[German]In this blog post I summarize some security information that has come to my attention in the last few hours. These are topics, for which I do not want to publish separate individual contributions in the blog. It is about a critical RCE bug in the Linux OpenBSD SMTP server. And there are details about the Exchange exploit CVE-2020-0688, which was patched recently.

Linux: Critical RCE bug in OpenBSD SMTP server

Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server (which has been in existence since 2015). An attacker could remotely exploit it to execute shell commands as root on the underlying operating system.

Qualys discloses new OpenSMTPD bug (CVE-2020-8794) exploit included: https://t.co/O3Sk8NN6Dy

The previous one was they disclosed in January was exploited in the wild https://t.co/y53tH1kmklhttps://t.co/NN2wsHJZQYhttps://t.co/kV3sn36kfZ

— Catalin Cimpanu (@campuscodi) February 25, 2020

Qualsys has described the vulnerability in this article in plain language. Bleeping Computer has also published an article, which is a bit more readable, with details:  

New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros – by @Ionut_Ilascuhttps://t.co/rzfy1WElPU

— BleepingComputer (@BleepinComputer) February 25, 2020

OpenSMTPD is available on many Unix-based systems, including FreeBSD, NetBSD, macOS, Linux (Alpine, Arch, Debian, Fedora, CentOS).

Details about the Exchange exploit CVE-2020-0688

The Zero-Day Initiative has released details on the exploitation of the recently patched Microsoft Exchange vulnerability CVE-2020-0688.

Want to know how to exploit the recently patched #Microsoft #Exchange CVE-2020-0688? @hexkitchen provides the details on how to take advantage of the fixed cryptographic keys used during installation. https://t.co/N7fds4do5s

— Zero Day Initiative (@thezdi) February 25, 2020

But it’s only of interest to people who deal with such vulnerabilities. The rest simply patch their Exchange servers (see this Microsoft page).

[German]The Chromium Edge browser from Microsoft has been given a way to block Potentially Unwanted Software (PUP) during download.

I came across this information via this tweet a few hours ago, which Microsoft explains here.

Microsoft uses specific categories and definitions to classify software as a PUA. Learn more: https://t.co/rmbuD4Aq13

— Microsoft Security Intelligence (@MsftSecIntel) February 28, 2020

Windows users suffer from the effect that when downloading, unwanted additional software often comes with the actually desired program in the package and is then installed with the application. For example, Adobe tries to smuggle in McAfee software when downloading the Flash Player. The following figure is taken from the article Adobe Flash Player 32.0.0.330 released where I point out the by-catch.

As a user you have to take care that the optional offers (e.g. often McAfee Security Scan Plus and True Key from Intel at Adobe) are not installed. In the figure above, the corresponding checkboxes must be unchecked before downloading. The supplier of the software receives a share from the company whose software is included in the download. Because nobody wants such software, it is classified as potentially unwanted.

The Edge blocks the download

Microsoft is aware of this problem. Potentially unwanted applications can affect user productivity. Users’ computers are often slowed down or even damaged (if optimizers are included). Examples of PUA (Potentially Unwanted Applications) are software that displays additional advertisements, Crypto-Miner, applications that display offers for other software, and generally applications that have a bad reputation in the antivirus industry.

In the new Microsoft Edge (starting with 80.0.338.0), Microsoft has introduced a new feature to prevent downloads that may contain potentially unwanted applications (PUA). Then the download of these applications is blocked. This feature is off by default, but can be turned on in three easy steps:

1. Tap on the three dots in the upper right corner of the Edge window …  in the upper right corner of the Edge window and select Settings.

2. In the left column of the Burger Menu Settings, use the three dashes to select Privacy and Services.

3. Scroll down to Services and then turn on the Block Potentially Unwanted Applications feature.

(Source: Microsoft)

When downloading, the download of such applications can then be blocked. This task is performed by the Microsoft Defender SmartScreen, which must be activated for PUA blocking.

[German]Microsoft has issued on February 28, 2020, security advisory notification ADV190023 with revised guidance on LDAP Channel Binding and LDAP Signing for Active Directory Domain Controllers.

***************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 28, 2020
***************************************************************
Security Advisories Released or Updated on February 28, 2020
==================================================

* Microsoft Security Advisory ADV190023

– ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
– Reason for Revision: The following revisions have been made: 1. Clarified the
   actions customers need to take to harden the configurations for LDAP channel
   binding and LDAP signing on Active Directory Domain Controllers. 2. In the
   References section, added a link to KB4546509 
– Frequently asked questions about changes to Lightweight Directory Access Protocol.
   3. Updated the FAQ section to direct customers to KB4546509.
– Originally posted: August 13, 2019
– Updated: February 28, 2020
– Version: 1.4

On Twitter, Nate Warfield (@n0x08) has posted the following tweet with hints and links on the topic.

We just updated our LDAP Channel Binding/LDAP Signing advisory, KB & FAQ documents.

Advisory: https://t.co/6zsrfUKwS0
KB: https://t.co/UPAXKK9Bpj
FAQ: https://t.co/AYzKSqKrjh

cc: @GossiTheDog

— Nate Warfield (@n0x08) February 28, 2020

[German]Today a small collection of interesting topics for administrators in a Windows environment. Tools for deployment, PowerShell stories and so on. Sunday reading for admins, so to speak.

12 Tools from ConfigMas

ConfigMas combines the words Config and Christmas. Already on December 19, 2019 Paul Winstanley presented twelve tools in this blog post that can be helpful for admins. It is a list of super cool tools developed by MVPs, and leading industry experts.

Nice! The 12 Tools of ConfigMas – Adaptiva Insights https://t.co/0rJVmvYzKp

— Thorsten E. (@endi24) February 29, 2020

Thorsten E. posted the above reference to this page yesterday. Maybe you can use one or the other from the list.

