Search the Community

Microsoft: We are working on KB5034441/KB5034440 "0x80070643 - ERROR_INSTALL_FAILURE" fix by Sayan Sen Microsoft released the first Windows 10 and 11 Patch Tuesday updates of 2024, last week, with the January updates KB5034122 and KB5034123 respectively. The updates are meant to address security issues within Windows. The one for 11 also fixes the recent Wi-Fi troubles that led to networks not connecting or the Wi-Fi icon not showing. In a separate article, the company has also detailed a fix for a WinRE (Windows Recovery Environment) security vulnerability that can lead to BitLocker encryption bypass. The issue is being tracked under ID "CVE-2024-20666". Microsoft said that the security flaw could allow attackers to bypass BitLocker encryption if they are able to get physical access to an unpatched PC. However, this is not one of those WinRE updates that is seamlessly installing on PCs. Users report that the update is failing to install with the error message "0x80070643 - ERROR_INSTALL_FAILURE" which indicates insufficient WinRE partition size. The solution is to resize the partition manually. You can do so by following this dedicated guide here. Neowin forum supervisor / mod and ESET's Distinguished Researcher Aryeh Goretsky (X account) also experienced the issue which they were able to fix by increasing the recovery partition. Goretsky writes: Hello, I can confirm that the KB5034441 hotfix failed on a Windows 10 VM with a Windows Recovery partition that was 511MB in size. I decided to increase it to 1024MB in size, just in case more space was needed in the future. The hotfix installed normally afterwards. Regards, Aryeh Goretsky Microsoft of course has been aware of this problem almost from the start which is why it has been recommending the manual resize workaround as soon as it published the WinRE updates. Yesterday, on its Windows health dashboard, the company has added the issue and notes that a fix is coming via a future update. Microsoft says: Devices attempting to install the January 2024 Windows Recovery Environment update ( KB5034441/KB5034440) might display an error related to the size of the Recovery Environment's partition. Resulting from this error, the following message might be displayed. "0x80070643 - ERROR_INSTALL_FAILURE" Workaround: It might be necessary to increase the size of the WinRE partition in order to avoid this issue and complete the installation. Note that 250 megabytes of free space is required in the recovery partition. Guidance to change the WinRE partition size can be found in KB5028997: Instructions to manually resize your partition to install the WinRE update. Next steps: We are working on a resolution and will provide an update in an upcoming release. Aside from this BitLocker encryption vulnerability, Microsoft has recently updated its Microsoft Printer Metadata Troubleshooter Tool to patch against a Remote Code Execution (RCE) security flaw.

Microsoft confirms its Windows' HP Smart auto-install bugfix is vulnerable to code execution by Sayan Sen Towards the end of last month, users online started complaining about how their system was automatically installing HP's Smart app for printers, even when there was no printer on their PC. As the issue was fairly widespread, soon after Microsoft acknowledged it too, confirming that almost all versions of Windows were affected. Since it is HP's app that was being installed, the initial impression from many people would likely be that somehow the company may be responsible for this bug. However, after further investigation, Microsoft confirmed that such was not the case and the problem was not due to any update on HP's end. A week and a half later, Microsoft issued a fix for the problem in the form of a tool that would resolve the metadata issues that were apparently behind the problem. Microsoft stated that running the utility would restore the correct printer metadata (names, icons, and more), remove the incorrect HP LaserJet M101-M106 printer, and uninstall the HP Smart app (if incorrect metadata is present). Microsoft explains in its words the purpose of the tool: This tool is intended to help users and administrators address the known issue: Printer names and icons might be changed and HP Smart app automatically installs(See Related Links for more information on this issue) This tool will review your printer information. It will restore any previously downloaded model information and icons and will remove “HP LaserJet M101-M106” model information, icons, and application associations from printers that do not match this name and model. This tool will uninstall the HP Smart application if incorrect metadata was found, there are no HP printers or HP printer drivers installed, and the application was installed after Nov 25th, 2023. An updated version of the tool has now been quietly uploaded by Microsoft. You can download the updated version of the troubleshooter from the Microsoft Download Center: x86 systems: PrintMetadataTroubleshooterX86.exe x64 systems: PrintMetadataTroubleshooterX64.exe ARM32 systems: PrintMetadataTroubleshooterArm32.exe ARM64 systems: PrintMetadataTroubleshooterArm64.exe In the next part, Microsoft explains how the tool works. Users who run this troubleshooter tool will need to do it using an elevated Command Prompt: How to use this tool When it is run by enterprise administrators, correcting printers for all users and sessions on a system requires running the tool as the Local System account. Tools such as PsExec or Windows Task Scheduler can run commands as Local System. When it is run by users managing their own printers, this tool must be run using administrative credentials. The following are recommended steps to execute the file and confirm it worked: Click Start, type cmd, right-click Command Prompt, and then select Run as Administrator. In the opened command prompt, type cd /d “[path_to_downloaded_tool]” and then press Enter. Type the name of the file appropriate for your device from the list below (for instance PrintMetadataTroubleshooterX86.exe) and then press Enter. The tool will return the message Troubleshooter completed successfully on devices where incorrect printer information was found/fixed. Or, it will return the message Troubleshooter not applicable since metadata package not found on devices that are not affected. You may find more details on the official support page under KB5034510. Update: A couple of days ago, we published this story as Microsoft had updated its Printer Metadata Troubleshooter Tool. The update was published on January 5, 2024. However, the changelog indicating what changed was not put up until later (January 9), when the company pushed its first Windows 10 and 11 Patch Tuesday updates of 2024 under KB5034122 and KB5034123 respectively. According to Microsoft, the tool was updated to address a remote code execution (RCE) vulnerability that has been tracked under ID "CVE-2024-21325." The full changelog is given below: January 9, 2024 Added information about this tool addressing CVE-2024-21325 Updated the file lists More details may be available on the official support page under KB5034510.

Microsoft acknowledges it's not HP who's auto-installing printer Smart app on your Windows by Sayan Sen Towards the end of last month, users online started complaining about how their system was automatically installing HP's Smart app for printers, even when there was no printer on their PC. As the issue was fairly widespread, soon after Microsoft acknowledged it too, confirming that almost all versions of Windows were affected. Since it is HP's app that is being installed, the initial impression from many people would likely be that somehow the company may be responsible for this bug. However, after further investigation, Microsoft has confirmed that such is not the case. While the initial post about the issue on the Windows health dashboard only stated that printing processes and jobs shouldn't be affected, the tech giant has now edited that part to add that HP is not responsible for the mishap, along with additional information regarding printer functionality. Here's what the initial post stated: Note: Printing processes are not expected to be affected by this issue. It should be possible to queue printing jobs as usual, as well as other features such as copying or scanning. Printers on the device will continue to use the expected drivers for printer operations. As the symptoms are related to the automatic installation of the HP Smart app, Windows devices which do not have access to the Microsoft Store are not expected to be affected by this issue. And here's what the updated version of it is now: Note: Our investigations indicate that this issue is not caused by an HP update. In most cases, it should be possible to use the printer as expected, including queueing printing jobs, as well as other features such as copy, scan, or fax. Printers on the device will continue to use the expected drivers for printer operations. However, this issue might affect associations with other manufacturer-supplied printer apps used to extend basic printer capabilities. If this is the case, some or all of those extended functions might not work. As the symptoms are related to the automatic installation of the HP Smart app, Windows devices which do not have access to the Microsoft Store are not expected to be affected by this issue. You can view the issue on this page on Microsoft's official health dashboard website. On a somewhat related note, in case it isn't HP but you instead find Canon driver installed on your PC even if you don't have one, do leave your comment on this thread started by Neowin forum member cosrocket. We are trying to understand if this is an isolated case or more widespread.

