The following known issues are currently present in Windows 1903 (May Update '19).
Before you submit any bug or feature request I expect that you read this document in order to get a short overview of what is broken and what can be manually fixed or needs an update (file changes).
The overview is provided 'as is' and is not designed to explain every little fart, it's more designed to show quickly what are the 'urgent' things which are (as time of writing) considerably broken or needing a fix by Microsoft.
| Version | Code name | Marketing name | Build | Removed features |
|---|---|---|---|---|
| 1507 (Jul. 2015) | Threshold 1 (TH1) | Threshold 1 (Version 1) | 10240 | Here |
| 1511 (Nov 2015) | Threshold 2 (TH2) | November Update | 10586 | Here |
| 1607 (Jul. 2016) | Redstone 1 (RS1) | Anniversary Update | 14393 | Here |
| 1703 (Apr. 2017) | Redstone 2 (RS2) | Creators Update | 15063 | Here |
| 1709 (Oct. 2018) | Redstone 3 (RS3) | Fall Creators Update | 16299 | Here |
| 1803 (Apr. 2018) | Redstone 4 (RS4) | April 2018 Update | 17134 | Here |
| 1809 (Oct. 2018) | Redstone 5 (RS5) | October 2018 Update | 17763 | Here |
| 1903 (May 2019) | 19H1 | May 2019 Update | 18362.30 | Here |
| 1909 (Nov. 2019) | 19H2 | November Update | 18363.418 | Here |
| // (2004) | 20H1 (Vibranium) | // | // | Here |
| // | 20H2 (Manganese) | // | // | Here |
- Download the AppRPS.zip and extract the
appraiser.bat(right-click on it and run it as admin). - PowerShell will automatically search for possible problems and fix them.
- (optional) You could do mentioned method above manually, search for the
*_APPRAISER_HumanReadable.xmlfile once you found the file, open it and search forDT_ANY_FMC_BlockingApplicationwhich should be set totrue. - Repeat the process with a search for
LowerCaseLongPathUnexpanded, this returns the path which might causes update problems, remove the path and re-start the update procedure.
This only affects US Windows 10 Home Editions. As a workaround simply unplug your network cable and you will see the "use local account instead" button on the left corner.
The official dashboard can be found over here:
Basically there are two methods, one explained here and in case you installed it as .cab file you can follow the instructions given by MS.
Language packs will still be avbl. via seperated .iso files.
1.) Mount the install.wim via:
dism.exe /mount-wim /wimfile:C:\install.wim /index:1 /mountdir:C:\Mount
2.) Mount the registry otherwise you're not able to integrate the new language via
Reg Load HKLM\TempImg C:\Mount\Windows\system32\config\SOFTWARE
3.) Insert the following registry key:
Reg Add HKLM\TempImg\Policies\Microsoft\Windows\Appx /t REG_DWORD /f /v "AllowAllTrustedApps" /d "1"
4.) Unmount the registry:
Reg unload HKLM\TempImg
5.) Integrated the LXP.Appx for example:
Dism.exe /image:C:\Mount /add-provisionedappxpackage /packagepath:C:\LXP_APPX\Microsoft.LanguageExperiencePackde-DE_17761.1.1.0_neutral__8wekyb3d8bbwe.Appx /SkipLicense
6.) Unmount the image
Dism.exe /unmount-wim /mountdir:C:\Mount /commit
Overview:
- V3a (new "Meltdown" variant) (CVE-2018-3640: "Rogue System Register Read (RSRE)")
- V4 (CVE 2017-5715) (CVE-2018-3639: "Speculative Store Bypass (SSB)")
- L1TF (CVE-2018-3620, CVE-2018-3646: "L1 Terminal Fault")
- (106A5) Nehalem EP & Nehalem WS
- (106E5) Lynnfield
- (106E5) Lynnfield Xeon
- (20655) Arrandale
- (20655) Clarkdale
- (206A7) Sandy Bridge
- (206A7) Sandy Bridge Xeon E3
- (206D7) Sandy Bridge Server EN/EP/EP4S
- (206E6) Nehalem EX
- (206F2) Westmere EX (EGL, WSM)
- (306A9) Gladden
- (306A9) Ivy Bridge
