The US Computer Emergency Readiness Team, aka US-CERT, issued an Alert last Thursday on QuickTime for Windows. Following Apple’s recent decision to quit issuing security updates for Windows QuickTime, plus announcements of new Zero Day vulnerabilities, US-CERT recommends that everyone, everywhere uninstall QuickTime for Windows now.
The combination of unsupported software plus recent zero day exploits is just too dangerous to leave QuickTime running.
Uninstalling QuickTime for Windows is absurdly easy. One need only:
1. Open the Programs and Features widget in Control Panel.
2. Scroll down to QuickTime for Windows.
3. Right-click and choose “Uninstall” from the pop-up menu.
Poof! It’s gone in under 30 seconds on most PCs. Those in need of detailed instructions will find them from Apple at “Uninstall QuickTime 7 for Windows.”
Maybe It Was Time to Uninstall QuickTime for Windows Anyway?
This is not the first time I’ve blogged about issues with QuickTime for Windows. Back in July of last year I blogged about an update issue for QuickTime in Windows 10. Even then, Apple was dragging its feet on issuing updates for Windows versions of the software. It didn’t even bother to take cognizance of Windows 10 as far as QuickTime was concerned in the wake of the OS’s official release on July 29, 2015.
The recent turn of events has Apple “deprecating” QuickTime for Windows. This means they no longer plan to issue security updates for the product on Windows PCs. Consequently, they also recommend that it be uninstalled. Trend Micro originally aired this recommendation in a security bulletin posted early April 14 entitled “Urgent Call to Action: Uninstall QuickTime … Today.” It mentions two Zero Day advisories (ZDI-16-241 and ZDI-16-242). It also points out that “these vulnerabilities are never going to be patched” to explain its recommendation for urgency.
I remoted into all of the family and work PCs here at the house on Friday to take that urgent action. Of the 7 machines running here, I found QuickTime running on 3 of them. It was running on none of my most current production or test PCs, because Windows 10 was clean-installed on all of them. Apparently I don’t use QuickTime any more anyway!
Last Monday, I posted about a change in the Windows 10 Current Branch for Business (Win10 CBB) from Build 10240 to 10586.The very next day was Patch Tuesday, so Microsoft released a cumulative update. Thus, a new CBB was no sooner released than it got updated. Almost immediately, this raises the question of updating Win10 CBB.
There’s more to updating Win10 CBB than meets the eye!
[Source: Microsoft; click image to see full-size version]
The update in question is KB3177461. Looking it over, I noticed something missing. Here’s the text of that KB article:
This security update includes improvements and fixes in the functionality of Windows 10 and resolves the following vulnerabilities in Windows:
- 3148531 MS16-037: Cumulative Security Update for Internet Explorer
- 3148532 MS16-038: Cumulative Security Update for Microsoft Edge: May 10, 2016
- 3148522 MS16-039: Security Update for Microsoft Graphics Component to Address Remote Code Execution
- 3148541 MS16-040: Security Update for Microsoft XML Core Service to Address Remote Code Execution
- 3148789 MS16-041: Security update for the .NET Framework to address remote code execution: April 12, 2016
- 3143118 MS16-045: Security Update for Windows Hyper-V to address Denial of Service: March 8, 2016
- 3148538 MS16-046: Security Update for Secondary Logon to Address Elevation of Privilege
- 3148527 MS16-047: Security Update for Security Account Manager Remote Protocol to Address Elevation of Privilege
- 3148528 MS16-048: Security Update for CSRSS to Address Remote Code Execution
- 3148795 MS16-049: Security Update for Internet Information Services (IIS) to Address Denial of Service
Windows 10 updates are cumulative. Therefore, this package contains all previously released fixes.
If you have installed earlier updates, only the new fixes that are contained in this package will be downloaded and installed on your computer. If you are installing a Windows 10 update package for the first time, the package for the x86 version is 314 MB and the package for the x64 version is 661 MB.
Look carefully: there’s no mention of the Current Business Branch. Nothing in the article tells us it relates to updating Win10 CBB. That means that simply tracking and reading KB update text doesn’t tell us a CBB-related update has been released.
What Updating Win10 CBB Really Means Is…
Finally, I get more of the TechNet article on “Windows Update for Business.” It talks about “Deployment and validation groups” early on. I now understand that a validation group is not just for assessing update impacts on production PCs. A validation group also tells us an update relevant to the CBB has occurred. That’s because Windows Update for Business “knows” which version of Windows is running, and which newly-released updates apply.
