Windows 10 October 2018 update & KB4464455: What you probably don’t know

PiunikaWeb has suffered a massive technical glitch. It’s a tough time for us, and we are doing whatever it takes to get the website back to its original form. This is an older snapshot of the original article which is continuously updated. Thanks for your patience.

The October 2018 update of Windows 10, also dubbed as version 1809, is a subject of controversy since its inception. While the initial release build was plagued with a monumental file deletion bug, Microsoft has tried hard to defend it’s “Windows as a Service” scheme. They resumed the rollout again (ironically in mid November). The newer build comes with integrated cumulative update KB4464455, which pushes the build number from 17763.1 to 17763.107.

Well, that’s known part of the story. But we at PiunikaWeb always try to dig into the behind the curtain activities and find captivating titbits. Continuing with the legacy, here is the fascinating story of KB4464455 and glitches made by Microsoft.

With the introduction NT 6.0 kernel (included in Windows Vista and Server 2008), Microsoft completely renovates the internal structure of the package management infrastructure of Windows. Named as Component Based Servicing AKA CBS, it introduces high level multi role hierarchy based process management model which greatly simplifies the process of servicing online/offline Windows image. Those familiarized with Linux and their package management system (example) should find definite similarity between two architectures, though CBS is not applicable for servicing 3rd party user applications.

There is an urban myth about Windows that it does not have a proper built-in package management system of it’s own. While it’s partially true, with the introduction of NuGet as an extension of Visual Studio opens up new possibilities as Chocolatey is built on top of it. It indeed makes itself a viable package manager for software management.

But the focus of the article is OS component management which is, in case of Windows, only partially exposed to end users. The graphical wizard named ‘Turn Windows Features On or Off’ is nothing but a frontend of managing few components but not all. Perhaps the most known example of it is installing .NET Framework 3.5 which is still needed by legacy applications but decoupled from Windows since Windows 8.

On October 16th, Microsoft released Build 17763.104 under the knowledge base ID of KB4464455. It includes the following fixes:

• Fix to the issue where the incorrect details were being shown in Task Manager under the “Processes” tab.
• Fix to an issue where in certain cases IME would not work in the first process of a Microsoft Edge user session.
• Fix to an issue where in some cases applications would become unresponsive after resuming from Connected Standby.
• Fix to several issues causing application compatibility problems with 3rd-party antivirus and virtualization products.
• Fix to several issues with driver compatibility.

On October 30th, Microsoft released Build 17763.107 under the same moniker. According to them, this Cumulative Update contains the same fixes as Build 17763.104 plus these two additional fixes:

• Fix to the issue where dragging (extracting) files from a .zip file in File Explorer to a write-protected location you don’t get a “Do you want to replace these files” prompt and the copy action fails silently. (AKA the infamous zip overwrite bug)
• Fix to an issue causing roaming profiles to not work correctly.

We have manually downloaded the two different versions (x64 .104 and x64 .107) and analyzed their internal components. Guess what, the following components were part of .104 but not included in .107:

• RSAT component
  Microsoft-Windows-FailoverCluster-Validation
  windows\Cluster\
• SMB 2.0 protocol
  Microsoft-Windows-SMBServer-v2
  srv2.sys
  Microsoft-Windows-SMB20-MiniRdr
  mrxsmb20.sys
• Software Licensing Client Extension binaries
  Microsoft-Windows-Security-SPP-ClientExt
  sppcext.dll
  slcext.dll
  (Instead, they updated sppsvc.exe itself in 17763.107.)

So what is the aftermath? If the user installed 1st KB4464455, then the 2nd KB4464455, those components get superseded, and OS revert to available previous versions (mostly RTM 17763.1). This should not be a true issue, and 1st KB4464455 can be uninstalled normally.

But if the user executed ResetBase after installing 1st KB4464455, those components become the base and 1st KB4464455 cannot be uninstalled! It eventually leads to corruption of component store, problems with installing further cumulative updates (CU) and in some cases, bricked OS.

Upon further inspection, this issue does not particularly happen in multi-version of same KB number update, rather will occur in any subsequent CUs, because they all are connected together with CBS package ID Package_For_RollupFix.

This is not the end – Microsoft did the same shenanigans before! On Windows 10 Anniversary Update aka version 1607 (Build 14393), KB3197356 (14393.223) was published as a hotfix on top of KB3194496 (14393.222). KB3197356 was later removed due to bugs and replaced by KB3194798 (14393.321). The pattern is quite similar: the .321 update fails to install if .223 was installed and a ResetBase is done. This is because KB3194798 contains version .206 of Microsoft-Windows-BootEnvironment-Core-MemoryDiagnostic.Resources and several other components, whereas KB3197356 contains version .223. It means installing KB3194798 would downgrade the component, however is not permitted if ResetBase is performed.

Experienced users were able to spot the glitches and even offered unofficial workarounds to fix the bug. While the same technique can be used as a foundation to fix the KB4464455 related issues, Microsoft has already published KB4467708 (Build 17763.134) on stable and KB4469342 ((Build 17763.165) on release preview channels which contains the updated binaries. Thing is, those who are affected with the bug, resulting a corrupt component store are often not diagnosed with this type of granularity, Instead, they are suggested to revert to a clean state by either reinstall, or in place upgrade or restoring a working image which is like using a bazooka to kill a fly.

TL;DR Promoting ‘Windows as a Service’ is great, but don’t forget quality control and regression testing.

A huge shout-out to MDL forum member abbodi1406 for assisting me to investigate and write this article.

Follow @PiunikaWeb

PiunikaWeb is a unique initiative that mainly focuses on investigative journalism. This means we do a lot of hard work to come up with news stories that are either ‘exclusive,’ ‘breaking,’ or ‘curated’ in nature. Perhaps that’s the reason our work has been picked by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and more. Do take a tour of our website to get a feel of our work. And if you like what we do, stay connected with us on Twitter (@PiunikaWeb) and other social media channels to receive timely updates on stories we publish.