We have recently identified an issue with the August 13, 2019—KB4512508 (OS Build 18362.295) in Windows 10 Pro 64-bit systems. The update will leave some systems in a failed state with a BSOD telling the end user that their PC ran into a problem. We find no correlation to the identified issues already reported by Microsoft so we have made them aware of this and will be holding back this security update for now for all of our Managed clients.
Administrators who manage Windows updates should know about a change Microsoft has made to how patches will be handled starting with the May 2019/1903 update. The change is connected to work Microsoft is doing underpinnings to the Microsoft update systems infrastructure.
I first learned about this change thanks to Configuration Manager architect Bryan Dam who runs the damgoodadmin.com site. Microsoft blogged about the change late in the day on May 23, a couple of days after Windows 10 1903 and Server 1903 began rolling out.
Those using System Center Configuration Manager or Windows Server Update Services (WSUS) to patch their systems need to make a one-time change to the settings around getting updates and patches for Windows 10 1903 and Server 1903 or later, as Microsoft noted in its blog post today.
Admins/users need to manually configure the settings for 1903 in ConfigMan and WSUS, according to Microsoft, because of work it’s doing around the Unified Update Platform (UUP). From Microsoft’s post:
“With Windows 10, version 1903, we are introducing new product categories to enable future support for the Unified Update Platform (UUP) for on-premises management solutions, which provides improved delivery technologies for Windows updates. A configuration change is, therefore, required for environments running the latest public release of Configuration Manager, as well as for environments using WSUS (without Configuration Manager) for updates. (Note: UUP for on-premises management solutions is not yet available. We will have future news regarding UUP, including a public preview, at a later date.)”
In order to deploy updates to Windows 10 1903 or Server 1903, Configuration Manager version 1902 or later is required, Microsoft’s post notes. Admins will not have to select a new option each time a feature update is released for Windows 10, Server and/or Configuration Manager; Microsoft officials said they plan to automatically add this new catory to software update synchronization and existing automatic deployment rules as of the next version of Configuration Manager.
Updates for Windows 10 1903 and Windows Server 1903 — and their future follow-ons — are being released under new version-specific product categories, as Dam explained in a May 22 blog post. And those using Configuration Manager or WSUS need to know this so they can manually change required settings.
The Windows 10 1903 and Server 1903 feature updates were both published under the existing Windows 10 product category. But starting with the first updates for these feature updates, the product categories change to version-specific.
As Dam noted in his own blog post this week, if admins don’t make these changes manually this time around, “the OS updates for the 1903 versions may not sync/apply/deploy/whatever if the technology you use to apply updates filters by the product category in any way.”
His advice: “Every ConfigMgr or WSUS administrator on the planet will need to manually enable these new categories if they plan to deploy updates for them,” Dam said.
There’s not a lot of published information that I could find about UUP. But here is one story from last year’s Ignite conference about UUP, which said UUP is meant to enable companies to use servicing instead of “media-based” technologies for feature updates. As of Ignite last fall, Microsoft was saying UUP would be in public preview for WSUS and ConfigMan customers before year end. UUP is already the default for customers using Windows Update, the story said.
Traditionally, Microsoft would use the release of a new operating system to bump the minimum hardware requirements that the software needs. With Windows 10 being the “last” version of Windows, Microsoft is using the major updates to bump specs. The May 2019 update, version 1903, takes the opportunity to do just this.
Previously, 32-bit Windows had a minimum storage requirement of 16GB, and 64-bit Windows needed 20GB. Both of these were extremely tight, leaving little breathing room for actual software, but technically this was enough space for everything to work. That minimum has now been bumped up: it’s 32GB for both 32- and 64-bit versions of Windows.
Part of this growth may be due to a new behavior that Microsoft is introducing with version 1903. To ensure that future updates install without difficulty, 7GB of disk space are permanently reserved for the install process. While this will avoid out-of-disk errors when updating, it represents a substantial reduction in usable space on these low-storage systems.
If your system can’t be upgraded, it’ll be stuck with version 1809 for the remainder of its supported life; that’s currently set to expire on May 12 2020 for Home, Pro, and Pro for Workstations editions, and May 11, 2021 for Enterprise and Education editions. Version 1809 also has a long-term servicing channel counterpart, which will receive bug fixes and security updates until January 9, 2024 and security fixes until January 9, 2029. It would be nice if Microsoft offered these fixes to hardware that’s left abandoned by a feature update, but we wouldn’t hold our breath.
The new disk requirements also don’t apply to the Windows 10 IoT edition. This version should have a smaller disk footprint in general, so should have more breathing room for future updates. There’s also no change for Windows Server’s hardware requirements; that version of Windows already required a minimum of 32GB disk space.
The last major Windows update broke some systems with particular antivirus software installed, and it’s seemingly getting worse.
Earlier this week we reported that Microsoft halted updates to Windows PCs running Sophos and Avast’s security solutions, following user complaints that their machines were locking up or failing to boot. Since then, the list of known issues for the rogue update was itself updated to acknowledge compatibility issues with Avira and ArcaBit antivirus installed, with Microsoft temporarily blocking updates to those affected systems, too. Today, Ars Technica noticed that Microsoft is investigating compatibility issues for systems with McAfee antivirus installed, though it hasn’t started blocking the April 9 update from those PCs just yet.
Windows 7 and 8.1 computers can fall prey to the bug, along with some Windows Server installations. Windows 10 PCs don’t appear to be affected.
THE BEST OVERALL ANTIVIRUS SUITE
Affected computers either freeze outright or start acting abominably slow when you attempt to log into Windows. You can skirt the issue by booting into Safe Mode, disabling your antivirus, and rebooting your system normally.
If you need to do that, get your PC’s guard back up by activating Windows Defender in Windows 8.1, or downloading Microsoft Security Essentials for Windows 7. Both provide free real-time security for your computer. Alternatively, you could buy an antivirus solution from an unaffected vendor.
Some of the affected antivirus vendors have already posted workarounds or updates for the problem. Microsoft’s issue tracker for the borked update includes links to the support pages created by AV vendors about this issue.
As Ars Technica notes, the support pages from Avast and McAfee hint that the problem stems from changes made to the way Windows handles its Client Server Runtime Subsystem (CSRSS). Microsoft’s tinkering with core system components have recently caused other headaches with software that sinks deep hooks into your operating system. Windows Insider preview builds for the next major Windows 10 update, releasing in late May, suffered from “Green Screens of Death” if you ran a game with built-in anti-cheat software. Microsoft has been working with anti-cheat software vendors like BattlEye to correct the issue before the May 2019 Update’s final release.