This mandates setting up at least one non-production PC for Windows 10 Update for Business. Apparently, it’s the only way to keep track of what’s going on, update-wise. Now I understand: there’s more to updating Win10 CBB than working to your own update schedule. You must also keep up with updates coming from Microsoft along the way, too. Go figure!
In trolling around various Windows 10 resource sites I’ve come across periodic mention of the Windows 10 Tech Bench. Today, I decided to dig it up and check it out for myself. I’m glad I did: it’s a peachy resource. It offers ISO downloads for current branch Windows releases, plus some handy scripts and tools. The Media Creation Tool and Windows Download generally use .esd files because they’re more highly compressed, and thus better suited for repeated downloads.
The download file for Tech Bench provides all kinds of useful documentation and instructions.
Here’s a list of what comes in the download file (links to ISO files occur lower down on the Tech Bench page, and include both Windows 10 Home and Windows 10 Professional in a single image file):
What you get is information on how to set up installation media using the ISO images available, installation guides, plus copies of licenses and user guides for sharing with users who get upgraded to Windows 10. In short, the Windows 10 Tech Bench offers some handy stuff!
Downloading ISOs from the Windows 10 Tech Bench page
I just went through the download process on the Windows 10 Tech Bench home page. It asks you to choose a Windows 10 version, to specify a language ( en-US in my case) and to pick either a 32- or 64-bit image file. The 64-bit download is currently 4.1 GB in size, and took about 3 minutes to download on my Internet connection (which registered from 136 to 188 Mbps during the course of the transfer). Examining the install.wim file that the ISO includes, I observed it does contain 64-bit Windows 10 Home and Windows 10 Professional versions. That version number is 10586.0, which means that the latest cumulative update must be applied to bring that version fully up to date (10586.218, as I write this post).
One more thing: the CleanupTool folder includes a handy little tool called AppClipTool.exe that provides nice visual insight into and control over some Startup applications. I never saw it before, or heard it mentioned elsewhere, so it was a nice surprise to find such a useful little widget.
Last Friday, Microsoft published a post to its Windows for IT Pros blog to announce the transition of Windows 10 Build 1511 to the Current Business Branch (CBB). This means that the dynamics of an update to the CBB are playing out for real, for the first time. Let’s take a look at this post, and try to understand what the impending release of Win10 CBB Update 1 means.
The double entry for DBB will soon give way to a single entry for 1511 only, once new media is released.
[Click image to see full-size version; Source: Win10 Release Info]
What’s Up with Win10 CBB Update 1?
The blog post is entitled “Windows 10 1511 is now a Current Branch for Business (CBB) release” (this is what I’m calling Win10 CBB Update 1 for brevity’s sake). Here’s what it spells out:
- Windows 10 version 1511 feature update (build 10586, released November 2015) has been officially designated with CBB status. This means that organizations can begin deploying that release broadly.
- The code base for the CBB release is something more than just the straight-up 1511 release: it also includes the injection of the March 2016 cumulative update, KB3140768 into that image (this makes sure that businesses don’t run a CBB image subject to known security vulnerabilities that have been patched since the original release date).
- MS will be publishing updated media for the new CBB release through channels that include MSDN, the VLSC, Windows Update, Windows Update for Business, and Windows Server Update Services in the next few weeks.
- For devices configured to “Defer Upgrades,” they will get Win10 1511 as soon as the updated media is published (further deferral delays via policy is not supported for Windows 10 1507).
- Devices receiving updates via Windows Server Update Services, updates to existing Windows 10 1511 features updates must be re-approved once the new updated media is received.
- Those using Windows 10 servicing plans in System Center Configuration Manager will see the update media designated as “business ready.” This causes servicing plans based on that designation to begin to be evaluated.
Those who don’t want to wait for the updated media to be released can create their own by injecting KB3140768 into the original November release media for the 1511 version. See the Windows 10 Release Information page to observe this status change. It looks like the add-package option to the DISM command could make creating your own image for Win10 CBB Update 1 should be fairly easy, too.
There’s an interesting potential gotcha in the Windows 10 update process. Deep down in the Settings hierarchy lives a pane entitled “Choose How Updates Are Delivered,” that controls where updates come from and even opens the door to sharing downloads from Microsoft with other network peers. In fact, by default Windows 10 Updates Internet PCs! Here’s what that screen looks like:
By default the bottom radio button is selected, which means your PC can turn to “PC’s on the Internet” to obtain or provide updates. Yikes!
To me, it’s mind-boggling that MS elected to make peer-sharing to include nearby Internet users outside the local LAN the default for sharing updates. This not only poses potential security issues, it is also unlikely to please customers on a bandwidth cap of some kind who may find that sharing updates with other PCs nearby ends up counting toward their monthly consumption of bits and bytes.
Turn Off Windows 10 Updates Internet PCs
If you simply click the radio button as shown in the preceding screencap, you’ll turn off the default selection that brings nearby peer PCs on the Internet into the mix. On the other hand, you can always move the slider above the “Get Updates…” instructions to turn this peer update option off entirely. IMHO, either of these options is entirely preferable to the default that automatically includes PCs outside own’s purview and control in the list of potential sources and sinks for Microsoft update packages.
This discovery is so odd, in fact, that it once again triumphantly proves the old saying that “Truth is stranger than fiction.” You just can’t make this kind of stuff up. But whether you’re amused or bemused by this revelation, please be sure to pick a different option for how updates get delivered through the Advanced Options windows in Windows Update as presented in Windows 10 Settings.
OK, so I’ll recognize that not everybody has already dug into Windows 10. With that in mind, some admins may be interested to learn that there is a considerable variety of ready-to-run Windows 10 VMs available from Microsoft for download. These evaluation versions expire after 90 days of use, and can support learning, experimentation, and outright fooling around with the latest MS flagship desktop OS. Why not check them out, and see if one or more of them is right for you?
Sources for Ready-to-Run Windows 10 VMs
Here are some sources:
- The Windows Dev Center has a set of development environments built around Windows 10 Enterprise that include a raft of stuff — namely, Windows 10 Enterprise Evaluation, version 1511 (a Ready-to-Run Windows 10 VM); Visual Studio 2015 Community Update 1, Windows developer SDK and tools (Build 10586), Windows I0T Core SDK and Raspberry Pi 2 (Build 10586.0.151029-1700), Windows I0T Core project templates (Version 1.0), Microsoft Azure SDK for .NET (Build 2.8.2), Windows Bridge for iOS (Build 0.1.160304), Windows UWP samples (Build 2.0.4), and Windows Bridge for iOS samples. It’s huge, too: versions are available for VMware, Hyper-V, VirtualBox, and Parallels, and vary between 19 and 21 GB in size.
- Microsoft Developer Technologies has a Download virtual machines page aimed at developers seeking to test various MS web browsers and versions in VMs that covers a plethora of possibilities. VMs offered include Windows 7 running IE 8-11, Windows 8.1 running IE 11, and Windows 10 running Edge for build 10586 (stable) or 14295 (preview). Hypervisors supported include VirtualBox, Vagrant, HyperV, and VMware (VPC is also supported, but only for older Windows versions, not Windows 10). All items are Ready-to-Run Windows VMs, so there a LOT of them here.
- The Microsoft Connect Proof-of-Concept (PoC) Jumpstart pages include a download link for Windows Accelerate, a collection of VMs designed to support test or experimental Windows 10 deployments. Here, you’ll find not only two Windows 10 client VMs for image-building and deployment purposes (these, too, are Ready-to-Run Windows 10 VMs), but also ready-to-run VMs for System Center Configuration Manager (SCCM) from which to drive deployment, and Windows Server instances ready to provide necessary infrastructure elements for a substantial virtual network (Active Directory, DNS services, DHCP, and so forth). In many ways, this is the most interesting item in this list, because it offers a way for organizations to set up and learn from a complete virtualized Windows 10 deployment lab.
Here’s the file manifest from the PoC download.
[Click on image to see full-size/readable version]
Be sure to check this stuff out: there’s a lot of valuable capability here worth investigating, and also worth getting to know. Although the VMs are 90-day items, by snapshotting them early in their lifecycles you can always restore those original snapshots when a particular VM expires, and restart the expiration clock. Cheers!
Every month or so, I like to check in at NetMarketShare.com and see what’s up with Windows 10 in the relative rankings for desktop operating systems. When I did so this morning, I observed that Windows 10 market share has now taken over the number 2 spot. It’s behind only Windows 7 at this point, with a share of 14.15% to Windows 7’s 51.89% share. That’s a ratio of 3.67 to 1, so it will still be years before Win10 can aspire to lead in those rankings.
At 14.15%, Windows 10 Marketshare is now 3.16% ahead of Windows XP, and 2.14% ahead of Windows 8 and 8.1 combined.
