Category Archives: Windows Update

Windows 10 Build 19043.1165 Install Button

Here’s an interesting departure from the usual. Today, August 10, is Patch Tuesday. That means it’s the second Tuesday of the month, and normally when Microsoft pushes updates out on its normal monthly cycle. But when I checked for updates, after they downloaded, the process paused. As you can see in the lead-in graphic, I had to push a Windows 10 Build 19043.1165 install button to make the install continue. What’s up with that?

When Is a Windows 10 Build 19043.1165 Install Button Typical?

Normally, one doesn’t see such things unless there’s some kind of preview element in the update mix (and rarely, if ever, does that hit as part of Patch Tuesday offers). That said, there is a KB5003791 Enablement Package update out today to take 2004, 20H1 or 21H1 to 19044 (21H2) build levels. Perhaps the button shows up because of that item? Interestingly, it was not offered to my PC (nor should it have been, as it is an Insider Preview element).

Even more interesting, I saw the update process cycle around for the KB5005033 item on my production desktop PC. That is, it counted up to 100%, stayed there for a while, then dropped back into the 60s and counted back up to 100% a second time before showing the usual “Restart now” button upon completion. That’s not exactly unheard of, but it is a little unusual. Thus, Patch Tuesday brings me a little unexpected excitement today.

Here’s what came through today, as part of the update package:
1. KB5005417 .NET Core 3.1.18 Security Update
2. Windows Malicious Software Removal Tool KB890930
3. KB6005033 Cumulative Update for 19043.1165
I don’t see anything in there that would normally induce the “Install now” button to appear. But as the lead-in graphic shows, I got one anyway.

And that’s the way things go here in Windows-World sometimes. Go figure! I’m clueless…

Facebooklinkedin
Facebooklinkedin

Upcoming PowerShell Updates Arrive via WU

Here’s an interesting tidbit. Starting with Preview edition 7.2 preview 5 or newer, Windows Update will take over responsibility for updating PowerShell as new versions emerge. Used to be it would notify users an update was available, but they would have to visit GitHub to grab the .msi,  or use a package manager to install the new version. But now, certain upcoming PowerShell updates arrive via WU.

It’s not clear when this will click in for production versions, but the shift is already underway for preview versions. If you download and install PowerShell 7.2 preview 5 or 6, you’ll be queued up for this grand experiment. (Visit the Releases GitHub page to find them.)

Rolling Out Upcoming PowerShell Updates Arrive via WU

As is typical when introducing new features and capabilities. MS will start this process with Preview editions of PowerShell. You can read more about the rollout plan in the June 16 PowerShell blog “Preview udpating PowerShell 7.2 with Microsoft Update.” Some registry tweaking is required, but the blog post provides all necessary commands in scripts designed for easy cut’n’paste use.

This is a nice step forward for Windows-heads who, like me, are regular and interested PowerShell users. It’s one step closer to real OS integration now. The post doesn’t say when this treatment will include PS production versions, but I’m hoping it will be soon. Perhaps it will come along for the ride into “next generation” Windows 10? Stay tuned, and I’ll tell you when that news hits.

Facebooklinkedin
Facebooklinkedin

Forcibly Upgrading 20H2 PCs Many Ways

OK, I’ll admit it. I got tired of waiting. This weekend, I forcibly upgraded my 20H2 production desktop to 21H1. As it happens, when forcibly upgrading 20H2 PCs many ways to the new version are open. I took one of the easiest: installing the enablement package. Links for x32, x64 and ARM64 versions are available at TenForums, via KB5000736 self-installing update files.

Forcibly Upgrading 20H2 PCs Many Ways Requires Follow-up

Of course, it’s been a while since KB5000736 first appeared on May 18. After I got through that install — which took under 2 minutes on my SkyLake i7-6700 PC — I had additional updates to install:

  • KB4023057: Update for Windows 10 Update Service Components
  • KB5004476 Out-of-band MS Store fix for Xbox Game Pass games

These took MUCH longer to download and install than the enablement package for 21H1, much to my surprise. Not all updates, apparently, can happen as quickly or easily as its minimalist changes (which mostly involve flipping switches for stuff already in the 20H2 OS).

Other Ways to Forcibly Upgrade from 20H2 to 21H1

Though it may be the fastest way to get from 20H2 to 21H1, other methods are also available. The Microsoft Update Assistant and an in-place upgrade install from mounted 21H1 ISO (both available on the Download Windows 10 page) will do the trick as well. But not only do these methods take longer, they also leave Windows.old and related cruft behind. That’s why I use the enablement package whenever possible. If you run out of patience like I did, I suggest you take the same route to get to 21H1 yourself. Enjoy!

Facebooklinkedin
Facebooklinkedin

X390 Yoga Replaces X220 Tablet

With the 2012 vintage Lenovo X220 Tablet going into a well-earned retirement, I need a replacement Dev Channel test machine. I’ve decided to call upon my 2019 vintage Lenovo X390 Yoga to fill that role. As the X390 Yoga replaces X220 Tablet, I’m sure I’ll be learning a lot more about this machine, even though it’s been around for 16 months or so.

More About X390 Yoga Replaces X220 Tablet

Originally, I purchased this laptop to replace my wife’s aging Ivy Bridge mini-ITX PC. I ended up going for a Dell Optiplex 7080 Micro instead. Since I bought the machine in December 2019, I’ve been using it to test the current GA version of Windows 10. Now, it’ll switch over to following the latest bleeding-edge Dev Channel releases.

Here’s how that PC is equipped:

  • 8th Generation (Whiskey Lake) i7-8565U CPU
  • 16 GB RAM (2×8 GB, soldered, DDR4 2400 MHz)
  • Intel UHD Graphics 620
  • SSDPEKKF512G8L Intel 1TB NVMe SSD
  • Intel Wireless-AC 9560 160Mhz Wi-Fi adapter
  • 13.3″ FHD (1920×1080) touchscreen
  • Fingerprint reader, Windows Hello camera
  • 2xUSB 3.1 Gen 1; 1xUSB-C; 1xUSB-C/Thunderbolt 3
  • MicroSD card slot
  • ThinkPad Pen Pro stylus included
  • Dimensions: 12.2″ x 8.6″ x 0.63″ / 310.4 x 219 x 15.95 (mm)
  • Weight: 2.85 lbs (1.29 kg)

Lenovo’s port map graphic that follows shows where everything is, on the unit’s right and left sides. It’s been a treat to work with and use.

X390 Yoga Replaces X220 Tablet.portmap
X390 Yoga Replaces X220 Tablet.portmap (click image for full-sized view).

Backup and Restore

Any test machine has to have backup/restore capability. That’s because there’s always the chance that updates, upgrades, or fiddling about will cause trouble. That’s what beta testing is about. I’m also prone to occasional “what-ifs” that have landed my PCs in trouble. Thus, it pays to be prepared.

I’ve got a speedy SATA-III SSD (Sabrent enclosure, Samsung EVO 500 nominal/465 GB actual) plugged into the USB-A port for backup. It takes about 6.5 minutes to do a complete image backup of the boot/system (and only current) drive. I’ll need to pop for a microSD card for this machine, now that’s it’s moving into a more active test role. I’ve also got a Macrium Reflect bootable Rescue Media USB Flash device ready to run restore as and when I need it.

How I Work with Test Machines

I don’t work directly on my test PCs, unless there’s some activity or utility that won’t work remotely. Frankly, I use RDP from my primary desktop for most interactions. That’s because I can do everything from my comfortable desk chair working on 2 Dell 2717 monitors. Almost everything works well that way. And if I do need to access the X390, I need only rotate my office chair to the left to access the unit. It’s situated atop a rolling file cabinet right next to my desktop case.

As time goes by, I’ll be writing about this nifty little laptop more and more in dealing with Windows 10 Dev Channel releases and related topics. Keep an eye out, and you’ll soon see evidence to support this prediction. Cheers!

Facebooklinkedin
Facebooklinkedin

Old PC Shows Interesting Update Behaviors

I’m still running my 2012 vintage Lenovo X220 Tablet. It’s so old, it’s got an Ivy Bridge CPU (i7-2640M). I’ve been getting signs for the past year or so that this PC is nearing obsolescence. For one thing, the Intel Management Engine always comes up in a “recovery state” which I’ve learned means the related firmware is no longer working. In the past month or so, this old PC shows interesting update behaviors. That means it often hangs during update downloads at 0% complete, especially for Windows Defender Security Intelligence updates. Take a look at the lead-in graphic to see what I mean (reproduced below so you can click on it to see all the details).

