • #2575783

      Did anyone get the text for the change from DefCon 2 to 4?  I didn’t get a text this morning like I normally do when the change from 2 to 4 happens. Thanks.

      Win 10 ver. 22H2 x64

    • #2575788

      Did you check the Spam/Junk folders, just in case?

      Thank you, PKCano.  Yes I did check my Spam/Junk folders.

      Win 10 ver. 22H2 x64

    • #2575814

      VERY slow install. Stopped many times but completed. After reboot, I checked temp files and one called TS_DA0.tmp shows that Task Scheduler had been scanned and it appears quite a few new tasks were added, although perhaps some that were disabled were re-enabled. Cannot be sure, I had not made a list and quite a few run on reboot after updates. Some seem to be making application lists.

      Happy to upload the tmp file if you like. Some are readable and give clues. I hate when things “appear” to enable or re-enable telemetry.


      • #2576065

        Surprised no interest in the changes to Task Manager in this update. I believe some of these changes may not be desirable but hard finding the energy to investigate them all.

        Here is a snippet of what is plain text readable in the temp file in case this stirs some interest:

        A I – M i c r o s o f t – W i n d o w s – T a s k S c h e d u l e r – D e b u g C : \ W I N D O W S \ T E M P \ T S _ D A A 0 . t m p ÀP P T

        ª *ñj,kÅ:€$ëÏ©O<š_u! T | U R I M i c r o s o f t \ W i n d o w s \ C l o u d R e s t o r e \ B a c k u p ~ 
        ª Žz¼f)œú3&xÈß¹˜iu! T | U R I \ M i c r o s o f t \ W i n d o w s \ C l o u d R e s t o r e \ B a c k u p ¦ 
        ª *ñj,kÅ:€$ëÏ©O<š…u! T | A u t h o r $ ( @ % S y s t e m R o o t % \ s y s t e m 3 2 \ C l o u d R e s t o r e L a u n c h e r . d l l , – 6 0 0 ) ¦ 
        ª Žz¼f)œú3&xÈß¹˜u! T | A u t h o r $ ( @ % S y s t e m R o o t % \ s y s t e m 3 2 \ C l o u d R e s t o r e L a u n c h e r . d l l , – 6 0 0 ) ¦ 
        ª *ñj,kÅ:€$ëÏ©O<š™u! T | S o u r c e $ ( @ % S y s t e m R o o t % \ s y s t e m 3 2 \ C l o u d R e s t o r e L a u n c h e r . d l l , – 6 0 1 ) ¦ 
        ª Žz¼f)œú3&xÈß¹˜Ÿu! T | S o u r c e $ ( @ % S y s t e m R o o t % \ s y s t e m 3 2 \ C l o u d R e s t o r e L a u n c h e r . d l l , – 6 0 1 ) ° 
        ª *ñj,kÅ:€$ëÏ©O<š©u! T | D e s c r i p t i o n $ ( @ % S y s t e m R o o t % \ s y s t e m 3 2 \ C l o u d R e s t o r e L a u n c h e r . d l l , – 6 0 2 ) ° 
        ª Žz¼f)œú3&xÈß¹˜±u! T | D e s c r i p t i o n $ ( @ % S y s t e m R o o t % \ s y s t e m 3 2 \ C l o u d R e s t o r e L a u n c h e r . d l l , – 6 0 2 ) ¼ 
        ª *ñj,kÅ:€$ëÏ©O<šºu! T | S e c u r i t y D e s c r i p t o r D : ( A ; ; F A ; ; ; B A ) ( A ; ; F A ; ; ; S Y ) ( A ; ; F R F X ; ; ; B U ) ( A ; ; F R F X ; ; ; A U ) ¼ 
        ª Žz¼f)œú3&xÈß¹˜½u! T | S e c u r i t y D e s c r i p t o r D : ( A ; ; F A ; ; ; B A ) ( A ; ; F A ; ; ; S Y ) ( A ; ; F R F X ; ; ; B U ) ( A ; ; F R F X ; ; ; A U ) J 

        I think more changes made than these as a ton of things which appear new ran after the update.