[Image source: NetMarketShare.com Desktop share by version for 4/4/16]
Explaining Windows 10 Market share and Its Continuing Increases
Here’s what I believe explains the continued upsurge of Windows 10 market share in these rankings:
- Windows XP continues to tail off as severe procrastinators finally appear to be upgrading away from this ancient OS
- Windows 8 and 8.1 are also tailing off as the deadline for free upgrades to Windows 10 approaches (7/29/2016)
- Windows 7 is decreasing gradually as some elements of that population also take the free upgrade plunge
Overall, though, the process is going more slowly than many had expected, as both Windows 7 and 8 versions maintain market share more stoutly than the free upgrade path might have suggested. The next quarter should be absolutely fascinating to watch as the free upgrade deadline at the end of July gets ever closer.
At last week’s Build conference in San Francisco, MS announced that the total Windows 10 installed population was now at 270 million. If we assume for a moment that the market share numbers at NetMarketShare.com reflect the global PC population at all accurately, that puts the total number of PCs “out there” at around 1.9 billion. For Microsoft to make its goal of 1 billion PCs running Windows 10 by the end of 2017, a substantial portion of the Windows 7 base is going to have to take the plunge between now and then. Extrapolating from IDC forecasts for PC sales from 2015 through 2019, less than 210 million new PCs are likely to be sold between now and the end of 2017. That means that over half a billion PCs from the installed base will have to migrate to Windows 10 for MS to hit its magic number. Can that happen? Maybe it will, but only time will tell for sure.
If we look back in time, and assume the 270 million figure to be through the end of March, 2016, that equates to an 8 month period (overlooking the snippets at the end of July and the beginning of April). Do the math, and we get a monthly run rate of 33.75M. Fast forward to the end of 2017 to total up 30 months, and multiply again to get 1.01B. So far, the numbers indicate it’s possible if the run rate continues. I guess what happens when the upgrade expires (or if the upgrade is extended) will decide this matter. Again: we’ll see!
Include me among those who love to tweak and fiddle with their tools, including the Windows OS. I’ve also been vexed with a Windows 10 File Explorer default since its initial release. Recently, I was delighted to discover a registry tweak to get around my vexation. To my great relief, it enables tweaking File Explorer in Windows 10 to drop duplicate items. Here’s a screen capture to illustrate:
By default the removable G: drive shows up twice. Once under This PC, and a second time by itself immediately below.
I don’t like it that you can see the G: drive twice. But that’s the way Windows 10 shows information in the left-hand navigation pane by default. It shows once in the drive hierarchy under “This PC” and a second time by itself because it’s a removable drive. This is mildly vexing on the Lenovo X220 Tablet whence the screenshot comes. That vexation level jumps on my production PC where up to half-a-dozen removable drives may be visible.
In reading the forums at TenForums.com, I discovered a link to Shawn Brink’s excellent tutorial. It’s entitled “How to Add or Remove Duplicate Drives in Navigation Pane of File Explorer in Windows 10.” That tutorial explains how to edit the registry to drop duplicate drive displays. Better still, it provides registry update files (with a .reg extension) that run programmatically. Thus, manual registry editing need not occur. Brink kindly also includes 32- and 64-bit files to reverse those changes, so that users can resume default operation if they don’t like the new look. This makes tweaking File Explorer about as easy and safe as it gets. After running the update file, this File Explorer display appears:
With the registry update applied, the G: drive appears only under the “This PC” heading.
A Trove of Tutorials for Tweaking File Explorer
Who cares about tweaking File Explorer? Enough people to generate 5 pages of back-and-forth questions and commentary on this tweak, and enough to stimulate expert members of the TenForums community to create an additional 10 further tutorials in this same vein there, to wit:
If you’re an incurable tweaker like me, you can’t help but love this stuff. Have fun, and get going tweaking File Explorer right away!
Now that Windows sleep appears to be working properly on my production PC, I’ve begun to understand that various influences can disturb that hallowed and blissful state. Starting last Thursday, I noticed that my PC was already running in the morning when I arrived in my office. Apparently, something other than my moving the mouse or striking a key on the keyboard was waking up the machine. Mildly curious, I started researching how to figure out what was causing the wake-up to occur, so I could provide some Windows Sleep Protection.
I found my answer in a nice article from Ghacks.net entitled “How to find out why your PC wakes up, and how to stop it.” Although this article from December 31, 2013, predates the Windows 10 release date in mid-2015, it applies to Windows 10 in every particular nonetheless. From its contents, I learned that the powercfg command can provide useful information about wake causes, and that the Windows System log in Event Viewer can shed even more light on what’s causing wake-ups to occur. That’s the foundation on which Windows sleep protection rests.
The powercfg command shows information about the most recent wake-up, and devices that have caused recent wake-ups.
Windows Sleep Protection Requires Preventing Unwanted Wake-up Events
The most important clue in the preceding screen shot comes from the presence of the Intel network interface at the tail end of the -devicequery version of the powercfg command. That let me know that something arriving from the network was waking up my system. Because I’m no longer relying on that system to provide services to the network, it doesn’t need to respond to Wake-on-LAN packets anymore. Once upon a time, that PC had been the host client for a USB-attached printer, and also served as the “master system” for my local Homegroup. But no longer. That means it was now OK to block Wake-on-LAN events as a form of Windows sleep protection.
Confirmation came from inspecting the March 24, Power-troubleshooting events in Event Manager, as this detail display illustrates:
The event detail for 3/24 clearly confirms the wake-up originated from the Intel I211 GbE network interface.
How to fix this? Simple! I know from long prior experience with local area networks that the Power Management tab in the Properties window for modern Windows network interfaces includes a “Wake on LAN” pane, with a variety of wake-up options related to the so-called “Magic Packet” that can trigger a wake-up event. I simply made sure all of those checkboxes were unchecked, and I have not had an unwanted wake-up since. Here is what my current settings look like:
Please note that none of the “Wake on…” checkboxes is selected. That’s the trick!
Not every unwanted wake-up will be as easy to fix as this one was, though these techniques should work for any kind of cause. Follow-up research on how to delay or disable the cause of the wake should provide the additional details necessary to keep Windows from being disturbed when you don’t want it to be. Blissful snoozing should be the resulting outcome.
What to do when a Windows 10 install gets damaged to the point where it won’t boot? Why, repair the code, of course! That’s what a recent post from Sergey Tkachenko over at Winaero.com reminded me of yesterday. It’s entitled “How to run the sfc /scannow command if Windows 10 does not boot,” and it’s worth a read in its own right. The importance of attempting Windows 10 image repair on a troubled or damaged OS is easy to overlook, and impossible to overstate.
I can’t say this has never happened to me, usually because I’ve been tinkering with something that might have been better left alone. But I can say that the ensuing “Oh no!” reaction sometimes turns off my “intellect vast and cool and unsympathetic” (to channel HG Wells). Thus, I might be inclined to forget that the reverse of the old maxim is entirely true and apt — namely: “If it is broke, you SHOULD fix it.” And fixing a broken Windows install is very often possible and doable using one of two powerful tools. As Sergey observes in the afore-cited blog post, the system file checker (SFC) is indeed one of those tools. The other is the redoubtable Deployment Image Servicing and Management tool, aka DISM. Both of them can help with Windows 10 image repair, in fact.
Windows 10 Image Repair, By the Numbers
Either way, the general approach to dealing with the repair is the same, though the syntax details do differ. Here’s the 10,000 foot view of what’s involved:
- Use a bootable UFD to boot into the Windows installer
- Follow along until you see the Repair option, then elect the “Command Prompt” option
- Run sfc /scannow … to attempt a Windows OS files repair, then reboot
- If that reboot works, you’re done. If it still fails, run dism /image /cleanup-image /restorehealth … to attempt another repair, then reboot
- If that reboot works, you’re done. If it still fails, you will want to try an in-place upgrade next
Basic syntax for the DISM offline image repair command. Be sure to read up on the /source attribute: it’s a doozy!
I could keep going to the ultimate fix but readers probably have the idea right now. And that, of course, would be an image or backup restore from the most recent backup or image. But like the old textbooks say, I can leave that as an exercise for the reader!
There are a couple of important notes here. They come from the ellipses at the end of the commands in steps 3 and 4 above. First, the syntax for running these commands offline on a moribund OS is different from running them on an active image. Tkachenko’s post does a nice job of covering them for sfc so I’ll let readers dig them up there. The definitive DISM reference for offline repair is available from TechNet, entitled “Repair a Windows Image,” but you’ll also need “DISM Operating System Package Servicing Command-Line Options” to get the /image and /source attribute options completely straight. And both of these commands will sometimes provide just the Windows 10 image repair you seek.