MS-DEFCON 4: Patching weather is clearing

Topic

New Reply

ISSUE 20.04.1 • 2023-01-24 By Susan Bradley In general, the January updates have been well behaved. So far, I’m not seeing any trending issues with th
[See the full post at: MS-DEFCON 4: Patching weather is clearing]

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

abbodi86, lmacri, Pim, geekdom

Reply | Quote

Replies

2023-01 Update for Windows 11 Version 22H2 for x64-based Systems (KB4023057) has reared its ugly little head.

This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.

Source:
https://support.microsoft.com/en-us/topic/kb4023057-update-for-windows-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Coldheart9020

Reply | Quote

As I’ve said before, none of these ‘reviews’ are actually bad, what’s bad is the resetting it has done.  No patch should reset things.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Kirsty

Reply | Quote

My 3rd attempt (Are You Sure error geekdom posted about) to say I just Installed Kb4023057 as I always do – have never had any issues. Macrium images were made. WuMgr quick about it with no re-start indicated.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

Reply | Quote

The weather in the U.S.A. is like that too now.  Every now and then the sun comes out, the sky turns blue, and we actually get a halfway decent day.  On really rare occasions we get more than one such day in a row.

Have you seen the price of Tums? It's enough to give you heartburn.

Reply | Quote

Updated- 2023-01 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022303)

2023-01 Update for Windows 11 Version 22H2 for x64-based Systems (KB4023057)

Windows Malicious Software Removal Tool x64 – v5.109 (KB890830)

No problems.

Edition Windows 11 Pro
Version 23H2
Installed on ‎10/‎19/‎2022
OS build 22631.2715

Reply | Quote

And I will be republishing the HTML version of the spreadsheet – it messed up.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

wavy

Reply | Quote

Symptom: Start Menu and other shell components fail when Apps including Barco’s ClickShare access Office APIs

..You may experience various issues related to the Windows Shell on devices that are running Office ClickToRun, along with some third party applications that use Office APIs:

Event 1000 is logged in the Application event log. The event log reports that an application crashes for StartMenuExperienceHost.exe, ShellExperienceHost.exe, SearchUI.exe, with an error code 0xc000027b / -1073741189.

Errors in the Microsoft-Windows-AppModel-State event log mentioning the following error with various package names:

Triggered repair of state locations because operation SettingsInitialize against package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy hit error -2147024891.

The Windows Start Menu does not respond to mouse clicks or the Windows key.

Windows Search does not respond to mouse clicks on pressing the Search button or Windows+S key.

Cause

This may occur when a third party process such as ClickShare uses Office APIs on a computer where Office is deployed by using Office ClickToRun. Application packages’ permissions are being removed from the following Registry path:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders..

Workaround

Download the scripts to fix the issue when it happens, though the scripts cannot prevent the issue from re-occurring.

Open a Powershell prompt under the affected user identity, and run

PowerShell

Copy
.\FixUserShellFolderPermissions.ps1
If the script can’t access the registry key because the registry permissions are wiped out, then open an elevated Powershell prompt and run the following command:

PowerShell

Copy
FixUserShellFolderPermissions.ps1 -allprofiles
If an application doesn’t work, you may need to register the shell packages by running from the affected user the command

PowerShell

Copy
FixUserShellFolderPermissions.ps1 -register…

Reply | Quote

Just got..

Reply | Quote

I hid it with wushowhide and it’s not re-appeared in the WU queue.

Reply | Quote

Maybe I shouldn’t ask in this thread but…

So, all this month updates went ok but I realized one thing. I’m on win10 and I think I’m not getting offered the option to move from 21H2 to 22H2 since the moment I got the “you are eligible for windows 11 22H2, click here do start downloading, or click here if you want to stay on win10 for now”.

I avoided clicking either of those 2 for a few months, but is my not clicking “stay on win10 for now” wants preventing the win10 22H2 upgrade from showing up?

Reply | Quote

Download InControl from GRC. Put it on your desktop. Set it for Win10 and whatever version you want (21H2, 22H2).
That will fix your problem.

2 users thanked author for this post.

Coldheart9020, mazzinia

Reply | Quote

Susan Bradley wrote:

In general, the January updates have been well behaved.

