Newsletter Archives

  • Another key Win10 security feature bites the dust: Say goodbye to Windows Defender Exploit Guard

    There’s a reason why I’m skeptical about the fancy new security features touted for Win10 versions. In many cases, at least for me, they don’t work. Enterprises have a different school of fish to fry, but the benefits of some of the new features just eludes me.

    Take, if you will, the Windows Defender Exploit Guard. When Win10 version 1709 hit the street, it was billed as a major new security feature that the whole world needs. Although on the surface it seemed like something I could understand — keep rogue programs out of key pieces of Windows — I never got it to work right. Here’s how MS described it back during the 1709 release:

    Implementing Attack Surface Reduction rules within Windows Defender Exploit Guard. Exploit Guard is a new feature of v1709 that helps prevent a variety of actions often used by malware. You can read more about Exploit Guard here: Reduce attack surfaces with Windows Defender Exploit Guard. Note that we have enabled “block” mode for all of these settings. We are continuing to watch the “Block office applications from injecting into other process” setting; if it creates compatibility problems then we might change the baseline recommendation to “audit” mode for that setting. Please let us know what you observe.

    That seems like a worthy goal, and I dutifully reported on it. But I never got it to work.

    Now comes word that Microsoft’s recommending everybody disable it in Win10 1909. From the newly published Security Baseline for 1909:

    Exploit Protection 

    Because of reported compatibility issues with the Exploit Protection settings that we began incorporating with the Windows 10 v1709 baselines, we have elected to remove the settings from the baseline and to provide a script for removing the settings from machines that have had those settings applied. (See Remove-EPBaselineSettings.ps1 in the download package’s Scripts folder.)

    So this once-highly-touted security feature has not only bitten the dust, there’s a handy program included in the Security Baselines toolbox that makes it easy to ensure that the %$#@! thing has been turned off everywhere.

    There’s a reason to be skeptical of new security “features” that you don’t understand….

  • Upgraded to 1909 – or was he?

    Tero Alhonen has a tweet that baffles me:

    In the end, it appears as if he’s on the first October cumulative update for 1903 (build 18362.418), but the original prompt and the install history says he’s on 1909, presumably the latest build 18363.476.

    Anybody have a guess what’s going on?

  • All roads lead to Win10 1909 — but you can take your time


    By Woody Leonhard

    For a change, Microsoft is letting everybody decide when to upgrade to the latest release of Win10 (Version 1909) — provided they’re already running the penultimate version, Win10 1903 (and in some cases Version 1809).

    That’s good news, and it represents a sea change in Microsoft’s pushiness.

    Read the full story in AskWoody Plus Newsletter 16.42.0 (2019-11-18).

  • Peering into the Windows tea leaves


    By Woody Leonhard

    You can expect some significant changes — existential changes — to Windows in the very near future.

    Based on some official announcements and more than a few highly reliable leaks, it looks like Windows is in for a very bumpy ride.

    Read the full story in AskWoody Plus Newsletter 16.40.0 (2019-11-04).

  • How to keep Win10 version 1909 from installing

    The rules have changed. Keeping 1909 off your machine until you’re ready to install it is much easier than blocking upgrades in previous versions of Win10. Still, there are nuances.

    Computerworld Woody on Windows.

  • Getting ready for Windows 10 1909


    By Susan Bradley

    Many of us are still pondering Win10 1903 — and now Version 1909 is almost upon us. Here’s how not to be the next release’s beta tester.

    If the rumors are true, the next feature release for Windows 10 will begin trickling out on November 12. It looks like Version 1909 won’t be the big deal we thought it might be, which is all the more reason to not be one of the early adopters — unless you really like testing “beta” operating systems.

    Read the full story in AskWoody Plus Newsletter 16.39.0 (2019-10-28).

  • Defer updates, Pause updates, Delay updates, and the big unknown of Win10 1909

    Yes,  there’s a difference between Defer updates and Pause updates. But that’s just the tip of the micro-plastic infused iceberg.

    The main sticking point: Win10 still has both concepts floating around, they conflict, and we don’t have any idea how the conflicts are being resolved — a problem that’s going to get worse with the release of Win10 version 1909, which doesn’t follow the Defer, Pause, push, pull or prod rules.

    Details in Computerworld Woody on Windows.

    Thx @b, @PKCano

  • Rings within Insider Rings – where you end up, nobody knows

    Those of you in the Insider Program have a choice to make. I’m having a hard time guessing where this is all headed.

    Right now, I can confirm that if you’re in the Release Preview Ring on a completely clean copy of 1903 and check for updates, you end up on 1903 build 18362.448 with an offer to upgrade to 1909

    Looks like Slow Ring is on 1903 (build 18362.10024?), but “you’ll be updated to 20H1/2003 shortly” and you won’t be offered a chance to move to 1909. If I read the tea leaves correctly.

    Fast Ring is a big question mark. Right now, Fast is on 20H1/2003, but will it move to 20H2/2009? Or will it move to 21H1/2103?

    Skip Ahead is also a big unknown. Will it go to 20H2/2009 or 21H1/2103?

    Another way to rephrase the question… Is Microsoft going to switch over to giving us a Service Pack late in the year every year – or are we going back to the old two-versions-every-year pace?

