News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • MS acknowledges blue screen bug when installing the Aug or Sept cumulative update on Win10 version 2004 Lenovo machines

    Posted on September 17th, 2020 at 14:29 woody Comment on the AskWoody Lounge

    Mayank Parmar at Windows Latest has the rundown on Microsoft’s latest confession:

    In a new support document that was quietly published over the weekend, Microsoft has warned that it has observed a number of other critical errors caused by KB4568831 or newer, which also includes the September 2020 patch…

    The problem appears to have been caused by a compatibility issue between Windows 10’s cumulative update, UEFI settings, and Lenovo’s Vantage app. With a cumulative update, Microsoft made a change that restricts how processes can access PCI device configuration and feature in UEFI could trigger this behaviour, which causes a Blue Screen.

    KB 4568831 is the Win10 version 2004 “optional, non-security, C/D/E Week” preview patch released in late July.

    Yes, the bug’s been around for six weeks. No, it hasn’t been fixed. But there is a manual workaround, discussed in Parmar’s article.

    Tell me again how version 2004 is ready for prime time.

  • Yes, you do need to patch sooner or later

    Posted on September 15th, 2020 at 08:06 woody Comment on the AskWoody Lounge

    You know how I say that there’s no reason to patch as soon as the patches come out — but you need to patch sooner or later?

    Those of you running Windows Server as a domain controller just showed the rest of us how important that “sooner or later” can be.

    Microsoft patched CVE-2020-1472 last month. The security hole was (and still is) described as “2 – Exploitation Less Likely,” thus not of immediate concern. It wasn’t publicly disclosed or exploited at the time (it wasn’t a zero-day). If you followed along with the MS-DEFCON system (which, admittedly, isn’t designed for admins with Windows Server domain controllers) you would’ve installed the patch late last month or early this month.

    Good for you.

    Yesterday,the Dutch security company Secura B.V. released a full report of the security hole – and it’s a doozy. Catalin Cimpanu at ZDNet has a thorough description:

    According to Secura experts, the bug, which they named Zerologon, takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process.

    This bug allows an attacker to manipulate Netlogon authentication procedures and:

    • impersonate the identity of any computer on a network when trying to authenticate against the domain controller
    • disable security features in the Netlogon authentication process
    • change a computer’s password on the domain controller’s Active Directory (a database of all computers joined to a domain, and their passwords)

    There are limitations to how a Zerologon attack can be used. For starters, it cannot be used to take over Windows Servers from outside the network. An attacker first needs a foothold inside a network.

    However, when this condition is met, it’s literally game over for the attacked company.

    It’s a bad one. But you got your Server patched a couple of weeks ago, yes?

    It’s rare to have a security hole erupt this quickly – although it does happen. We still haven’t seen widespread attacks. But it’s only a matter of time.

  • MS-DEFCON 4: Install the August updates, but avoid the Optional and non-security patches

    Posted on September 4th, 2020 at 10:05 woody Comment on the AskWoody Lounge

    Now that we have the second cumulative update for Win10 version 2004, I feel confident in recommending that you install the August patches.

    Nope, Win10 version 2004 isn’t ready for prime time yet, but if the latest bumper crop of bug fixes work out OK – with few if any reported problems – we may be closer to having a stable version to jump to.

    Step-by-step details in Computerworld Woody on Windows.

  • Microsoft releases the “optional, non-security, C/D/E Week” patch for Win10 version 2004

    Posted on September 3rd, 2020 at 17:00 woody Comment on the AskWoody Lounge

    Microsoft just dropped the last “optional, non-security” August patch for a still-breathing Win10 version.

    Yep, the “optional, non-security, C/D/E Week” patch, KB 4571744, is now available via Windows Update – if you click the Download and install link.

    And look. At. All. The. Changes. I do believe that’s the longest list of changes in a Windows update that I’ve ever seen.

    Here’s the one I was waiting for:

    Addresses an issue that causes the Optimize Drives dialog to incorrectly report that previously optimized drives need to be optimized again.

    Microsoft’s way late in the game for Preview patches – Patch Tuesday is five days away – but at least we’re going to get a little bit of out-of-the-box testing.

    Of course you don’t want it. Of course.

  • Where we stand with the August patches

    Posted on August 31st, 2020 at 18:41 woody Comment on the AskWoody Lounge

    Lenovo warns about Win10 version 2004 patch problems; Win8.1 plays catch up – but clobbers Cisco Anyconnect; the 50th reincarnation of an old “blast away the barnacles” Windows upgrade patch; and reported problems with printing in Win7 with the extra-cost Extended Servicing Updates.

    It’s a wild world out there – but Win10 version 2004 is starting to stabilize. Operative term: Starting.

    Details in Computerworld Woody on Windows.

  • Windows Latest: A fix for the broken Win10 version 2004 Drive Optimizer (Defrag) tool is being tested

    Posted on August 26th, 2020 at 15:20 woody Comment on the AskWoody Lounge

    Just in from Mayank Parmar at Windows Latest:

    According to the changelog of Build 19042.487, this issue has now been resolved in Windows 10 20H2*. After beta testing the patch with Insiders, Microsoft plans to roll out the same update to those with Windows 10… version 2004 later this week or before September 1.

    So it looks like we may see an “optional, non-security, C/D Week” patch for Win10 version 2004 (no surprise there) that fixes the defrag/Drive Optimizer bug. (The bug shows an incorrect date for the last defrag run.)

    *In case you haven’t been following the latest obfuscating changes in Win10 numbering conventions, Win10 version 20H2 is the next version of Win10 – the one that follows Win10 version 2004. Version 2004 is still having teething problems, like this one.

  • Another grab bag of bugs in the Patch Tuesday crop

    Posted on August 22nd, 2020 at 10:07 woody Comment on the AskWoody Lounge

    As happens every month, there’s a laundry list of bugs that accompanied this month’s Patch Tuesday Win10 patches: Can’t install, Blue and Green Screens, system slowdowns and the like. Mayank Parmar at Windows Latest takes us through the litany:

    It appears that Windows 10’s August 2020 cumulative updates could be crashing some computers (mostly Lenovo ThinkPad hardware) when Hyper-V, Intel virtualization or Windows Sandbox features are enabled. Lenovo users have also flagged issues with Windows 10 August security patch and turning off virtualization feature resolves the problem for them.

    Are you hitting any problems?

  • Another round of “optional, non-security, C/D Week” patches for Win10 1909, 1903, 1809

    Posted on August 21st, 2020 at 08:00 woody Comment on the AskWoody Lounge

    We just got another set of “optional, non-security, C/D Week” patches for Win10 versions 1903 and 1909 (KB 4566116) and 1809 (KB 4571748). There’s a long, long list of changes.

    Of course you don’t want to install them – unless you’re concerned about time zone information for Yukon Province Territory (see comments).

    As usual, the “optional, non-security, C/D Week” patch for Win10 version 2004 is still baking.

    In theory, the update appears as an “Optional updates available” update and if you want to get it, you need to specifically click Download and install. In practice, I still haven’t seen the notification – but it looks like the patch will be available even if you aren’t in the Windows Insider Preview ring.

    I don’t see it on my machines. Can you see it?