- (306A9) Ivy Bridge Xeon E3
- (306C3) Haswell (including H, S)
- (306C3) Haswell Xeon E3
- (306D4) Broadwell U/Y
- (306E7) Ivy Bridge Server EX
- (306F4) Haswell Server EX
- (40651) Haswell ULT
- (40661) Haswell Perf Halo
- (40671) Broadwell H 43e – (406E3) Skylake U/Y & Skylake U23e
- (50654) Skylake D (Bakerville)
- (50654) Skylake Server
- (50654) Skylake W
- (50654) Skylake X (Basin Falls)
- (50662) Broadwell DE V1
- (50663) Broadwell DE V2,V3
- (50664) Broadwell DE Y0
- (50665) Broadwell DE A1
- (506C2) Broxton
- (506C9) Apollo Lake D0
- (506CA) Apollo Lake E0 – (506E3) Skylake H/S & Skylake Xeon E3
- (506F1) Denverton (GLM)
- (806EA) Coffee Lake U43e
- (806EA) Kaby Lake Refresh U 4+2
- (906E9) Kaby Lake G/S/X/G
- (906E9) Kaby Lake Xeon E3
Old:
- [14393+] (806E9) Kaby Lake U/Y & Kaby Lake U23e
- [14393+] (906EA) Coffee Lake H (6+2) & Coffee Lake S (6+2)
- [14393+] (906EA) Coffee Lake S (6+2) Xeon E
- [14393+] (906EA) Coffee Lake S (4+2) Xeon E
- [14393+] (906EA) Coffee Lake S (6+2) x/KBP
- [14393+] (906EB) Coffee Lake S (4+2)
Patched .dll's:
- mcupdate_GenuineIntel.dll
- mcupdate_AuthenticAMD.dll
Windows has the ability to warm patch microcode on boot using the mcupdate_GenuineIntel.dll and mcupdate_AuthenticAMD.dll drivers (located at C:\Windows\System32) on boot, for Intel and AMD cpu's respectively.
- Meltdown-Fix: Activated (secure)
- Spectre-Fix: Activated (secure)
- Performance: Bad/Medium
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"FeatureSettingsOverride"=dword:00000000
"FeatureSettingsOverrideMask"=dword:00000003- Meltdown-Fix: Activated (secure)
- Spectre-Fix: Deactivated (secure)
- Performance: Medium
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"FeatureSettingsOverride"=dword:00000001
"FeatureSettingsOverrideMask"=dword:00000003- Meltdown-Fix: Deactivated (insecure)
- Spectre-Fix: Deactivated (insecure)
- Performance: High
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"FeatureSettingsOverride"=dword:00000003
"FeatureSettingsOverrideMask"=dword:00000003Speculation Control Validation PowerShell Script - Official MS PowerShell script to control the Registry toggles and check the current status.
Notice:
On AMD systems you can block the update via wushowhide.diagcab, since the update will effect your performance. But this is not recommended.
Intel Microcode Guidance 14. May 2019 (.pdf)
| OS Version | KB | Patch | Updated |
|---|---|---|---|
| Windows 10 1507 | KB4091666 | Download v3 (Rev. 8) | 30. Aug. 2019 |
| Windows 10 1511 | // | // | // |
| Windows 10 1607 | KB4091664 | Download v3 (Rev. 12) | 30. Aug. 2019 |
| Windows 10 1703 | KB4091663 | Download v3 (Rev. 10) | 30. Aug. 2019 |
| Windows 10 1709 | KB4090007 | Download v3 (Rev. 11) | 30. Aug. 2019 |
| Windows 10 1803 | KB4100347 | Download v2 (Rev. 5) | 30. Aug. 2019 |
| Windows 10 1809 | KB4465065 | Download v2 (Rev. 3) | 30. Aug. 2019 |
| Windows 10 1903 | KB4497165 | Download v3 (Rev. 3) | 30. Aug 2019 |
Official security advisor - disable Hyper-Threading. Intel official list those holes as critical.
| OS Version | KB | Patch | Updated |
|---|---|---|---|
| Windows 10 1507 | KB4494454 | Via WUS | 14. May 2019 |
| Windows 10 1607 | KB4494175 | Via WUS | 14. May 2019 |
| Windows 10 1703 | KB4494453 | Via WUS | 14. May 2019 |
| Windows 10 1709 | KB4494452 | Via WUS | 14. May 2019 |
| Windows 10 1803 | KB4499167 | Included in KB | 14. May 2019 |
| Windows 10 1809 | KB4494441 | Included in KB | 14. May 2019 |
| Windows 10 1903 | KB4497165 | Windows Insider Program | 14. May 2019 |
Same as in Spectre, you have to wait until the OEM provides a BIOS updates.
- You need Windows as original (unpatched) version Build 18362.1.
- Mount the install.wim
md C:\Mount
dism /Mount-Image /ImageFile:E:\sources\install.wim /Index:1 /MountDir:C:\Mount /ReadOnly- Copy via NSudo the missing components:
NSudo.exe -U:T -P:E cmd.exe /c robocopy C:\Mount\Windows\WinSxS %SystemRoot%\WinSxS /R:0 /W:0 /NFL /NDL /J /S /DCOPY:DAT /XC /XN /XO /XX /XF migration.xml pending.xml poqexec.log /XD Backup Catalogs FileMaps InstallTemp ManifestCache Temp- Import the following reg
reg query HKLM\COMPONENTS >nul 2>&1 && (net stop trustedinstaller >nul 2>&1 ® unload HKLM\COMPONENTS >nul 2>&1)
reg load HKLM\COMPONENTS C:\Mount\Windows\System32\Config\COMPONENTS
reg export HKLM\COMPONENTS\CanonicalData\Deployments "%temp%\Deployments.reg"
reg export HKLM\COMPONENTS\DerivedData\Components "%temp%\Components.reg"
reg unload HKLM\COMPONENTS
reg load HKLM\COMPONENTS %SystemRoot%\System32\Config\COMPONENTS
reg import "%temp%\Deployments.reg"
reg import "%temp%\Components.reg"
for /f "tokens=* delims=" %i in ('reg query HKLM\COMPONENTS\DerivedData\VersionedIndex ^| findstr /i VersionedIndex') do reg delete "%i" /f
reg unload HKLM\COMPONENTS
del /f /q "%temp%\*.reg"- Execute DISM
Dism /Online /Cleanup-Image /RestoreHealth /Source:C:\Mount\Windows /LimitAccess - Unmount the install.wim:
dism /Unmount-Image /MountDir:C:\Mount /Discard
rd /s /q C:\Mount- Start the Trusted Installer:
set _m=Package_for_RollupFix~31bf3856ad364e35~%PROCESSOR_ARCHITECTURE%~~18362.10022.1.30
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\%_m%\Owners" /v %_m% /t REG_DWORD /d 0x20070 /f- Check if
%systemroot%\servicing\PackagescontainsPackage_for_RollupFix18362.10022..mum(if not the script will return an error!). - Download 18362-WIS2RP.cmd and put it into a folder.
- Download KB4517389 in a .CAB format and rename it correctly to e.g.
windows10.0-kb4517389-x64.cab. Copy the file into the same folder as you extracted your 18362-WIS2RP.cmd. - Start
18362-WIS2RP.cmdwith admin rights (right-click, run as admin). - Restart Windows after the script is finished.
- Now you are on Windows Build 1903 18362 or 1909 Build 18363 without the need to "upgrade" Windows 10.
Microsoft officially released KB4509452 as SSU and KB4508451 in order to allow people to make the switch from Slow-Ring to the Final Build. The above mentioned workaround is not needed, after installing the KB's you get Windows 10 Build 1909 (18362.10024), which is as time of writing the latest Windows 10 1909 version.
There are multiple issues with the TLS client certificates, MS official provides a workaround for it.
- Intel ZombieLoad
- SpeculationControl 1.0.13 PowerShell Script (see here how tro use it)
- Windows 10 release information
- How to temporarily prevent a driver update from reinstalling in Windows 10
- How to keep apps removed from Windows 10 from returning during an update
- When Microsoft patches security vulnerabilities and when not - see also MSRC (.pdf)
- Intel Microcode Update Guidance (.pdf)
- Windows lifecycle fact sheet