Posts Tagged ‘Security’


Intel Processor(CPU) microcode update for Windows 10 Version 20H2 addressing multiple security vulnerabilities


  • Windows 10 Version 20H2 Microcode Update were released on September 1 2020(KB4558130)
    • For specific details – see KB article – KB4589212
  • This Intel Microcode update for Windows 10 Version 20H2 address 7 security vulnerabilities
  • Windows 10 Version 20H2 Intel microcode updates with few exceptions are normally stand-alone updates and currently only available in the Microsoft Catalog.
    • A few Intel processors on devices running Windows 10 20H2(and 2004) will receive these updates via Windows Update.
      • To determine if the microcode update will be available in Windows Update for your CPU see the KB article and reference Footnote #2. CPU’s capable of updating microcode via Windows Update are shown in the KB article with a superscripted ‘2’ in the CPU code name field(first column) in the KB table of CPU’s
  • This Microcode update includes previous released microcode updates for applicable CPU’s
  • Applicable to Windows 10 20H2 and for the specific Intel CPU’s shown in the Knowledge Base article

How to Obtain:


Additional information:



Nov 10 2020: Initial Draft

Nov 11 2020: Original Publish Date

Nov 14 2020: Added 3 more links in Additional Information Section


Microsoft to resume releasing optional non security updates in July 2020


  • Microsoft will resume providing optional non-security updates in July 2020
      • Release of non-security updates was placed on hold in March 2020
  • Validated, production-quality optional non-security releases will be now called “Preview” releases
  • Preview releases will be offered only for Windows 10 and Windows Server, version 1809 and later
  • Preview releases provide the opportunity to test planned non-security updates that are scheduled for and included in the following month’s version specific cumulative update.
  • Preview releases are generally released in the 3rd week of the month(aka ‘C week’), unlike the monthly version specific cumulative update(operating system and security) which are released in the 2nd week(aka ‘B week’) of the month.


Additional Information:



July 02 2020: Initial Draft Date

July 06 2020: Original Publish Date

July 08 2020: Added comment clarifying 2nd and 3rd week nomenclature(B week, C week)

Summary:   Intel Processor(CPU) microcode update for Windows 10 Version 1809 addressing Spectre and Terminal Fault security vulnerabilities



    • This Intel Microcode update for Windows 10 Version 1809 address 3 security vulnerabilities
        • Two Spectre variants(3a and 4) and the L1 Terminal Fault(L1TF)
    • Windows 10 Version 1809 Intel microcode updates are stand-alone updates and currently only available in the Microsoft Catalog though in the future it may also be deployed through Windows Update
    • This Microcode updates include previous released microcode updates
    • Applicable to Windows 10 Version 1809 and noted in the Knowledge Base(KB) article section
    • Applicable to specific Intel CPU’s as noted in the Knowledge Base article
      • Note: Install the update for the applicable processor


Microsoft Knowledge Base(KB) article:


How to Obtain:


Additional information::


Apr  5 2019: Initial Draft Date

Apr  6 2019: Initial Publish Date

Apr  9 2019: Added pic(snapshot/graphic) of KB4465065 in Microsoft Catalog

Apr 10 2019: Added ‘Additional Information’ section

Summary:  Windows 10 Servicing Stack Updates


  • Servicing Stack Updates for Windows 10  (also known as SSU)
  • Servicing Stack Updates make improvements to the Windows 10 component that installs updates for Windows 10
  • Applicable to Windows 10 Versions 1809, 1803, 1709, 1703 and 1607 and 1507-LTSB
    • For 32 bit(x86), 64 bit(x64), and ARM(only 1709, 1803, 1809)
    • Servicing Stack Updates are deployed automatically via Windows Update
    • Servicing Stack Updates are also available via the Microsoft Catalog
    • Microsoft Comment (Editor Note: Important if manually installing cumulative updates and SSUs)
          • "Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). Installing servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft security fixes."



