MS-DEFCON 4: Major April issue, but not from updates

Topic

New Reply

ISSUE 20.17.1 • 2023-04-25 By Susan Bradley I’m ready to approve the April updates. Accordingly, I’ve lowered the MS-DEFCON level to 4. This is not to
[See the full post at: MS-DEFCON 4: Major April issue, but not from updates]

Susan Bradley Patch Lady

9 users thanked author for this post.

jburk07, Microfix, fernlady, abbodi86, deuce120, WCHS, DLivesInTexas, lmacri, Alex5723

Reply | Quote

Replies

Legacy and Windows LAPS passwords can now be handled using this unofficial GUI tool

Microsoft recently announced the availability of Windows LAPS (Local Administrator Password Solution). Although it currently has a bunch of interoperability issues with Legacy LAPS, Microsoft has confirmed that a fix is coming soon.

In the meantime, an unofficial third-party GUI app is now available which will allow querying passwords and other related tasks, and it claims to works nicely on both legacy and Windows LAPS. Dubbed “Simple LAPS GUI”, the description of the tool says:

A simple and fast GUI for Microsoft LAPS (legacy) and Windows LAPS. With this tool you can query passwords and change the expiration timestamp.

Version 1.0 of the tool was recently released. Here is the full feature-set of the app:

Simple and fast: Run the executable, type the computer name and press the ENTER key.

Supports Microsoft LAPS (legacy) and Windows LAPS on Active Directory environments.

Read current password, current expiration timestamp and password history (Windows LAPS only) from the Computer objects in your local Active Directory.

Copy the passwords (current and history) using the context menu.

Change the expiration timestamp.

Close the window by pressing the ESCAPE key.

The system requirements and limitations are given below:

System requirements

PowerShell 5.1
Windows LAPS PowerShell module
Optional for changing the timestamp of Microsoft LAPS (legacy) passwords:
Microsoft LAPS PowerShell module (AdmPwd module)
Limitations

Requires an Active Directory joined machine to work properly.
Currently Azure AD is not supported.
You can download the tool from GitHub though keep in mind this is unofficial software.

Reply | Quote

Are we now supposed to get Previews on the fourth Tuesday of each month?

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

Reply | Quote

For the versions that still get them, they will be out sometime this week.  I’ll update the master patch list when they post.

Susan Bradley Patch Lady

Reply | Quote

https://support.microsoft.com/en-us/topic/april-25-2023-kb5025305-os-build-22621-1635-preview-2482528b-7e8e-4179-b255-808f484b9c0c

https://support.microsoft.com/en-us/topic/april-25-2023-kb5025297-os-build-19045-2913-preview-a5e3f0ce-b9f1-40b9-a3fa-42b8093f3873

Susan Bradley Patch Lady

1 user thanked author for this post.

geekdom

Reply | Quote

https://support.microsoft.com/en-us/topic/april-25-2023-kb5025298-os-build-22000-1880-preview-db479cb8-14cd-4c86-8700-699f25d67087

1 user thanked author for this post.

geekdom

Reply | Quote

Is the Windows Update function that immediately shows Up to Date even though downloads and installs are still running a permanent issue?

I always run WUMGR on the Win10 22H2 PCs I am taking care of first to insure KB402 and any others ID’d for defer are hidden and then let standard Settings-Update&Security do it’s thing.  I have Macrium backups beforehand.

Since last month’s updates and again today, I am still getting Windows Update to show the updates needed and as soon as I press Download it clears the screen and says Up to date.  But I know it hasn’t even finished downloading yet.  So I exit the window and go back in and to see where it actually is at.

Takes three times to see the 3 that are normally there for these PC; .NET, Malicious Software and the Cumulative.

I have the settings for staying on 22H2 and no drivers but this only started at last month’s updates.

Are we now to just let it run until we get a request for Restart? Does it continue in background if we leave the page (Fridge Light !).

Reply | Quote

Thay “Up to Date while Windows Update is still running” has been going on for the last two or three months. I close Settings then reopen it, and that seems to work most of the time to correct the “visual” part of the thing. Updating still going on. Leave it alone, close Settings, and come back in a while.

Or use WUMgr to run the updates and you probably won’t have that problem.

Reply | Quote

Yes, Windows Update runs in the background and that is the main use case.

Effective with March and April’s 2023 Windows Update (WU), the WU reported status is no longer reliable. If you watch WU, better to run Task Manager as well, sorted by CPU or Disk time to see what is going on. Refreshing (close & re-open) the WU status screen multiple times can trigger WU to remember its current status eventually. Avoid the premature WU request to reboot. Can wait for Windows to go quiescent as reported by Task Manager, then check WU status.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

Reply | Quote

Microsoft has also pushed off the implementation of the mandatory, number-based, multifactor authentication for Microsoft 365 applications

Has MS like other companies finally figure out the MFA is easy to hack into and now are adding a third layer of security?

1. First level = Password for security – easy to hack upto 60 characters. meduim above 60 characters. high above 120 characters.
2. Second level = MFA – easier than take candy from a baby.
3. Third level =number based. -will have to see once full deployed if this will be hack able. My guess is yes since MS is not clever at coming up with a workable security solution.

MS should focus on security rather than this useless thing.

Reply | Quote

https://support.microsoft.com/en-us/topic/april-25-2023-kb5025305-os-build-22621-1635-preview-2482528b-7e8e-4179-b255-808f484b9c0c

New! This update adds a new toggle control on the Settings > Windows Update page. When you turn it on, we will prioritize your device to get the latest non-security updates and enhancements when they are available for your device. For managed devices, the toggle is disabled by default. For more information, see Get Windows updates as soon as they’re available for your device.

https://support.microsoft.com/en-us/windows/get-windows-updates-as-soon-as-they-re-available-for-your-device-cad7b32b-001e-435b-9110-f18309b54168

Is this option available on managed devices?
The toggle won’t be enabled for managed devices (those that are managed by Windows Update for Business or WSUS). The latest changes will be controlled and deployed by IT administrators.

Susan Bradley Patch Lady

Reply | Quote

Guinea Pig Update “Your guinea pig update is important to us and will begin momentarily.”
Version and build after update: Win11Pro 22H2.22621.1635

Microsoft Update Catalog downloaded and installed:

• 2023-04 Cumulative Update Preview for Windows 11 Version 22H2 for x64-based Systems (KB5025305)

Installed without error and the system rebooted without error.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

Reply | Quote

Win8.1 ESUb installed Aprils SMQR kb5025285 no problems after 15 days. rock solid and boring as usual.
Sorry just can’t let go of ‘eight’ as it’s considered a lucky number in Japan 😛

Keeping IT Lean, Clean and Mean!

1 user thanked author for this post.

SueW

Reply | Quote

Netgear A6100 WiFi adapters (USB dongles) stopped working part way through this month’s updates. Naturally, the update process stalled as soon as the internet connection was lost. This happened on an old laptop and an old tower PC, both running Windows 10 Home Edition 22H2.
Neither machine would complete the Windows April updates until I hardwired them into a LAN connection.
After the Windows updates completed, I downloaded and installed the newest Netgear A6100 software (version 1.0.36), but after installation, the Netgear Genie doesn’t seem to run and I have not figured out how to activate the A6100 adapters.
Will look into reinstalling drivers tomorrow when I’m awake.

Reply | Quote

Updated with April patches and without running into any issues
(a) one Windows 11 Pro 22H2 computer, and
(b) one Windows 10 Pro 22H2 computer.
Both machines were updated using WuMgr and for both I hid (and did not install) the Cumulative Update Preview released on April 25.

Incidentally, the Windows 11 machine was also offered a 2023-02 update for .NET framework 3.5 and 4.8 that was not on offer for the Windows 10 machine: I suspect this is simply because .NET framework 3.5 was recently enabled on the Windows 11 machine, thus triggering the offer of that February patch.

Reply | Quote

Question: Last month the update through Windows update in the services menu, downloaded then stopped and did not provide the restart, and in order to get the screen back I rebooted. The updates started downloading and installing correctly at that time. Then it required restart and all was fine and installed properly I have Win 10 home edition.

 

Are we saying that this is going to happen again or continuously?

 

Thanks for any information.

Win 10 Home 22H2

Reply | Quote

It’s been happening for several months. Don’t know if/when MS is going to fix it.

I have been able to get around it by closing the Settings App, then reopening it back to Windows Update. It then seems to pick up where it left off visually. I think it keeps downloading/installing even if you are not seeing it, so I wouldn’t reboot. Just keep closing then reopening the Settings App\Windows Update.

Reply | Quote

I’ve just gone through the April monthly update process including moving to Win10 22H2.  I’m running Windows 10 Home version.

I’m not sure whether I’ve ‘missed’ the April cumulative update or not.  If I look in ‘view update history’ in Windows Update I can see that Feature Update to Win 10 22H2 has gone ahead, as has the MSRT update to v5.112 and a definition update for Windows Defender to 1.387.2917, but no listing of  2023-04 Cumulative Update for Windows 10 22H2 (KB 5025221) under  the Quality Updates. Windows Update says I’m up to date.

However, if I look in Control Panel, Programs and Features, Installed updates  I can see an item described as ‘Security Update for Microsoft Windows (KB 5025221), so
have I got the April 2023-04 Cumulative Update installed or not, or is it just that Windows Update hasn’t caught up as yet as described by others above.  I note that ‘Trusted Installer’ in Task Manager is now running again after having stopped about 1 hour ago.

 

Appreciate any advice on this.

 

GeoffB

 

 

Reply | Quote

You should look in ‘view update history’ > ‘uninstall Updates’

Reply | Quote

Alex:  thanks.  I did that and it shows ‘Security Update for Microsoft Windows (KB5025221)’
so I assume this is the April Cumulative Update for Win 10 22H2, and that Windows Update History’ hasn’t caught up yet.

 

GeoffB

Reply | Quote

Hey GeoffB, it is possible that the April Cumulative Update got installed when you updated to 22H2.

I think that the quickest way to check that the April 2023-04 Cumulative Update is installed is for you to check the OS build number of Windows 10 on your system and see if that matches the build no. associated with Windows 10 22H2 April CU (i.e. 19045.2846).

To check your current OS build number open the Windows 10 settings (gear icon), then click on “System”. Next, on the left scroll down to “About” (should be the last item on the list) and select it. This will display some information on the right: take a look under “Windows specifications” and you will find the OS build number. If that number is 19045.2846, then you are running Windows 10 22H2 with the April CU installed.

Reply | Quote

You can also type winver in the search box and hit Enter. It will show Version and Build.

Reply | Quote

Berserker79/PKCano/Alex:  I just checked the system details, and it shows ‘Windows 10 Home 22H2 with OS Build 19045.2846’.

So it looks like the system has updated correctly.

 

Thanks for your help on this.

regards

GeoffB

 

 

1 user thanked author for this post.

Alex5723

Reply | Quote

GeoffB wrote:

Windows Update History’ hasn’t caught up yet.

Windows update history doesn’t display all updates correctly.

Reply | Quote