• MS-DEFCON 4: Win11 22H2 not ready for prime time

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 4: Win11 22H2 not ready for prime time

    Author
    Topic
    #2547315

    ISSUE 20.13.1 • 2023-03-28 By Susan Bradley March updates are ready. Windows 11 22H2, not so much. It’s time to install the updates for the March rele
    [See the full post at: MS-DEFCON 4: Win11 22H2 not ready for prime time]

    Susan Bradley Patch Lady

    6 users thanked author for this post.
    Viewing 25 reply threads
    Author
    Replies
    • #2547322

      With Windows XP, Vista, 7 and 10, I used to ignore the toddler pool, but instead I dove straight into the deep end.

      No more. For my Windows 11 machine I’ll trustingly wait for Susan to give the all clear.

      I think I’ll stick a Susan Shortcut on my desktop.

      1 Desktop W11
      1 Laptop W10
      Both tweaked to look, behave and feel like Windows 95
    • #2547326

      March updates for W10 22H2: To work around the “no-restart” issue with KB5023696 (You’re up to date) .. after a brief wait period I clicked on “Pause updates for 7 days”.

      Then nothing much happened, but after awhile I was offered a “Resume updates” button, which I clicked on and everything proceeded as normal and the restart button popped up .. as normal.  All done!

      3 users thanked author for this post.
    • #2547330

      Special note: Although there are many sources on the Web regarding KB5007651, Microsoft does not seem to have its usual dedicated page. Accordingly, we have not provided a link.

      But if you click the Learn more link after “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2302.21002)” at Settings, Windows Update, Update history, Definition updates you get this page:

      Windows Security Update

      This update provides latest updates for Windows Security platform, which is comprised of the Windows Security app and its underlying service.

      To obtain the current version of Windows Security app, please run powershell command below:

      Get-AppPackage Microsoft.SecHealthUI

      More about Windows Security app here.

      https://prod.support.services.microsoft.com/en-us/topic/windows-security-update-a6ac7d2e-b1bf-44c0-a028-41720a242da3

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    • #2547331

      Here’s a slightly bizarre bug. As described in this Tweet by Will Dormann, following a very basic set of steps to edit, crop, and save an image results in — nothing. The saved file is the same as the original. That bug is certainly of concern, and it appears that Microsoft will be fixing it soon.

      Same size, but not the same image.

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

      1 user thanked author for this post.
    • #2547346

      Update for Microsoft Defender Antivirus antimalware platform – KB4052623 (Version 4.18.2302.7)

      This update is now available and appeared yesterday. I don’t know what it does and have not yet installed it. It does, however, appear in the Microsoft Update Catalog.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
      • #2547365

        Update for Microsoft Defender Antivirus antimalware platform – KB4052623 (Version 4.18.2302.7) This update is now available and appeared yesterday. I don’t know what it does and have not yet installed it. It does, however, appear in the Microsoft Update Catalog.

        Hi geekdom:

        I have a Win 10 Pro v22H2 OS and Windows Update automatically delivered this month’s KB4052623 (the monthly platform update for Microsoft Defender) today at the same time as my daily virus definition update. KB4052623 updated my Microsoft Defender platform from v4.18.2301.6 (rel. 14-Feb-2023) to the latest 4.18.2302.7 (rel. 27-Mar-2023), while my scan engine remains at v1.1.20100.6. Release notes for the monthly Microsoft Defender platform and scan engine updates are available in the MS support article Microsoft Defender Antivirus Security Intelligence and Product Updates.

        WIn-10-Pro-v22H2-Windows-Updated-History-KB4052623-MS-Defender-Platform-v4_18_2302_7-28-Mar-2023

        I re-booted after KB4052623 was installed and this update doesn’t appear to be causing any problems on my Win 10 Pro v22H2 laptop. If I click the Windows Security icon in my system tray (or go to Settings | Update & Security | Windows Security | Open Windows Security) and choose Settings | About I now see:

        WIn-10-Pro-v22H2-Windows-Security-Settings-About-MS-Defender-Platform-v4_18_2302_7-28-Mar-2023

        As far as I know the Local Security Authority (LSA) and persistent restart alerts that Susan mentioned in today’s MS-DEFCON 4: Win11 22H2 Not Ready for Prime Time only affect Win 11 v21H2 and v22H2 users who install KB5007651. According to the 21-Mar-2023 BleepingComputer article Microsoft: Defender Update Behind Windows LSA Protection Warnings:

        “This issue affects only ‘Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2302.21002).’ All other Windows updates released on March 14, 2023 for affected platforms (KB5023706 and KB5023698), do not cause this issue.”

        ————-
        Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2728 * Firefox v111.0.1 * Microsoft Defender v4.18.2302.7-1.1.20100.6 * Malwarebytes Premium v4.5.25.256-1.0.1957 * Macrium Reflect Free v8.0.7279

        1 user thanked author for this post.
        • #2547834

          KB4052623 installed while I wasn’t looking. It behaved nicely.

          Carpe Diem {with backup and coffee}
          offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
          offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
          online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
          1 user thanked author for this post.
    • #2547349

      However, I’d rather see Microsoft fix another issue — where Snip and Sketch doesn’t recognize the desktop version of Outlook as a platform that one can send the image to for emailing. I kid you not — we upgraded from Windows 7 to Windows 10 just because we loved the feature enhancements to the snipping tool in Windows 10. I am disappointed with the Snip and Sketch release in Windows 11 and do not feel that it is comparable. I’m hoping that one of these days Microsoft will fix that issue as well.

      What feature do you feel is missing from Windows 11 Snipping Tool?

      I don’t think anything is missing:

      SS-vs.-ST-differences

      Windows 11 Snipping Tool can share to Outlook desktop contacts (tested).

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    • #2547353

      There is a workaround using several registry keys. It gets rid of the error, but it’s not recommended by Microsoft on its release health dashboard. I’d prefer to have Microsoft fix the issue rather than deal with a workaround.

      Workarounds is what I do, for the past 25+ years.  Some I figure out myself, some I find online.  In this case there were only two registry DWORDS, and one was already in place, so I only needed to add the second and assign its value.  And I get this:

      Windows-Security

      I understand that you prefer not to do this, but for me it’s a regular thing.  And for me, Windows 11 22H2 is a very good OS.  I have yet to experience any of the quirks upon which you have elaborated.

       

       

       

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

      3 users thanked author for this post.
      • #2547364

        No warnings above Local Security Authority Protection after you click on Device security then Core isolation?

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        • #2547371

          No warnings above Local Security Authority Protection after you click on Device security then Core isolation?

          To whom are you addressing this question?

          Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
          We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

          • #2547376

            Did I not use an acceptable salutation or something?

            Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

            • #2547384

              Did I not use an acceptable salutation or something?

              I prefer clarity.

              Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
              We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

        • #2547385

          No warnings above Local Security Authority Protection after you click on Device security then Core isolation?

          Core-Isolation

          Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
          We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

    • #2547372

      MS-DEFCON 4: Win11 22H2 not ready for prime time

      The latest bug was introduced by the update for the Microsoft Defender antivirus/antimalware platform (KB5007651, version 1.0.2302.21002). The bug introduces an error on Windows 11 22H2, stating that “Local Security Authority protection is off. Your device may be vulnerable.”

      The only Windows 11 bug you mention under this “22H2” headline also applies to Windows 11 21H2:

      “Local Security Authority protection is off.” with persistent restart
      Once enabled, your Windows device might persistently notify you that it is vulnerable, and a restart is required.

      Windows 11, version 21H2 known issues

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    • #2547396

      In a recent bugfest, exploits abounded in countless cases including Teams applications, Tesla cars, Ubuntu desktops, MacOS, and — as expected — Windows 11 22H2.

      How do you know that was version 22H2, or not equally applicable to 22H1?

      ALL other sites only report a competition exploit of a flaw in Windows 11:

      https://www.bing.com/search?PC=U523&q=Marcin+Wi%c4%85zowski+used+an+improper+input+validation+bug+to+elevate+privileges+on+Windows+11

      This site always seems to need a big, bad ogre to fear. It used to be Windows 8, then Windows 10. Now you’ve taken a dislike to 11-22H2 for no apparent good reason. You’ve given three separate not-good-reasons today alone. Yet you see no issues with 11-22H2 on your office computers.

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    • #2547409

      I have been using Win 11 Pro since the first test versions were released to the Insider Dev Channel. Those were in a VM since Microsoft changed the Dev channel to include features that won’t be in future releases. It has been my daily production OS since the day it was officially released. It has been stable and reliable. Are there some irritations with the UI? Aboslutely, yes and I’ve either adjusted my habits or found a work around. But overall it has been just fine for me.

      --Joe

      2 users thanked author for this post.
    • #2547417

      Just installed KB5023696 on one of my PCs – win10 pro, 22H2.  No issues, no BSOD,  prompted me for a restart.  Bottom line nothing abnormal

      1 user thanked author for this post.
    • #2547413

      Thanks for all your hard work, Susan!!  Considering the issues with the March 2023 updates (SSD speeds, computers stuck on “updating” after restarting, and some Wi-Fi adapters not functioning correctly), it seems a little early to lower to DEFCON-4.  These issues, while well documented elsewhere (BleepingComputer, etc.), have not been addressed on the main AskWoody website.

      1 user thanked author for this post.
      • #2547434

        Win10 or Win11 update?   Slow SSD?  Wifi issues?   Post links.

        • #2547501

          Slow ssd has been reported on Windows 11 22h2 but again, in the reddit forums.  On my deployed Windows 11 here at the office and the new laptop at home I’m not seeing it.

          Susan Bradley Patch Lady

          1 user thanked author for this post.
          • #2550438

            Many of us still on Win 10, me 22H2- you focus too much on Win 11 here and in newsletters on Win 11 updates. I have to comb through other users posts to see if any issues with Win 10 updates & what to do about them.

            • #2550583

              Always look on the master patch list for issues.  If there were I would specifically call them out.  10 has been quiet and well behaved.

              Susan Bradley Patch Lady

              1 user thanked author for this post.
            • #2551091

              I do check the Master Patch List, but March KB5023696 had difficulty installing-stuck at 20% after repeated tries. Had to restart several times, didn’t help,  finally shut PC down  & then started fresh and finally installed. So  not all smooth sailing on Win 10.

              Would’ve been nice if you saw other users posts with  same issue and addressed it.

      • #2547500

        Remember what I say, not everyone sees issues.  And especially if you read something on reddit those folks are gamers and do strange things to their systems.

        Susan Bradley Patch Lady

        4 users thanked author for this post.
    • #2547451

      it looks like both RTM/21H2 & 22H2 versions of Windows 11 recently got their “preview” updates this Tuesday morning March 28 after 10am pacific local time:

      KB5023778 (build 22621.1485)
      https://support.microsoft.com/help/5023778

      KB5023774 (build 22000.1761)
      https://support.microsoft.com/help/5023774

      note – these new preview updates seem to resolve some new issues with usb printers

      This update addresses an issue that affects USB printers. The system classifies them as multimedia devices even though they are not.

      1 user thanked author for this post.
    • #2547511

      Guinea Pig Update (guinea pig perpetual moment (motion) machine)
      Version and build after update: Win11Pro 22H2.22621.1485

      Microsoft Update Catalog downloaded and installed:

      • 2023-03 Cumulative Update Preview for Windows 11 Version 22H2 for x64-based Systems (KB5023778)

      Installed without error and the system rebooted without error.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
    • #2547542

      This may be slightly off the topic but I am looking to move to a new PC and laptop which give me the option of specifying Windows 10 Pro or Windows 11 Pro.  Unfortunately, no version identification is given for either the Win 11 or Win 10.  Given the issues with the Win 11 mentioned in this article, should I pursue getting a Win 10 version and then move to Win 11 when Win 11 is more “grownup”?  Thanks for your help on this issue.

      • #2547552

        Most likely you will get 22H2 for either win10 or win11.   I was in the same situation as you when I bought a PC in December.  I choose win10.  I figured it will be supported until the fall of 2025.  By then win11 should have “matured”.

        1 user thanked author for this post.
      • #2547699

        Susan Bradley,

        Do you have any comments about whether a new PC and laptop should be windows 10 or windows 11?  Thank you very much for your work on this forum and website.  It is greatly appreciated.

        • #2547710

          For most users, Windows 11 will be fine on a new machine. You will have an adjustment period for the UI changes. Some of the changes can be mitigated within Windows. Also, there are third-party apps to change the start menu. Microsoft continues to change Windows 11 by adding back some missing functionality and adding new functionality.

          As I said above, I’ve used Win 11 as my production OS since it was first released and have found it to be stable and acceptably performant.

          --Joe

        • #2547940

          Susan,

          Do you have any comments to the above question  ref #2547699?

          thanks very much.

          • #2547944

            These are Susan’s recommendations from the Master Patch List. If you get a PC with Win11 now, it will be v22H2.

            I recommend Windows 10 22H2 or 21H2 at this time. I do not recommend deploying Windows 11  22H2 as it’s too soon for production use.  

            • Windows 11 22H2: Not recommended

            • Windows 11 21H2: If you have a Windows 11 PC, recommended

            • Windows 10 22H2: Recommended

            • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)

            • #2548043

              Thank you very much for the clarification of what is recommended or not recommended.  I am able to order the PC and laptop with windows 10 so it looks like Windows 10.  Just have to verify that they would be version of 22H2 or 21H2.   Thanks again.

    • #2547645

      It is unusual for me to have a problem updating my Win 10 22H2 Home, but yesterday after Susan said to update I started the download. Almost immediately within say 5 minutes it showed You are up to date. That sounded too quick so I reopened Win Update and it showed Downloading 0% complete.

      My Ethernet Status was showing downloading at an extremely slow rate, like a few MB per hour. Again after a few minutes Win Upd again showed You are up to date. Reopened Win Upd and still downloading 0% complete. This went on for several hours. I did notice Delivery Optimization had been turned on by the update as I NEVER have that on as I do not want who knows what worldly PC passing stuff to my PC. I turned that off and still no change to horrible download speed (all other stuff on PC downloading quickly).

      So I figured it was just MS overwhelmed and would try next day.

      Today same thing. Out of desperation I finally decided to risk a Restart in the middle of a download. And, BOOM, everything started working. Downloaded 750 MB quickly and started install. Very weird.

      Win Upd also installed a printer driver update. So maybe that had something to do with it.

       

      2 users thanked author for this post.
      • #2547671

        See #post-2547326 above.  May have saved you some worries, but the main thing is that it worked out in the end.

        2 users thanked author for this post.
    • #2547796

      See #post-2547326 above.

      Mine was a slightly different manifestation of the same problem as mine started normally but then went into that false up to date.

      Another different manifestation on my other Win 10 22H2 Home was that it started normally but instead of going into an up to date loop it just immediately gave me an errror with a retry button. Again I fixed it with a restart.

      So whatever the cause is I feel sorry for people not using AskWoody as those people probably have no idea why their PC won’t update but pretends to be updated.

      2 users thanked author for this post.
    • #2547884

      Ok I now updated 2 PCs both win10 22h2 via KB5023696.  Absolutely no issues. No BSODs, presented request to reset after installation and PCs work fine.

      1 user thanked author for this post.
    • #2548061

      Have installed the Win 10 22H2 KB5023696 on 3 PC’s. Two laptops and one custom desktop. No issues whatsoever.

    • #2548083

      Hard to be positive it was a result of this update, but too coincidental that Windows Search stopped working. Service could not be started. Stopped immediately. And when I noticed this, there were 933 error 1067’s in Event Manager.

      I had no indexes. It was VERY difficult to get working and not 100% what of the things I did worked to get it back and indexed again. I did delete the registry key whith search options which broke Microsoft office instantly, and then re-merging the WinSearch Options key got it to start indexing. But I did a few other things like DISM and SFC (which found something, though did not start the service again) and Troubleshooter for Search.

      Some combination worked. And MANY reboots in between.

    • #2548134

      Just a heads up. In the article I said that after rebooting on the Windows 11 22H2 it’s not fixed. What’s not fixed is the cosmetic bug. LSA security is functional even WITHOUT the registry key. But I still consider this cosmetic bug as a big issue. Why? Because it’s yet another false alert I have to mentally go “oh yeah, that’s a Windows 11 machine that is still impacted, I can ignore this” on every impacted 11. But therein lies the rub, because the security center is no longer accurate I may miss something in the alert section.
      Bottom line cosmetic bugs to someone who relies on GUI indicators is still a big problem that needs to be addressed sooner versus later.

      Susan Bradley Patch Lady

      • #2548149

        Windows 11 21H2 too:

        “Local Security Authority protection is off.” with persistent restart
        Once enabled, your Windows device might persistently notify you that it is vulnerable, and a restart is required.

        Confirmed 2023-03-21

        Windows 11, version 21H2 known issues

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    • #2548502

      I am Win10/Pro, 22H2 on two laptops.
      KB5023696 CU for Windows installed, producing a RESTART button on both laptops.
      KB5024670 CU for .NET 6.0.15 installed, producing a RESTART button on one laptop and NOT producing a RESTART button on the other one, but it IS installed according to Apps & Features, Control Panel>Programs and Features, and Update History.

      2 users thanked author for this post.
    • #2548511

      producing a RESTART button on one laptop and NOT producing a RESTART button on the other one

      Probably one PC was running an app that used .NET files so required a restart to free and updates files while and the other PC didn’t not.

      1 user thanked author for this post.
    • #2549741

      I have the March updates paused until April 13, 2023. When do you think it will be safe to update? The only update Belarc is showing is KB5023706 and I have Avg Free Antivirus installed. I’m getting nervous that they will auto update when the April updates start next week. Thanks for your help.

      Edition Windows 11 Pro
      Version 22H2
      Installed on ‎10/‎19/‎2022
      OS build 22621.1702

      • #2549758

        We only had 1 issue with the March updates and that was a win10 system which was waaay out of date. Lost her HP USB printer but reinstall of printer software fixed that.

        Updated 5 windows 11 systems with no issues running eset, the LSA warning on one that uses windows defender but just left the warning for now. Haven’t had any reports of issues with the others that do their own updating. Note none have start all or any of those type programs.

        Never Say Never

        2 users thanked author for this post.
        • #2549763

          Success! Took 8 minutes to download and 2 restarts but everything is working including the Brothers printer. Now I can pause updates again. LOL Thank you very much for giving me confidence.

          Edition Windows 11 Pro
          Version 22H2
          Installed on ‎10/‎19/‎2022
          OS build 22621.1702

          2 users thanked author for this post.
    • #2550151

      guys, anyone having issues installing KB5023765 on Server 2012 r2?

      what I see is some of the vms take a really long time to apply this update. often takes a few attempts. not all of them.

    • #2551219

      So  not all smooth sailing on Win 10.

      For most including me (I am using WUmgr) it was smooth sailing.
      Update problems are unique to each Windows OS configuration, using 3rd party hacking tools, software running in the background (you should disable A/V app prior to installing updates, unless you don’t trust Microsoft that may add malware to updates)..

      1 user thanked author for this post.
    Viewing 25 reply threads
    Reply To: MS-DEFCON 4: Win11 22H2 not ready for prime time

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: