Windows 10 V1809: Issues with Update KB4494441

[German]At the moment there is some confusion about the cumulative update KB4494441 for Windows 10 Version 1809. And there are other issues, that have been reported.


Advertising

Update KB4494441 for Windows 10 V1809

Ccumulative update KB4494441 for Windows 10 Version 1809 was released on May 14, 2019 as a security update during the regular patchday. I reported about it in the blog post Patchday Windows 10 Updates (May 14, 2019). Microsoft mentioned two fixes. Retpoline protection will be enabled in this update as soon as Spectre V2 is enabled: 

  • Enables “Retpoline” by default if Spectre Variant 2 (CVE-2017-5715) is enabled. Make sure previous OS protections against the Spectre Variant 2 vulnerability are enabled using the registry settings described in the Windows Client and Windows Serverarticles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions). For more information about “Retpoline”, see Mitigating Spectre variant 2 with Retpoline on Windows.
  • Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions).

The update is also intended to introduce protection against the microarchitectural data sampling vulnerability called Zombieload.

Issues reported

There are some user comments reporting issues with update KB4494441 (see my German blog post Patchday Windows 10-Updates (14. Mai 2019)).

  • Update agent broken: Blog reader Tobias reported in this comment that the Windows Update Agent is broken after installing. Windows Update Agents reports error code 0x8024002E (agent *FAILED* [8024002E] CheckAccessByPolicy) during the next update search. This is also reported in this comment and should also occur with Windows 10 V1803).
  • Temporary user profile: This comment reports a temporary user profile is used after installing the update – but could be an isolated case.  
  • Hyper-V Hypervisor broken: In this comment it is reported that the Hypervisor for Hyper-V does not start on Windows Server 2019 anymore. 

In addition, there seems to be a bug that now also occurs under Windows 10 V1809 with this update installed.

  • Multiple reboots, multiple installations required: This comment reports that the update was installed multiple times on multiple systems. There is also a thread on reddit.com. This is well known (Microsoft has confirmed this here) and has been reported elsewhere. In the following section a user reports about several reboots. This comment notes that the Explorer no longer works.
  • Furthermore, users noticed that the build number does not change after the installation – I found it elsewhere – I remember that it worked after a new installation run.

The most serious thing I can see in this list: The update agent seems to be corrupted by the SSU or cumulative update and returns error 0x8024002E. The bug has also been reported earlier (see here and here). I had written something about it in my German blog post Windows 10: Update-Fehler 0x8024002E, but I’m not sure if it will help. 


Advertising

Multiple reboots and more issues

When I created the blog post, I had already linked a tweet in which users @PhantomofMobile reported about issues. 

Once he had to do two reboots to get the update installed. He also noticed that the build numbers for the cumulative update and the servicing stack update were the same as KB4499728 (17763.503.1.x).

But even more strange is @PhantomofMobile’s hint that it has not yet received any hint that protection against the Microarchitectural Data Sampling vulnerability called Zombieload has been enabled. He posted a PowerShell output showing the status of each protection. There, MDS is set to False. .

Microsoft’s Jorge Lopez then contacted us and wrote that you don’t really have to do anything as a user. According to this addendum in the Technet community, Retpoline should be activated automatically under Windows 10 Version 1809 and Windows Server 2019 or newer versions if the prerequisites are met. His team is taking a look at this. It may be related to the microcode updates that OEMs have to deliver for their motherboards. Intel may not have taken something into account in its BIOS updates for the NUCs the user is using. The discussion on Twitter is still ongoing.

Similar articles:
Windows 10 V1809: Retpoline is automatically active now
Windows 10 (V1903): Update KB4497936; global rollout
Patchday Windows 10 Updates (May 14, 2019)


Advertising
This entry was posted in issue, Update, Windows and tagged , , . Bookmark the permalink.

2 Responses to Windows 10 V1809: Issues with Update KB4494441

  1. Sub says:

    The kb4494441 gives problems with bluetooth devices. You can not use mouse and keyboard at the same time.

  2. Jim Rogers says:

    Windows 10 (home) fails to allow Virtual drives after KB4494441 is installed works fine if update removed.

Leave a Reply

Your email address will not be published. Required fields are marked *