ISSUE 20.04.1 • 2023-01-24 By Susan Bradley In general, the January updates have been well behaved. So far, I’m not seeing any trending issues with th
[See the full post at: MS-DEFCON 4: Patching weather is clearing]
Susan Bradley Patch Lady
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » MS-DEFCON 4: Patching weather is clearing
Tags: alerts Hardware drivers macOS Ventura MS-DEFCON MS-DEFCON 4 Printer Drivers Windows Recovery Environment
ISSUE 20.04.1 • 2023-01-24 By Susan Bradley In general, the January updates have been well behaved. So far, I’m not seeing any trending issues with th
[See the full post at: MS-DEFCON 4: Patching weather is clearing]
Susan Bradley Patch Lady
2023-01 Update for Windows 11 Version 22H2 for x64-based Systems (KB4023057) has reared its ugly little head.
This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.
My 3rd attempt (Are You Sure error geekdom posted about) to say I just Installed Kb4023057 as I always do – have never had any issues. Macrium images were made. WuMgr quick about it with no re-start indicated.
W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0
The weather in the U.S.A. is like that too now. Every now and then the sun comes out, the sky turns blue, and we actually get a halfway decent day. On really rare occasions we get more than one such day in a row.
Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.
Updated- 2023-01 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022303)
2023-01 Update for Windows 11 Version 22H2 for x64-based Systems (KB4023057)
Windows Malicious Software Removal Tool x64 – v5.109 (KB890830)
No problems.
Edition Windows 11 Pro
Version 22H2
Installed on 10/19/2022
OS build 22621.1702
..You may experience various issues related to the Windows Shell on devices that are running Office ClickToRun, along with some third party applications that use Office APIs:
Event 1000 is logged in the Application event log. The event log reports that an application crashes for StartMenuExperienceHost.exe, ShellExperienceHost.exe, SearchUI.exe, with an error code 0xc000027b / -1073741189.
Errors in the Microsoft-Windows-AppModel-State event log mentioning the following error with various package names:
Triggered repair of state locations because operation SettingsInitialize against package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy hit error -2147024891.
The Windows Start Menu does not respond to mouse clicks or the Windows key.
Windows Search does not respond to mouse clicks on pressing the Search button or Windows+S key.
Cause
This may occur when a third party process such as ClickShare uses Office APIs on a computer where Office is deployed by using Office ClickToRun. Application packages’ permissions are being removed from the following Registry path:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders..
Workaround
Download the scripts to fix the issue when it happens, though the scripts cannot prevent the issue from re-occurring.
Open a Powershell prompt under the affected user identity, and run
PowerShell
Copy
.\FixUserShellFolderPermissions.ps1
If the script can’t access the registry key because the registry permissions are wiped out, then open an elevated Powershell prompt and run the following command:PowerShell
Copy
FixUserShellFolderPermissions.ps1 -allprofiles
If an application doesn’t work, you may need to register the shell packages by running from the affected user the commandPowerShell
Copy
FixUserShellFolderPermissions.ps1 -register…
Maybe I shouldn’t ask in this thread but…
So, all this month updates went ok but I realized one thing. I’m on win10 and I think I’m not getting offered the option to move from 21H2 to 22H2 since the moment I got the “you are eligible for windows 11 22H2, click here do start downloading, or click here if you want to stay on win10 for now”.
I avoided clicking either of those 2 for a few months, but is my not clicking “stay on win10 for now” wants preventing the win10 22H2 upgrade from showing up?
In general, the January updates have been well behaved.
My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.
As usual, I used Revo Uninstaller to get rid of it, and I’ve inserted a registry key in an effort to stop this from happening. The key is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
“DoNotUpdateToEdgeWithChromium”=dword:00000001
I’ll see how that works out. I found the Blocker Toolkit at MajorGeeks.com.
FYI, that regkey doesn’t work any more, guaranteed on W10!
Been there, done that, and disposed of it a while back.
I get the feeling that after next month, chromium based edge will be anchored deeper into W10 with the upcoming IE11 browser neuter next month.
To prevent Edge Chromium from automatically getting re-installed you need to set the following registry key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
"UpdateDefault"=dword:00000002
That key has four possible values and 2 = Manual updates only.
For full details, see Microsoft’s Update policy override default page.
My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.
Microsoft Edge download for installation:
https://www.microsoft.com/en-us/edge/download?form=MA13FJ
Microsoft Store installation method:
https://apps.microsoft.com/store/detail/microsoft-edge-browser/XPFFTQ037JWMHS
1. How many other ways does Microsoft Edge install?
It shows in User apps and Provisioned Apps (as variation of MicrosoftEdge.stable).
This appearance in User Apps and Provisioned Apps may only occur if Microsoft Edge is installed through the Microsoft Store.
2. How many ways does Microsoft Edge update?
3. How many Microsoft Edge subprograms are associated with Microsoft Edge?
Microsoft Edge has tentacles.
Microsoft Edge download for installation: https://www.microsoft.com/en-us/edge/download?form=MA13FJ Microsoft Store installation method: https://apps.microsoft.com/store/detail/microsoft-edge-browser/XPFFTQ037JWMHS 1. How many other ways does Microsoft Edge install?
My point is that I don’t want Edge, so I’m not looking for ways to install it, just ways to permanently get rid of it. I’m making progress. In my registry I have
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
“DoNotUpdateToEdgeWithChromium”=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
“UpdateDefault”=dword:00000002
I also have manually deleted everything Edge in Program Files (x86).
Microsoft Edge has various ways of installing. Uninstalling it and getting rid of the remnants may be a tedious process depending on how it has been installed: via Microsoft Store, direct download, or bundled Microsoft update (which likely creates User App and Provisional App files). If Microsoft Edge has been installed through Microsoft Store and perhaps bundled update, Microsoft Edge must be removed from User Apps and Provisioned Apps.
After uninstalling Microsoft Edge, files are left behind which must be removed from EdgeCore and EdgeUpdate:
There are other files and folders left in User profiles such as Edge Wallet. I don’t know if these types of files need removal.
How Microsoft Edge is installed affects how to remove it and all remnants and perhaps prevent it from installing again.
Microsoft Edge has various ways of installing itself. Uninstalling it and getting rid of the remnants may be a tedious process depending on how it has been installed: via Microsoft Store, direct download, or bundled Microsoft update. If Microsoft Edge has been installed through Microsoft Store and perhaps bundled update, Microsoft Edge must be removed from User Apps and Provisioned Apps.
I’ve never wanted Edge, so direct download or Microsoft Store are completely out of my realm of possibilities. The only way I’ve had it installed was via Update. Also, Edge has never appeared in the Apps menu.
Uninstalling it and getting rid of the remnants may be a tedious process
I dual boot. Boot to the other side and it’s just right-click Delete. Not at all tedious. This is how I did it on both sides of my dual boot. I booted into the B side (where there is no Edge) with internet access disconnected to prevent any Windows Update from downloading in the background, and added two entries to the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
“DoNotUpdateToEdgeWithChromium”=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
“UpdateDefault”=dword:00000002
I then connected to the internet, checked for updates and got these:
KB5022303 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems
KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems
Edge did not get reinstalled via KB4023057 as I mentioned earlier in this thread.
From your cited post:
My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.
From your cited post:
As usual, I used Revo Uninstaller to get rid of it, and I’ve inserted a registry key in an effort to stop this from happening.
That was the A side of my dual boot. In following posts I have summarized the additional steps I have taken to prevent Edge from getting re-installed in future Windows Updates. I don’t want Edge.
I then turned my attention to the B side of my dual boot, after deleting all the pertinent files in Program Files (x86) on the B side.
This is how I did it on both sides of my dual boot. I booted into the B side (where there is no Edge) with internet access disconnected to prevent any Windows Update from downloading in the background, and added two entries to the registry:
I will be monitoring for any future invasive installations of Edge, and take additional measures if necessary.
Checked for updates this morning and got KB5022360 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems.
No hiccups. No Edge with this one.
My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.
I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?
What’s the link with Microsoft Edge?
Or is that only on Windows 11, not Windows 10?
I’m confused. It doesn’t take a lot these days. 🙂
I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?
From the KB article:
“This update includes reliability improvements to Windows Update Service components in all editions of Windows 10, version 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, and Windows 11, version 21H2, 22H2. It may take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.
This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.”
That was the only update I received, and Edge had reappeared when I signed on that morning. Edge had been uninstalled a couple of weeks prior.
I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?
From the KB article:
“This update includes reliability improvements to Windows Update Service components in all editions of Windows 10, version 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, and Windows 11, version 21H2, 22H2. It may take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.
This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.”
That was the only update I received, and Edge had reappeared when I signed on that morning. Edge had been uninstalled a couple of weeks prior.
OK, I see the relevance to Windows 10 but… there’s no mention of Microsoft Edge at all.
Sounds like Microsoft playing fast and loose yet again. Shocker.
Another pillar of Microsoft’s ‘Trustworthy Computing’?
The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees.
Do I trust Microsoft to put me as a customer at the forefront if it dissembles what its updates are doing? Have a guess. 🙂
No mention of Microsoft Edge at all then.
Correct. What I know for sure is that it was not there the day before, and after that update there was an Edge shortcut on my desktop, and Revo Uninstaller Pro showed it to be a fresh installation.
Microsoft may very well be installing Edge on its own without it being part of any update. Who can say? Or it may have checked my installation, noticed Edge missing, and included it as “files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed.”
I’m of the opinion that there are numerous versions of every update in order to facilitate the very complex Windows installed base environment. In other words, you and I may both get KB4023057 but what we get may have variations to suit our hardware/software particulars.
Hi Susan,
When you say it’s okay to install the January updates, do you mean all of them on your Master Patch list for 01-24-23 or just the items on the 01-24-23 Master Patch list that says “Install”? I have only been updating the updates that say “Install” on the specific update lists, and always hide the ones you say to avoid or defer and don’t update/install until your Master Patch list says “Install”. Am I doing this correctly.
Thank you
Windows 10 Home 21H2 here, hid as per my usual practice KB4023057 and installed 2023-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5022282) without any issue through WuMgr.
Oddly enough, I had trouble with the Windows Malicious Software Removal Tool x64 – v5.109 (KB890830) update, did this happen to anyone else?
On the first attempt (through WuMgr) KB890830 was downloaded, but the installation remained stuck (20+ minutes) doing nothing and in Task Manager I spotted the executable corresponding to the update running, but “idling” doing nothing at 1% CPU usage. I killed the process, rebooted and ran WuMgr again: it reported KB890830 as already downloaded and I hit the install button, but the installation was apparently stuck again. This time in Task Manager I spotted MRT.exe (i.e. the Windows Malicious Software Removal Tool executable) “idling”. Killed the process, rebooted, ran WuMgr and it reported a successful install of KB890830.
Also, I planned to switch to 22H2 during this DEFCON4 period, but I’m not being offered this feature update (no, please don’t say it’s because I avoid KB4023057, since I have been offered every previous feature update). I checked that 22H2 is the target version in the relevant registry key and running InControl confirms that 22H2 is targeted, but the update does not show up. Might have to go through the ISO update process.
After I installed Cumulative KB5022287, tested ok & created restore pt, My Win 11 Pro started to download and install KB5019274. Described as optional preview ..I quickly paused updates until 3/5. Saw nothing on KB5019274 when I searched forums
Will await advice. https://support.microsoft.com/en-us/topic/january-19-2023-kb5019274-os-build-22000-1516-preview-ace2511d-586e-41b0-b213-3a89d97565a4
KB4023057 was also installed which appears controversial on forums. Since the PC seems to work ok, I’ll leave alone. Have created restore point and image back up prior to update so I can reverse anything that doesn’t turn it into a smoking pile of parts.
hello, im using win10 right now and still on win10 pro 21h2
im skipping windows december windows update
for this months this is what is listed in my windows update
2023-01 Update for Windows 10 Version 21H2 for x64-based Systems (KB4023057)
Windows Malicious Software Removal Tool x64 – v5.109 (KB890830)
2023-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5022282)
2022-12 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 (KB5021088)
so my question are : 1. is it safe to run the update because i check my laptop and it have 2 hidparse.sys files while my pc only have 1? and do i miss something that i need to download manually maybe from december or november msdefcon?? i usually only running update on windows update
2. is it safe now to update to win10 22H2?
Susan is actually recommending that Users upgrade to 22H2. It seems to be stable at this point.
You may want to hide KB4023057. This is what the MS documentation says it does:
- For feature update information for Windows 10, version 1809, 1903, 1909, 2004, and 20H2, see KB 5001716.
- This update may request your device to stay awake longer to enable installation of updates.
Note The installation will respect any user-configured sleep configurations and also your “active hours” when you use your device the most.
- This update may try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully.
- This update may repair disabled or corrupted Windows operating system components that determine the applicability of updates to your version of Windows.
- This update may compress files in your user profile directory to help free up enough disk space to install important updates.
- This update may reset the Windows Update database to repair the problems that could prevent updates from installing successfully. Therefore, you may see that your Windows Update history was cleared.
My Dell Inspiron is running Win 10 21H2 build 19044.1766
Based on Susan Bradley’s recommendation that Win 10 22H2 is OK, I used InControl to give that permission.
Today WU offers “Feature Update to Windows 10, version 22H” without any KB number. Is that the update from 21H2 to 22H2?
If so, would it make sense to use WUMgr to do ONLY that one update, and temporarily ignore the handful of other updates offered by WU? Those are
Thank you for advice.
Hide: KB4023057, KB5012170 (It’s causing problems and is not recommended for installation on Susan’s Master Patch List), and KB5005463 (PH Health Check, another of MS’s “we’ll fix your computer like WE want it patches).
I have installed KB4023057 (10 times), KB5012170 and KB5005463 and not a glitch on my Windows 10.
I have installed KB4023057 (10 times), KB5012170 and KB5005463 and not a glitch on my Windows 10.
Your results are not everyone’s results.
Sooo…basically KB4023057 is similar to COVID??
Rick said:
“I uninstalled it from Windows 10 Pro 22H2 with no apparent side effects.”
This is really strange. when I go to ‘View update history’ on my Win 10 21H2, it clearly lists, under Update History->Quality Updates, KB4023057, which was successfully installed on 2/2/2023. It also list three previous Quality Updates, which were successfully installed between 10/27/2022 and 12/4/2022.
Yet when I click on ‘Uninstall updates’ on that page, none of the 4 Quality Updates noted above are shown!
Where have I gone wrong here?
Harry
Where have I gone wrong here?
You haven’t. You may have seen it ready to install like this… and thought it was a regular Windows Update:
However, as you’ve found out, it doesn’t appear when you click on View installed updates. That’s because it’s not really a Windows Update or a Quality Update… just Microsoft fudging things.
As mentioned, you’ll find it in Control Panel > Programs and Features:
Alternatively, you’ll find it in Settings > Apps & Features:
A third way to uninstall it is to *right*-click on Start, choose Windows PowerShell (Admin) then, when the PowerShell console opens, enter cmd. This will drop you into an elevated CMD console. Now copy/paste the following and press RETURN/ENTER:
MsiExec.exe /X{89581302-705F-42C5-99B0-E368A845DAD5} /qn
This will uninstall KB4023057 silently.
Hope this helps…
Rick:
“As mentioned, you’ll find it in Control Panel > Programs and Features:”
As you noted, it was in Programs and Features, so I was able to remove it
But why in the h… would I look for something called ‘Microsoft Update Health Tools’ rather than looking for KB4023057, which is what it apparently was released as ??
Harry
Oh… I said it was just Microsoft fudging things. What I meant was that it’s not a ‘regular’ install for several reasons.
Although it can be uninstalled using MsiExec.exe, it’s not actually installed via a downloaded MSI file.
Instead, it uses a tiny 20KB stub installer or programming shim:
I found the uninstall string in the registry:
… but for some reason couldn’t uninstall it via PowerShell:
Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x{89581302-705F-42C5-99B0-E368A845DAD5} /qn"
I suspect I may have got the syntax wrong.
PKCano said:
“The only problem with uninstalling it is, it has already done its “thing(s).” Much better to block its install with wushowhide or WUMgr before it installs if you don’t want it.”
I have wushowhide installed, and I have watched Susan Bradley’s video on how to use it. But I have trouble using it: not sure why. So for ‘normal’ Windows updates, I have reverted to setting an install date far in the future, with hopes that the specific update will no longer appear by that date.
Harry
I took a look at what this latest (Jan 2023) release of KB4023057 actually does from the moment I clicked on the Install now button in the Settings user interface (using Process Monitor).
Note: I ran this test on a clean install of Windows 10 Pro 22H2 that had had Windows 10 Decrapifier run on it to remove bloatware but no other changes as all, cetainly not to the Windows Update mechanism.
From clicking Install now to completion was only ~10 seconds. I looked at 3 specific areas of activity afterwards – file system, network and registry.
Network:
There was almost no network activity apart from a few UDP receives (from a IP address in Redmond) and a single UDP send from my test laptop to my router by process svchost.exe. I tend to think of UDP traffic as mostly innocuous are you there queries, much like the ping command. I saw no evidence of any outbound TCP connections, ‘phoning home’ for example.
File System:
There was very little file system activity apart from multiple WriteFile events by process SystemSettings.exe to a UpdateUX.<guid>.ETL log within C:\ProgramData\USOShared\Logs\User\. This was entirely expected.
There were also multiple CreateFile\QueryBasicInformation\CloseFile events (but no WriteFile events) in temporary file locations (like C:\Windows\Temp and C:\Windows\ServiceProfiles\NetworkServices\AppData\Local\Temp) by process svchost.exe, almost like a permission check for file access (i.e. read/write/delete). This was unexpected but not unusual except for how often the same cycle of events was repeated in the same location, almost like ‘let me just check that one more time’.
I saw no evidence of any new or changed system files related to Windows Update (or its related components like UpdateOrchestrator), i.e. this wasn’t an update to the existing mechanism.
Registry:
There was a *vast* amount of activity within the registry, the bulk of which was checking existing values.
What was surprising was the number (almost 2000) of RegSetValue events (all DWORD entries with a value of 0) which were duplicated time and time again. In my experience DWORD entries are often used as toggle switches, with 0 (zero) being OFF and 1 being ON.
Examples:
The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings\PausedFeatureStatus was set 717 times to 0 by process svchost.exe.
The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings\PausedQualityStatus was set 711 times to 0 by process svchost.exe.
The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\StateVariables\RebootRequired was set 116 times to 0 by process svchost.exe. (I think this is the setting for whether Restart Required is shown in the Settings user interface.)
The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\UxOption was set 48 times to 0 by process SystemSettings.exe. (Again, I believe this is an option within the Settings user interface but don’t know what option.)
I could be wrong here (please jump in if you disagree) but this suggests the purpose of this particular release of KB4023057 is to set certain ‘paused’ settings within Windows Update to ‘unpaused’. I don’t use any ‘pause’ methods so cannot test this further.
If anyone is interested in seeing the captured ProcMon .PML file (1.1MB) then say and I’ll post it as a .ZIP attachment.
Hope this helps…
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.