My only complaint is that Edge Chromium keeps getting re-installed.  This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.

As usual, I used Revo Uninstaller to get rid of it, and I’ve inserted a registry key in an effort to stop this from happening.  The key is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
“DoNotUpdateToEdgeWithChromium”=dword:00000001

I’ll see how that works out.  I found the Blocker Toolkit at MajorGeeks.com.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

FYI, that regkey doesn’t work any more, guaranteed on W10!
Been there, done that, and disposed of it a while back.
I get the feeling that after next month, chromium based edge will be anchored deeper into W10 with the upcoming IE11 browser neuter next month.

Win8.1/R2 Hybrid lives on..

Reply | Quote

@bbearren

To prevent Edge Chromium from automatically getting re-installed you need to set the following registry key.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
"UpdateDefault"=dword:00000002

That key has four possible values and 2 = Manual updates only.

For full details, see Microsoft’s Update policy override default page.

3 users thanked author for this post.

oldfry, bbearren, geekdom

Reply | Quote

Coldheart9020 wrote:

I hid it with wushowhide and it’s not re-appeared in the WU queue.

I did not. It didn’t harm my PC with the last 10 times..057 installed.

Reply | Quote

bbearren wrote:

My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.

Microsoft Edge download for installation:
https://www.microsoft.com/en-us/edge/download?form=MA13FJ

Microsoft Store installation method:
https://apps.microsoft.com/store/detail/microsoft-edge-browser/XPFFTQ037JWMHS

1. How many other ways does Microsoft Edge install?

It shows in User apps and Provisioned Apps (as variation of MicrosoftEdge.stable).
This appearance in User Apps and Provisioned Apps may only occur if Microsoft Edge is installed through the Microsoft Store.

2. How many ways does Microsoft Edge update?

3. How many Microsoft Edge subprograms are associated with Microsoft Edge?

Microsoft Edge has tentacles.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

geekdom wrote:

Microsoft Edge download for installation: https://www.microsoft.com/en-us/edge/download?form=MA13FJ Microsoft Store installation method: https://apps.microsoft.com/store/detail/microsoft-edge-browser/XPFFTQ037JWMHS 1. How many other ways does Microsoft Edge install?

My point is that I don’t want Edge, so I’m not looking for ways to install it, just ways to permanently get rid of it.  I’m making progress.  In my registry I have

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
“DoNotUpdateToEdgeWithChromium”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
“UpdateDefault”=dword:00000002

I also have manually deleted everything Edge in Program Files (x86).

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

2 users thanked author for this post.

Rick Corbett, geekdom

Reply | Quote

Microsoft Edge has various ways of installing. Uninstalling it and getting rid of the remnants may be a tedious process depending on how it has been installed: via Microsoft Store, direct download, or bundled Microsoft update (which likely creates User App and Provisional App files). If Microsoft Edge has been installed through Microsoft Store and perhaps bundled update, Microsoft Edge must be removed from User Apps and Provisioned Apps.

After uninstalling Microsoft Edge, files are left behind which must be removed from EdgeCore and EdgeUpdate:

There are other files and folders left in User profiles such as Edge Wallet. I don’t know if these types of files need removal.

How Microsoft Edge is installed affects how to remove it and all remnants and perhaps prevent it from installing again.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

geekdom wrote:

Microsoft Edge has various ways of installing itself. Uninstalling it and getting rid of the remnants may be a tedious process depending on how it has been installed: via Microsoft Store, direct download, or bundled Microsoft update. If Microsoft Edge has been installed through Microsoft Store and perhaps bundled update, Microsoft Edge must be removed from User Apps and Provisioned Apps.

I’ve never wanted Edge, so direct download or Microsoft Store are completely out of my realm of possibilities.  The only way I’ve had it installed was via Update.  Also, Edge has never appeared in the Apps menu.

geekdom wrote:

Uninstalling it and getting rid of the remnants may be a tedious process

I dual boot.  Boot to the other side and it’s just right-click Delete.  Not at all tedious.  This is how I did it on both sides of my dual boot.  I booted into the B side (where there is no Edge) with internet access disconnected to prevent any Windows Update from downloading in the background, and added two entries to the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate]
“DoNotUpdateToEdgeWithChromium”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
“UpdateDefault”=dword:00000002

I then connected to the internet, checked for updates and got these:

KB5022303 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems
KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems

Edge did not get reinstalled via KB4023057 as I mentioned earlier in this thread.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

From your cited post:

bbearren wrote:

My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

geekdom wrote:

From your cited post:

bbearren wrote:

As usual, I used Revo Uninstaller to get rid of it, and I’ve inserted a registry key in an effort to stop this from happening.

That was the A side of my dual boot.  In following posts I have summarized the additional steps I have taken to prevent Edge from getting re-installed in future Windows Updates.  I don’t want Edge.

I then turned my attention to the B side of my dual boot, after deleting all the pertinent files in Program Files (x86) on the B side.

bbearren wrote:

This is how I did it on both sides of my dual boot. I booted into the B side (where there is no Edge) with internet access disconnected to prevent any Windows Update from downloading in the background, and added two entries to the registry:

I will be monitoring for any future invasive installations of Edge, and take additional measures if necessary.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

FWIW, I am still receiving Security Intelligence updates for Windows 8.1 as of Jan. 26.

Mark

 

1 user thanked author for this post.

Cybertooth

Reply | Quote

Thanks for the info. What does this mean for other Win 8.1 owners/users? Can this apply to all or just special setups?

Reply | Quote

The last supported security update for Win8.1 was released on Patch Tuesday 2023. It can be installed any time after that date, but Win8.1 has now reached End of Service and will no longer receive updates.

Reply | Quote

Checked for updates this morning and got KB5022360 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems.

No hiccups.  No Edge with this one.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

Microsoft Edge is a tenacious and pernicious virus for those of us who don’t want it… ever.

IMO it most definitely meets the criterion of malware.

1 user thanked author for this post.

Cybertooth

Reply | Quote

bbearren wrote:

My only complaint is that Edge Chromium keeps getting re-installed. This morning during off hours I got KB4023057 Update for Windows 11 Version 22H2 for x64-based Systems, which installed Edge once more.

I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?

What’s the link with Microsoft Edge?

Or is that only on Windows 11, not Windows 10?

I’m confused. It doesn’t take a lot these days. 🙂

 

Reply | Quote

Rick Corbett wrote:

I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?

From the KB article:

“This update includes reliability improvements to Windows Update Service components in all editions of Windows 10, version 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, and Windows 11, version 21H2, 22H2. It may take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.”

That was the only update I received, and Edge had reappeared when I signed on that morning.  Edge had been uninstalled a couple of weeks prior.

 

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

bbearren wrote:

Rick Corbett wrote:

I thought KB4023057 was Microsoft Update Health Tools? Did I get that wrong?

From the KB article:

“This update includes reliability improvements to Windows Update Service components in all editions of Windows 10, version 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, and Windows 11, version 21H2, 22H2. It may take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

This update includes files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows.”

That was the only update I received, and Edge had reappeared when I signed on that morning.  Edge had been uninstalled a couple of weeks prior.

 

OK, I see the relevance to Windows 10 but… there’s no mention of Microsoft Edge at all.

Sounds like Microsoft playing fast and loose yet again. Shocker.

Another pillar of Microsoft’s ‘Trustworthy Computing’?

The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees.

Do I trust Microsoft to put me as a customer at the forefront if it dissembles what its updates are doing? Have a guess. 🙂

Reply | Quote

Rick Corbett wrote:

No mention of Microsoft Edge at all then.

Correct.  What I know for sure is that it was not there the day before, and after that update there was an Edge shortcut on my desktop, and Revo Uninstaller Pro showed it to be a fresh installation.

Microsoft may very well be installing Edge on its own without it being part of any update.  Who can say?  Or it may have checked my installation, noticed Edge missing, and included it as “files and resources that address issues that affect the update processes in Windows that may prevent important Windows updates from being installed.”

I’m of the opinion that there are numerous versions of every update in order to facilitate the very complex Windows installed base environment.  In other words, you and I may both get KB4023057 but what we get may have variations to suit our hardware/software particulars.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

[tj42-19]

Hi Susan,

When you say it’s okay to install the January updates, do you mean all of them on your Master Patch list for 01-24-23 or just the items on the 01-24-23 Master Patch list that says “Install”? I have only been updating the updates that say “Install” on the specific update lists, and always hide the ones you say to avoid or defer and don’t update/install until your Master Patch list says “Install”. Am I doing this correctly.

Thank you

• This reply was modified 10 months, 1 week ago by tj42-19.

Reply | Quote

I only install the updates that are listed as “install”.    IMHO that’s what she intends.

Reply | Quote

Windows 10 Home 21H2 here, hid as per my usual practice KB4023057 and installed 2023-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5022282) without any issue through WuMgr.

Oddly enough, I had trouble with the Windows Malicious Software Removal Tool x64 – v5.109 (KB890830) update, did this happen to anyone else?

On the first attempt (through WuMgr) KB890830 was downloaded, but the installation remained stuck (20+ minutes) doing nothing and in Task Manager I spotted the executable corresponding to the update running, but “idling” doing nothing at 1% CPU usage. I killed the process, rebooted and ran WuMgr again: it reported KB890830 as already downloaded and I hit the install button, but the installation was apparently stuck again. This time in Task Manager I spotted MRT.exe (i.e. the Windows Malicious Software Removal Tool executable) “idling”. Killed the process, rebooted, ran WuMgr and it reported a successful install of KB890830.

Also, I planned to switch to 22H2 during this DEFCON4 period, but I’m not being offered this feature update (no, please don’t say it’s because I avoid KB4023057, since I have been offered every previous feature update). I checked that 22H2 is the target version in the relevant registry key and running InControl confirms that 22H2 is targeted, but the update does not show up. Might have to go through the ISO update process.

Reply | Quote

After I installed Cumulative KB5022287, tested ok & created restore pt, My Win 11 Pro started to download and install KB5019274. Described as optional preview ..I quickly paused updates until 3/5. Saw nothing on KB5019274 when I searched forums
Will await advice. https://support.microsoft.com/en-us/topic/january-19-2023-kb5019274-os-build-22000-1516-preview-ace2511d-586e-41b0-b213-3a89d97565a4

KB4023057 was also installed which appears controversial on forums. Since the PC seems to work ok, I’ll leave alone. Have created restore point and image back up prior to update so I can reverse anything that doesn’t turn it into a smoking pile of parts.

 

 

Reply | Quote

Run WUmgr, click the Search button (circular arrows) and then hide any previews. Now you can relax until the next update cycle.

cheers, Paul

1 user thanked author for this post.

MrToad28

Reply | Quote

hello, im using win10 right now and still on win10 pro 21h2
im skipping windows december windows update

for this months this is what is listed in my windows update
2023-01 Update for Windows 10 Version 21H2 for x64-based Systems (KB4023057)
Windows Malicious Software Removal Tool x64 – v5.109 (KB890830)
2023-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5022282)
2022-12 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 (KB5021088)

so my question are : 1. is it safe to run the update because i check my laptop and it have 2 hidparse.sys files while my pc only have 1? and do i miss something that i need to download manually maybe from december or november msdefcon?? i usually only running update on windows update
2. is it safe now to update to win10 22H2?

Reply | Quote

Susan is actually recommending that Users upgrade to 22H2. It seems to be stable at this point.

You may want to hide KB4023057. This is what the MS documentation says it does:

• For feature update information for Windows 10, version 1809, 1903, 1909, 2004, and 20H2, see KB 5001716.
• This update may request your device to stay awake longer to enable installation of updates.

  Note The installation will respect any user-configured sleep configurations and also your “active hours” when you use your device the most.

• This update may try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully.
• This update may repair disabled or corrupted Windows operating system components that determine the applicability of updates to your version of Windows.
• This update may compress files in your user profile directory to help free up enough disk space to install important updates.
• This update may reset the Windows Update database to repair the problems that could prevent updates from installing successfully. Therefore, you may see that your Windows Update history was cleared.

Reply | Quote

My Dell Inspiron is running Win 10 21H2 build 19044.1766

Based on Susan Bradley’s recommendation that Win 10 22H2 is OK, I used InControl to give that permission.

Today WU offers “Feature Update to Windows 10, version 22H” without any KB number.  Is that the update from 21H2 to 22H2?

If so, would it make sense to use WUMgr to do ONLY that one update, and temporarily ignore the handful of other updates offered by WU?  Those are

• KB4023057 (PK has advised to hide this one)
• KB890830 (MSRT)
• KB5022546 (.NET 6.0.13 security update)
• KB5021088 (cumulative update for .NET framework)
• KB5012170 (security update for 21H2)
• KB5005463 (update for 21H2)

Thank you for advice.

 

Reply | Quote

Hide: KB4023057, KB5012170 (It’s causing problems and is not recommended for installation on Susan’s Master Patch List), and KB5005463 (PH Health Check, another of MS’s “we’ll fix your computer like WE want it patches).

1 user thanked author for this post.

AlphaCharlie

Reply | Quote

Despite my best efforts, KB4023057 got installed on my Windows 10 (21H2) computer. I haven’t seen any issues, but reading the posts on this thread, there could be changes that I don’t notice.

Can I just uninstall it, or has any damage already been done and is not reversible?

 

Harry

Reply | Quote

It doesn’t seem to cause damage, just not required.

cheers, Paul

Reply | Quote

PKCano wrote:

Hide: KB4023057, KB5012170 (It’s causing problems and is not recommended for installation on Susan’s Master Patch List), and KB5005463 (PH Health Check, another of MS’s “we’ll fix your computer like WE want it patches).

I have installed KB4023057 (10 times), KB5012170 and KB5005463 and not a glitch on my Windows 10.

Reply | Quote

Alex5723 wrote:

I have installed KB4023057 (10 times), KB5012170 and KB5005463 and not a glitch on my Windows 10.

Your results are not everyone’s results.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

geekdom wrote:

Your results are not everyone’s results

They probably are if you don’t mess with registry settings, 3rd party tweaking apps that change Windows settings (winaero..)..

Reply | Quote

Sooo…basically KB4023057 is similar to COVID??

• We think we’ve seen the last of it, but it just keeps coming back.
• It is likely going to be with us forever.
• Some people get it with bad results.
• Some people get it with no issues.
• But it is best to block it from getting to you. (*I keeps my wushowhide mask on!)

2 users thanked author for this post.

jburk07, Cybertooth

Reply | Quote

Upgraded to Win 11 22H2 end of January 2023.  Appears to be Win 10 22H2 with a lot of cosmetic changes.  No problems at all.  All my programs work fine.

Reply | Quote

hmw3 wrote:

Can I just uninstall it, or has any damage already been done and is not reversible?

I uninstalled it from Windows 10 Pro 22H2 with no apparent side effects.

Hope this helps…

Reply | Quote

Rick said:

“I uninstalled it from Windows 10 Pro 22H2 with no apparent side effects.”

This is really strange. when I go to ‘View update history’ on my Win 10 21H2, it clearly lists, under Update History->Quality Updates, KB4023057, which was successfully installed on 2/2/2023. It also list three previous Quality Updates, which were successfully installed between 10/27/2022 and 12/4/2022.

Yet when I click on ‘Uninstall updates’ on that page, none of the 4 Quality Updates noted above are shown!

Where have I gone wrong here?

Harry

Reply | Quote

Look in Control Panel\Programs & Features.

Reply | Quote

hmw3 wrote:

Where have I gone wrong here?

You haven’t. You may have seen it ready to install like this… and thought it was a regular Windows Update:

However, as you’ve found out, it doesn’t appear when you click on View installed updates. That’s because it’s not really a Windows Update or a Quality Update… just Microsoft fudging things.

As mentioned, you’ll find it in Control Panel > Programs and Features:

Alternatively, you’ll find it in Settings > Apps & Features:

A third way to uninstall it is to *right*-click on Start, choose Windows PowerShell (Admin) then, when the PowerShell console opens, enter cmd. This will drop you into an elevated CMD console. Now copy/paste the following and press RETURN/ENTER:

MsiExec.exe /X{89581302-705F-42C5-99B0-E368A845DAD5} /qn

This will uninstall KB4023057 silently.

Hope this helps…

Reply | Quote

Rick:

“As mentioned, you’ll find it in Control Panel > Programs and Features:”

 

As you noted, it was in Programs and Features, so I was able to remove it

But why in the h… would I look for something called ‘Microsoft Update Health Tools’ rather than looking for KB4023057, which is what it apparently was released as ??

Harry

Reply | Quote

Oh… I said it was just Microsoft fudging things. What I meant was that it’s not a ‘regular’ install for several reasons.

Although it can be uninstalled using MsiExec.exe, it’s not actually installed via a downloaded MSI file.

Instead, it uses a tiny 20KB stub installer or programming shim:

I found the uninstall string in the registry:

… but for some reason couldn’t uninstall it via PowerShell:

Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/x{89581302-705F-42C5-99B0-E368A845DAD5} /qn"

I suspect I may have got the syntax wrong.

Reply | Quote

The only problem with uninstalling it is, it has already done its “thing(s).” Much better to block its install with wushowhide or WUMgr before it installs if you don’t want it.

Reply | Quote

PKCano said:

“The only problem with uninstalling it is, it has already done its “thing(s).” Much better to block its install with wushowhide or WUMgr before it installs if you don’t want it.”

I have wushowhide installed, and I have watched Susan Bradley’s video on how to use it. But I have trouble using it: not sure why. So for ‘normal’ Windows updates, I have reverted to setting an install date far in the future, with hopes that the specific update will no longer appear by that date.

 

Harry

Reply | Quote

I took a look at what this latest (Jan 2023) release of KB4023057 actually does from the moment I clicked on the Install now button in the Settings user interface (using Process Monitor).

Note: I ran this test on a clean install of Windows 10 Pro 22H2 that had had Windows 10 Decrapifier run on it to remove bloatware but no other changes as all, cetainly not to the Windows Update mechanism.

From clicking Install now to completion was only ~10 seconds. I looked at 3 specific areas of activity afterwards – file system, network and registry.

Network:
There was almost no network activity apart from a few UDP receives (from a  IP address in Redmond) and a single UDP send from my test laptop to my router by process svchost.exe. I tend to think of UDP traffic as mostly innocuous are you there queries, much like the ping command. I saw no evidence of any outbound TCP connections, ‘phoning home’ for example.

File System:
There was very little file system activity apart from multiple WriteFile events by process SystemSettings.exe to a UpdateUX.<guid>.ETL log within C:\ProgramData\USOShared\Logs\User\. This was entirely expected.

There were also multiple CreateFile\QueryBasicInformation\CloseFile events (but no WriteFile events) in temporary file locations (like C:\Windows\Temp and C:\Windows\ServiceProfiles\NetworkServices\AppData\Local\Temp) by process svchost.exe, almost like a permission check for file access (i.e. read/write/delete). This was unexpected but not unusual except for how often the same cycle of events was repeated in the same location, almost like ‘let me just check that one more time’.

I saw no evidence of any new or changed system files related to Windows Update (or its related components like UpdateOrchestrator), i.e. this wasn’t an update to the existing mechanism.

Registry:
There was a *vast* amount of activity within the registry, the bulk of which was checking existing values.

What was surprising was the number (almost 2000) of RegSetValue events (all DWORD entries with a value of 0) which were duplicated time and time again. In my experience DWORD entries are often used as toggle switches, with 0 (zero) being OFF and 1 being ON.

Examples:

The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings\PausedFeatureStatus was set 717 times to 0 by process svchost.exe.

The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings\PausedQualityStatus was set 711 times to 0 by process svchost.exe.

The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\StateVariables\RebootRequired was set 116 times to 0 by process svchost.exe. (I think this is the setting for whether Restart Required is shown in the Settings user interface.)

The value of HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\UxOption was set 48 times to 0 by process SystemSettings.exe. (Again, I believe this is an option within the Settings user interface but don’t know what option.)

I could be wrong here (please jump in if you disagree) but this suggests the purpose of this particular release of KB4023057 is to set certain ‘paused’ settings within Windows Update to ‘unpaused’. I don’t use any ‘pause’ methods so cannot test this further.

If anyone is interested in seeing the captured ProcMon .PML file (1.1MB) then say and I’ll post it as a .ZIP attachment.

Hope this helps…

Reply | Quote