Old PC Shows Interesting Update Behaviors
Old PC Shows Interesting Update Behaviors

Click on image for full-sized view.

What Old PC Shows Interesting Update Behaviors Truly Means

Simply put, Windows Update isn’t working reliably on this PC any more. This has persisted across the last half-dozen or so Dev Channel upgrades. The only way to break the logjam seems to be to bring an old tool into the mix — namely, the Windows Update Management Tool (aka WUMT).

If you look at the lines from that application dated June 2 in the lead-in graphic, you’ll get an idea of what’s going on. Notice, the third line from the top shows Defender update failed from MoUpdateOrchestrator. That’s the native service inside WU that coordinates automatic updates. Next, WUMT itself fails (because I actually launched it AFTER firing off a manual update scan in Windows Security’s Virus & Threat protection). That shows up as Windows Defender under “Applications ID” in the top item, and is the one that succeeded.

What Makes This Update Behavior Interesting?

As you can see in the update history, none of the update agents (apps) always succeeds. Sometimes, MoUpdateOrchestrator (WU itself) works. Ditto for Windows Defender and WUMT. I keep using WUMT, though, because it seems to break the 0% download logjam pretty reliably (even if it doesn’t always end doing the download itself, as the lead-in graphic shows).

I am getting a strong sense that the X220 Tablet is nearing the end of its useful life. That’s because I’m deliberately using it to push the envelope to see how well aging hardware copes with Dev Channel Insider Preview builds. When it becomes more work to troubleshoot and get upgraded, I’ll give this machine to my friends at ReGlue and promote one of my two 2018 vintage Lenovo X380 Yoga PCs into that role. If the X220 Tablet is any indication, they should be good for at least another 6 years or so!

Facebooklinkedin
Facebooklinkedin

Build 19041/2/3.1023 Brings News & Interests Mainstream

Normally, many people steer clear of late-in-the month Windows update offerings. That goes double for KB5003214, which is a non-security CU (cumulative update) Preview update. Please let me suggest a reason to over-ride such natural and eminently sensible hesitation. This update brings the News & Interests taskbar/notification area mainstream into current Windows 10 versions 2004, 20H2 and 21H1.

This morning, after installing KB5003214 on my production PC, I had the pleasure of seeing the News & Interests “bug” show up at the right-hand side of the taskbar, like this:

Build 19041/2/3.1023 Brings News & Interests Mainstream.bug

It may not look like much, but you can expand it by clicking, and it’s been a long time coming.

If Build 19041/2/3.1023 Brings News & Interests Mainstream, Install It!

Personally, I’d  been on the B side of Microsoft’s protracted A/B testing for this feature on Dev Channel and other Insider Preview builds. Thus, I couldn’t wait to see it go mainstream. It’s popping up on production desktops at Chez Tittel right now like mushrooms after the rain. (FWIW, we’ve had plenty of rain around here lately, too!)

If you look to the bottom of this screencap from the KB5003214 release notes header, check the first highlight. It proclaims “News and interests on the taskbar is now available to anyone who installs this update!” Need I say more? Surely, that’s worth jump-starting normal practices and installing a preview CU to see.

Build 19041/2/3.1023 Brings News & Interests Mainstream.proclamation

Jump to the bottom for the News and Interests proclamation.

You tell me: is this a compelling reason to jump the gun, or not? I can only say I found it compelling. You’ll have to decide for yourself whether or not you want to download and install KB5003214, or wait for next month’s Patch Tuesday CU and get it then instead.

 

Facebooklinkedin
Facebooklinkedin

Is Forcing Win10 Upgrades Good?

After my amazing experience in forcibly upgrading the Lenovo X12 hybrid tablet yesterday I’m pondering upgrade strategies. Indeed, 2004 and 20H2 Windows 10 PCs are in line for the 21H1 upgrade. But Microsoft’s criteria for offering that upgrade — and thus also, its timing — are unclear. Hence my question: “Is forcing Win10 upgrades good?” As is the case with most good questions, the answer starts with a predictable phrase: “That depends…”

Answering “Is Forcing Win10 Upgrades Good?”

I got to 21H1 on the X12 by downloading a self-installing upgrade file (.MSU) from a link at TenForums.com. Here’s what that info looks like on that page (links are not live, and you’ll soon understand why):

Is Forcing Win10 Upgrades Good? Catalog Links

These catalog downloads no longer show up when you search the catalog, but they’re still live.
[Click image for full-sized view.]

Those links do work (I’ve checked) and they come from download.microsoft.com, which is indeed the Update Catalog’s home. But a search on KB5000736 comes up dry. So MS is not offering this enablement package directly from the catalog anymore. That does suggest that the answer to this article’s main question is “If it works, then it’s good; if not, then it’s not.”

Expect the Best, But Prepare for the Worst

Because MS isn’t providing the enablement package directly as a catalog download, that means MS wants you to wait for Windows Update to make the offer. If you choose (as I did) to skip the wait and grab the enablement package from an alternate source (ditto), you should follow the sub-title’s advice. That is, I’d recommend making an image backup before applying the MSU file. Then, if the upgrade fails, you can boot to repair/recovery media and replace the current, suspect image with a current, known good working replacement.

The ISO files for 21H1 are also available. The great appeal of the enablement package is that it’s blazing fast. If you do the ISO route, you’ll run setup.exe from its root folder and it will be a typical upgrade. The experience takes at least 15 minutes to complete, and leaves the Windows.old folder hierarchy around so you can roll back to 20H2 or 2004 as you might like. In that way, it may be “safer” than forcing the enablement package onto a PC. That’s because recovery from failure will be automatic, and you can even elect to roll back up to 10 days afterward if you decide you don’t like where 21H2 takes your PC.

Same Question, Different Answer

Another way to ponder the question “Is Forcing Win10 Upgrades Good?” is to try it, and see what happens. If it works, then yes. If it doesn’t, not only is the answer no, but your subsequent experience will depend on whether or not your pre-planning includes a recovery path. If it doesn’t the answer is “No, and it’s a PITA;” if it does, the answer is “No, but it didn’t take too long or hurt too much.”

And that, dear readers, is the way things sometimes go here in Windows World. it also explains why I still haven’t forced the enablement package onto my production PC just yet. I’m still thinking…

Facebooklinkedin
Facebooklinkedin

Stunning ThinkPad X12 21H1 Upgrade

OK, then. I’ve got an eval unit of the sturdy, stellar little Lenovo X12 hybrid tablet PC here in the office. I just had a simply stunning ThinkPad X12 21H1 upgrade experience. I swear to tell the whole truth and nothing but. I copied the self-installing upgrade (.MSU) file over from my production PC, and the whole thing ran to completion in under a minute. Maybe under 40 seconds. It was FAST!

Wow! Truly Stunning ThinkPad X12 21H1 Upgrade

Given that this PC is probably less than two months old, I’d wondered why MS hadn’t offered the 21H1 enablement package automatically. So I decided to push my luck, and use the self-installing upgrade file on that machine instead.

That file comes burdened with this incredibly long name:

windows10.0-kb5000736-x64_880844224a175033802b3d7a1f40ec304c0548dd.msu

A real mouthful, eh? But after right-clicking the name, and selecting Open from the resulting pop-up menu, the results proceeded to astonish and delight. It took less than 10 seconds to install, got to the reboot less than 10 seconds after that, and took less than 20 seconds to get to the desktop once the boot sequence got underway.

I’ve never seen anything like it before. Sure, enablement packages are meant to short-circuit the upgrade process, and speed it through to completion. But gosh, this is ridiculous! I’m pretty sure the whole thing took less than a minute, and perhaps under 40 seconds to complete and let me run the winver command that produced the lead-in graphic for this story. So far, this eclipses any enablement package I’ve ever installed by at least a binary (if not decimal) order of magnitude.

I’ve been dealing with enablement packages for Windows 10 since the 1909 version came out in September, 2019. I’ve never seen anything like this before. Frankly, given that WU didn’t offer the enablement package to the X12 on its own, I was more than a little apprehensive about the resulting outcome. I shouldn’t have worried: it’s amazing!

Facebooklinkedin
Facebooklinkedin

SetupDiag Illuminates Updates Too

About three months ago I wrote about the Microsoft SetupDiag.exe tool. In that February 17 post, I explained how it provides info about upgrade errors and gotchas. Although the Microsoft Docs article doesn’t really say so, SetupDiag Illuminates Updates too. That is: you can use it to gather information and intelligence about update errors, failures, and so forth. Because those occur more frequently than upgrades, this capability is perhaps even more valuable.

If SetupDiag Illuminates Updates Too, Then What?

A failed Windows Upgrade leaves a copy of SetupDiag.exe behind, in the $Windows.~BT/Sources folder. Windows Update does no such thing. Thus, would-be investigators should bookmark this link, from whence the latest and greatest version may always be downloaded:

Download SetupDiag

Once you have this tool in hand, open an administrative Command Prompt or PowerShell session, then enter its full path specification. I found one in the Windows.old folder hierarchy on a recently-upgraded Dev Channel test PC, and it produced the following (partial) output:

SetupDiag Illuminates Updates Too.output-example

Run a local copy of the program if you’ve got one, though it’s best to download a current version instead.
[Click image for full-sized view.]

Once SetupDiag runs through all of its log searches and processing rules, it will produce a report that provides the error code and error string (aka “bug check code” and “bug check string,” respectively). This is usually enough information to lead affected users to possible solutions. Just today, in fact, I read a story about update failures for the May 11 KB5003173 that used such data to diagnose possible issues with manual Microsoft Edge removals. It seems that leaving old directories behind will stymie the update. See this Windows Latest story for details.

The Consummation You Should Seek

Be it upgrade or update, you’ll eventually want SetupDiag to show you something like this to indicate a successful outcome:

Once you’ve finished troubleshooting, and fixed things, SetupDiag should tell you something like this.
[Click image for full-sized view.]

Cheers!

Facebooklinkedin
Facebooklinkedin

KB5003173 Brings Critical Security Updates

This month’s “Patch Tuesday” fell on  May 11. Windows versions 20H2 and 21H1 went to Build Numbers 19041/42.985. The delivery vehicle KB5003173 brings critical security updates to users, including fixes for three zero-day attacks labeled “critical:”

  • CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability. Affects Visual Studio 2019 version 16.0-16.9, .NET 5.0 and .NET Core 3.1 (reported straight from MS).
  • CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability. A Microsoft Exchange vulnerability previously used in the 2021 Pwn2Own hacking challenge, attributable to either Devcore or Team Viettel.
  • CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability (affects Microsoft’s Neural Network Intelligence (NNI) toolkit, and comes courtesy of Abhiram V/Resec System via Github.

Experts Urge Installing KB5003173 Brings Critical Security Updates

Most discussion of the new CU from security experts strongly recommends installing this update (see, for example, this BleepingComputer item). In addition to the 3 critical items already cited, this update fixes 55 vulnerabilities overall, one more of which is also labeled “critical”. 50 are designated “important” and one “Moderate.” To most people in the know, this makes the update worth installing, even though the three afore-mentioned vulnerabilities are not yet known to be exploited in the wild.

What Else Ya Got?

In the KB overview info, MS specifically calls out the following highlights (quoted verbatim from that source):

  • Updates to improve security when Windows performs basic operations.
  • ~Updates to improve Windows OLE (compound documents) security.
  • Updates security for Bluetooth drivers.

That document also mentions security updates to the Windows App Platform and Frameworks, the Windows Kernel, Windows Media, the Microsoft Scripting Engine, and the Windows Silicon Platform. A little bit of everything, in other words. For further details on all 55 items covered in this update, check the May entries in the Security Update Guide from MS.

I concur with the experts: this update is worth installing. Check it out, and make the call for yourself. For the record, I had no trouble with it on any of the half-dozen machines eligible for the update. No issues during install, and nothing noticeable afterwards. So far, anyway…

 

 

Facebooklinkedin
Facebooklinkedin