What we know about the Win10 version 1909 upgrade: Easily managed by most; tricky for some

The details are hairy, but the bottom line is pretty simple.

If you start from Win10 1903, you have complete control over when you’re upgraded to Win10 1909. Remarkably, that’s true for both Home and Pro (and Enterprise and Education) versions.

If you start from Win10 1809 Pro, the details are a bit more difficult but in the end you, too, have easy control over the upgrade.

If you start from Win10 1809 Home, life’s considerably trickier. You’re probably better off upgrading to 1903 — and avoid clicking “Check for updates.”

Full details in Computerworld Woody on Windows.

Thx for extensive testing from @abbodi86, @b, @PKCano

Warren: Google’s experimental change to Chrome crashed the browser

Lest you think Windows gets all the fun parts…

Tom Warren at the Verge is reporting:

Google left thousands of machines in businesses with broken Chrome browsers this week, following a silent experimental change. Business users accessing Chrome through virtual machine environments like Citrix kept seeing white screens on open Chrome tabs, blocking access to the browser and leaving it totally unresponsive.

Ends up Google flipped a bit on some machines to enable a feature called WebContents Occlusion. Kaboom.

I really like this quote from an admin who got hit:

“Do you [Google] see the impact you created for thousands of us without any warning or explanation? We are not your test subjects. We are running professional services for multi million dollar programs.”

Welcome to my world….

Have you been pushed from Win10 version 1803?

I’m seeing more reports of the way MS has said it will start to push people off of Win10 1803 – but I have yet to hear from anyone who’s been pushed.

I have one report from someone whose 1803 machine got upgraded to 1809, but I’d be willing to bet he had the Pro feature update deferral setting dialed up. In other words, I’m reasonably certain the Win10 updater just followed its instructions, delaying the version upgrade for the specified number of days.

Do you have a Win10 1803 machine that, without prodding, turned into a 1903 or 1909 machine?

Do you know anyone who has?

Born: Microsoft incorrectly signed the MSRT update that’s been bouncing around. It’s fixed now.

News on that infuriating MSRT update bug. If you recall, the version of KB 890830 that arrived on Patch Tuesday was all over the map. As I said in Computerworld:

There are hundreds of reports online of people who found that the MSRT installer threw an 800B0109 and wouldn’t install; or installed but then reinstalled on reboot; showed up multiple times in the Installed Updates list; didn’t show up in the Installed Updates list in spite of running; and several variations on those themes.

I also said that the bad patch was fixed on Tuesday night – but, at least for some people, it wasn’t.

Now comes word from Günter Born about the root cause of the problem:

Microsoft made a mistake signing the update package in question… KB 890830 is no longer available via Windows Update… Microsoft has updated the package (in the Update Catalog) for Windows 7 and Server 2008/r2 and replaced the faulty certificate.

He reports that the newly updated (but not yet pushed) version installs correctly. (Actually, I should say “runs correctly,” because the MSRT programs just run, they don’t install anything.)

UPDATE: @Speccy has observed that the problem isn’t with the certificate, but with our old friend the SHA-2 signing problem with Win7 patches. Looks like he’s right. Read more here.

Win10 Update Assistant to move to 1909 next week

If you’re planning on using the Win10 Update Assistant to get onto version 1903, better move fast. KB 3159635, which describes the Update Assistant, was updated an hour ago to say:

Installation of Windows 10, version 1909 with the Windows 10 Update Assistant will be available the week of November 18th, 2019.

That gives you less than a week to download and squirrel away an official, clean, free copy of Win10 version 1903. I have step-by-step instructions in Computerworld.

Thx, VulturEMaN

Python programmers: Watch out for Win10 version 1903

We had a report a few hours ago from MartinPurvis that performing an in-place upgrade from Win10 version 1803 to version 1903 clobbered Python:

Turns out that a user path variable is added to the top of the environment variable list which gives priority to a 0kb python.exe inside the Windows Apps AppData instead of using the user defined python directory before the in-place upgrade.

Looking around the web, I see that’s a common complaint. Poster Ac3_DeXt3R on SuperUser says:

On typing “python” from search, opens the Python 2.7 prompt but when I type from command prompt window, it triggers the Microsoft Store.

Poster ecool on the Microsoft Answers forum said, back in May:

Windows 10 is using the System Environment variables over my User Environment. So just ordering the Python location to the top of the System Environment Path variable worked to remove the annoyance of trying to run python and it opening to the Windows Store.

Back on the SuperUser site, Ramhound says:

This was intended behavior. Microsoft added this behavior with 1903 because they recognized developers struggle getting Python installed. I read about this change but I don’t recall where I read it.

I can’t find the original description Ramhound describes. Can anybody out there point me to it?

The new Macbook Pro keyboard

This tweet says it best:

Apple in 2017: Y'all are crazy, there's nothing wrong with that keyboard.

2018: We've identified a minor flaw in our keyboard and have fixed it, it's fine now.

2019: LOL jk yeah we knew the keyboard was a disaster all along, we just couldn't admit it until we had a new one.

— Will Oremus (@WillOremus) November 13, 2019

November 2019 Patch Tuesday foibles

Have a patching problem? Post it here.

My tally so far (as of early Wednesday morning):

• “3340 query is corrupted” errors in Access
• an annoying carousel of never-ending Malicious Software Removal Tool (KB 890830) installations, now fixed
• a re-release of Win10 version 1809, Server 1809 and Server 2019
• several new Servicing Stack updates
• another Internet Explorer “exploited” security hole shrouded in secrecy
• a promise that we won’t see any more “optional non-security” cumulative updates this year
• and a new but not new version 1909 rollout.

Details in Computerworld Woody on Windows.

UPDATE: Microsoft has documented the “Query is corrupt” bug in Access.

This issue will be fixed [in December] for all versions:

If you encounter this issue before the fix is available, the recommended workaround is to update the query so that it updates the results of another query, rather than updating a table directly.

November 2019 Patch Tuesday arrives – along with Win10 version 1909

The patches are out. There are 116 new individual patches in the Update Catalog covering 74 separately identified security holes (CVEs).

Worthy of note is the Win10 1903 cumulative update Knowledge Base article KB 4524570:

To reflect this change, the release notes for Windows 10, version 1903 and Windows 10, version 1909 will share an update history page. Each release page will contain a list of addressed issues for both 1903 and 1909 versions. Note that the 1909 version will always contain the fixes for 1903; however, 1903 will not contain the fixes for 1909. This page will provide you with the build numbers for both 1909 and 1903 versions so that it will be easier for support to assist you if you encounter issues.

That’s a significant question answered! Sure enough, the KB article has two pull-down sections, one for 1903 and one for 1909. Looks like the 1909 flavor only has the same patches as the 1903 version.

I can confirm that KB 4524570 installed on my Win10 1909 test machine (which is not in the Insider program). Build 18363.476. Nothing has gone kablooey.

There’s a new post on the Insider Blog that tells you how to get Win10 version 1909. Basically, follow all of the steps in How to block the Windows 10 November 2019 Update, version 1909, from installing, but at the end click Download and install now. That’s good news.

Martin Brinkmann on ghacks.net posted the salient details:

• Win7: 35 security holes
• Win8.1: 37 security holes
• Win10: 46 vulnerabilities

And, of course, this is the last planned cumulative update for Win10 version 1803.

There are links on ghacks.net to all of the downloads and KB articles, as well as an Excel overview.

Dustin Childs has his usual rundown for the Zero Day Initiative. Of particular concern is yet another “exploited” hole in Internet Explorer:

 CVE-2019-1429 – Scripting Engine Memory Corruption Vulnerability Reported through the Google Threat Analysis Group, this patch for IE corrects a vulnerability in the way that the scripting engine handles objects in memory. This vague description for memory corruption means that an attacker can execute their code if an affected browser visits a malicious web page or opens a specially crafted Office document. That second vector means you need this patch even if you don’t use IE. Microsoft gives no information on the nature of the active attacks, but they are likely limited at this time.

At least we aren’t seeing another round of chicken-with-its-head-cut-off multiple out-of-band patches for an obscure in the wild exploit, like we did last month. I’ll keep an eye on it and let you know if it starts causing problems for anyone other than nuclear research firms and missile launch systems.

@PKCano advises that there are new SSUs on the hoof:

KB 4523206 for Win7
KB 4524445 for Win8.1

MS-DEFCON 2: Make sure Automatic Update is temporarily switched off

With Patch Tuesday tomorrow, and a Win10 1909 upgrade waiting in the wings, now’s a good time to check that Automatic Update’s temporarily turned off.

As usual, there are full step-by-step instructions in Computerworld Woody on Windows.

Resolving Windows network-connection problems

NETWORK TROUBLESHOOTING

By Lance Whitney

Troubleshooting networking issues in Windows 10 can be a maddening process. When your PC refuses to make a connection to the Web, Windows’ built-in diagnostics tools can help.

But when troubleshooting, it’s also useful to have some understanding of how Windows networking works. Firewalls, network adapters, and various properties and settings all play a part in whether you have a fully functioning Ethernet or wireless connection.

This topic can be deep and complex, but here are some basic diagnostic steps that you should try first.

Read the full story in AskWoody Plus Newsletter 16.41.0 (2019-11-11).

Hybrid attack can extract data from inert RAM

LANGALIST

By Fred Langa

It sounds impossible, but data can be recovered from RAM chips — even after they’ve been removed from a PC.

Specialized attacks on memory modules can reveal working passwords and cryptographic keys still stored random-access memory, possibly allowing malicious hackers to bypass encryption services such as BitLocker, VeraCrypt, FileVault, and others!

Plus: Disabling Windows Firewall and its nags.

Read the full story in AskWoody Plus Newsletter 16.41.0 (2019-11-11).