    • #2575938

      On Windows 10, it was a fast install for us.

    • #2575993

      I’m running a fresh/clean install of W10 22H2 on an older HP desktop computer. Fresh install as in I finally gave in and replaced W8.1 with W10 a few weeks ago. I’m still running W7 on my laptop because I’m not a W10 fan. My first W10 monthly update experience hasn’t changed my mind.

      I used wumgr to download and install only the MSRT and KB5028166 (monthly cumulative update). I was not offered any .NET updates. The computer rebooted and the status slowly updated to 97% complete, after which I got a blue screen of sadness, Stop Code WHEA_UNCORRECTABLE_ERROR, and Error Code 0xc0000225.

      I did some reading about that to learn that the update process apparently killed my Boot Configuration Data. Cool. Based on what I read I tried to use my recently created W10 install USB for repair, but that won’t boot either. I tried using the boot order menu to force the boot from the USB (and later from my OS drive as well). Regardless of what I attempt I get:

      ERROR: No boot disk has been detected or the disk has failed.

      Any advice?

      I haven’t been using W10 long enough to even reinstall much of my software, so if I have to start over it’s not the end of the world, but it would be annoying. Alternatively, I might just go back to W8.1 (I cloned my SSD to an old HDD) which ran flawlessly for years (as has W7 for over a decade) and live with higher security risk.

      • #2576624

        Define “older”.

        If the hardware was built for a specific OS, sometimes it’s just happier on that older OS.

        Susan Bradley Patch Lady/Prudent patcher

      • #2576625

        ERROR: No boot disk has been detected or the disk has failed.

        Just to add, the reason I suggested to start over is because there is a possibility that your HDD or MB has had a failure. Especially ( as Susan referred to about your original post ) since it’s an “older” PC.

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

    • #2576003

      I haven’t been using W10 long enough to even reinstall much of my software, so if I have to start over it’s not the end of the world, but it would be annoying

      Personally, I would start from scratch. Sounds like something went wrong with the original install.

      Don't take yourself so seriously, no one else does 🙂
      All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

      • #2576014

        I guess it’s possible the install was bad, but I was testing the computer for 2-3 weeks at basic tasks to see if I wanted to keep W10 or revert to W8.1, which was stable (and configured to my liking) over a period of years .

        I find it hard to believe that it would work fine for a couple of weeks, with dozens of reboots, and then just happen to crash hard on the reboot after the cumulative update…

        • #2576145

          I didn’t realize that you had been using it that long, but regardless, I would do a fresh install especially since you don’t have much else installed.

          Hope this helps.

          Don't take yourself so seriously, no one else does 🙂
          All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

    • #2576021

      I am a newbie and don’t know much.   I read Susan’s email and checked to see what version I am on and am currently on Windows 10, version 21H2.

      I don’t have the option to download 22H2 on my Windows Update page.  Why is this and what should I do?


    • #2576079

      For the .NET updates – LanGuard says our machines are missing 2023-07 .NET 6.0.20 Security Update for x64 Client (KB5028705). Machines are configured (GPO) for Windows Update for Business. It isn’t listed as optional update either. And when I check online for Windows Update, it doesn’t show. Now I can push this update with LanGuard, but I wonder, like many of you, why it doesn’t install automatically?

    • #2576088

      Which update? There were 130.

      Do you mean Task Scheduler, not Task Manager?

      My bad – Task Scheduler.

      And 130 updates?  There was one for cumulative 22H2.

    • #2576299

      Am I correct to assume that the problems caused by KB5028166 only effect Windows 10 Home 22H2, and not (my) Windows 10 Pro 22H2?

      • This reply was modified 4 months, 1 week ago by TJ. Reason: underlined Home and Pro to emphasize difference
    • #2576355

      This is to report a successful install of July patches on my Windows 10 Home 22H2 machine. Installing through WUMgr did not prompt multiple reboots, only one reboot was necessary after all patches were installed. BTW, I installed the monthly CU and .NET Framework updates from July 11 and hid both of the previews from July 25.

      And now to update my Windows 11 Pro 22H2 machine…

      • #2576372

        I made a post on Jul 26 about the issues I had trying to install KB5028166 (cumulative update) using wumgr on a fresh (2-3 week old) install of W10 Pro 22H2 on an HP desktop computer. Briefly, after the reboot the status updated to 30%, rebooted a second time, and then updated to 97% after which I got Stop Code WHEA_UNCORRECTABLE_ERROR and Error Code 0xc0000225.

        Pretty awesome. I was able to revert to a backup made immediately prior to attempting the update using an EaseUS Todo Backup USB. I did some reading about the error code I got and implemented all the tests/fixes found at:


        Everything was fine, so like a dummy I tried to do the KB5028166 install again. Same result, same error code. Just for giggles, I went through all the steps above again and got the same negative result a third time.

        So, my options seem to be:

        1. Ignore the July update and have a functioning computer. If I do that, will the August update catch me up on security fixes? How likely is the August update to trigger whatever issue is causing my problem?
        2. Reinstall W10. There’s a possibility this will help, but as I mentioned above I’m using a fresh install of W10 for the purpose of convincing myself that I was finally ready to move from W8.1 (desktop) and W7 (laptop). Basically all I’ve been doing is playing with the computer a bit to see how W10 works, slowly installing the software I use, and mostly confirming that I’m still not a fan. The update process hasn’t helped my opinion. I have a hard time believing that the fresh W10 install has already gotten messed up in some way that doesn’t allow it to update. If it has, that also doesn’t speak highly of W10. I have actual work to do with my computers, so I don’t really want to start over with W10 if I’m likely to get the same result.
        3. Go back to W8.1 on the desktop and stick with W7 or W8.1 on my laptop. I’ve had one virus experience in 25-30 years of using computers nearly daily for school and work. I’ve had a failed W10 update the first time I tried to update. The odds seem to favor a slightly increased security risk with W7/8.1 if that gives me a computer that I can use.

        Anything else I can check to confirm that the W10 install is good?

        • #2576416

          Did you try downloading and installing KB5028166 from the Microsoft Update Catalog rather than using WUMgr? If that causes the Error Code 0xc0000225 issue all over again, maybe you could give KB5028244 (July preview update) a try in the hope that whatever is causing that error has been fixed in the preview update. If all that fails to avoid the error, then I would pass on KB5028166/KB5028244 and see if the Cumulative update from August will install without problem. And if the problem persists with the August update, then I’m afraid a reinstallation of Windows 10 might be a proper solution.

          The only thing that comes to mind in order to check your Windows 10 installation is good is to run the DISM and SFC tools (https://support.microsoft.com/en-us/topic/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files-79aa86cb-ca52-166a-92a3-966e85d4094e):
          1) In an elevated command prompt enter the following command
          DISM.exe /Online /Cleanup-image /Restorehealth
          2) Wait for the operation to be completed, then enter the following command
          sfc /scannow

          These steps should help locate and fix corrupt Windows 10 files and hopefully take care of the problem you are having with KB5028166.

          1 user thanked author for this post.
          • #2576432


            I had run scannow several times previously, but did it again – no issues identified.

            I had not previously tried the DISM command but that also showed no issues.

            A real head scratcher. I think for now I’ll just do nothing and keep testing my older software to see if it installs and works on W10. If not, that will also play a role in whether I stay or go back to W8.1.

            • #2576527

              Definitely a head scratcher… Since the July updates do not seem to patch any vulnerability which is being actively and widely exploited, waiting until the August updates will be approved for installation sounds relatively safe (especially if you do not feel like going through more steps of restoring from a backup). Occasionally I’ve had W10 patches failing to install on a given month only to install without trouble the next: hopefully the same will happen for you.

      • #2576412

        Ok, the July 11 updates successfully installed on my Windows 11 Pro 22H2 machine and everything appears to be in working order. Here too, I installed the updates through WUMgr, but the system did two reboots after installing the updates, contrary to what happened with Windows 10 where I had the usual single reboot.

        The interesting bit is that on Windows 11 I was offered only the July CU and the MSRT update, no .NET Framework updates at all. Did I get it wrong or wasn’t the multiple reboot supposedly caused by the .NET Framework update? And yet, I had no multiple reboots on Windows 10 where I received a .NET Framework update and two reboots on Windows 11 where no .NET Framework update was installed.

        Anyway, not a big deal. An additional reboot is not a problem compared to issues we had to deal with in the past due to other updates, so no reason to complain I guess.

    • #2576468

      I recently purchased two new Windows 10 computers, had been using Windows 7 up until now, so I’m a little unfamiliar with  updating in Windows 10.  One of the new computers has the Home Edition and the other one has the Professional Edition.  I did updates on both computers today and looked at my update history afterwards.  On the computer with Home Edition, it shows that it attempted to install KB5028244 but it failed to install (Error Code 0x8024402c).  On the other hand, the computer with the Professional Edition did not attempt to install KB5028244.  Both computers successfully installed KB5028166.  Maybe its not important, because KB5028244 is a preview, but I’m just curious why did the Home Edition computer attempt to install KB5028244 but then fail?  Also,  the computer with the Professional Edition installed two .NET updates, but the Home Edition computer only installed one .NET update, KB5028412.  Should I try to get the second .NET update (KB5028937) installed on the Home Edition computer also?

      • #2576528

        No idea why KB5028244 failed installation on one of your computers: the 0x8024402c seems to be pretty generic, maybe the download was corrupt and the patch failed to install for that reason. Anyway, like you said, it’s a preview update so no need to worry about it, since the general suggestion is not to install any preview updates.

        KB5028937 is the “regular” July .NET Framework update, while KB5028412 is the preview update. Since KB5028412 includes anything in KB5028937, there is no need to install also KB5028937 on the Home Edition computer.

        1 user thanked author for this post.
    • #2576582

      Installed today KB5028166 (+ Defender updates, MSRT) with 2 reboots:

      First after updates installations, updating to 30%.
      Second update, up to 100% and logon to desktop.

      • #2576620

        Could you be a little more specific about what happened here? Did the PC reboot twice on its own?

        • #2576678

          First reboot after installation is done manually after Windows asking to reboot.
          Second reboot after reaching 30% in automatic.

          Widows 10 does 2 reboots for years.

          • #2576684

            Is that really two reboots?  Manually accepting a request to reboot doesn’t count as a separate reboot and the one you say is “automatic,” at 30% is the actual reboot you manually accepted.

          • #2576685

            Thank you, I see. I assume you use wumgr. (I think thats what it is called.)

            I just use the windows updater. It usually installes the patches and asks for reboot. As I always let everything install before clicking reboot, I have only ever had one restart with installing and cleanup in the reboot itself. Wonder what it will be this time. (It is yet to early for me to install.)

            Regards, Jim.

    • #2576610

      Win 10 22h2 home edition has two reboots?

      When does the reboot happen and does it do it on it’s own?


      Win 10 Home 22H2

      • #2576627

        And what is the reboot schedule set to in relation to the time the update was performed?

        We would also need to know the setting of “auto restart” – (Advanced Options > Restart this device as soon as possible.)

    • #2576707

      Installed today KB5028166 (+ Defender updates, MSRT) with 2 reboots:

      First after updates installations, updating to 30%.
      Second update, up to 100% and logon to desktop.

      Ok, it’s obvious there’s a serious misunderstanding by some users over what a reboot (i.e. “Windows restart“) during an update really is, so here’s the real scoop.

      Regardless of whether it’s been manually selected or automatically initiated, here’s how the restart process works.

      1st step: Windows has to shutdown.

        During this process you’ll see a screen something like this that counts up to 30% and then goes black as your PC shuts down.


        Note: it’s only able to complete 30% of the update during this first step because certain parts of Windows are in use and can’t yet be replaced.

      2nd step: Windows restarts.

        During this process you’ll see a screen something like this that counts up from 31% to 100% as the update process replaces the other 70% of Windows that’s not yet in use.


        Provided the update completes successfully, you’ll then see the login prompt.

      These two steps are one reboot, not two!

      2 reboots requires going thru those two steps twice, 3 reboots three times, etc., etc.

      The most reboots I’ve ever experienced during an update was 2 when I selected restart after one update was ready to install and before the second one was. And yes, my system when thru those 2 steps twice to install both updates!

      2 users thanked author for this post.
      • #2576714

        I installed KB5028166 alone with no other updates on 3 computers running Win 10 Pro 22H2 with different results:

        On 2 computers there was ONE reboot as @alejr described.

        On 1 computer, after the First reboot was almost complete (around 90% – I was not watching that closely), the computer started another reboot. That one completed and the Login Screen appeared. So this was definitely TWO reboots.



      • #2576730

        Yes exactly this. I dont see how this happens unless the user clicks before it is ready or windows gives another update right after the first reboot?

        • #2576745

          There have been past updates where a second reboot has occurred as you described.  Therefore, it is not unusual for this to occur from time to time.  What seems different now than in the past, is the mix of users with varied experiences.  So far, the source of the differences doesn’t seem clear.  However, I don’t think it is cause for concern unless issues arise.

    • #2576720

      Thank you, I see. I assume you use wumgr

      On my laptop I use WUmgr and have 2 reboots (manual, after 30%).
      On Saturday I used Windows update with the same 2 reboots (manual, after 30%).

      • #2576732

        How does this happen exactly? Do you install one update, with reboot as described above, and then another update comes down the pipeline requiring you to repeat the process? Does the pc do it by itself twice in a row?

        • #2576746

          All updates are installed at once. Windows asked to restart/reboot manually. For me it is reboot number 1.
          The screen comes up with updating to 30% (first update phase).
          Update process restarts PC (second reboot) and second update phase 31-100% continues.
          The second phase may fail and the update process will restore the PC to its previous state.
          Sometimes after reaching 100%, a cleanup process may run.


          • #2576753

            If I am not mistaken here, there’s only 1 reboot in this. After the first phase at 30% when the PC turns itself off and then on again. Updating and cleanup phases are part of the reboot. I have never had an update fail at this stage personally, so I cannot speak to what happens then (knock on wood.)

            If all of this happened twice, you’d have had two reboots.

          • #2576786

            Jim, you’re correct!

            The “second reboot” part of this statement (emphasis mine) is completely wrong!

            Update process restarts PC (second reboot) and second update phase 31-100% continues.

            As I pointed out above, during a reboot/restart:

            The PC first shuts itself down, then restarts itself.
            Those two steps are not and have never been two “separate” reboots. Rebooting requires both steps or it’s not a reboot.

            BTW, the “update” style reboot is what’s know as a warm boot (restarting a PC “without” turning off the power) vs a cold boot (where the PC starts out “completely powered off” and is powered on.)

            Cold Boot vs Warm Boot: What’s the Difference?

    • #2576939

      Updated 3 Win10 Pro’s & 1 Win11 Pro. Only problem: On one Win10 for some crazy reason Avast firewall switched my network to untrusted blocking my software KVM, Input Director, and ability to update files from other PC’s. Last time I had an intranet connection problem, my son, an applications engineer, mentioned the firewall which led to me tracking down the problem and fixing it by trusting the network.

    • #2577970

      Just did the update on my PC and it took 1 reboot. All updates installed normally, cleanup and reboot all in one as usual. Now to hope there are no adverse effects otherwise.


    Viewing 26 reply threads
    Reply To: MS-DEFCON 4: Got 22H2?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: