• MS-DEFCON 4: Patching weather is clearing

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 4: Patching weather is clearing

    Author
    Topic
    #2526456

    ISSUE 20.04.1 • 2023-01-24 By Susan Bradley In general, the January updates have been well behaved. So far, I’m not seeing any trending issues with th
    [See the full post at: MS-DEFCON 4: Patching weather is clearing]

    Susan Bradley Patch Lady

    4 users thanked author for this post.
    Viewing 30 reply threads
    Author
    Replies
    • #2527797

      2023-01 Update for Windows 11 Version 22H2 for x64-based Systems (KB4023057) has reared its ugly little head.

      This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.

      Source:
      https://support.microsoft.com/en-us/topic/kb4023057-update-for-windows-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefender
      1 user thanked author for this post.
      • #2527831

        As I’ve said before, none of these ‘reviews’ are actually bad, what’s bad is the resetting it has done.  No patch should reset things.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2527830

      My 3rd attempt (Are You Sure error geekdom posted about) to say I just Installed Kb4023057 as I always do – have never had any issues. Macrium images were made. WuMgr quick about it with no re-start indicated.

      W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

    • #2527912

      The weather in the U.S.A. is like that too now.  Every now and then the sun comes out, the sky turns blue, and we actually get a halfway decent day.  On really rare occasions we get more than one such day in a row.

      Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

    • #2527929

      Updated- 2023-01 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022303)

      2023-01 Update for Windows 11 Version 22H2 for x64-based Systems (KB4023057)

      Windows Malicious Software Removal Tool x64 – v5.109 (KB890830)

      No problems.

      Edition Windows 11 Pro
      Version 22H2
      Installed on ‎10/‎19/‎2022
      OS build 22621.1105

    • #2527989

      And I will be republishing the HTML version of the spreadsheet – it messed up.

      Susan Bradley Patch Lady

      1 user thanked author for this post.
    • #2528122

      Symptom: Start Menu and other shell components fail when Apps including Barco’s ClickShare access Office APIs

      ..You may experience various issues related to the Windows Shell on devices that are running Office ClickToRun, along with some third party applications that use Office APIs:

      Event 1000 is logged in the Application event log. The event log reports that an application crashes for StartMenuExperienceHost.exe, ShellExperienceHost.exe, SearchUI.exe, with an error code 0xc000027b / -1073741189.

      Errors in the Microsoft-Windows-AppModel-State event log mentioning the following error with various package names:

      Triggered repair of state locations because operation SettingsInitialize against package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy hit error -2147024891.

      The Windows Start Menu does not respond to mouse clicks or the Windows key.

      Windows Search does not respond to mouse clicks on pressing the Search button or Windows+S key.

      Cause

      This may occur when a third party process such as ClickShare uses Office APIs on a computer where Office is deployed by using Office ClickToRun. Application packages’ permissions are being removed from the following Registry path:

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders..

      Workaround

      Download the scripts to fix the issue when it happens, though the scripts cannot prevent the issue from re-occurring.

      Open a Powershell prompt under the affected user identity, and run

      PowerShell

      Copy
      .\FixUserShellFolderPermissions.ps1
      If the script can’t access the registry key because the registry permissions are wiped out, then open an elevated Powershell prompt and run the following command:

      PowerShell

      Copy
      FixUserShellFolderPermissions.ps1 -allprofiles
      If an application doesn’t work, you may need to register the shell packages by running from the affected user the command

      PowerShell

      Copy
      FixUserShellFolderPermissions.ps1 -register…

    • #2528490

      Just got..

    • #2528509

      Maybe I shouldn’t ask in this thread but…

      So, all this month updates went ok but I realized one thing. I’m on win10 and I think I’m not getting offered the option to move from 21H2 to 22H2 since the moment I got the “you are eligible for windows 11 22H2, click here do start downloading, or click here if you want to stay on win10 for now”.

      I avoided clicking either of those 2 for a few months, but is my not clicking “stay on win10 for now” wants preventing the win10 22H2 upgrade from showing up?

    • #2528695

      In general, the January updates have been well behaved.

      My only complaint is that Edge Chromium keeps getting re-installed.  This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.

      As usual, I used Revo Uninstaller to get rid of it, and I’ve inserted a registry key in an effort to stop this from happening.  The key is:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
      “DoNotUpdateToEdgeWithChromium”=dword:00000001

      I’ll see how that works out.  I found the Blocker Toolkit at MajorGeeks.com.

      Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
      We all have our own reasons for doing the things that we do. We don't all have to do the same things.

      • #2528717

        FYI, that regkey doesn’t work any more, guaranteed on W10!
        Been there, done that, and disposed of it a while back.
        I get the feeling that after next month, chromium based edge will be anchored deeper into W10 with the upcoming IE11 browser neuter next month.

        Keep IT Lean, Clean and Mean!
      • #2528799

        @bbearren

        To prevent Edge Chromium from automatically getting re-installed you need to set the following registry key.

        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
        "UpdateDefault"=dword:00000002

        That key has four possible values and 2 = Manual updates only.

        For full details, see Microsoft’s Update policy override default page.

        3 users thanked author for this post.
    • #2528767

      I hid it with wushowhide and it’s not re-appeared in the WU queue.

      I did not. It didn’t harm my PC with the last 10 times..057 installed.

    • #2528913

      My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.

      Microsoft Edge download for installation:
      https://www.microsoft.com/en-us/edge/download?form=MA13FJ

      Microsoft Store installation method:
      https://apps.microsoft.com/store/detail/microsoft-edge-browser/XPFFTQ037JWMHS

      1. How many other ways does Microsoft Edge install?

      It shows in User apps and Provisioned Apps (as variation of MicrosoftEdge.stable).
      This appearance in User Apps and Provisioned Apps may only occur if Microsoft Edge is installed through the Microsoft Store.

      2. How many ways does Microsoft Edge update?

      3. How many Microsoft Edge subprograms are associated with Microsoft Edge?

      Microsoft Edge has tentacles.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefender
      • #2529543

        Microsoft Edge download for installation: https://www.microsoft.com/en-us/edge/download?form=MA13FJ Microsoft Store installation method: https://apps.microsoft.com/store/detail/microsoft-edge-browser/XPFFTQ037JWMHS 1. How many other ways does Microsoft Edge install?

        My point is that I don’t want Edge, so I’m not looking for ways to install it, just ways to permanently get rid of it.  I’m making progress.  In my registry I have

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
        “DoNotUpdateToEdgeWithChromium”=dword:00000001

        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
        “UpdateDefault”=dword:00000002

        I also have manually deleted everything Edge in Program Files (x86).

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        We all have our own reasons for doing the things that we do. We don't all have to do the same things.

        2 users thanked author for this post.
        • #2529555

          Microsoft Edge has various ways of installing. Uninstalling it and getting rid of the remnants may be a tedious process depending on how it has been installed: via Microsoft Store, direct download, or bundled Microsoft update (which likely creates User App and Provisional App files). If Microsoft Edge has been installed through Microsoft Store and perhaps bundled update, Microsoft Edge must be removed from User Apps and Provisioned Apps.

          After uninstalling Microsoft Edge, files are left behind which must be removed from EdgeCore and EdgeUpdate:
          edge02

          There are other files and folders left in User profiles such as Edge Wallet. I don’t know if these types of files need removal.

          How Microsoft Edge is installed affects how to remove it and all remnants and perhaps prevent it from installing again.

          Carpe Diem {with backup and coffee}
          offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
          offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
          online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefender
          • #2529591

            Microsoft Edge has various ways of installing itself. Uninstalling it and getting rid of the remnants may be a tedious process depending on how it has been installed: via Microsoft Store, direct download, or bundled Microsoft update. If Microsoft Edge has been installed through Microsoft Store and perhaps bundled update, Microsoft Edge must be removed from User Apps and Provisioned Apps.

            I’ve never wanted Edge, so direct download or Microsoft Store are completely out of my realm of possibilities.  The only way I’ve had it installed was via Update.  Also, Edge has never appeared in the Apps menu.

            Uninstalling it and getting rid of the remnants may be a tedious process

            I dual boot.  Boot to the other side and it’s just right-click Delete.  Not at all tedious.  This is how I did it on both sides of my dual boot.  I booted into the B side (where there is no Edge) with internet access disconnected to prevent any Windows Update from downloading in the background, and added two entries to the registry:

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
            “DoNotUpdateToEdgeWithChromium”=dword:00000001

            [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
            “UpdateDefault”=dword:00000002

            I then connected to the internet, checked for updates and got these:

            KB5022303 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems
            KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems

            Edge did not get reinstalled via KB4023057 as I mentioned earlier in this thread.

            Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
            We all have our own reasons for doing the things that we do. We don't all have to do the same things.

            • #2529607

              From your cited post:

              My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.

              Carpe Diem {with backup and coffee}
              offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
              offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
              online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefender
            • #2529627

              From your cited post:

              As usual, I used Revo Uninstaller to get rid of it, and I’ve inserted a registry key in an effort to stop this from happening.

              That was the A side of my dual boot.  In following posts I have summarized the additional steps I have taken to prevent Edge from getting re-installed in future Windows Updates.  I don’t want Edge.

              I then turned my attention to the B side of my dual boot, after deleting all the pertinent files in Program Files (x86) on the B side.

              This is how I did it on both sides of my dual boot. I booted into the B side (where there is no Edge) with internet access disconnected to prevent any Windows Update from downloading in the background, and added two entries to the registry:

              I will be monitoring for any future invasive installations of Edge, and take additional measures if necessary.

              Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
              We all have our own reasons for doing the things that we do. We don't all have to do the same things.

    • #2529533

      FWIW, I am still receiving Security Intelligence updates for Windows 8.1 as of Jan. 26.

      Mark

       

      1 user thanked author for this post.
      • #2532166

        Thanks for the info. What does this mean for other Win 8.1 owners/users? Can this apply to all or just special setups?

        • #2532171

          The last supported security update for Win8.1 was released on Patch Tuesday 2023. It can be installed any time after that date, but Win8.1 has now reached End of Service and will no longer receive updates.

    • #2529542

      Checked for updates this morning and got KB5022360 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems.

      No hiccups.  No Edge with this one.

      Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
      We all have our own reasons for doing the things that we do. We don't all have to do the same things.

    • #2529606

      Microsoft Edge is a tenacious and pernicious virus for those of us who don’t want it… ever.

      IMO it most definitely meets the criterion of malware.

      1 user thanked author for this post.
    • #2529617

      My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.

      I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?

      What’s the link with Microsoft Edge?

      Or is that only on Windows 11, not Windows 10?

      I’m confused. It doesn’t take a lot these days. 🙂

       

      • #2529621

        I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?

        From the KB article:

        “This update includes reliability improvements to Windows Update Service components in all editions of Windows 10, version 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, and Windows 11, version 21H2, 22H2. It may take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

        This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.”

        That was the only update I received, and Edge had reappeared when I signed on that morning.  Edge had been uninstalled a couple of weeks prior.

         

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        We all have our own reasons for doing the things that we do. We don't all have to do the same things.

    • #2529628

      I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?

      From the KB article:

      “This update includes reliability improvements to Windows Update Service components in all editions of Windows 10, version 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, and Windows 11, version 21H2, 22H2. It may take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

      This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.”

      That was the only update I received, and Edge had reappeared when I signed on that morning.  Edge had been uninstalled a couple of weeks prior.

       

      OK, I see the relevance to Windows 10 but… there’s no mention of Microsoft Edge at all.

      Sounds like Microsoft playing fast and loose yet again. Shocker.

      Another pillar of Microsoft’s ‘Trustworthy Computing’?

      The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees.

      Do I trust Microsoft to put me as a customer at the forefront if it dissembles what its updates are doing? Have a guess. 🙂

      • #2529633

        No mention of Microsoft Edge at all then.

        Correct.  What I know for sure is that it was not there the day before, and after that update there was an Edge shortcut on my desktop, and Revo Uninstaller Pro showed it to be a fresh installation.

        Microsoft may very well be installing Edge on its own without it being part of any update.  Who can say?  Or it may have checked my installation, noticed Edge missing, and included it as “files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed.”

        I’m of the opinion that there are numerous versions of every update in order to facilitate the very complex Windows installed base environment.  In other words, you and I may both get KB4023057 but what we get may have variations to suit our hardware/software particulars.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        We all have our own reasons for doing the things that we do. We don't all have to do the same things.

    • #2529648

      Hi Susan,

      When you say it’s okay to install the January updates, do you mean all of them on your Master Patch list for 01-24-23 or just the items on the 01-24-23 Master Patch list that says “Install”? I have only been updating the updates that say “Install” on the specific update lists, and always hide the ones you say to avoid or defer and don’t update/install until your Master Patch list says “Install”. Am I doing this correctly.

      Thank you

      • This reply was modified 1 month, 3 weeks ago by tj42-19.
    • #2529695

      I only install the updates that are listed as “install”.    IMHO that’s what she intends.

    • #2529785

      Windows 10 Home 21H2 here, hid as per my usual practice KB4023057 and installed 2023-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5022282) without any issue through WuMgr.

      Oddly enough, I had trouble with the Windows Malicious Software Removal Tool x64 – v5.109 (KB890830) update, did this happen to anyone else?

      On the first attempt (through WuMgr) KB890830 was downloaded, but the installation remained stuck (20+ minutes) doing nothing and in Task Manager I spotted the executable corresponding to the update running, but “idling” doing nothing at 1% CPU usage. I killed the process, rebooted and ran WuMgr again: it reported KB890830 as already downloaded and I hit the install button, but the installation was apparently stuck again. This time in Task Manager I spotted MRT.exe (i.e. the Windows Malicious Software Removal Tool executable) “idling”. Killed the process, rebooted, ran WuMgr and it reported a successful install of KB890830.

      Also, I planned to switch to 22H2 during this DEFCON4 period, but I’m not being offered this feature update (no, please don’t say it’s because I avoid KB4023057, since I have been offered every previous feature update). I checked that 22H2 is the target version in the relevant registry key and running InControl confirms that 22H2 is targeted, but the update does not show up. Might have to go through the ISO update process.

    • #2530160

      After I installed Cumulative KB5022287, tested ok & created restore pt, My Win 11 Pro started to download and install KB5019274. Described as optional preview ..I quickly paused updates until 3/5. Saw nothing on KB5019274 when I searched forums
      Will await advice. https://support.microsoft.com/en-us/topic/january-19-2023-kb5019274-os-build-22000-1516-preview-ace2511d-586e-41b0-b213-3a89d97565a4

      KB4023057 was also installed which appears controversial on forums. Since the PC seems to work ok, I’ll leave alone. Have created restore point and image back up prior to update so I can reverse anything that doesn’t turn it into a smoking pile of parts.

       

       

      • #2530263

        Run WUmgr, click the Search button (circular arrows) and then hide any previews. Now you can relax until the next update cycle.

        cheers, Paul

        1 user thanked author for this post.
    • #2530794

      hello, im using win10 right now and still on win10 pro 21h2
      im skipping windows december windows update

      for this months this is what is listed in my windows update
      2023-01 Update for Windows 10 Version 21H2 for x64-based Systems (KB4023057)
      Windows Malicious Software Removal Tool x64 – v5.109 (KB890830)
      2023-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5022282)
      2022-12 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 (KB5021088)

      so my question are : 1. is it safe to run the update because i check my laptop and it have 2 hidparse.sys files while my pc only have 1? and do i miss something that i need to download manually maybe from december or november msdefcon?? i usually only running update on windows update
      2. is it safe now to update to win10 22H2?

      • #2530808

        Susan is actually recommending that Users upgrade to 22H2. It seems to be stable at this point.

        You may want to hide KB4023057. This is what the MS documentation says it does:

        • For feature update information for Windows 10, version 1809, 1903, 1909, 2004, and 20H2, see KB 5001716.
        • This update may request your device to stay awake longer to enable installation of updates.

          Note The installation will respect any user-configured sleep configurations and also your “active hours” when you use your device the most.

        • This update may try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully.
        • This update may repair disabled or corrupted Windows operating system components that determine the applicability of updates to your version of Windows.
        • This update may compress files in your user profile directory to help free up enough disk space to install important updates.
        • This update may reset the Windows Update database to repair the problems that could prevent updates from installing successfully. Therefore, you may see that your Windows Update history was cleared.
    • #2530990

      My Dell Inspiron is running Win 10 21H2 build 19044.1766

      Based on Susan Bradley’s recommendation that Win 10 22H2 is OK, I used InControl to give that permission.

      Today WU offers “Feature Update to Windows 10, version 22H” without any KB number.  Is that the update from 21H2 to 22H2?

      If so, would it make sense to use WUMgr to do ONLY that one update, and temporarily ignore the handful of other updates offered by WU?  Those are

      • KB4023057 (PK has advised to hide this one)
      • KB890830 (MSRT)
      • KB5022546 (.NET 6.0.13 security update)
      • KB5021088 (cumulative update for .NET framework)
      • KB5012170 (security update for 21H2)
      • KB5005463 (update for 21H2)

      Thank you for advice.

       

      • #2530999

        Hide: KB4023057, KB5012170 (It’s causing problems and is not recommended for installation on Susan’s Master Patch List), and KB5005463 (PH Health Check, another of MS’s “we’ll fix your computer like WE want it patches).

        1 user thanked author for this post.
        • #2532199

          Despite my best efforts, KB4023057 got installed on my Windows 10 (21H2) computer. I haven’t seen any issues, but reading the posts on this thread, there could be changes that I don’t notice.

          Can I just uninstall it, or has any damage already been done and is not reversible?

           

          Harry

    • #2531120

      Hide: KB4023057, KB5012170 (It’s causing problems and is not recommended for installation on Susan’s Master Patch List), and KB5005463 (PH Health Check, another of MS’s “we’ll fix your computer like WE want it patches).

      I have installed KB4023057 (10 times), KB5012170 and KB5005463 and not a glitch on my Windows 10.

      • #2531144

        I have installed KB4023057 (10 times), KB5012170 and KB5005463 and not a glitch on my Windows 10.

        Your results are not everyone’s results.

        Carpe Diem {with backup and coffee}
        offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
        offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
        online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefender
    • #2531200

      Your results are not everyone’s results

      They probably are if you don’t mess with registry settings, 3rd party tweaking apps that change Windows settings (winaero..)..

    • #2531254

      Sooo…basically KB4023057 is similar to COVID??

      • We think we’ve seen the last of it, but it just keeps coming back.
      • It is likely going to be with us forever.
      • Some people get it with bad results.
      • Some people get it with no issues.
      • But it is best to block it from getting to you. (*I keeps my wushowhide mask on!)
      2 users thanked author for this post.
    • #2531353

      Upgraded to Win 11 22H2 end of January 2023.  Appears to be Win 10 22H2 with a lot of cosmetic changes.  No problems at all.  All my programs work fine.

    • #2532300

      Can I just uninstall it, or has any damage already been done and is not reversible?

      I uninstalled it from Windows 10 Pro 22H2 with no apparent side effects.

      Hope this helps…

      • #2532497

        Rick said:

        “I uninstalled it from Windows 10 Pro 22H2 with no apparent side effects.”

        This is really strange. when I go to ‘View update history’ on my Win 10 21H2, it clearly lists, under Update History->Quality Updates, KB4023057, which was successfully installed on 2/2/2023. It also list three previous Quality Updates, which were successfully installed between 10/27/2022 and 12/4/2022.

        Yet when I click on ‘Uninstall updates’ on that page, none of the 4 Quality Updates noted above are shown!

        Where have I gone wrong here?

        Harry

    • #2532513

      Where have I gone wrong here?

      You haven’t. You may have seen it ready to install like this… and thought it was a regular Windows Update:

      kb4023057

      However, as you’ve found out, it doesn’t appear when you click on View installed updates. That’s because it’s not really a Windows Update or a Quality Update… just Microsoft fudging things.

      As mentioned, you’ll find it in Control Panel > Programs and Features:

      microsoft-update-health-tools0

      Alternatively, you’ll find it in Settings > Apps & Features:

      microsoft-update-health-tools1

      A third way to uninstall it is to *right*-click on Start, choose Windows PowerShell (Admin) then, when the PowerShell console opens, enter cmd. This will drop you into an elevated CMD console. Now copy/paste the following and press RETURN/ENTER:

      MsiExec.exe /X{89581302-705F-42C5-99B0-E368A845DAD5} /qn

      This will uninstall KB4023057 silently.

      Hope this helps…

      • #2532777

        Rick:

        “As mentioned, you’ll find it in Control Panel > Programs and Features:”

         

        As you noted, it was in Programs and Features, so I was able to remove it

        But why in the h… would I look for something called ‘Microsoft Update Health Tools’ rather than looking for KB4023057, which is what it apparently was released as ??

        Harry

    • #2532521

      Oh… I said it was just Microsoft fudging things. What I meant was that it’s not a ‘regular’ install for several reasons.

      Although it can be uninstalled using MsiExec.exe, it’s not actually installed via a downloaded MSI file.

      Instead, it uses a tiny 20KB stub installer or programming shim:

      microsoft-update-health-tools2

      I found the uninstall string in the registry:

      microsoft-update-health-tools3

      … but for some reason couldn’t uninstall it via PowerShell:

      Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x{89581302-705F-42C5-99B0-E368A845DAD5} /qn"

      I suspect I may have got the syntax wrong.

    • #2532619

      The only problem with uninstalling it is, it has already done its “thing(s).” Much better to block its install with wushowhide or WUMgr before it installs if you don’t want it.

      • #2532778

        PKCano said:

        “The only problem with uninstalling it is, it has already done its “thing(s).” Much better to block its install with wushowhide or WUMgr before it installs if you don’t want it.”

        I have wushowhide installed, and I have watched Susan Bradley’s video on how to use it. But I have trouble using it: not sure why. So for ‘normal’ Windows updates, I have reverted to setting an install date far in the future, with hopes that the specific update will no longer appear by that date.

         

        Harry

    • #2532744

      I took a look at what this latest (Jan 2023) release of KB4023057 actually does from the moment I clicked on the Install now button in the Settings user interface (using Process Monitor).

      kb4023057_new

      Note: I ran this test on a clean install of Windows 10 Pro 22H2 that had had Windows 10 Decrapifier run on it to remove bloatware but no other changes as all, cetainly not to the Windows Update mechanism.

      From clicking Install now to completion was only ~10 seconds. I looked at 3 specific areas of activity afterwards – file system, network and registry.

      Network:
      There was almost no network activity apart from a few UDP receives (from a  IP address in Redmond) and a single UDP send from my test laptop to my router by process svchost.exe. I tend to think of UDP traffic as mostly innocuous are you there queries, much like the ping command. I saw no evidence of any outbound TCP connections, ‘phoning home’ for example.

      File System:
      There was very little file system activity apart from multiple WriteFile events by process SystemSettings.exe to a UpdateUX.<guid>.ETL log within C:\ProgramData\USOShared\Logs\User\. This was entirely expected.

      There were also multiple CreateFile\QueryBasicInformation\CloseFile events (but no WriteFile events) in temporary file locations (like C:\Windows\Temp and C:\Windows\ServiceProfiles\NetworkServices\AppData\Local\Temp) by process svchost.exe, almost like a permission check for file access (i.e. read/write/delete). This was unexpected but not unusual except for how often the same cycle of events was repeated in the same location, almost like ‘let me just check that one more time’.

      I saw no evidence of any new or changed system files related to Windows Update (or its related components like UpdateOrchestrator), i.e. this wasn’t an update to the existing mechanism.

      Registry:
      There was a *vast* amount of activity within the registry, the bulk of which was checking existing values.

      What was surprising was the number (almost 2000) of RegSetValue events (all DWORD entries with a value of 0) which were duplicated time and time again. In my experience DWORD entries are often used as toggle switches, with 0 (zero) being OFF and 1 being ON.

      Examples:

      The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings\PausedFeatureStatus was set 717 times to 0 by process svchost.exe.

      The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings\PausedQualityStatus was set 711 times to 0 by process svchost.exe.

      The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\StateVariables\RebootRequired was set 116 times to 0 by process svchost.exe. (I think this is the setting for whether Restart Required is shown in the Settings user interface.)

      The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\UxOption was set 48 times to 0 by process SystemSettings.exe. (Again, I believe this is an option within the Settings user interface but don’t know what option.)

      I could be wrong here (please jump in if you disagree) but this suggests the purpose of this particular release of KB4023057 is to set certain ‘paused’ settings within Windows Update to ‘unpaused’. I don’t use any ‘pause’ methods so cannot test this further.

      If anyone is interested in seeing the captured ProcMon .PML file (1.1MB) then say and I’ll post it as a .ZIP attachment.

      Hope this helps…

    Viewing 30 reply threads
    Reply To: MS-DEFCON 4: Patching weather is clearing

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: