• Patch Lady – Windows 10 update facilitation service

    Home » Forums » Newsletter and Homepage topics » Patch Lady – Windows 10 update facilitation service

    • This topic has 52 replies, 24 voices, and was last updated 5 years ago by anonymous.

    Spotted this on the listing of patches tonight….  https://support.microsoft.com/en-us/help/4056254/windows-10-update-facilitation-service This updat
    [See the full post at: Patch Lady – Windows 10 update facilitation service]

    Susan Bradley Patch Lady/Prudent patcher

    5 users thanked author for this post.
    Viewing 23 reply threads
    • #198225

      Will be interesting to see if MS can break into my 1511 and, for at least the third time, attempt to alter the software on my machine without my express approval. I have WU service disabled. Got rid of the self healing stuff. Got rid of the tasks in Task Scheduler. Run SpyBot AntiBeacon. MS, stay away from my machine. I like it the way it is. And that, given the mutated smartphone user interface you bolted onto it, is almost a miracle in and of itself. And get rid of the ribbon too. Or at least give us the option to going back to a menu system that worked.

      Maybe this turned into a rant. Apologies.

      Stay tuned – if they get me I’ll try to send word for rescue. How do you guys keep track of what MS is doing to your machines? Courage!

      2 users thanked author for this post.
    • #198231

      At the rate things are going with Win 10, I’m thankful I’m still on Win 7.  My prediction is AskWoody will be seeing more and more articles on Chrome, MacOS, and Linux.

      MS bugged the heck out of me to upgrade, but when I tried to, my Win 10 wouldn’t run on my laptop.

      3 users thanked author for this post.
      • #198368

        Agreed, but I hope we’ll also begin to see articles on how to retain Windows 7 in the safest possible way, and so avoid all the problems associated with upgrading to the least secure version of Windows (as evidenced by every monthly summary of vulnerabilities). Chrome, MacOS and Linux aren’t viable operating systems for some users, and nor is Windows 10. Some, perhaps many, users will want to continue with Windows 7 beyond January 2020 and I hope that guidance will be offered on the best way of doing just that.

        7 users thanked author for this post.
        • #198476

          It will definitely be possible to run Win7 after EOL, but to be safe after that date it will need to remain offline.

          I am still running WinXP, but it is sandboxed in a VM.  I have some expensive old software that will either not install, or run, on a modern Windows.

          So start making plans now for which OS you are going to run your online life with.  There really is no alternative for that, if security and privacy are a concern.  The solution could be as simple as an inexpensive Chromebook, or a tablet.  Using one of the new gadgets will get you connected to most of the cloud and/or social apps that you need to manage your life with.

          But if you want to keep running Windows 7, you had better keep it offline only, and move files the old school way, with a shared drive or an external drive.  At least you can continue to use your Windows applications that way.  🙂

          Windows 10 Pro 22H2

          • #198491

            EOL in 2020 won’t make a mature OS like Windows 7 insecure. It will depend on what you are using your computer for and what exploits are discovered.

            Safe practices will keep you secure after that date as they keep you secure now. There are people running Windows 7 now who don’t get updates and they can maintain security at a high level.

            1 user thanked author for this post.
            • #198518

              LOL, good luck then!  You are entitled to your opinion, but many security experts would disagree with you.  So if you are an expert and use sandboxing or other mitigations to secure your computer, then you do not represent the average user here.

              Just look what happened with the XP exploits that were discovered after MS quit patching it.  Any vulnerabilities that are discovered in Win7 after 2020 will never be fixed.  https://www.computerworld.com/article/3196686/security/kill-switch-helps-slow-the-spread-of-wannacry-ransomware.html

              So you can just about count on malware authors trying to exploit one of the most widely used Windows OS.  It won’t be about zero-days anymore!

              Some might argue that Win7 is more secure than XP ever was, and that may be true, but malware has evolved over the years and is now much more sophisticated too.

              Windows 10 Pro 22H2

            • #198556

              Back in 2014 there was a lot of FUD about XP going EOS and not getting updates any more, with dark predictions that hackers were stockpiling zero-day exploits to unleash in the weeks following the final Patch Tuesday for XP. Bazillions of XP users were set to get attacked and their computers taken over by the bad guys.

              If any of this came to pass, I didn’t hear about it–and I keep up with the tech press.