Accessing new Windows Server Insider Preview versions should be easier in early 2024 by John Callaham In addition to the Windows Insider Program, Microsoft also has a Windows Server Insider Program for people who want to try out upcoming builds of its server-based operating system. However, instead of the automatic downloads that are available for Windows Insider Program members, the people who want new Windows Server Insider builds have to download them manually. That is going to change in early 2024. In a section of today's blog post announcing a new Canary Channel build of Windows 11, Microsoft also announced its plans to make it easier for Windows Server Insiders to get new preview builds: With Windows Server Preview Build 26010, we are introducing the ability to receive Server flights just like on client (desktop). To set up flighting on Server, just navigate to Settings > Windows Update > Windows Insider Program to opt in your device. Flighting will only be available for the Canary Channel and flights for Server will begin in early 2024 so you won’t receive any new builds until then. Our intention is to flight the same builds as client (desktop) for Server flights but the schedule in which we release Server flights might differ slightly (for example – Server releases bi-weekly). Flighting for Server only applies to the Desktop Experience only. Flighting enabled for Windows Server Previews in Settings. The blog post makes a reference to another article that is supposed to explain more about these changes to the Windows Server Insider Program. However, as of this writing, that post has yet to go live. As the blog mentions, this new feature will launch after the holiday season in early 2024 with Windows Server Preview build 26010, so you should have plenty of time to get your PC ready for these updates if you are a member of the Canary Channel of the Windows Insider Program.

Microsoft's "Windows 11 24H2" mention could throw a wrench at the 'Windows 12' rumor mill by Sayan Sen Update: A new report suggests Windows "12" is launching in June 2024. As we near the end of 2023, the hype and excitement around the next version of Windows in the Windows and the general tech enthusiast community is palpable. That's because it is expected that Microsoft will be releasing the next major Windows version, casually referred to by the community as 'Windows 12' next year. In case you haven't been paying attention to the Windows 12 rumors and leaks, a report from back in mid-2022 suggested that Microsoft would be going back to its three-year upgrade cadence, which implied that Windows 11, which landed in 2021, would be succeeded by a new Windows version in 2024. We recently speculated that Windows 12 could indeed become a real thing next year given how Microsoft seemingly did not deny the existence of a "New Windows Client". While that may have been a stretch on our part given how Microsoft can not publicly comment on unannounced leaks and rumors, there have been an overwhelming number of reports suggesting that the next Windows version could indeed be landing in 2024. A senior Intel executive stated that a "Windows refresh" was happening, though once again, there was no specific confirmation of the version name as "Windows 12." As we wait with bated breath to see what actually ends up happening next year, Microsoft may have unknowingly helped to ease the hype and excitement built up around it a bit; or perhaps it has made things even more interesting depending on how you look at it. Inside a group policy related to the new DMSA (Delegated Managed Service Account) feature in Active Directory (AD), X (formerly Twitter) user and Windows enthusiast Xeno, spotted the mention of "Windows 11 Version 24H2" as a requirement for the DMSA group policy. The first image below shows the screenshot of the group policy (GP) in focus whereas the image below shows the ADML Administrative Template file of that GP: The mention of Windows 11 24H2 could mean a few things here. Perhaps Microsoft is simply using it as a placeholder name for Windows 12, though that seems a bit too unlikely given how it gets a mention inside a GP. It could also be a 2024 feature update for Windows 11, separate from the Windows 12 release, similar to how Windows 10 version 21H2 co-existed with Windows 11 21H2. Lastly, it is possible that "24H2" could simply be an error. If you are wondering what DMSA is, Microsoft announced the new feature this week. You can watch its video on the Windows IT Pro YouTube channel. The full announcement can be viewed here.