PowerShell script for server quality check

Sombody has written a collection of PowerShell scripts to ensure consistent and reliable build quality and configuration for his Windows Server installations.

QA-Checks-v4: PowerShell scripts to ensure consistent and reliable build quality and configuration for your servers https://t.co/iljZVE7T7z

— Thorsten E. (@endi24) February 29, 2020

The QA audits arose from the need to verify the setup of new Windows servers for different customers and their different environments. All new Windows Server builds are usually created using a custom gold image template, Thorsten writes on GitHub. However, this image still lacks many of the additional tools and configuration settings that are required before it can be included in support.

PSDeploy: Simplified PowerShell deployment

Most of these additional tools and configurations should be installed/performed automatically. However, checks are still required to ensure that each customer or environment gets its specific settings. The tools for different versions of Windows Server are available for this purpose. Supported are Windows Server 2008 R1/R2 (PowerShell 4 must be installed, Windows Server 2012 R1/R2 and Windows Server 2016.

#PSDeploy : Simplified #PowerShell Based Deployments – Rambling Cookie Monster ⁦@psCookieMonster⁩ https://t.co/Bfcc8AWgoi

— Thorsten E. (@endi24) February 29, 2020

Thorsten E. addressed this quite interesting solution in the above twee. An IT professional has dealt with the question of version control for servers. Details can be found in the linked article.

Features in Config-Manager TP Version 2002.2

There is a technical preview of the Configuration Manager version 2002.2. Panu Saukko points out in the following tweet a change in the ConfigMgr of the SCCM, which is now called MEMCM.

With #MEMCM TP2002.2 you don’t need to have HTTPS MP for MBAM. You just need to use HTTPS for the recovery service website. This makes MBAM implementation easier! https://t.co/WrGCyd7LcB pic.twitter.com/Chlxne2sIh

— Panu Saukko (@panusaukko) February 29, 2020

Doesn’t really mean anything to me personally right now. But I assume that it will helpful to administrators.

[German]Nice surprise for people living in London (GB). There are taxis driving around with advertisements on the roof. The display boards are controlled by Windows – and there are nice Blue Screens of Dead, with which the taxis advertise the product from Redmond.

Windows is everywhere in daily life, from the desktop to the refrigerator to the cash or ticket machine. Even Windows for cars is already being considered – and sneering tongues sometimes think that you have to do a quick update and defragment the starter before starting your journey. I would never say something like that – it all works. And the days when we saw photos of big screens that were forced to be updated to Windows 10 are also passé since summer 2016.

London’s black Cabs and the BlueScreens

I came across this article on The Register yesterday about this issue. On London’s streets you can probably see black taxis with an attachment on the roof to display advertising. The advertisements are dynamically fed in from a Windows computer. 

Blue Screen of Death #BSOD on a London cab. Welcome to 1998 and 2018 at the same time! pic.twitter.com/T1ZU9nxEpj

— Stephen Gillett (@stephengillett) June 14, 2018

And if the Windows computer has hiccups, it just happens to have a BlueScreen of Dead ‘on the go’. Doesn’t seem to be that rare, because the above tweet is from summer 2018 and shows a taxi with this BSOD on the roof.

Lol #bsod black cab of death . New windows advert on London black cab pic.twitter.com/NEWyGobjDa

— ₮ꗞꕯて ⠄⠵ ҉ (@yiannistox) March 1, 2017

Also I found a tweet from 2017, which shows a black taxi with BSOD. And now it happened again, as the following tweet indicates, which refers to the article by The Register.

May we present the BSOD on Wheels

Bork!Bork!Bork! Welcome to another instalment in The Register’s irregular look at tech behaving badly in public. Today we present Bork on Wheels. https://t.co/VNnwhInJOS

— worldtechvalley (@worldtechvalley) February 28, 2020

It seems, the taxi has a redundant backup system, because it is still driving. Only the GUI for the display is down – an IRQ_NOT_LESS_OR_EQAL is just the way it is. Does the taxi driver have to reboot, refresh the drivers or reinstall his system backup? If there is one thing you can rely on with Windows, it is that something is not working. Just beep.

On March 4, 2020, Microsoft released PowerShell version 7.0.0 with some new features. On GitHub, Microsoft lists the changes in the release notes. On the GitHub page, you can also download it for different platforms (Linux, macOS, Windows).

[German]Today a blog post about CCleaner. There is an update to version v5.64.7613, that has been released on March 3, 2020. Here are a few details about this free software for Windows.

I didn’t noticed that, but blog reader EP has left a comment about this software update recently (thanks).

A few words about CCleaner

CCleaner is a free tool to clean up Windows – Wikipedia writes here about ‘optimization’. Some hints on what is ‘cleaned and optimized’ can be found at Askvg. I would quote CCleaner as a kind of snake oil (not really necessary).

(Source: Talos)

Whats new in CCleaner v5.64.7613?

Piriform writes in the Release Notes that this release includes new features, and user-focused improvements, and changes. The new version also supports now Microsoft’s new Edge Chromium browser.

Here is the list of new features, introduced in CCleaner v5.64.7613

Health Check

• Health Check brings together CCleaner’s most popular tools in a new user-friendly interface to help users to easily maintain their PC
• In just a few clicks, users of any technical ability can clean, update and disable unnecessary startup apps in one go, to save space and boost speed, privacy and security
• Health Check replaces Easy Clean, following feedback from users on how it could be enhanced

Edge Chromium & browser cleaning improvements

• Added full support for Microsoft’s new Edge Chromium browser
• Fixed a bug in Google Earth cache cleaning
• If requested, CCleaner can now disable ‘Preloading’ in old Edge (allows complete cleaning)

User-friendly improvements to installer offers

• Offers for Avast and CCleaner products are now presented in a separate step in the installer
• Offers for Avast and CCleaner products are no longer checked by default

Farewell to Windows XP & Vista (;_;)

• Version 5.64.7577 is the final planned build for Windows XP and Vista
• This version will only receive critical security updates
• Read the FAQs for further information and assistance

Other minor improvements

• Improved country embargo checks to reduce false positives
• Fixed a UI bug in Scheduling interface
• Fixed a bug where ‘OK’ button missing from some dialogue messages
• Removed Google Plus from the ‘About’ screen

The users of the free version of CCleaner need to update the tool manually. The new version of CCleaner Free can be downloaded from this website. CCleaner Professional is updated automatically. CCleaner 5.6x is available for Windows 7, 8.1, and Windows 10.

I generally advise against using the tool. Actually these ‘cleanups’ are superfluous – Windows can do a lot too. In addition, there is always the danger that something will break. Piriform and CCleaner have also attracted attention in the past through a series of unpleasant stories. You can read the details in the following linked articles. So nobody can claim that I didn’t warn.

Addendum: German blog reader Tom mentioned here, that the 32/64 bit executables  from CCleaner v5.64.7613 cant be blocked in a firewall. If blocked, the program won’t work anymore. Indicated, that CCleaner phones home.

Similar articles
CCleaner has been infected with malware
CCleaner comes mit AVAST PUP
CCleaner forces update from v5.38 to v5.46
AVAST CCleaner 5.45 and the telemetry thing
CCleaner 5.45 pulled and other peculiarities
CCleaner V 5.46 with improved data settings
CCleaner forces update from v5.38 to v5.46
CCleaner v5.52.6967 released
Update to CCleaner 5.59.7230 installs CCleaner Browser PUP
CCleaner v5.60.7307 released

[German]We already have March 2020, and Windows 7 has already fallen out of support in January. So it is time to take a look at the current market share of desktop operating systems as of late February 2020.

Windows dominates the desktop

Looking at the latest figures from netmarketshare.com (up to February 2020), Windows still runs on 88.20% (Jan. 2020: 88.14%) of desktop systems. Mac OS runs 9.42% (Jan. 2020: 9.74%), while Linux runs 1.82% (Jan. 1.4%) of systems. So there is virtually no real change in market share, Windows dominates the desktop and even won slightly.

(Operating system desktop 2-2020, Source: netmarketshare.com)

Desktop versions at a glance

In the analysis of the operating system share by version, the NetMarketShare website reports the following figures for the end of February 2020:

• Windows 10 comes to 57.39% (previous month 57.08%),
• Windows 7 is at 25.20% (previous month 25.56%),
• Windows 8.1 still comes in at 3.48% (previous month 3.38%),
• and macOS 10.14 comes to 2.77 % (previous month 3.12 %).

So Windows 10 could increase slightly compared to January 2020, the end of support for Windows 7 in January 2020 has shown its effect. However, Windows 7 has hardly lost any market share, but still runs on every fourth desktop system.

(Operating system shares Windows 2-2020, source: netmarketshare.com)

Somewhat astonished me the decline in macOS, which is already the 2nd month in a row – but this may be due to statistical fluctuations. With 1.36% (average value over 12 months) Linux does not actually appear in the above chart. But what you can also state: The change from Windows 7 to Windows 10 did not take place in February 2020 either. People are sticking with the operating systems currently in use.

Browser share on the desktop

Also this month I would like to take a look at the browser distribution on the desktop, because in January 2020 the Chromium Edge was introduced as an innovation. Among the browsers on desktops, Google Chrome is the undisputed leader with 67.27%, followed by Firefox (7.57%). The new Chromium Edge jumps to 7.39% (previous month 7.09%) and Internet Explorer comes in at 6.11% (previous month 6.24%). There are hardly any changes to the previous month.

[German]On March 10, 2020, Microsoft released security updates for Windows clients and servers, for Office, Internet Explorer, etc. Here is a compact overview of these updates.

A list of the updates can be found on this Microsoft page. Details about the update packages for Windows, Office etc. are available in separate blog posts.

Servicing Stack Updates

Microsoft now publishes an overview of all current Servicing Stack Updates (SSUs). The list of SSUs can be found at ADV990001 (but is not always up to date).

Notes on the updates

All Windows 10 updates are cumulative. The monthly patchday update includes all security fixes for Windows 10 and all non-security related fixes until the patchday. In addition to the security patches for the vulnerabilities, the updates contain defense-in-depth updates to improve security.

Windows 7 SP1 has been out of support since January 2020. Only customers with an ESU license (or bypass measures) will still receive updates. Updates can also be downloaded from the Microsoft Update Catalog. The updates for Windows RT 8.1 and Microsoft Office RT are only available through Windows Update.

Information about the support period for Windows 10 can be found in the Windows Lifecycle Facts Sheet. The observation described within the blog post Does Windows 10 V1803 Home/Pro still get updates? won’t work in March 2020. Blog reader EP has tested it and confirmed it in this comment. KB4540689 for Windows 10 version 1803 can only be installed in Enterprise and Enterprise Education, not in Home and Pro.

The March 2020 security updates cover 115 partially massive vulnerabilities in Microsoft products. 26 fixes are listed as critical, 88 as important and one as moderate. A list of all security updates can be found on the Zero Day Initiative blog. Talos has also published a summary here (details will be covered separately in blog posts).

Critical Security Updates

Internet Explorer 11
ChakraCore
Microsoft Edge (EdgeHTML-based)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office Online Server
Microsoft Office 2016 for Mac
Microsoft SharePoint Server 2019
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Dynamics 365 Business Central 2019 Spring Update
Microsoft Dynamics 365 BC On Premise
Microsoft Dynamics NAV 2013
Microsoft Dynamics NAV 2015
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2018

Important Security Updates

Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
Azure DevOps Server 2019 Update 1
Azure DevOps Server 2019 Update 1.1
Azure DevOps Server 2019.0.1
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 – 15.8)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 – 16.3)
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2018 Update 3.2
Microsoft Exchange Server 2016 Cumulative Update 14
Microsoft Exchange Server 2016 Cumulative Update 15
Microsoft Exchange Server 2019 Cumulative Update 3
Microsoft Exchange Server 2019 Cumulative Update 4
Application Inspector
Windows Defender antimalware platform

Moderate Security Updates

Internet Explorer 9

Similar articles:
Microsoft Office Patchday (March 2, 2020)
Microsoft Security Update Summary (March 10 2020)
Patchday: Updates für Windows 7/8.1/Server (March 10 2020)
Patchday Windows 10-Updates (March 10, 2020)

[German]There is a serious but unpatched vulnerability in the SMBv3 network protocol in Windows. This could allow the spread of worms, but is not currently exploited. Microsoft provided the information in a security advisory yesterday.

I received the first notification from Microsoft in the form of a security advisory ADV200005:

Security Advisories Released or Updated on March 10, 2020
=============================================
* Microsoft Security Advisory ADV200005

– ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression
– Reason for Revision: Information published.
– Originally posted: March 10, 2020
– Updated: N/A
– Version 1.0

Details about CVE-2020-0796

Microsoft’s implementation of the SMBv3 protocol contains a vulnerability (CVE-2020-0796) in the handling of compression. This vulnerability allows a remote attacker to execute arbitrary code on a vulnerable system without the need to authenticate. This is the ‘wormable’ scenario, which allows malware to spread over a network. This was found by Tenable and reported to Microsoft. Tenable refers to the vulnerability as EternalDarkness. According to Tenable the following Windows versions are affected:

• Windows Server Version 1903 (Server Core Installation)
• Windows Server Version 1909 (Server Core Installation)
• Windows 10 Version 1903 for 32-bit Systems
• Windows 10 Version 1903 for ARM64-based Systems
• Windows 10 Version 1903 for x64-based Systems
• Windows 10 Version 1909 for 32-bit Systems
• Windows 10 Version 1909 for ARM64-based Systems
• Windows 10 Version 1909 for x64-based Systems

This affects the implementation of Microsoft Server Message Block 3.1.1 (SMBv3). Microsoft writes that they are aware of the remote code execution vulnerability. The vulnerability is in how the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles specific requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB server or SMB client.

To exploit the vulnerability against an SMB server, an unauthenticated attacker would have to send a specially crafted packet to a target SMBv3 server. To exploit the vulnerability against an SMB client, an unauthenticated attacker would have to configure a malicious SMBv3 server and force a user to connect to it.

No update but a workaround available

Microsoft has not yet released an update to close the SMBv3 vulnerability. Yesterday’s patchday (March 10, 2020) did not address the problem. In ADV200005, Microsoft is currently only suggesting switching off compression in the SMBv3 protocol as a workaround. To do this, open an administrative command prompt on the server and enter the following PowerShell statement:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

This command does not require a restart of the server. It should be noted, however, that this workaround does not prevent exploitation of the vulnerability on SMBv3 clients. To reverse the workaround later, type the following PowerShell statement at an administrative command prompt:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

Microsoft propose also in ADV200005 to block TCP port 445 in the firewall. his port is used to initiate a connection with the affected component. Blocking this port at the perimeter firewall (the gateway between the corporate network and the Internet) helps protect systems behind the firewall from attempts to exploit this vulnerability over the Internet. This can help protect networks from attacks originating outside the corporate network.

Similar articles:
Microsoft recommends disabling SMBv1 on Exchange
SMBv1 FAQ and Windows networks
Windows 10 Pro V1803: SMBv1 ‘special traps’
PSA: Windows 10 V1803: Update KB4284848 brings SMBv1 fix

[German]A short tip note for administrators on enterprise networks who want to verify that Windows servers are vulnerable to the unpatched SMBv3 vulnerability CVE-2020-0796. There is a Pyton script for this purpose.

The SMBv3 Vulnerability (CVE-2020-0796)

The Microsoft implementation of the SMBv3 protocol used in Windows contains a vulnerability called EternalDarkness (CVE-2020-0796) that can occur when compression is used. The following versions of Windows are affected: 

• Windows Server Version 1903 (Server Core Installation)
• Windows Server Version 1909 (Server Core Installation)
• Windows 10 Version 1903 for 32-bit Systems
• Windows 10 Version 1903 for ARM64-based Systems
• Windows 10 Version 1903 for x64-based Systems
• Windows 10 Version 1909 for 32-bit Systems
• Windows 10 Version 1909 for ARM64-based Systems
• Windows 10 Version 1909 for x64-based Systems

This affects the implementation of Microsoft Server Message Block 3.1.1 (SMBv3). This vulnerability allows a remote attacker to execute arbitrary code on a vulnerable system without the need to log on. The vulnerability is ‘wormable’, which means that it allows malware to spread over a network.

I reported this in the blog post Windows SMBv3 0-day vulnerability CVE-2020-0796. The linked article also lists measures to secure the vulnerability. That there is no patch for this bug are these workarounds to disable SMBv3 compression on the side of a Windows server. 

Check whether a server is vulnerable

Administrators may face the question of how to verify that a server is vulnerable to the SMBv3 vulnerability. I noticed this tweet on Twitter yesterday.

Scanner for CVE-2020-0796 #SMBGhost

This is not meant for research or development. Only for testing if -your- server is vulnerable. Read the README for more info.