    A related question: Could Microsoft possibly make this any more complex?

  • Microsoft declares that you can now safely install Win10 version 1903 on Surface Book 2 machines

    Took ’em about six months, but Microsoft has finally given the go-ahead to install Win10 version 1903 on Surface Book 2 PCs. I talked about the “dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU” bug in the July 22 AskWoody Plus Newsletter (accessible to everyone).

    The upgrade block which has been in effect since May was officially removed yesterday.

    The impetus? A firmware update for the Surface Book 2, also released yesterday. I’ll have a full rundown of the latest firmware releases on Monday. Suffice it to say that many people are steamed — and rightfully so — about the way MS has been steering its customers into uncharted waters.

    At any rate, if you paid $3,000 for a Surface Book 2 with a separate GPU, you’re now free to install Microsoft’s latest, greatest version of Windows.

    Just in time for the release next month of “Windows 10 November 2019 Update (19H2)” — better known as Win10 1909.

    I’ll have more about the 1909 release next week. Current obsession: What exactly do we know about the rollout?  If you think previous Win10 releases were unnecessarily cumbersome and hard to understand, boy howdy, you ain’t seen nuthin’ yet.

  • Will Win10 1903 and 1909 co-exist?

    I’m still scratching my head over this one. Please tell me if you’ve heard anything, official or otherwise.

    Sometime in the next few weeks, Microsoft’s going to release Win10 version 1909. We know it’s going to appear as a cumulative update to Win10 1903 — just like a Service Pack, which is great.

    Here’s the question: Will Win10 customers be able to continue to use and update Win10 1903 without making the leap t0 1909?

    We have concurrent patches in beta testing with builds and separately available. The former apply to 1903; the latter to 1909.

    Will the stubborn ones in the crowd (e.g., me) be able to stick with 1903 for a while, to see what, uh, surprises await us in 1909? If you’ve seen anything official, please post a link!

  • Win10 version 1909 (“19H2”) now has three current beta versions

    Never let it be said that the Windows Insider rings are well defined.

    Microsoft’s putting the finishing touches on the next new version (“feature update”) for Win10 version 1903. Except it isn’t being distributed as a new version. It’s being distributed as a plain-vanilla monthly patch (“quality update”).

    I tend to think of the next version of Win10 as Win10 1903 Service Pack 1. But you’ll probably end up calling it Win10 version 1909.

    Here’s where you need a decoder ring.

    The Windows Release Preview ring has been used, historically, for all sorts of things. Recently, it’s been used to test updates to Win10 version 1903 prior to officially rolling them out. (It’s also been photobombed by an odd update, build 18947, which was quickly pulled.) On August 21, Microsoft released a new test version of Win10 1903, build 18362.325, into the Release Preview ring. Presumably, 18362.325 includes fixes for the VB/VBA/VBScript bugs introduced on Patch Tuesday in 18362.295.

    Starting yesterday, a subset of those in the Release Preview ring (about 10%, according to Dona Sarkar), were given the keys to the executive washroom. If you’re in the Release Preview ring and you’re one of the chosen few, you’ll see a link to update to “Windows 10, version 1909.”

    Click on that link and you’ll be able to test Win10 build 18363.327. That’s the first Win10 1909 update allowed out of the Redmond barn.

    Note the monkey business with the build numbers — Win10 version 1903 is build 18362.blahblahblah. Win10 version 1909 (nee “19H2”) is build 18363.mumblemumble.

    Sarkar says “to designate 19H2 as a feature update, we are revising the baseline build number by one full build” in the Windows Obfuscation Numbering Scheme. But note that:

    Insiders in the Release Preview ring who get 19H2 Build 18363.327 today will not see all the 19H2 features the Slow ring currently has as not all the features have been incorporated into the build yet.

    But wait a sec. There isn’t a single beta version of 1909 in the Slow Ring. There are two. I call them the bifurcating betas. That means, right now, there are not one, not two, but three different beta test versions of Win10 1909 — builds 18362.10014, 18362.10015, and 18363.327.

    The official announcement ends with this bit of wisdom:

    Because of the differences between the way the 19H2 updates are packaged between the Slow and Release Preview rings, Insiders in the Slow ring will not be able to switch to the Release Preview ring and get updates yet. Insiders who are thinking of switching rings should stay put for now. We will communicate to Insiders when it is ok to make the switch.

    See what I mean about a decoder ring?

    Thx @EP

    UPDATE: Paul Thurrott has posted an article on his paywall site that says there are “a minimum of” four versions of 1909 (“19H2”) floating around. I’ve seen three, but haven’t seen the fourth — and doubt that it exists. Three. Four. Whatever. It’s still way too many.

  • Microsoft continues its bifurcating betas with two new versions of Win10 19H2 (aka 1909)

    I just love how they’re doing this.

    A few minutes ago, Microsoft (once again) released not one, but two “latest” beta versions of Win10 version 1909. Builds 18362.10014 & 18362.10015 are headed to Windows Insiders in the Slow (er, very slow) Ring.

    One of the betas has all of the “new” features turned OFF, the other has the “new” features turned ON. ‘Course this is the Service Pack we’re all expecting for Win10 1903, which shouldn’t have any new features worth spittin’ about.

    Official announcement here.