Mar 15 2019: Initial Draft and Publish Date

April 20 2019: Updated to reflect latest 1809 SSU


Intel Processor(CPU) microcode updates for Windows 10 addressing Spectre security vulnerabilities


  • Windows 10 Intel microcode updates are stand-alone updates available in the Microsoft Catalog
  • Windows 10 versions will also receive the microcode update via Windows Update
  • Microcode updates include previous released microcode updates
  • Applicable to Windows 10 versions listed below in the Knowledge Base(KB) article section
  • Each KB article provides the Intel supported CPU and listed in table form by Code Name, Product Collection, Product Name, CPUID, and Intel microcode update revision

Microsoft KB article:

Additional Information:




Sept 1 2018:  Initial Draft Date

Sept 7 2018: Initial Publish Date

Nov 27 2018: Updated – added comment – Microcode deployment/availability via Windows Update

Nov 28, 2018: Updated – added  information – Summary of Intel Microcode Updates; Editor Note

Summary:   How to Run Windows Defender Offline



  • Windows 10 Version 1607 includes a new feature(tool) for malware removal – ‘Windows Defender Offline’
  • Windows Defender Offline is integrated into Windows 10 Version 1607
  • Windows Defender Offline performs the scan prior to Windows startup (i.e. Offline)
  • Provides the ability to remove malware and viruses that may be difficult or not capable of being removed while Windows is running



Note: Save all work and close all applications prior to proceeding to run Windows Defender Offline

  • Steps to run Windows Defender Offline
    • Click on each in sequence
      • Start Button
      • Settings
      • Update and Security
      • Windows Defender (then scroll down to ‘Windows Defender Offline’)
      • Scan Offline


    • After clicking ‘Scan Online’ the Windows Defender Offline process will provide an alert that Windows will shutdown in about a minute.  Once the timeout occurs, Windows will Restart
    • After the required Restart, Windows Defender will briefly show a screen indicating the scan is about to begin
    • Once the scan begins the Windows Defender Offline graphical interface will appear with a progress bar
    • The scan typically takes about 15 minutes to complete
    • Once complete, if no malware is found, the system/device will reboot
      • If malware(an infection) is found, Windows Defender Offline will provide the ability to remove the malware/infection.
            • (Note: Windows Defender Offline, like all other Antivirus/Antimalware scanning software that runs resident and non-resident may not be able to remove all forms of malware)



August 3, 2016: Initial Draft Date

October 8, 2016: Initial Publish Date

March 15, 2017:  Updated ‘Comments’ and  itemized  ‘How-To’ steps in bullet form


Windows Updates in Windows 10 will have different deployment/distribution methods for Consumers, Business, Enterprise and Phone customers on personal and business devices


1.  The different distribution methods are:

  • Current Branch – Consumers will will regularly receive all new features, security updates and other fixes to the operating system. No choice will be available as to which updates they wish to receive or don’t receive. All updates will be deployed via Windows Updates but not on any given day (i.e. no Patch Tuesday). This method is also applicable to all Windows 10 Mobile devices personal and business.
  • Long Term Servicing Branch – Enterprise Customers will have an option to received security updates only without new features. The pace of the updates will be able to be controlled using existing mechanisms (e.g. WSUS, System Configuration Manager, Enterprise Mobility Suite)
  • Windows Update for Business – End users not running mission critical devices will be able to receive new features, security updates, and other fixes at a measured pace (Distribution Rings, Maintenance Windows, Peer to Peer Delivery, and Integration with existing System Management tools) for Windows 10 Pro and Windows 10 Enterprise devices. 

Additional Information:

2.  Windows Updates in Windows 10 was presented during Microsoft Ignite – Microsoft’s show for IT professionals.

3.  A video containing Windows 10 Update Approach can be viewed/downloaded on:


  • The Windows 10 Windows Update presentation starts at the 2 hour, 20 minute 20 sec. mark (2:20:20)
  • The presenter is Terry Myerson, Executive Vice President of Operating Systems, Microsoft Corporation.


4.  Windows 10 Windows Update ‘Approach’ and ‘Windows Update for Business’ slides from the Ignite show




5.  Windows Update for Business will be free for Windows Pro and Windows Enterprise

6.  Microsoft Windows Blog – Announcing Windows Update for Business


May 6, 2015: Original Draft Date

May 12, 2015: Original Publish Date

May 13, 2015:  Added ‘Additional Information, Item #6