Also, please stop calling it CoronaBlue. Disrespectful.https://t.co/IhLvAo5bOp

— ollypwn (@ollypwn) March 11, 2020

The security researcher points to this GitHub page, where there is a simple SMBv3 scanner SMBGhost that can be used to check a server for Microsoft’s SMB 3.1.1 support. The Pyton script also checks if compression is enabled. This way it can be tested whether the above mentioned workaround actually works until an update is available. Further details can be found in the Readme.

[German]On March 10, 2020, Microsoft had a patchday and the company released some security updates. First users are already reporting issues with the security updates.

I have published some blog posts about the security updates for Windows (see the link list at the end of the article). Here are some first hints about problems – if you have problems, you could add the information as comments.

Issues with temporary user profile still exists

The update KB4537821 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) for Windows 8.1 and Windows Server 2012 R2, which was released on February 11, 2020, causes some users to load a temporary user profile after installation. The cumulative update KB4532693 dated February 11, 2020, for Windows 10 versions 1903 and 1909 shows the same behavior.

I had reported about this in the blog post Windows 10: Update KB4532693 kills user data/profile. I also wrote in the blog post Windows 8.1/10: What’s the status of the user profile bug? that I expect the same trouble on the March 2020 patchday. At German site deskmodder.de user kalleboe has now confirmed exactly this issue. He had problems with the February 2020 update KB4535996 and had to uninstall the March 2020 update KB4540673 because of the same bug.

Usually, the only thing that helps here is not to install the Windows 10 Update KB4540673. And if it was installed, the update has to be uninstalled. To do this, go to the settings page and click on ‘Update and Security’- Windows Update’. There is a hyperlink to display the update history and on this page you will find a command to uninstall a selected update. After that the update installation should be suspended.

Further issues reported

Regarding the March 2020 update KB4540673, some users run into installation error 0x800f0988 (see here). I already mentioned the error in the blog post Windows 10 V190x: Issues with Update KB4535996. Also other errors like 0xCA00A000 can occur.

The current instructions for dealing with such installation errors are general: uninstall third-party antivirus solutions and reset Windows Update. The latter can be done via update troubleshooting (see this Microsoft support article). Or you can try to reset the component store for Windows Update (see Windows Update ends with error 0x800f0982 / 0x8024200d). 

German blog reader Doc WP posted this comment and reported the installation error 0x800f031. The steps to repair by in-place upgrade are described in the blog post Windows 10 V1903: Error 0x8024200D or 0x800F081F with update KB4512508.

Any of you affected by further update problems? Then you can leave a comment.

Similar articles:
Microsoft Office Patchday (March 2, 2020)
Microsoft Security Update Summary (March 10 2020)
Patchday: Updates für Windows 7/8.1/Server (March 10 2020)
Patchday Windows 10-Updates (March 10, 2020)

Windows 10: Update KB4532693 kills user data/profile
Windows 8.1: Update KB4537821 kills also user profiles
Windows 8.1/10: What’s the status of the user profile bug?

[German] Intel has issued a security advisory on March 10, 2020, in which vulnerabilities in various products and available updates are pointed out. A critical vulnerability is found in a graphics driver.

I already became aware of a fixed vulnerability in the Windows graphics driver via the tweet from Bleeping Computer.

Intel Patches High Severity Flaws in Windows Graphics Drivers – by @sergheihttps://t.co/lIqu5fz9SB

— BleepingComputer (@BleepinComputer) March 11, 2020

Below is an excerpt from the list of Intel products affected by vulnerabilities for which Intel has published security advisories.

• INTEL-SA-00354: Intel® Smart Sound Technology Advisory, Security-Index 8.6
• INTEL-SA-00315: Intel® Graphics Driver Advisory, Security-Index 8.4
• INTEL-SA-00352: BlueZ Advisory, Security-Index 8.3
• INTEL-SA-00343: Intel® NUC Firmware Advisory, Security-Index 7.8
• INTEL-SA-00349: Intel® MAX® 10 FPGA Advisory, Security-Index  6.1
• INTEL-SA-00319: Intel® FPGA Programmable Acceleration Card N3000 Advisory, Security-Index 6
• INTEL-SA-00330: Snoop Assisted L1D Sampling Advisory, Security-Index 5.6
• INTEL-SA-00334: Intel® Processors Load Value Injection Advisory, Security-Index 5.6
• INTEL-SA-00326: Intel® Optane DC Persistent Memory Module Management Software Advisory, Security-Index 4.4

Concerning  INTEL-SA-00334, “Intel® Processor Load Value Injection” (LVI), Intel is aware of reports about this (see the blog post New LVI LFB vulnerability discovered in Intel CPUs. Due to the many complex requirements that must be met to successfully perform the LVI method, Intel believes that LVI poses virtually no risk in real-world environments where the operating system and VMM are trusted. New guidelines and mitigation tools for LVI are now available. Details can be found in the linked articles.

[German]Microsoft has probably discontinued the Remote Desktop Connection Manager (RDCMan). The app has been removed from the Microsoft download area.

The free Remote Desktop Connection Manager (RDCMan) has been available for Windows for a while now. But in this article somebody already asks in 2018 if RDCMan is slowly becoming outdated.

Microsoft discontinues RDCMan app following security bug

– App was used for RDP access
– Microsoft tells users to use MSTSC or RDWin
– RDCMan is vulnerable to CVE-2020-0765 (opening malicious RDG files lets attackers retrieve files from your system)https://t.co/HUrTQpO7bc pic.twitter.com/FuVVWOyZH4

— Catalin Cimpanu (@campuscodi) March 12, 2020

From the above tweet I gather that the RDCMan has now been retired due to a security problem.

[German]Today a small article with a tip for administrators who use ConfigMgr for update management of Windows machines. It is about the organization and troubleshooting of SCCM collections.

SCCM and ConfigMgr

The System Center Configuration Manager (SCCM) enables the centralized management of hardware and software within a company. Since version 1910, the SCCM has been renamed Microsoft Endpoint Configuration Manager (ECM). This is a combination of Microsoft System Center Configuration Manager (ConfigMgr) and Microsoft Intune. In ECM, macOS is also supported. On this Microsoft page you can find resources about the ConfigMgr and Microsoft has also created a blog page for articles about the Configuration Manager.  

ConfigMgr ‘House-Keeping’: Collections

On Twitter you can find numerous entries about ConfigMgr under the hash tag  #configmgr. In the following tweet I found a new entry about the administration and optimization (house-keeping) of ConfigMgr. i

Look at the great work my colleague @L00pzilla has put out on ConfigMgr house-keeping: https://t.co/YCcR2wy7J6

— Greg Nottage (@greg_nottage) March 13, 2020

Matt Balzan is a Microsoft PFE (Premiere Field Engineer) on the Windows and Devices team in the UK. He has recently published a blog post SCCM: Housekeeping Collections in n the Microsoft Techcommunity.

Collections are groupings of users and devices. Collections are also used for tasks such as managing applications, providing compliance settings, and installing software updates. Collections can also be used to manage client settings groups. Microsoft has posted this article on the Support page.  

The article from Matt Balzan discusses collections and shows how to manage collections and troubleshoot errors that affect your site’s performance. This article might be of interest to administrators in the SCCM environment.

[German]A serious vulnerability in its antivirus solutions has forced the security provider AVAST to disable JavaScript in its products for security reasons. Here are a few details.

AVAST is used by some people as a security and virus protection solution on Windows. However, such supposed security products often bring weaknesses to your system. German blog reader Nobody already pointed this out in this comment at the end of last week (thank you).

Project Zero exposes vulnerability

Antivirus solutions use a JavaScript interpreter to execute malicious code in a sandbox. Then the behavior of the code is monitored for indications of malicious code. This is nothing unknown, and security experts know that this is a potential attack point for malicious software. If there is a vulnerability in the sandbox, the malware can escape from the sandbox or play dead if the sandbox is detected.

Wow – Avast decided to disable their JavaScript interpreter globally!

The vulnerability report they mention wasn’t just me, it was a Project Zero collaboration with @natashenka

I think this is the right decision, it was a *lot* of attack surface. https://t.co/iFyry17HD0

— Tavis Ormandy (@taviso) March 11, 2020

Google security researcher Tavis Ormandy from Project Zero pointed out a fat problem in the AVAST JavaScript interpreter or anti-virus engine on Github on March 11, 2020. This is because he discovered a vulnerability in AvastSvc.exe during the analysis. This is the Avast antivirus process running with the SYSTEM permission level.

The AvastSvc.exe service loads the low-level antivirus engine and analyzes untrusted data received from sources such as the file system minifilter or intercepted network traffic. Although the service is highly privileged and processes untrusted input, it does not run in a sandbox and, according to Ormandy’s analysis, has virtually no mitigation measures implemented. Furthermore, the product comes with its own JavaScript interpreter. All vulnerabilities in this construct are critical and easily accessible to remote attackers.

Ormandy did not find a concrete weakness in this construct. But he points out in his GitHut article that debugging can be extremely difficult in this process. He has also documented for other security researchers how to attack this JavaScript emulator to find vulnerabilities.

AVAST disables JavaScript

So in principle AVAST has built in something like a predetermined ‘weak point’ that only needs to be attacked. So it was only a matter of time before an exploit would show up. So the antivirus vendor reports in the above tweet that it had been aware of the issue since March 4, 2020. After Ormandy published his GitHub post with a tool to analyze the emulator on March 9, 2020, they decide to disabled the emulato, to protect hundreds of millions of users.  According to AVAST, this does not affect the functionality of the antivirus solution.

Similar articles:
Leak revealed: Avast user data was sold
AVAST: Jumpshot will be closed after privacy scandal
Mozilla removed Firefox Addons from AVG/AVAST
Firefox Addons from AVG/AVAST back in store
Windows 10 V190x: Avast/AVG as Upgrade Blocker
XSS Vulnerability in AVAST Antivirus
Abbis: AVAST fights off a cyber-attack attempt on its network
AVAST and Avira confirms April 2019 Update issues
Firefox 65 for Windows: Issues with AVAST/AVG Antivirus
AVAST CCleaner 5.45 and the telemetry thing

[German]A brief update to the SMBGhost vulnerability CVE-2020-0796 in the SMBv3 protocol in Windows 10 version 190x and Windows Server 2019, although Microsoft has released an update to close the vulnerability. However, this update causes installation errors on some systems. Thousands of systems are still vulnerable to the vulnerability and are now under attack.

Patch for SMBv3 vulnerability CVE-2020-0796

On March 2020 patchday a serious but unpatched vulnerability (CVE-2020-0796) in the Windows SMBv3 protocol became public. This vulnerability could allow worms to spread. I had reported in detail in the blog post Windows SMBv3 0-day vulnerability CVE-2020-0796.

Then, on March 12, 2020, Microsoft released an unscheduled security update KB4551762 for the SMBv3 vulnerability CVE-2020-0796 for the following versions of Windows (see also Windows 10: Patch for SMBv3 Vulnerability CVE-2020-0796):

• Windows Server Version 1903 (Server Core Installation)
• Windows Server Version 1909 (Server Core Installation)
• Windows 10 Version 1903 for 32-bit Systems
• Windows 10 Version 1903 for ARM64-based Systems
• Windows 10 Version 1903 for x64-based Systems
• Windows 10 Version 1909 for 32-bit Systems
• Windows 10 Version 1909 for ARM64-based Systems
• Windows 10 Version 1909 for x64-based Systems

Update KB4551762 is causing issues

The problem is that this update causes installation errors for some users. I had pointed out such problems in the blog post Windows 10: KB4551762 causes error 0x800f0988/0x800f0900. Bleeping Computer has collected more errors in this article.