Windows Server vNext build 25997 for Insiders adds SMB over QUIC in more editions by John Callaham Microsoft has released the latest Windows Server build for people in the Windows Server Insider Program. It has the build number of 25997 and, among many changes, adds SMB over QUIC to the Datacenter and Standard editions The new version is available to download as an ISO from the Windows Server Insider website along with a VHDX. It contains both the (Windows 11) Desktop Experience as well as a Server Core installation option for Datacenter and the Standard edition. There's also an Azure Edition, but it's only available via virtual machines. Here is the changelog: What's New SMB over QUIC now available in Datacenter and Standard editions Starting with this build (Build 25997), the SMB over QUIC server feature is now available in Windows Server Datacenter and Standard editions. This changes the previous behavior, where it was only available in Windows Server Azure Edition. For more information on this change, review https://aka.ms/SMBoverQUICServer. For more information on SMB over QUIC, review https://aka.ms/SMBoverQUIC. SMB firewall rule changes Starting with this build (Build 25997), creating SMB shares changes a longtime Windows Defender Firewall default behavior. Previously, creating a share automatically configured the firewall to enable the rules in the “File and Printer Sharing” group for the given firewall profiles. Now, Windows automatically configures the new “File and Printer Sharing (Restrictive)” group, which no longer contains inbound NetBIOS ports 137-139. We plan future updates for this rule to also remove inbound ICMP, LLMNR, and Spooler Service ports and restrict down to the SMB sharing-necessary ports only. This change enforces a higher default standard for network security as well as bringing SMB firewall rules closer to the Windows Server “File Server” role behavior. Administrators can still configure the “File and Printer Sharing” group if necessary as well as modify this new firewall group. For more information on this change, review https://aka.ms/SMBfirewall. For more information on SMB network security, review Secure SMB Traffic in Windows Server. SMB NTLM blocking exception list Starting with this build (Build 25997), the new SMB NTLM blocking feature first announced in Windows 11 Insider Preview Build 25951 now supports specifying exception lists for NTLM usage. This allows an administrator to configure a general block on NTLM usage while still allowing clients to use NTLM for specific servers that do not support Kerberos, either because they are not Active Directory domain joined or are a third party without Kerberos support. For more information on this change, review https://aka.ms/SmbNtlmBlock. SMB alternative client and server ports Starting with this build (Build 25997), the SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using alternative network ports to the hardcoded defaults. Previously, SMB only supported TCP/445, QUIC/443, and RDMA iWARP/5445. In addition, the SMB over QUIC server in Windows Server will add support for SMB over QUIC endpoints configured with different ports than 443 in a future preview release. Windows Server will not support configuring alternative SMB server TCP ports, but third parties such as Samba do. You can specify an alternative SMB client port using the NET USE command and New-SmbMapping PowerShell cmdlet. You can also completely disable this feature with a group policy. For more information on using this option, review https://aka.ms/SMBAlternativePorts. For more information on configuring non-standard SMB server ports in third parties, consult their product documentation. SMB over QUIC client access control certificate changes Starting with this build (Build 25997), the SMB over QUIC client access control feature first announced in Windows 11 Insider Preview Build 25977 now supports using certificates with subject alternative names and not just a single subject. This means the client access control feature now supports using a Microsoft AD Certificate Authority and multiple endpoint names, just like the currently released version of SMB over QUIC. You can now evaluate the feature using the recommended options and not require self-signed test certificates. For more information on this change, review https://aka.ms/SmbOverQUICCAC. For more information on SMB over QUIC, review https://aka.ms/SMBoverQUIC. The following new features are specific to Windows Server with Desktop Experience only. Some of these will require running the OS on physical systems AND having the right drivers on hand. Additions to Accounts: Email & Accounts is now consistent with Windows 11. Please note, that domain join will still be necessary for most scenarios. Increased coverage for Bluetooth devices. Many of you want to use BT to connect mice, keyboards, and audio devices at the Edge. Please try out your favorite keyboard, mouse, headphones, or other BT peripheral! Wi-Fi present by default. Many of you want to connect servers to Wi-Fi networks at the Edge. While Wireless LAN service has been present in Windows Server, it was disabled by default. Wi-Fi support is now currently enabled by default for Edge scenarios. You will need the appropriate hardware and drivers handy. Please verify that your wireless devices work properly. When hardware and the correct drivers are present, see the corresponding Settings and Taskbar experiences. Let us know what you think! First login privacy settings: This is not the final version, but you will notice a Windows 11 like first login “OOBE” experience, albeit limited to user privacy settings. .Known Issues The new Feedback Hub and Terminal apps are not functioning properly in this release due to known issues. These will be addressed in a future release. Please continue to submit feedback as described in the "We value your feedback!" section below. If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build. This build has an issue where archiving eventlogs with "wevetutil al" command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing "Start-Service EventLog" from an administrative command line prompt. If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build. The Windows Server Preview currently is on the same build number as the current Windows 11 Insider Canary channel, which might indicate we won't see a new Server version until 2024 when Windows 12 is expected to be released. Here's some more important info on this release: Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire on September 15, 2024. You can download the build here, and find the official announcement here.

Microsoft: IOMMU, VBS part of what's causing EPYC Windows Server VMware BSODs, boot fails by Sayan Sen Microsoft has confirmed that the latest October 2023 Patch Tuesday for Windows Server 2022 (KB5031364) is triggering blue screens of death (BSODs) upon start up failures on VMware ESXi hypervisors with the error / stop code "PNP DETECTED FATAL ERROR". Microsoft has identified that the issue is not affecting all systems or configurations and is isolated to the ones where AMD's EPYC server processors are at the heart of them. These virtual machines (VMs) are set up in a way such that the following settings are enabled: Virtualization-based Security or VBS, IOMMU or Input-Output Memory Management Unit, and System Guard Secure Launch. On the Windows health dashboard, Microsoft writes: After installing KB5031364 on virtual machines (VMs) running on VMware ESXi hosts, Windows 2022 might fail to start up. Affected VMs will receive an error with a blue screen and Stop code : PNP DETECTED FATAL ERROR. This issue only affects guest VMs with the following configuration on VMware ESXi hosts only: AMD Epyc physical processor "Expose IOMMU to guest OS" enabled in VMware settings for the VM. “Enable Virtualization Based Security” enabled in Windows Server 2022. "System Guard Secure Launch" enabled in Windows Server 2022. Microsoft has provided a workaround for the issue as well which involves disabling the "Expose IOMMU to guest OS" option. Workaround: To mitigate this issue, you can disable "Expose IOMMU to guest OS". Important: This workaround should only be used in environments which do not require "Expose IOMMU to guest OS" to be enabled. For those unaware, this option allows the guest OS to improve I/O bus performance thanks to DMA (or direct memory access) of the system RAM. As far as when a permanent fix is coming, the tech giant claims it should be available around the middle of the month so expect the upcoming November 2023 Patch Tuesday to resolve the issue. You can read about the problem on this page on Microsoft's official website.

Windows Server vNext build 25987 for Insiders improves SMB over QUIC features by John Callaham Microsoft has released the latest Windows Server build for people in the Windows Server Insider Program. It has the build number of 25987 and includes improvements of SMB over QUIC features. The new version is available to download as an ISO from the Windows Server Insider website along with a VHDX. It contains both the (Windows 11) Desktop Experience as well as a Server Core installation option for Datacenter and the Standard edition. There's also an Azure Edition, but it's only available via virtual machines. There is a dedicated blog post for this new release. Here are the main details: What's New SMB over QUIC now supports additional access control options for clients. This improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. With this new option, administrators can restrict which clients can access SMB over QUIC servers. This option gives organizations additional SMB over QUIC connection protections but does not change the Windows authentication used to make the SMB connection or the end user experience. This new feature requires both the Windows 11 Insider Preview Build 25977 as well as a Windows Server Insider Preview Build 25977 (or higher) running in a VM. For more information on configuring SMB over QUIC client access control, review https://aka.ms/SmbOverQuicCAC. The following new features are specific to Windows Server with Desktop Experience only. Some of these will require running the OS on physical systems AND having the right drivers on hand. Additions to Settings>Accounts: Email & Accounts is now consistent with Windows 11. Please note, that domain join will still be necessary for most scenarios. Increased coverage for Bluetooth devices. Many of you want to use BT to connect mice, keyboards, and audio devices at the Edge. Please try out your favorite keyboard, mouse, headphones, or other BT peripheral! Wi-Fi present by default. Many of you want to connect servers to Wi-Fi networks at the Edge. While Wireless LAN service has been present in Windows Server, it was disabled by default. Wi-Fi support is now currently enabled by default for Edge scenarios. You will need the appropriate hardware and drivers handy. Please verify that your wireless devices work properly. When hardware and the correct drivers are present, see the corresponding Settings and Taskbar experiences. Let us know what you think! First login privacy settings: this is not the final version, but you will notice a Windows 11 like first login “OOBE” experience, albeit limited to user privacy settings. Known Issues If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build. This build has an issue where archiving eventlogs with "wevetutil al" command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing "Start-Service EventLog" from an administrative command line prompt. If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build. The Windows Server Preview currently is on the same build number as the current Windows 11 Insider Canary channel, which might indicate we won't see a new Server version until 2024 when Windows 12 is expected to be released. Here's some more important info on this release: Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire on September 15, 2024. You can download the build here, and find the official announcement here.

Windows Server vNext build 25977 for Windows Insiders has new Desktop Experience features by John Callaham Microsoft has released a new build of the Windows Server Long-Term Servicing Channel (LTSC) Preview. Today's build 25977 is now available to download as an ISO from the Windows Server Insider website along with a VHDX. It contains both the (Windows 11) Desktop Experience as well as a Server Core installation option for Datacenter and the Standard edition. There's also an Azure Edition, but it's only available via virtual machines. There is a dedicated blog post for this new release. Here are the main details: What's New These new features are specific to Windows Server with Desktop Experience only. Some of these will require running the OS on physical systems AND having the right drivers on hand. Additions to Settings>Accounts: Email & Accounts is now consistent with Windows 11. Please note, that domain join will still be necessary for most scenarios. Increased coverage for Bluetooth devices. Many of you want to use BT to connect mice, keyboards, and audio devices at the Edge. Please try out your favorite keyboard, mouse, headphones, or other BT peripheral! Wi-Fi present by default. Many of you want to connect servers to Wi-Fi networks at the Edge. While Wireless LAN service has been present in Windows Server, it was disabled by default. Wi-Fi support is now currently enabled by default for Edge scenarios. You will need the appropriate hardware and drivers handy. Please verify that your wireless devices work properly. When hardware and the correct drivers are present, see the corresponding Settings and Taskbar experiences. Let us know what you think! First login privacy settings: this is not the final version, but you will notice a Windows 11 like first login “OOBE” experience, albeit limited to user privacy settings. Known Issues If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build. This build has an issue where archiving eventlogs with "wevetutil al" command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing "Start-Service EventLog" from an administrative command line prompt. If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build. The Windows Server Preview currently is on the same build number as the current Windows 11 Insider Canary channel, which might indicate we won't see a new Server version until 2024 when Windows 12 is expected to be released. Here's some more important info on this release: Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire on September 15, 2024. You can download the build here, and find the official announcement here.

Microsoft confirms "65000" BitLocker encryption error is haunting Windows 11 and Windows 10 by Sayan Sen Microsoft has confirmed a new issue that is affecting all Windows client versions, be it on Windows 11 (22H2, 21H2), Windows 10 (22H2, 21H2, and Enterprise LTSC 2019). The bug is related to BitLocker CSP encryption reporting. The BitLocker configuration service provider (CSP) is used by the enterprise to manage the encryption of PCs and devices. According to Microsoft, a "65000" error code is being displayed in the "Require Device Encryption" setting on Intune for Mobile Device Management (MDM). The tech giant notes here that other than Intune, similar third-party apps may be affected too. It explains: Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies set to enabled and selecting either "full encryption" or "used space only". Microsoft Intune is affected by this issue but third-party MDMs might also pe affected. Important: This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. Although Microsoft has not been able to devise a resolution for this issue yet, the company has provided a simple workaround that can mitigate it. It involves changing the policy settings to "not configured". Workaround: To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured. Next steps: We are working on a resolution and will provide an update in an upcoming release. You can read more about the issue on Microsoft's health dashboard website.

A quick look back at Microsoft's Windows Home Server and its official children's book by John Callaham In just a few days, Microsoft will end support for Windows Server 2012 after over 11 years on the market. Ironically, the launch of the server OS in 2012 was also the official end for another server product from Microsoft that had first gone on sale on October 10, 2007, nearly 16 years ago. It was called Windows Home Server, and it was an effort to expand Microsoft's home operating systems beyond just PCs. Microsoft co-founder Bill Gates officially announced Windows Home Server during his CES 2007 keynote in January 2007. Microsoft's press release for the reveal stated this about this new OS at the time: Windows Home Server automatically backs up home PCs and provides a central location for storing a family’s photographs, music, videos and documents. Using a personalized Windows Live Internet address, people will be able to remotely access digital content on Windows Home Server when they are away from home. Windows Home Server was based on Windows Server 2003 R2 but was designed to be easier to use compared to the fairly complex user interface included with "normal" server-based operating systems. Microsoft created the Home Server Console for the OS, designed to be accessed remotely from a connected home PC. Because of this, hardware made specifically for Windows Home Server didn't need a video card. The first version of Windows Home Server had a very interesting feature called File Extender. Here's how Microsoft described it in a blog post from February 2007: Windows Home Server Drive Extender provides the reliability benefits of RAID (Redundant Array of Independent Disks) with the ability to use internal and/or external hard drives (USB 2.0 or FireWire) of varying sizes for additional storage. Once you add an external hard disk it is considered part of the home server storage, and you should not plan on removing it unless you no longer need it attached to your home server. New hard drives added to Windows Home Server are formatted before they are added to the available disk space, so be sure to copy any valuable content off of an external hard drive before running the Add wizard in the Windows Home Server Console. HP was the first to announce a hardware product made specifically for Windows Home Server with its HP MediaSmart Server product. Later, in 2007, other PC makers like Fujitsu-Siemens, Gateway, Iomega, Lacie, and Medion pledged to make their own hardware products that would use Windows Home Server. The launch of the OS also came with one of the oddest promotions Microsoft ever did. The company released a short illustrated children's book called, we kid you not, Mommy, Why is There a Server in the House? It's both fun to read and also very strange. You can check it out on the Internet Archive website. The release of Windows Home Server and the first hardware devices, like the HP Media Server, ended up being a sales disappointment all around. In December 2010, HP said it would no longer make its MediaSmart Servers, which was a huge blow for the Home Server OS. In 2010, Microsoft announced plans for a major update to Windows Home Server, called, naturally, Windows Home Server 2011. However, the "update" got rid of its File Extender feature. At the time, Microsoft stated that many customers complained about the it. Microsoft claimed that users said if its drive replication feature didn't work, they could lose their data. Another reason that was given for this feature's removal was that hard drives themselves were getting bigger, so there was no need to merge several disks into one storage pool. That decision didn't make many fans of Windows Home Server very happy at all. File Extender was an easy way to expand storage with multiple drives, and the feature's removal likely was the final nail in the operating system's coffin. Windows Home Server 2011 launched in March 2011, but the damage had already been done. In July 2012, when Microsoft revealed the SKUs for Windows Server 2012, the Home Server was not among those listed. Microsoft quickly confirmed that it would no longer release any future versions of Windows Home Server, stating it would focus "our efforts into making Windows Server 2012 Essentials the ideal first server operating system for both small business and home use." Today, home use of server hardware is mostly for tech enthusiasts and home theater fans who want to watch their movies on a local hard drive rather than from a streaming service. Microsoft's attempt at expanding its server OS in the home fell far short.

Windows Server vNext build 25967 for Windows Insiders is now available by John Callaham Microsoft has released a new build of the Windows Server Long-Term Servicing Channel (LTSC) Preview. Today's build 25967 is now available to download as an ISO from the Windows Server Insider website along with a VHDX. It contains both the (Windows 11) Desktop Experience as well as a Server Core installation option for Datacenter and the Standard edition. There's also an Azure Edition, but it's only available via virtual machines. There is a dedicated blog post for this new release. However, it has the same release notes as the previous ones for builds 25931, 25941, and 25951, with one small exception. The change is that this new build won't expire until September 15, 2024. Having said that here is the changelog: What's New Azure Arc-enabled Servers onboarding experience is now available in the latest Windows Server Insider Desktop build. Find the new Azure Arc icon in the system tray (bottom right corner of the taskbar). Try installing and configuring the (free) Azure Connected Machine Agent using the Azure Arc Setup wizard that can be launched from the system tray icon. Once Azure Arc is enabled on your server, find status information in the system tray icon. Server Datacenter Insiders! Take Terminal command line utility on Windows Server for a test run! Search for "Terminal" on the latest Server Datacenter Insider build and launch the application. Storage Replica Enhanced Log is now available in the latest Windows Server Insider build. Enhanced Log provides improved performance for block replication by removing file system abstractions – and their performance costs – from the Storage Replica log implementation. More info, and deployment instruction, is available on Learn: link. Known Issues If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build. This build has an issue where archiving eventlogs with "wevetutil al" command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing "Start-Service EventLog" from an administrative command line prompt. If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build. The Windows Server Preview currently is on the same build number as the current Windows 11 Insider Canary channel, which might indicate we won't see a new Server version until 2024 when Windows 12 is expected to be released. Here's some more important info on this release: Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire on September 15, 2024. You can download the build here, and find the official announcement here.

Reminder: Support for Windows Server 2012 and 2012 R2 will end on October 10 by John Callaham As we start the month of October, one of Microsoft's longest-running Windows Server versions is finally coming to the end of its official support very soon. Windows Server 2012, and its Windows Server 2012 R2 update, with both reaching the end of their lifecycles on October 10, 2023. Microsoft's lifecycle support page states: After this date, these products will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates. The original Windows Server 2012, which was based on Windows 8, hit the RTM stage on August 1, 2012, and it officially launched to the general public on September 4, 2012. Ironically, Windows Server 2012 will end up lasting much longer than Windows 8, which reached its end of life in 2016. It even lasted longer than Windows 8.1. Microsoft ended its official support in January 2023. Microsoft had four different SKUs for Windows Server 2012. Essentials was the cheapest at $425, followed by Standard at $882, and then there was the Datacenter SKU at $4.809. There was another SKU, Foundation, that was made for OEM businesses and had no public price tag. Just like Microsoft quickly released Windows 8.1 a year after the launch of Windows 8, it also launched Windows Server 2012 R2 in the same time frame. It went gold on August 27, 2013, and officially launched on October 14, 2013. While official support for Windows Server 2012 and 2012 is ending in a few days, businesses who still need time to transition to a more recent version of the server OS do have options. One is they can access up to three years of extended security updates on Microsoft's Azure cloud services. Businesses who need on-site access to Windows Server 2012 can also get  Extended Security Updates (ESUs) for three years, until October 13, 2026, but that will cost an undisclosed amount of money. Finally, businesses can just update to the most current version of the OS, Windows Server 2022, which launched in September 2022.

Windows Server vNext build 25951 for Windows Insiders is now available by John Callaham Microsoft has released a new build of the Windows Server Long-Term Servicing Channel (LTSC) Preview. Today's build 25951 is now available to download as an ISO from the Windows Server Insider website along with a VHDX. It contains both the (Windows 11) Desktop Experience as well as a Server Core installation option for Datacenter and the Standard edition. There's also an Azure Edition, but it's only available via virtual machines. There is a dedicated blog post for this new release. However, it has the same release notes as the previous ones for builds 25931 and 25941. Having said that here is the changelog: What's New Azure Arc-enabled Servers onboarding experience is now available in the latest Windows Server Insider Desktop build. Find the new Azure Arc icon in the system tray (bottom right corner of the taskbar). Try installing and configuring the (free) Azure Connected Machine Agent using the Azure Arc Setup wizard that can be launched from the system tray icon. Once Azure Arc is enabled on your server, find status information in the system tray icon. Server Datacenter Insiders! Take Terminal command line utility on Windows Server for a test run! Search for "Terminal" on the latest Server Datacenter Insider build and launch the application. Storage Replica Enhanced Log is now available in the latest Windows Server Insider build. Enhanced Log provides improved performance for block replication by removing file system abstractions – and their performance costs – from the Storage Replica log implementation. More info, and deployment instruction, is available on Learn: link. Known Issues If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build. This build has an issue where archiving eventlogs with "wevetutil al" command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing "Start-Service EventLog" from an administrative command line prompt. If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build. The Windows Server Preview currently is on the same build number as the current Windows 11 Insider Canary channel, which might indicate we won't see a new Server version until 2024 when Windows 12 is expected to be released. Here's some more important info on this release: Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire on September 15, 2023. You can download the build here, and find the official announcement here.

Microsoft reminds about Windows DC Kerberos Netlogon full enforcement which is coming up by Sayan Sen Microsoft has published a reminder today about the upcoming Full Enforcement phase of Windows Netlogon and Kerberos hardening next month. The changes will be deployed via the October 2023 Patch Tuesday which will be released on 10th of October. The full timeline is available in this dedicated article. The deployment phase ended back in June and a month later in July, via the monthly Patch Tuesday, the initial Enforcement Phase was released: The Windows updates released on or after July 11, 2023 will do the following: Removes the ability to set value 1 for the KrbtgtFullPacSignature subkey. Moves the update to Enforcement mode (Default) (KrbtgtFullPacSignature = 3) which can be overridden by an Administrator with an explicit Audit setting. In case you are not aware, this hardening is meant to address a security bypass and elevation of privilege vulnerabilities with Privilege Attribute Certificate (PAC) signatures in the Netlogon and Kerberos protocols (tracked under ID "CVE-2022-37967"). On its health dashboard website, the tech giant writes: Reminder: Security hardening changes for Netlogon and Kerberos effective October 10, 2023 Windows updates release November 8, 2022 and later include changes that address security vulnerabilities affecting Windows Server domain controllers (DC). Among the addressed vulnerabilities is a Kerberos security bypass and elevation of privilege scenario involving alteration of Privilege Attribute Certificate (PAC) signatures. Changes to address this issue have been released following a series of phases throughout 2023, and are reaching the final stage of enforcement in October. Administrators should observe changes which affect Kerberos protocol requirements and are coming into effect with the Windows updates released on and after October 10, 2023. October 10, 2023 - Full Enforcement phase Windows updates released on and after this date will have the following effect: Remove the ability to disable PAC signature addition (previously done via the registry subkey KrbtgtFullPacSignature) Remove support for Audit mode (this enabled authentication whether PAC signatures were missing or invalid, and created audit logs for review). Deny authentication to incoming service tickets without the new PAC signatures. The phase described above is the final phase of these security hardening measures. All domain-joined, machine accounts are affected by these vulnerabilities. You may find more details about the topic on this page (KB5020805) on Microsoft's official website.

Mastering Windows Server 2022 - Fourth Edition ($39.99 Value) FREE download by Steven Parker Claim your complimentary eBook (worth $39.99) before the offer expires on September 13. Written by a 10-time Microsoft MVP award winner with over 20 years of IT experience, Mastering Windows Server 2022 is a hands-on guide to administer any Windows Server environment. Whether new to the server world or working to keep your existing skills sharp, this book aims to be referenced on a regular basis instead of gathering dust on your shelf. Updated with Server 2022 content, this book covers a wide variety of information pertaining to your role as a server administrator. We will expand upon versions and licensing models for this OS, and explore the 'single pane of glass' administration methodology by utilizing tools like Server Manager, PowerShell, and even Windows Admin Center. This book is primarily focused on Windows Server 2022 LTSC version, but follow along as we discuss the latest news for SAC server releases as this impacts Containers, Nano Server, and general OS release cadence. This book covers a range of remote access technologies, and even teaches management of PKI and certificates. You will be empowered to virtualize your datacenter with Hyper-V, and deploy your own Remote Desktop Services "farm". Learn about Server Core, built-in redundancy, and explore troubleshooting skills. All this on top of chapters about core infrastructure technologies such as Active Directory, DNS, DHCP, and Group Policy. This free offer expires September 13. How to get it Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last! Mastering Windows Server 2022 - Fourth Edition ($39.99 Value) FREE download Offered by Packt Publishing, view their other free resources. Expires Sep 13. We post these because we earn commission on each lead so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. Other ways to support Neowin The above not doing it for you, but still want to help? Check out the links below. Check out our partner software in the Neowin Store Buy a T-shirt at Neowin's Threadsquad Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: An account at Neowin Deals is required to participate in any deals powered by our affiliate, StackCommerce. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site.

Windows Server vNext build 25941 for Windows Insiders is now available by John Callaham Microsoft has released a new build of the Windows Server Long-Term Servicing Channel (LTSC) Preview. Today's build 25941 is now available to download as an ISO from the Windows Server Insider website along with a VHDX. It contains both the (Windows 11) Desktop Experience as well as a Server Core installation option for Datacenter and the Standard edition. There's also an Azure Edition, but it's only available via virtual machines. There is a dedicated blog post for this new release. However, it has the same release notes as the previous one for build 25931. Having said that here is the changelog: What's New Azure Arc-enabled Servers onboarding experience is now available in the latest Windows Server Insider Desktop build. Find the new Azure Arc icon in the system tray (bottom right corner of the taskbar). Try installing and configuring the (free) Azure Connected Machine Agent using the Azure Arc Setup wizard that can be launched from the system tray icon. Once Azure Arc is enabled on your server, find status information in the system tray icon. Server Datacenter Insiders! Take Terminal command line utility on Windows Server for a test run! Search for "Terminal" on the latest Server Datacenter Insider build and launch the application. Storage Replica Enhanced Log is now available in the latest Windows Server Insider build. Enhanced Log provides improved performance for block replication by removing file system abstractions – and their performance costs – from the Storage Replica log implementation. More info, and deployment instruction, is available on Learn: link. Known Issues If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build. This build has an issue where archiving eventlogs with "wevetutil al" command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing "Start-Service EventLog" from an administrative command line prompt. If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build. The Windows Server Preview currently is on the same build number as the current Windows 11 Insider Canary channel, which might indicate we won't see a new Server version until next year when Windows 12 is expected to be released. Here's some more important info on this release: Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire on September 15, 2023. You can download the build here, and find the official announcement here.

Windows Server vNext build 25931 for Windows Insiders adds Azure Arc-enabled servers by John Callaham Microsoft has released a new build of the Windows Server Long-Term Servicing Channel (LTSC) Preview. Today's build 25931 is now available to download as an ISO from the Windows Server Insider website along with a VHDX. It contains both the (Windows 11) Desktop Experience as well as a Server Core installation option for Datacenter and the Standard edition. There's also an Azure Edition, but it's only available via virtual machines. The dedicated blog post for this new release includes a few new features, along with a small list of known issues: What's New Azure Arc-enabled Servers onboarding experience is now available in the latest Windows Server Insider Desktop build. Find the new Azure Arc icon in the system tray (bottom right corner of the taskbar). Try installing and configuring the (free) Azure Connected Machine Agent using the Azure Arc Setup wizard that can be launched from the system tray icon. Once Azure Arc is enabled on your server, find status information in the system tray icon. Server Datacenter Insiders! Take Terminal command line utility on Windows Server for a test run! Search for "Terminal" on the latest Server Datacenter Insider build and launch the application. Storage Replica Enhanced Log is now available in the latest Windows Server Insider build. Enhanced Log provides improved performance for block replication by removing file system abstractions – and their performance costs – from the Storage Replica log implementation. More info, and deployment instruction, is available on Learn: link. Known Issues If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build. This build has an issue where archiving eventlogs with "wevetutil al" command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing "Start-Service EventLog" from an administrative command line prompt. If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build. The Windows Server Preview currently is on the same build number as the current Windows 11 Insider Canary channel, which might indicate we won't see a new Server version until next year when Windows 12 is expected to be released. Here's some more important info on this release: Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire September 15, 2023. You can download the build here, and find the official announcement here.

Windows Server vNext build 25921 is released to Windows Insiders with some new features by John Callaham Microsoft has released a new build of the Windows Server Long-Term Servicing Channel (LTSC) Preview. Today's build 25921 is now available to download as an ISO from the Windows Server Insider website along with a VHDX. It contains both the (Windows 11) Desktop Experience as well as a Server Core installation option for Datacenter and the Standard edition. There's also an Azure Edition, but it's only available via virtual machines. There is a dedicated blog post for this new release which does have a changelog for the first time in a long time for a Windows Server Insider launch: What's New Server Datacenter Insiders! Take Terminal command line utility on Windows Server for a test run! Search for "Terminal" on the latest Server Datacenter Insider build and launch the application. Storage Replica Enhanced Log is now available in the latest Windows Server Insider build. Enhanced Log provides improved performance for block replication by removing file system abstractions – and their performance costs – from the Storage Replica log implementation. More info, and deployment instruction, is available on Learn: link. There are also a few known issues with this release: If you are validating upgrades from Windows Server 2019, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build. This build has an issue where archiving eventlogs with "wevetutil al" command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing "Start-Service EventLog" from an administrative command line prompt. If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build. The Windows Server Preview currently is on the same build number as the Windows 11 Insider Canary channel, which might indicate we won't see a new Server version until next year when Windows 12 is expected to be released. Here's some more important info on this release: Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire September 15, 2023. You can download the build here, and find the official announcement here.

A quick look back at the launch of Windows NT 3.1, 30 years today by John Callaham Before 1993, Microsoft had developed its MS-DOS operating system, along with its graphical UI-based Windows OS, which was built on top of MS-DOS for backwards compatibility with older applications. However, the company wanted to make a new OS that combined the graphical interface of Windows but could do more than what the 16-bit MS-DOS was capable of doing. The final result was Microsoft Windows NT 3.1, which 'went gold' (released to manufacturing) 30 years ago today, on July 27, 1993. In addition to Windows NT 3.1, which was made for the enterprise and workstation market, Microsoft also launched a Windows NT 3.1 Advanced Server, which was created for server computers, as the name indicates. Yes, that does mean that today is also the 30th birthday of Windows Server. Microsoft even celebrates that milestone today with a blog post. The post stated: This remarkable release, equipped with 32-bit architecture and boasting processor independence, ushered in a new era of computing capabilities. Among its prominent features were preemptive multitasking, multiprocessing, and multiuser support, which collectively elevated the standard of operating systems. Windows NT Server 3.1 laid the cornerstone for a multitude of subsequent Windows and Windows Server iterations. According to the 1998 book Microsoft Secrets by authors Michael A. Cusumano and Richard W. Shelby, the genesis of Windows NT 3.1 started a few years earlier in 1988. At the time, Microsoft ruled the PC world with MS-DOS and the first early versions of Windows. However, there were growing concerns from the company's co-founder Bill Gates and its chief technical officer Nathan Myhrvold that the combination of CPUs with RISC architectures and Unix operating systems could be a threat to Microsoft's hold on computing. Gates hired Dave Cutler, who previously worked at DEC (Digital Equipment Corporation) to lead the development of Windows NT 3.1. Originally, the plan was to work with IBM on a version of its OS/2 operating system. Also, the base CPU architecture for the new OS was the Intel i860, which was based on the RISC chip design. However, Microsoft eventually decided to ditch its partnership with IBM and its OS/2 system, thanks in part to the success of Windows 3.0, which launched in 1990. A decision was also made to make the OS work with Intel chips that had its standard x86 architecture, which Intel has continued to support to this day. The system requirements for Windows NT 3.1 for Intel x86 chips were pretty high for 1993. It needed a CPU with at least 25 MHz of clock speed, along with 12MB of RAM, 75MB of hard drive space, and a VGA graphics card. The OS also could be used with PCs with processors that used the MIPS and DEC Alpha architectures. Windows NT 3.1 could do a lot of things that the standard Windows operating systems of that era could not do. Today's blog post from Microsoft summarizes it best: This remarkable release, equipped with 32-bit architecture and boasting processor independence, ushered in a new era of computing capabilities. Among its prominent features were preemptive multitasking, multiprocessing, and multiuser support, which collectively elevated the standard of operating systems. Windows NT Server 3.1 laid the cornerstone for a multitude of subsequent Windows and Windows Server iterations. Sales of the OS were light to moderate. There was a lack of pure 32-bit applications that could run on Windows NT 3.1 at the time, and as we stated previously, the system requirements were on the high side at that time. Despite this, the influence of this OS on future Microsoft Windows OS releases, including ones made for consumer PCs, continues to this day. As an Amazon Associate when you purchase through links on our site, we earn from qualifying purchases.

Rust-based malware used to hack both Windows and Linux servers by Sayan Sen Neowin readers and the community, in general, got pretty excited when Microsoft first revealed it was adding Rust to the Windows 11 kernel. That was back in April at the BlueHat IL 2023 conference, and around a month later, on May 11 (or 10th, depending on where you live), the company announced that Rust was now live inside the kernel of Windows 11 Insider builds. Microsoft's David Weston, Vice President, Enterprise and OS Security, explained that a reason for adding Rust was to improve the security of the Windows 11 memory system as Rust is considered memory-safe and type-safe. Interestingly, security researchers at Palo Alto Networks have discovered a new peer-to-peer (P2P) worm, dubbed P2PInfect, that is built on Rust, and the malware affects both Windows and as well as Linux-based Redis (Remote Dictionary Server) servers. The worm is exploiting the Lua Sandbox Escape vulnerability which has been tracked under CVE-2022-0543 since 2022. This could lead to remote code execution (RCE). In its blog post, Palo Alto Networks explains: Written in Rust, a highly scalable and cloud-friendly programming language, this worm is capable of cross-platform infections and targets Redis, a popular open-source database application that is heavily used within cloud environments. [...] The P2PInfect worm infects vulnerable Redis instances by exploiting the Lua sandbox escape vulnerability, CVE-2022-0543. While the vulnerability was disclosed in 2022, its scope is not fully known at this point. However, it is rated in the NIST National Vulnerability Database with a Critical CVSS score of 10.0. Additionally, the fact that P2PInfect exploits Redis servers running on both Linux and Windows operating systems makes it more scalable and potent than other worms. A P2P worm is a type of worm that takes advantage of the mechanics of a P2P network to distribute a copy of itself to unsuspecting P2P users. Therefore, essentially, after dropping an initial malicious payload P2PInfect establishes P2P communication to a larger network and downloads additional malicious binaries. Hence the chain continues infecting other Redis server instances. You can find more technical details about the P2PInfect malware campaign on Palo Alto's website.

Microsoft stopped supporting Windows Server 2003 8 years ago today by Omer Dursun Microsoft ended Windows Server 2003's Mainstream Support on July 13, 2010, and Extended Support on July 14, 2015. This means it would no longer provide security updates, technical support, or software updates for this server-based operating system. Windows Server 2003 was released in 2003 and has been a popular choice for businesses and organizations for many years. Windows Server 2003 included a number of new features. One of them was ditching the old-fashioned rescue disk. Instead, it used Automated System Recovery, which, as the name suggested, automated the task of creating a restore point. That was first added in Windows XP Professional. It was also the last Windows Server version to work with processors without ACPI (Advanced Configuration and Power Interface) support. Two service packs for Windows Server 2003 were released, with the first on March 30, 2005, and the second on March 13, 2007. Also, Windows Server 2003 R2, which bundled the first service pack and some optional new features, was launched on December 6, 2005. However, it is an outdated operating system for 2000's technology and no longer secure. Here is a list of all the editions of Windows Server 2003: Datacenter (32-bit x86) Datacenter (x64) Datacenter for Itanium-Based Systems Enterprise (32-Bit x86) Enterprise for Itanium-based Systems Enterprise X64 Standard (32-bit x86) Web According to StatCounter's latest report for June 2023, Windows Server 2003 is used by 0.02 percent of all working Windows PCs. So, if you are still using Windows Server 2003, upgrade to a newer, supported OS as soon as possible. Microsoft recommends upgrading to Windows Server 2012 R2 which will reach the end of support on October 10, 2023 or Windows Server 2016. Running an unsupported operating system can be a security risk. Without security updates, your server is more vulnerable to viruses, malware, and other threats. This could lead to data breaches, financial losses, and other security problems.

Microsoft details workaround for "old unsafe" guest access after making SMB signing default by Sayan Sen Earlier this month, Microsoft made Server Message Block (SMB) signing mandatory by default on all connections in order to improve the security of Windows and Windows Servers. The company, in a separate blog post, explained in more detail about the change. This was part of an ongoing effort from the Redmond giant, something which began last year. As a consequence of the change, guest access is also not possible, something that has been deemed "old unsafe" behavior as there is no way for validation. Today, Ned Pyle, who is a Principal Program Manager in the Windows Server engineering group, published a new Tech Community blog post discussing the issue of guest authentication and workarounds for it. When one tries guest access, they will be greeted by one of two of these messages: You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network. Error code: 0x80070035 The network path was not found. Pyle adds that the only to truly fix this is to stop using guest credentials as there is no way around the change. Hence, it is not really a "fix" and more like an acceptance. They explain: Fix The Microsoft recommended fix is to stop accessing your third-party devices using guest credentials. Anyone - anyone - who can see that device can access all your data without any password or audit trail. Device makers configure guest access so they won't have to deal with their customers forgetting their passwords or require a more complex setup process. These are unsafe places to store your personal or professional life. Many of these devices do have the ability to configure a username and password - consult your vendor docs. Others might have the ability with a software upgrade. And others might just be unsafe - for those, you should replace them with a trustworthy product and move all your data off the old device, ensure you wipe its drives clean, then recycle it. However, in case there is no way for access outside of guest authentication, then one has to disable the requirement for SMB singing, but this will expectedly lead to a more vulnerable environment. In the workaround section quoted below, Ned Pyle has laid out all the ways to disable default SMB signing: Workaround If you cannot disable the use of guest for your third party, you must disable the requirement of SMB signing. Obviously, this means that now not only are you using guest access, but you're also preventing your client from guaranteeing signing to a trusted device. That's why this is just a workaround, and we don't recommend it. You can disable the SMB signing requirement three ways: Graphical (local group policy on one device) Open the Local Group Policy Editor (gpedit.msc) on your Windows device. In the console tree, select Computer Configuration > Windows Settings > Security Settings> Local Policies > Security Options. Double-click Microsoft network client: Digitally sign communications (always). Select Disabled > OK. Command-line (PowerShell on one device) Open an administrator-elevated PowerShell console. Run: Set-SmbClientConfiguration -RequireSecuritySignature $false Domain-based group policy (on IT-managed fleets) Locate the security policy applying this setting to your Windows devices (you can use GPRESULT /H on a client to generate a resultant set of policy report to show which group policy is requiring SMB signing. In GPMC.MSC, change the Computer Configuration > Policies > Windows Settings > Security Settings> Local Policies > Security Options. Set Microsoft network client: Digitally sign communications (always) to Disabled. Apply the updated policy to Windows devices needing guest access over SMB. You can view the official blog post on the Tech Community blog post on Microsoft's site.

Microsoft rolls out third-phase DC hardening for Kerberos and Netlogon security flaw by Sayan Sen Yesterday was the second Tuesday of the month and as expected, Microsoft released Patch Tuesday updates on Windows 10 (KB5027215, among others), and Windows 11 (KB5027231). Servers also received Patch Tuesday updates and Microsoft rolled out the third phase of the ongoing domain controller (DC) hardening. Microsoft reminded users and admins of this upcoming change back in March. The hardening is meant to address a security bypass and elevation of privilege vulnerabilities with Privilege Attribute Certificate (PAC) signatures in the Netlogon and Kerberos protocols. On its Windows health dashboard site, the company has announced the rollout. It writes: The November 8, 2022 and later Windows releases include security updates that address security vulnerabilities affecting Windows Server domain controllers (DC). These protections follow a hardening change calendar and are released in phases. As previously announced, administrators should observe the following changes which are coming into effect following Windows updates released on and after June 13, 2023: Netlogon protocol changes: June 13, 2023: enforcement for Netlogon protocol using RPC sealing will be enabled on all domain controllers and vulnerable connections from non-compliant devices will be blocked. It is still possible to remove this enforcement, until July 2023. July 11, 2023: full enforcement of RPC sealing will begin and cannot be removed. Kerberos protocol changes: June 13: 2023: the ability to disable PAC signature addition will no longer be available, and domain controllers with the November 2022 security update or later will have signatures added to the Kerberos PAC Buffer. July 11, 2023: verification of signature will begin and cannot be prevented. Connections for missing or invalid signatures will continue to be allowed ("Audit mode" setting), however, they will be denied authentication beginning October 2023. Towards the end of April, Microsoft also published a complete timeline of the upcoming changes for Netlogon, Kerberos, and Azure Active Directory (AD) all the way up to 2024.

Following new ISOs, Microsoft releases special Defender update for Windows 11 install images by Sayan Sen Microsoft recently published new updated ISO install images for Windows 11 22H2 and Windows 10 22H2. The ISOs are based on the latest May Patch Tuesday. Following those, Microsoft has now released a new Defender anti-malware update package for Windows OS installation images, ie, for Windows Imaging Format (WIM) and VHD (Virtual Hard Disk) formats. The latest definitions support Windows 11, all editions of Windows 10, and Windows Servers 2016 and 2019. This update package is necessary as a Windows installation image may contain old, outdated anti-malware definitions and software binaries. Aside from better security, these updates can also provide improved performance benefits too in some cases. Microsoft is delivering the latest security definitions for Windows images via security intelligence update version 1.389.44.0. The Defender package version is 20230503.1. In the support document describing the new update, Microsoft explains: The first hours of a newly installed Windows deployment can leave the system vulnerable because of a Microsoft Defender protection gap. This is because the OS installation images may contain outdated antimalware software binaries. [..] Devices using either the Windows built-in antivirus or another security solution can benefit from these updates. [..] This article describes antimalware update package for Microsoft Defender in the OS installation images (WIM and VHD files). This feature supports the following OS installation images: Windows 11 Windows 10 (Enterprise, Pro, and Home editions) Windows Server 2019 Windows Server 2016 Version information Defender package version: 20230604.1 This package updates the anti-malware client, anti-malware engine, and signature versions in the OS installation images to following versions: Platform version: 4.18.23050.3 Engine version: 1.1.23050.3 Security intelligence version: 1.391.476.0 You can find details about the package and how to install it in the support article on Microsoft's official website. From Microsoft's security bulletin, we learn that the security intelligence update version 1.391.476.0 was released just a couple of days ago. It adds threat detections for various trojans, ransomware, and backdoor exploits, among others. For those wondering, the latest intelligence update is version 1.391.701.0 at the time of writing.