              1 user thanked author for this post.
            • #198559

              It’s happening, just not in the breathless apocalyptic fashion that the media would love to rant about.

              Look at the exploits on out of date systems running point of sale software and the data breaches of related customer data.

              There are still many vulnerable systems running out there.  Besides data breaches, ransomware is very popular these days.

              Feeling lucky?  We’ll see…

              Windows 10 Pro 22H2

            • #198622

              LOL we should all be paranoid the EOL monster is coming.

              I consistently update Security Only updates on my Windows 7 64 bit systems and I can’t remember the last update that is keeping me secure.

              Smart and safe practices will keep people secure after 2020. Many secure practices today are what you do in your browser regarding cookies, Javascript, sites you frequent, User Account Control, DNS settings and things you download.

              It is probably more important to have updates for your browser than your system and running a good antivirus with regular malware scans should be part of the defenses.

              If State hackers want to hack your system then they will do it and it doesn’t matter what system you use updated or not.

              If you are running a sensitive server system or a remote desktop system obviously duty of care would be to have a fully updated system. Although this may not make any difference.

              Saying that it will be interesting to see what exploits emerge and one needs to always be vigilant and visiting this website helps obviously. YMMV

              1 user thanked author for this post.
    • #198250

      KB4056254 looks like a morphing of March 2018’s KB4023057 which had unblocked disabled or blocked Windows Update on Win 10. …

      This update includes reliability improvements that affect the update service components in Windows 10 Versions 1507, 1511, 1607, and 1703.

      This update includes files and resources that address issues that affect the update processes in Windows 10. These improvements ensure that quality updates are installed seamlessly on your device and help to improve the reliability and security of devices running Windows 10.


      This update includes a background service to facilitate Windows Update service on devices running Home or Pro editions of Windows 10 Versions 1507, 1511, 1607, and 1703.

      This update includes files and resources to address issues affecting background update processes in the Windows Update servicing stack. Maintaining Window Update service health and performance helps ensure that quality updates are installed seamlessly on your device and help to improve the reliability and security of devices running Windows 10.

      Seems, from April to June 2018, some savvy Win 10 users have found new ways to disable or block Windows Update. So, M$ has to come out with KB4056254 to “neutralize” their efforts. It’s like a cat-and-mouse game.

      8 users thanked author for this post.
      • #198291

        I think you’re exactly right. Expect more howls of pain when people are upgraded to new versions of Win10 while actively trying to keep it away.

        3 users thanked author for this post.
      • #198472

        Thx for this hint. I’ve covered the whole thing in Windows 10: Update Facilitation Service (KB4056254) – and I’ve also gave some background details about KB4023057 within my older blog post Windows 10 reliability update KB4023057 (02/08/2018)

        Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author


        2 users thanked author for this post.
      • #199587

        A new post says about KB4056254 aka “Windows Update Facilitator”

        I’m on 1709 and have just been offered this update (needless to say I blocked it). I checked the MS page for KB4056254 and it still clearly states “Only certain builds of Windows 10 Versions 1507, 1511, 1607, and 1703 require this update.”, no mention of 1709.”

        The poster is absolutely correct; when this KB appeared in Feb it was to force feed us v1709; this version which appeared in June apparently wants to force feed us v1803. As reported, this is cojoined with Update Assistant V2 — the V2 obviously meaning for the next (v1803).

        I despise Microsoft for this.

        Edit to remove HTML

        1 user thanked author for this post.
    • #198298

      Windows Update Blocker has a newer version out. You can now add as many items to the block list as you feel you need to.

      2 users thanked author for this post.
    • #198342

      Patch Lady,

      Not a user of Windows 10, but a fan of the Master Patch List, I give you my thanks for keeping it up to date and us all informed, in such a pithy way, about what is going on.

      Group B, Windows 7 Pro, SP1 x64, Intel I-7 “sandy bridge.”


      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      3 users thanked author for this post.
    • #198366

      This looks to me like just another means of ensuring that you will update your Windows 10 version when Microsoft want you to.

      2 users thanked author for this post.
    • #198370

      Just what we need, another service running in the background…

      …that does what Microsoft wants, not what the user wants or needs.

      Of course, Microsoft would say that we all need Windows as a Service, but just don’t know it yet.

      Never forget, just back in Win 8.1 one could trim a Windows system down to what, 39 processes to support desktop operations? Low 30s for Win 7? Now it’s what with Win 10, 100?