Blog reader EP points out in this comment further issues with printing, caused by the update. At askwoody.com, a user also reports that his HP printers have stopped working since installing the update. There is also this entry in the HP forum, which reports something similar:

HP Envy 7640 do not print after Windows Update KB4551762

On Win 10, HP Envy 7640 do not work since the windows update KB4551762 (no error, the spooler is ok, but the printer do not print).

When i uninstall the KB4551762, it’s ok.

So there are users who have problems with the update KB4551762 installation. However, this exposes the system to risks.

48,000 Windows hosts vulnerable via CVE-2020-0796

After an Internet-wide scan, researchers from cyber security firm Kryptos Logic discovered approximately 48,000 Windows 10 hosts vulnerable to attacks targeting the CVE-2020-0796 (Pre-Auth Remote Code Execution) vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).

We’ve just finished our first internet wide scan for CVE-2020-0796 and have identified 48000 vulnerable hosts. We’ll be loading this data into Telltale for CERTs and organisations to action. We’re also working on a blog post with more details (after patch).

— Kryptos Logic (@kryptoslogic) March 12, 2020

Bleeping computer discussed this in this article. In the meantime, the first proof of concept (PoC) examples have also been published that exploit the vulnerability. On GitHub you can find PoC examples as well as scanners that can be used to scan a network for vulnerable computers.

GreyNoise is observing ~300 devices probing the Internet for devices vulnerable to Windows SMB CVE-2020-0796 (SMBGhost). The majority of the probes are originating from a hosting provider in Germany.

Tags are available to all users now. https://t.co/bjKozZVK8b pic.twitter.com/DqzsajpqON

— GreyNoise Intelligence (@GreyNoiseIO) March 13, 2020

From the above tweet I gather that about 300 sources are currently scanning the Internet for vulnerable Windows systems with the vulnerability VE-2020-0796 (SMBGhost).

Similar articles:
Windows SMBv3 0-day vulnerability CVE-2020-0796
Windows 10: Patch for SMBv3 Vulnerability CVE-2020-0796
Windows 10: KB4551762 causes error 0x800f0988/0x800f0900
A Scanner for Windows SMBv3 Vulnerability CVE-2020-0796

[German]ACROS Security has released a micro-patch for its 0patch agent that fixes the remote execution vulnerability CVE-2020-0881 in the GDI+. The micro-fix is available for users of Windows 7 SP1 and Windows Server 2008 R2 who have not purchased a corresponding ESU package from Microsoft but have purchased ACROS Security Pro Support.

The Windows GDI+ vulnerability CVE-2020-0881

A remote execution vulnerability exists in the Windows GDI+ system, which has been assigned the identifier CVE-2020-0881 and has been publicly disclosed since March 10, 2020. The Common Vulnerabilities and Exposures database (CVE) contains the following details:

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0883.

The vulnerability therefore exists in the Windows Graphics Device Interface (GDI) and occurs due to incorrect handling of objects in memory. There are several ways in which an attacker could exploit the vulnerability:

• In a Web-based attack scenario, an attacker could host a specially crafted Web site that is designed to exploit the vulnerability and then trick users into viewing the Web site. An attacker would have no way to force users to view content controlled by the attacker. Instead, an attacker would have to make users act by making them open an e-mail attachment or click a link in an e-mail or instant message.
• In a file-sharing attack scenario, an attacker could deploy a specially crafted document file to exploit the vulnerability and then trick users into opening the document file.

An attacker could use the vulnerability to install programs, view, modify, or delete data, or create new accounts with full user privileges. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who work with administrative user rights.

Microsoft has released updates in March 2020

Microsoft classifies the vulnerability as critical and has published this security advisory on 10 March 2020. Security updates have been released for all versions of Windows, from Windows 7 SP1 to Windows Server 2008 R2 and Windows 10. The security update for these versions of Windows addresses the vulnerability by correcting the way in which Windows GDI handles objects in memory. 

0patch provides micro-fix for CVE-2020-0881

However, users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates that are released by Microsoft. Because the vulnerability is considered critical and because there was a proof of concept from a security researcher, the people at ACROS Security developed a micro-fix for the vulnerability.

We’ve just issued a micropatch for CVE-2020-0881 (https://t.co/MAt5sivS6Z), a memory corruption issue in Windows GDI+ that could be exploited for remote code execution. This PRO-only micropatch applies to Windows 7 and Server 2008 R2 without Extended Security Updates. pic.twitter.com/Sdml9PMP4r

— 0patch (@0patch) March 19, 2020

If you installed the 0patch agent and purchased a Pro or Enterprise subscription, Windows 7 SP1 or Windows Server 2008 R2 will protect the system against the vulnerability. The agent pulls the micro-fix and loads it into memory when Windows loads the GDI+ components. On Twitter you can still find some tweets from ACROS Security with hints.

Similar articles:
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2 – Part 2
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683

[German]An unpatched vulnerability exists in the Adobe Type Manager Library in all supported versions of Windows. Meanwhile hackers are trying to exploit this vulnerability, as Microsoft writes in a security advisory.

The information may be found in ADV200006, and addresses a vulnerability in the Adobe Type 1 Manager Library. This vulnerability has been brought to my attention via the following tweet and a security advisory from Microsoft.

Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing guidance to help reduce customer risk until the security update is released. See the link for more details. https://t.co/tUNjkHNZ0N

— Security Response (@msftsecresponse) March 23, 2020

Microsoft is aware of the limited number of targeted attacks that could exploit unpatched vulnerabilities in the Adobe Type Manager Library and is providing guidance to mitigate the risk until the security update is released.

Type 1 Font Parsing Remote Code Execution Vulnerability

In ADV200006 Microsoft describes two vulnerabilities in Microsoft Windows that allow remote code execution because the Windows Adobe Type Manager Library does not correctly handle a specially crafted multi-master font – the Adobe Type 1 PostScript format. An attacker could exploit the vulnerability, for example, by tricking a user into opening a specially crafted document or viewing it in the Windows preview window.

Microsoft quotes the vulnerability as critical and is also aware of this vulnerability, and is working on a solution. Updates that fix vulnerabilities in Microsoft software are usually released on Patch Tuesday (2nd Tuesday of the month). However, there is currently no security update available.

All Windows versions are affected, from Windows 7 SP1 to Windows 8.1 and Windows 10 – and of course all server counterparts. On systems running Windows 10, a successful attack can only occur in an AppContainer sandbox context, and thus only allows limited permissions and code execution capabilities

Workarounds to mitigate the vulnerability

In ADV200006, Microsoft specifies various measures to mitigate this vulnerability, which is considered critical. One measure is to switch off the preview for documents in Explorer. Another measure is to disable the library ATMFD.DLL.

Addendum: A German blog reader pointed out, that the mitigations in Microsoft’s support article are for older Windows 7 SP1/8.1 and Server-Systems. So in doubt check the support article mentioned above.

Currently there is no security update to close this vulnerability, although attempts to exploit the vulnerability have been reported. But Microsoft is working on a patch that is expected to be released on April 2020 patchday. However, Windows 7 SP1 and Windows Server 2008 R2 require an ESU license to obtain the security update that will be available at that time.

[German]Surprising announcements from Microsoft in times of the Corona crisis. The company suspends non-security related optional updates for Windows from May 2020 onwards for an undefined period.

The situation is currently changing daily. Since Microsoft is also sending employees to home office, because of the danger of infection by the corona virus, personnel resources in Redmond have been thinned out. And administrators in companies should have other worries than having to install optional updates from Redmond to their systems.

Optional updates are suspended

A few hours ago, Microsoft announced, among other things via the following tweet, that from May 2020 it will suspend all optional, non-security update releases (C and D updates) for all supported versions of Windows client and server products.

Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products to prioritize security and keep customers protected and productive. More information here: https://t.co/G5NcWtIiEQ.

— Windows Update (@WindowsUpdate) March 24, 2020

Microsoft is prioritizing security and tries to keep customers protected and productive. For this reason, C and D updates, which Microsoft uses for testing, are to be suspended.

In this context, I find interesting the suggestion of blog reader Karl, who in this tweet responds directly to the announcement of Microsoft Update. Karl suggests to introduce an own category for preview updates of the C- and D-Week in WSUS-/Intune. Such a category already exists for driver updates. 

C- and D-Updates

To classify this message, you need to know Microsoft’s update scheme. On the first Tuesday of the month (A-Week), Microsoft Office receives the non-security updates for troubleshooting. On the second Tuesday of the month is the so-called Patchday (B-Week), on which Microsoft traditionally rolls out security updates for Windows, Office and other products.

This is followed by the third week (C-Week) and possibly fourth week (D-Week) of the month, during which Windows is provided with optional but non-security updates. These can also be postponed by the users from the installation and are used by Microsoft for testing. This is because the contents of these C- and D-Week updates are included in the cumulative security updates (B-Week) in the following month. Microsoft had already explained this in this article in 2018 (see also Windows 10: Microsoft explains the update cadence).

The moratorium applies to all versions of Windows

According to the brief message in the Windows Message Center, Microsoft has assessed the situation with regard to the Corona crisis. This included internal feedback and probably also customer feedback regarding personnel resources. Since optional updates do not contribute to the security of a Windows system, the distribution of all optional, non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down to Windows Server 2008 SP2) will be suspended from May 2020.

There is no change to the monthly security updates (B version – updates on the 2nd Tuesday of the month). These will continue as planned in order to protect the customers’ systems and keep them productive.

The unthinkable becomes true

This is an exciting development – in times of the Corona crisis, things suddenly are possible that were previously unthinkable. Companies suddenly allow employees to work in home office, even though this was previously a taboo. And Microsoft is suspending optional updates, which many administrators have not installed or have installed with a long delay anyway, from the month after next.

The exciting questions for me are: What does Microsoft do if the B-Week security updates cause collateral damage in the form of installation problems and subsequent errors that need to be corrected urgently? What happens if B-Week security updates have to be withdrawn due to massive problems?

And also exciting: What happens to the biannual cycle for Windows 10 feature updates? The suspension (or even better complete burial) of this model, with feature updates every 2 – 3 years was a core demand of many critics. Let’s see when the planned spring update of Microsoft Windows 10 Version 2004 will be released.

A few days ago, Microsoft announced an extension of support for Windows 10 version 1709 from April to October 2020 (see Windows 10 Version 1709: Support extended till October 2020). However, there are no plans for a support extension for Windows 10 version 1809, whose support for Home and Pro will end in May 2020. So the whole thing remains exciting from the administrators’ point of view. From a current perspective, I would cautiously consider the moratorium a ‘good thing’. If and what will go wrong with this nice plan, we should find out soon enough.   

Similar articles:
Windows 10 Version 1709: Support extended till October 2020
Windows 10 V1709: Forced Upgrade to V1909 in WSUS?
Windows 10 Version 1709: Support extended till October 2020
Windows 10: Microsoft explains the update cadence
Windows (10) Update Survey and an open letter to Microsoft