Microsoft is pausing optional Windows update releases

Microsoft announced yesterday that it plans to pause the release of optional Windows updates from May 2020 onward.

The company releases so-called C and D releases in the third or fourth week of any given month. These are considered preview updates and completely optional.

Windows administrators will have to check for updates manually to detect them in Windows Update or download them from the Microsoft Update Catalog website to install them on devices.

windows pause optional updates

It has been my recommendation from the start to only install these preview updates if they fix an issue or issues that are experienced and severe enough to justify the installation of a preview update on a machine.

The updates are usually included in the following month’s Patch Tuesday updates anyway.

Timing for upcoming Windows optional C and D releases

We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

The change applies to all supported versions of Windows including Windows 10 but also server versions of Windows.

Microsoft does not mention the Coronavirus pandemic specifically but it seems likely that it is referring to it and that it is the reason why Microsoft made the decision to pause the creation and distribution of these preview updates.

Pausing indicates that the change is temporary in nature and that the production of preview updates will resume once the situation is under control.

The change won’t affect the security update releases of any given month (also called B releases as they are pushed out in the second week of any month).

There is no change to the monthly security updates (B release – Update Tuesday); these will continue as planned to ensure business continuity and to keep our customers protected and productive.

Preview updates will be released in April 2020 but will be paused after the April release.

Now You: Do you install preview updates on your devices? (via Ask Woody)

Thank you for being a Ghacks reader. The post Microsoft is pausing optional Windows update releases appeared first on gHacks Technology News.

Critical font parsing issue in Windows revealed (fix inside)

Microsoft published an advisory yesterday concerning a recently detected font parsing issue that affects all supported versions of the company’s Windows operating system (including Windows 7).

The issue is rated critical, the highest severity rating. Microsoft notes that it is aware of limited targeted attacks and that it is working on a fix to close the vulnerability.

The remote code vulnerability is found in the Adobe Type Manager Library and attackers have multiple options to exploit the issue including convincing users to open a specially crafted document or viewing the document in the preview pane of File Explorer / Windows Explorer.

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

A workaround has been published by Microsoft that prevents attacks targeting Windows Explorer / File Explorer. Microsoft notes that the workaround does not “prevent a local, authentication user from running a specially crafted program to exploit the vulnerability”.

The workaround:

For Windows 7, Windows 8.1 and Windows Server 2008 R2, 2012 and 2012 R2:

  1. Open a Windows Explorer instance and select Organize > Layout.
  2. Disable the Details pane and Preview pane options (if they are enabled. You should notice that the panes are not displayed when disabled)
  3. Select Organize > Folder and search options.
  4. Switch to the View tab.
  5. Under Advanced Settings, check “Always show icons, never thumbnails”.
  6. Close all Windows Explorer instances.

For Windows 10, Windows Server 2016 and 2019:

always show icons

  1. Open File Explorer and switch to the View tab when it opens.
  2. Clear the Details and Preview pane so that these are not displayed in File Explorer anymore (if they were displayed previously).
  3. Select File > Change folder and search options.
  4. Check Always show icons, never thumbnails in Advanced Settings.
  5. Close all File Explorer instances so that the changes can take effect.

The changes can be undone once the fix landed in Windows. Just repeat the steps outlined above but instead of clearing or checking the options, you’d do the opposite.

For systems on which the WebClient service is used, Microsoft recommends disabling the service for the time being as it blocks “the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service”.

Disabling the service will result in WebDAV requests not being transmitted. Also, any service that depends on the WebClient service will not start.

Here is how that is done:

  1. Use Windows-R to bring up a Run box.
  2. Type services.msc and click OK to open the Services Management window.
  3. Locate WebClient in the Services listing, right-click on it and select Properties.
  4. Switch the Startup type to Disabled.
  5. If WebClient is running, select Stop.
  6. Click ok and close the Services management interface.

Administrators who manage Windows 10 version 1703 and earlier systems, including Windows 8.1 and 7, may also disable ATMFD using the Registry.

Here is the script that you need to run:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
“DisableATMFD”=dword:00000001

Non-ESU Windows 7 systems won’t receive the security update according to Microsoft.

Thank you for being a Ghacks reader. The post Critical font parsing issue in Windows revealed (fix inside) appeared first on gHacks Technology News.

Microsoft unveils DirectX 12 Ultimate

Microsoft’s DirectX development team unveiled DirectX 12 Ultimate yesterday and praised it as the “best graphics technology” it ever introduced. The company announced DirectX 12 back in 2014.

Microsoft’s upcoming Xbox Series X supports DirectX 12 Ultimate; on PCs, it is necessary to run Windows 10 version 2004, out in May 2020, or higher, to use the new functionality.

Devices with the DirectX 12 Ultimate logo will support “all next generation graphics hardware features” including “DirectX Raytracing, Variable Rate Shading, Mesh Shaders and Sampler Feedback”. Microsoft wants the logo to become a criteria for PC gamers. It sees DirectX 12 Ultimate as an “additive initiative” that “provides gamers with assurance that their hardware meets the highest bar for feature support in next-generation games”.

Current hardware may not support all features of DirectX 12 Ultimate but that won’t impact compatibility according to Microsoft. Microsoft confirmed in the announcement that current hardware can be used to run next-generation games that use DirectX 12 Ultimate features.

Gamers may not experience all the visual benefits that DirectX 12 Ultimate offers in that case but the games will run on non-DirectX 12 Ultimate hardware according to Microsoft.

Though such hardware won’t provide the visual benefits of the new features, it can still provide a very compelling gaming experience on next generation games, depending on the specifics of the hardware.

Microsoft highlights the following improvements that found their way into DirectX 12 Ultimate:

  • DirectX Raytracing 1.1, an incremental addition to version 1.0 that adds these major capabilities:
    • GPU Work Creation now allows Raytracing
    • Streaming engines can more efficiently load new raytracing shaders as needed
    • Inline raytracing support
  • Variable Rate Shading, allows developers to vary a game’s shading rate.
  • Mesh Shaders to build more “detailed and dynamic worlds”.
  • Sampler Feedback for better visual quality, shorter load time, and less stuttering.

DirectX 12 Ultimate unifies the “graphics platform across PC and Xbox Series X” and that offers many advantages according to Microsoft. For one, feature adoption should be faster.

Microsoft’s last attempt at pushing software through hardware, by making DirectX 10 Windows Vista exclusive, backfired heavily on the company. Only a handful of games made use of the new technology because Vista’s attractiveness was not very high at the time.

Developers find a “getting started guide” on Microsoft’s DirectX Developer Blog.

Thank you for being a Ghacks reader. The post Microsoft unveils DirectX 12 Ultimate appeared first on gHacks Technology News.

Microsoft extends Windows 10 version 1709 support because of Coronavirus

Microsoft announced yesterday that support for the company’s Windows 10 version 1709 operating system has been extended by six months so that it is supported until October 13, 2020.

Enterprise, Education and iOT Enterprise editions of Windows 10 version 1709 are still supported while Home editions, Pro and Home for instance, are not. Microsoft ended support for these editions on April 19, 2019 already.

Support for Enterprise and Education versions of Windows 10 version 1709 was scheduled to run out on April 14, 2020 initially (after the Patch Tuesday of April 2020).

windows-10-version 1709 support extended

Microsoft explains that the current Coronavirus situation in the world is putting a toll on everyone. Many system administrators and IT workers work remotely and to reduce the workload that these IT workers have, Microsoft decided to postpone the end of support by six month.

We have been evaluating the public health situation, and we understand the impact this is having on you, our valued customers. To ease one of the many burdens you are currently facing, and based on customer feedback, we have decided to delay the scheduled end of service date for the Enterprise, Education, and IoT Enterprise editions of Windows 10, version 1709. This means devices will receive monthly security updates only from May to October. The final security update for these editions of Windows 10, version 1709 will be released on October 13, 2020 instead of April 14, 2020.

Microsoft will continue to produce security updates for versions of Windows 10 version 1709 until October 2020. These updates will be made available on the usual channels including Windows Update, WSUS and the Microsoft Update Catalog.

The end of support schedule for other versions of Windows 10 remains the same.Windows 10 version 1803 is set to run out of support on November 10, 2020, just a month after Windows 10 version 1709 support ends.

It is therefore recommended to upgrade to Windows 10 version 1809 or newer. Microsoft announced some time ago that support for the second feature update release of the year is extended to 30 months while support for the first feature update of the year is 18 month for Enterprise and Education customers.

Now You: Do you run Windows 10? Which version and why?

Thank you for being a Ghacks reader. The post Microsoft extends Windows 10 version 1709 support because of Coronavirus appeared first on gHacks Technology News.

Microsoft releases Windows 10 updates KB4541329, KB4541330, KB4541331 and KB4541333

Microsoft released so-called C-D Week updates for older versions of the company’s operating system Windows 10 on March 17, 2020. The updates KB4541329, KB4541330, KB4541331 and KB4541333  are considered preview updates and fix issues only in these Windows versions.

The updates are for the following versions of Windows 10 and Windows Server:

  • KB4541329 for Windows 10 version 1607 and Windows Server 2016
  • KB4541330 for Windows 10 version 1709
  • KB4541331 for Windows 10 version 1809 and Windows Server version 1809 and Windows Server 2019
  • KB4541333 for Windows 10 version 1803

Most of the improvements and fixes apply to Server and Enterprise environments only. Home users may want to skip the updates for now and wait for the inclusion on the next Patch Tuesday.

Windows 10 updates KB4541329, KB4541330, KB4541331 and KB4541333

Windows 10 version 1607 and Windows Server 2016

Update Catalog link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4541329

The update includes the following improvements and fixes:

  • Fixed an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS. DNS zone.
  • Fixed a Credential Guard issue that prevented machines from joining a domain.
  • Fixed a session host issue when running an application in RemoteApp that caused application windows to flicker and DWM.exe to stop working.
  • Fixed an issue with evaluating the compatibility status of the Windows ecosystem.
  • Fixed an issue that prevented Microsoft User Experience Virtualization settings from roaming.
  • Fixed a high CPU usage issue on Active Directory Federation Services.

Microsoft lists one known issue:

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Windows 10 version 1709

Update Catalog link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4541330

The update includes the following improvements and fixes:

  • Fixed a File Explorer issue that could cause it to close unexpectedly when using roaming profiles.
  • Fixed a delayed sign-in issue when signing in or unlocking a session on Hybrid Azure Directory joined-machines.
  • Fixed a Credential Guard issue that prevented machines from joining a domain.
  • Fixed an issue with evaluating the compatibility status of the Windows ecosystem.
  • Fixed an issue that prevented Microsoft User Experience Virtualization settings from roaming.
  • Fixed an issue that prevented machines from Microsoft Defender ATP Threat & Vulnerability Management.

Microsoft lists no known issues.

Windows 10 version 1803

Update Catalog link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4541333

The update includes the following improvements and fixes:

  • Fixed an issue that caused an error when printing a document repository.
  • Fixed a Bluetooth issue that caused a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when waking up from Sleep.
  • Fixed a delayed sign-in issue when signing in or unlocking a session on Hybrid Azure Directory joined-machines.
  • Fixed an Azure Active Directory authentication issue.
  • Fixed a Credential Guard issue that prevented machines from joining a domain.
  • Fixed an issue with evaluating the compatibility status of the Windows ecosystem.
  • Fixed an issue that prevented Microsoft User Experience Virtualization settings from roaming.
  • Fixed an issue that prevented machines from Microsoft Defender ATP Threat & Vulnerability Management.
  • Fixed an issue that prevented machines from going into Sleep Mode automatically because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
  • Improved support for non-ASCII file paths for Microsoft Defender ATP Auto IR.

Microsoft lists no known issues.

Windows 10 version 1809 and Windows Server version 1809 and Windows Server 2019

Update Catalog link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4541331

The update includes the following improvements and fixes:

  • Fixed an issue that caused an error when printing a document repository.
  • Fixed a Microsoft Foundation Class toolbar issue that occurred when dragging it in multi-monitor environments.
  • Fixed a sign-in issue that prevented the touch keyboard from appearing.
  • Fixed an issue on server devices that caused new child windows to flicker and appear as white squares.
  • Fixed a File Explorer issue that displayed incorrect folder properties if the path was longer than the maximum path.
  • Fixed a Samoa time zone issue that caused calendar dates to appear on the wrong day of the week.
  • Addressed an issue with reading logs using the OpenEventLogA() function.
  • Fixed a Credential Guard issue that prevented machines from joining a domain.
  • Fixed a delayed sign-in issue when signing in or unlocking a session on Hybrid Azure Directory joined-machines.
  • Fixed an Azure Active Directory authentication issue that occurred when the user’s security identifier has changed.
  • Fixed an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS. DNS zone.
  • Fixed an Azure Active Directory authentication issue.
  • Fixed a high CPU utilization issue when retrieving session objects.
  • Addressed high latency in Active Directory Federation Services response times for globally distributed data centers.
  • Addressed a high latency issue in acquiring OAuth tokens.
  • Fixed an issue to prevent SAML errors and the loss of access to third-party apps for users who don’t use multi-factor authentication.
  • Fixed an issue with evaluating the compatibility status of the Windows ecosystem.
  • Fixed an issue that prevented Microsoft User Experience Virtualization settings from roaming.
  • Addressed an issue with high CPU usage on AD FS servers that occured when the backgroundCacheRefreshEnabled feature is enabled.
  • Addressed an issue that created the Storage Replica administrator group with the incorrect SAM-Account-Type and Group-Type.
  • Fixed an issue that prevented machines from going into Sleep Mode automatically because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
  • Fixed an issue that prevented machines from Microsoft Defender ATP Threat & Vulnerability Management.
  • Fixed issues that caused stop errror 0xEF when upgrading to Windows 10 version 1809.
  • Improves performance of ReFS in scenarios that involve many ReFS-cloned files.
  • Improves support for non-ASCII file paths for Microsoft Defender ATP Auto IR.
  • Improves performance of all token requests coming to AD FS.
  • Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname.

Microsoft lists one known issue:

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

 

Thank you for being a Ghacks reader. The post Microsoft releases Windows 10 updates KB4541329, KB4541330, KB4541331 and KB4541333 appeared first on gHacks Technology News.