      5 users thanked author for this post.
      • #198405

        ust what we need, another service running in the background.

        That does what Microsoft wants, not what the user wants or needs.

        Of course, Microsoft would say that we all need Windows as a Service, but just don’t know it yet.

        This is an important point.  It’s why I have come to say that the only acceptable role for an OS is to serve the hardware (upon which the OS runs) owner in a manner defined by that owner, without conflict, equivocation, or reservation.

        An operating system, by necessity, has access to every bit of information stored on that PC, or that passes through it.  It is a position that requires the utmost in trust.

        If the PC was a government of a hypothetical country (this is an analogy, not political commentary!), the OS would have to have the very highest security clearance possible, because it would have access to every single bit of classified and top secret information in existence.  I can’t even imagine what it would take to get that kind of security clearance, or if it would even exist– but if so, it would not be an easy thing to acquire, nor to keep.

        In such a hypothetical country, one would expect security clearances to regularly be denied to individuals who possess potential conflicts of interest.  They don’t even have to be real conflicts; if a person’s acquaintances, friends, family, opinions, hobbies, etc., suggest even a potential conflict, the person would be denied clearance to prevent any situation where a person might be torn between allegiances.  There can’t be more than one allegiance.

        In terms of Windows 10, there clearly is more than one allegiance.  It’s supposed to be serving the owner of the PC, but it also tries to serve the interests of Microsoft.  That often creates a conflict of interest, like when the owner of the PC wants to skip a given feature update.  Microsoft, of course, wants this PC on the latest build, and they have the means to make that happen regardless of what the PC owner wants (especially with the Home edition).

        In situations like that, it’s very easy to get into the line of thinking where that conflict is resolved by telling yourself that you ARE serving the interests of the owner by updating his PC against his wishes, because he’s safer and he doesn’t understand how great this new build is and blah blah blah.  Human minds (and MS is made up of people that have those) are wonderful at finding reasons to justify what they want to do when it doesn’t match what they know they should do!   And once the questionable action is taken, they will cling religiously to the justification to avoid having that vanquished conflict make itself known once again.

        That’s why an OS must unequivocally serve exactly one entity, and that’s the one who owns the PC.  It’s not good enough to say that it should serve the owner to the greatest degree possible, but also Microsoft if it doesn’t conflict with the interests of the PC owner in any way.  That would be a huge improvement over what we have now with Windows 10, but it’s still not good enough.  If serving Microsoft is in the to-do list at all, the tendency to define the owner’s interests in a way that happens to also serve Microsoft’s interests will always be there.  The OS needs to serve only the owner of the PC, and only in the manner defined by that owner.  Anything else is grounds to deny that security clearance, and an OS that does not have security clearance is good for nothing.

        Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
        XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
        Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

        • #198425

          At the very least, with a very pragmatic view, Microsoft could offer the choice of being on the high development bandwagon or not. I would not be offended if they tried hard to patch you for security, but left a few advanced ways for those who want to control patching at a finer level for various valid reasons like hardware incompatibility.

          The biggest problem is they push new features and their related hardware obsolescence and mix that with patching for security and bugs they keep introducing. So, in reality, most people get a constantly not so stable OS, and less secure OS too because of the constant influx of new vulnerabilities due to constant adding of stuff. In the end, the product, called Windows 10, is an experience in issues of varying degree, plus a tool of monetization. This is not a great value proposition, compared to what Windows 7 has been for so many of us. The product they sell you now is a disposable, potentially less safe, tool for Microsoft.

          Right now, we are far from the good intentions of keeping us more safe through highly suggested patching for security reasons only.

          I will cite our friend here, David da Neve, that developer who tried to sum up the reasons why Microsoft does it that way and defend the corporate agenda that he drinks happily, responding to a criticism about the model, saying that everybody adopted this rapid development model and they were late to the party so it is only normal they do things that way. It is that kind of attitude, nothing personal against the guy who seems nice, that creates this ridiculous situation for Windows. Everybody does it, so we should do it, just like with the monetization aspect of Windows. This is done with complete disregard for how well it fits with the needs of the customers, that creates this tentatively perfect rapid development process (which they still struggle to perfect to say the least), that requires third-party software providers to not not hop along with them, that fills a need that doesn’t exist at the customer level and ends up resulting in a product that many don’t want. Sure, some people like some gamers or insiders that don’t care too much about security and prefer new features might be happy if the issues don’t affect their gaming, but the market for Windows is much larger than those people. I still wonder why people would ask that much for that kind of development model for Windows. The only thing I see on the field is either indifference or annoyance.

          What happens when a perfect process produces the wrong product in the long run when there are alternatives? I can’t believe there won’t be some company that won’t realizes it can pick up the ball at some point. The market, despite being mature, is huge and unlike in the Windows 98 era where we didn’t know better, since XP we got to experience a much better OS landscape long enough to expect better than what Windows 10 is as an OS.


          9 users thanked author for this post.
          • #198498

            I will cite our friend here, David da Neve, that developer who tried to sum up the reasons why Microsoft does it that way and defend the corporate agenda that he drinks happily, responding to a criticism about the model, saying that everybody adopted this rapid development model and they were late to the party so it is only normal they do things that way.

            As everyone’s mom used to say, “If everyone else jumped off a bridge, would you do it too?”

            The devil, as usual, is in the details.  Ubuntu (to use an example with which I am familiar) has twice a year releases, but some of those (one every other year) are LTS releases that are fully supported for five years.  Not only that, but there’s never any pressure to upgrade… do it if you want, or don’t; it’s up to you.  It’s your computer, after all!

            If Microsoft offered users the chance to remain on one version for five years with full security and bugfix support, and made it (like all other updates) completely optional, there would be far fewer complaints about the update schedule.

            In Windows, the whole rapid update schedule seems to be about marketing.  MS decided that Windows 10 was going to get “feature updates” twice a year, so every six months, they have to come up with enough features to fill a press release and to get the tech journos talking, which benefits Microsoft in several ways (not the least of which is the free advertising, but it also serves to distract everyone from the new monetization methods and attempts to control people’s PCs that may be in any given version).  It doesn’t really matter if the users of Windows 10 actually had any desire for any of these features.  It’s not about them!

            Ubuntu, on the other hand, doesn’t even code the vast majority of the changes that go into a new release.  A Linux distro is not one project… it’s dozens or hundreds of mostly unrelated smaller projects that keep right on moving with their own updates according to their own update schedules.  The Ubuntu devs know that no matter what they do (or don’t do), there will always be lots of changes coming from upstream.  Some of those changes are tested and added to the repo for the current versions of Ubuntu, which makes them appear as updates for users of that version.  Some things, like a new version of X11, don’t work so well with that system (they have a greater chance to break software their users have installed, which defeats the purpose of LTS), so they’re reserved for the next point update, where they can be tested with all of the other new components that have come along since the previous release.  And, of course, you can avoid any version you wish.

            In Ubuntu, it is the code changes from upstream that necessitate the new releases.  In Windows 10, it’s all developed by one company; there’s no “upstream” about it. It’s silly to copy a release schedule that’s based on the “bazaar” development method used in a Linux distro (and by open source software in general) and to try to apply it to the “cathedral.”  (I refer to Eric S. Raymond’s famous essay here).

            Microsoft may have copied the rapid release schedule, but they didn’t copy what makes it work.  Those kinds of things are bound to happen when you try to copy things you don’t understand, as Microsoft quite evidently does not when it comes to open source.

            Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
            XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
            Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

            8 users thanked author for this post.
    • #198372

      The issue I see is that that screen has never been used before and I’d probably think I had a virus or root kit on my machine.

      In a certain sense, you kinda have…

      But it’s probably a tool to help users off of their outdated versions?

    • #198382

      Clearly yet another attemp by Microsoft to actively trick and /or force educated, pro-active  users onto a know bug ridden version of Win 10 that most certainly is not ready for business use.

      I am really starting to get the feeling something is Very Wrong in MS land.  MS now appears to be getting absolutely “shakin’ in their boots” desperate when it comes to Win 10 migration.

      • #198385

        It has been a couple more years gone by now. But I remember when we discussed how desperate Microsoft seemed to be about making good on the 1 billion devices by D-date. It was missed horribly. Your comment reminded me of that.

    • #198395

      Facilitation sounds very helpful, doesn’t it.

      When you want to control people, you want to facilitate aids to may sure they stay within your boundaries.

      1 user thanked author for this post.
    • #198413

      You are reading it wrong by my understanding. UAC will only pop for people not using Windows Update, that means WSUS or other MS supported business solutions.

    • #198418

      ? says:

      from 1/25/2018:

      https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/what-is-kb4056254/cca55505-fbbb-4c27-9b14-335bda499918. wanted to download it and peek inside however i could not find it in the catalog…

    • #198448

      Click …. Awh the light finally turned on.

      Microsoft originally foisted KB4056254 on unsuspecting W10 users back on January 25th-ish 2018 from how it appears in a google search for KB4056254.  I have it blocked with “Show and Hide” and it must have been some time ago I did cause I do not remember doing it.

    • #198462


      The June 2018 Cumulative KB4284874 for Win10 v1703 from the Windows  Update Catalog contains and installs the dreaded Windows 10 Update Assistant V2.

      It installs in the ?:\Windows\UpdateAssistantV2 folder which should be deleted before the horror show in the folder can execute.

      If memory serves the sole purpose this delightful piece of MS designed MalWare is to undo and /or reset every single User set or altered Service / PC Setting / Group Policy impediment to a forced version upgrade.

      2 users thanked author for this post.
      • #198509

        It’s also included in KB4284880 June 2018 cumulative update for v1607 as well, Viperjohn.

        1 user thanked author for this post.
    • #198473

      I will attempt to block it and if it gets thru, I will simply put an image back on and shut down windows update permanently . ( Group W ). Microsoft can take a big fat flying leap. There are enough third party security programs out there to get along just fine without them. I think a majority of users out there are sick and tired of their rotten attitude towards the public who’s support by the way, pays for their very existence. Without us, there is no them. Not a rant, just a factual observation.

    • #198504

      Is it time for some of you W10 users to ask Josh Mayfield to design a kb4056254 control panel?

    • #198574

      Hey Y’all,

      I’m on 1709 and I found the UpdateAssistantV2 folder on my machine, but it is empty!

      HTH 😎

      May the Forces of good computing be with you!


      PowerShell & VBA Rule!
      Computer Specs

      1 user thanked author for this post.
    • #198576

      Anyone know the exact name of this new “background service” and will it even be listed in services or will it be a hidden one ?

      • #209274

        It may be the “Windows Update Medic Service”.

        It can’t be disabled by normal means, though the utility here can enable/disable it…


        The article shows how to add this service (“WaaSMedicSvc”) to the list of services to be enabled/disabled. Have tested it and it works.

        (Interestingly, I have 1803, but there is no Update Assistant folders anywhere)

        Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

    • #198616


      I have the folder, but have not run June 2018 updates. I’m in a managed WSUS environment, updated to 1709 in October 2017. The date on the folder is June 19, 2017, which is a month after my laptop was initially configured.

      The folder is also empty.


    • #198980

      I installed 1607 Pro in a VM, then installed KB4056254 to see what Win10 Update Facilitation Service is.  The new (but out since since february, a few months ago) service I found was “OS Remediation System Service” (osrss). It depends on windows/system32/osrss.dll since with osrss.dll disabled the service can’t start. I read that it occasionally creates folders in %temp% with a random number as names that contains two files, osrss.dll and osrssupdate.exe which I suspect is responsible for the “Important fix for Windows Update” dialog box, but I have no way of knowing that for sure yet.

      3 users thanked author for this post.
    • #199343

      I’m on 1709 and have just been offered this updated (needless to say I blocked it). I checked the MS page for KB4056254 and it still clearly states “Only certain builds of Windows 10 Versions 1507, 1511, 1607, and 1703 require this update.”, no mention of 1709.

      1 user thanked author for this post.
    • #199849

      Just got this one on 1709 too, guess the pushing towards 1803 will start soon despite havimg deferred it. :-(((

    • #201786

      Hey PK

      Also just received a request to download KB4056254.

      Running Win10 Pro x64 1709 with Group setting 2, Feature update 365, quality updates 14 days.

      I did not download and it is available to hide in wushowhide.

      Should this be hidden/held?

      If held, will it cause problems down the line with normal 1709 updating or when it is time to update to 1803?

      • #201789

        The only things I have been installing for Windows OS are the CUs and the servicing stacks. Just my personal preference.
        (Also the IE flash, etc)

    • #215566

      Looks like the update facilitation service – light in my home edition of w10 – turns the disabled updates service to manual trigger on startup. The service can’t be adjusted. i theory an update cannot download as long as your wifi is tagged as metered…. we’ll have to see.

    Viewing 23 reply threads
    Reply To: Patch Lady – Windows 10 update facilitation service

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: