Win8.1 Patch Test Progress..

Topic

New Reply

Having previously imaged to September patches without the IE exploit patch,
I proceeded to install the MSFT October 2019 patches on my home test device.
Note: This is a hardware installation of Win8.1 x64 Pro and not a VM. I have MRT disabled due to sending ‘heartbeat’ telemetry.

Checking WU, I was initially offered SMQR kb4520005 and commenced installation.
On completion and visual prompt, the system was rebooted.
Allowing time for SSD to settle, approx 15-20mins whilst checking taskmanager
disk activity and CPU usage, my usual checks were done within:

TaskScheduler
Computer Management – Performance – Data Collector Sets
to find, NO reactivation of telemetry or tasks were changed.
Note: Diagtrack service removed since early 2018.
Event Viewer displayed:

Knowing there was an SSUv3 awaiting in WU,
checked WU again and was presented with kb4521864 SSU.
Installed (no reboot requ’d – but I rebooted anyway)

Checked Event viewer once again to find:

SFC /Verifyonly showed the following:

After this, I checked our canon printer to find all is good there too.

Nice, albeit too early for mission critical/ regular home devices on Win8.1
Will update this post upon discovery of any issues henceforth..

Tip: It’s an idea to save SSU patches from the catalog for storage offline,
you never know when/if you’ll need them in the future..

If debian is good enough for NASA...

2 users thanked author for this post.

a, PKCano

Reply | Quote

Replies

? says:

thanks Microfix for posting the results. i used ghacks page to disable the heartbeat in MSRT (you probably know about it)

https://www.ghacks.net/2016/10/20/disable-microsoft-windows-malicious-software-removal-tool-heartbeat-telemetry/

 

Reply | Quote

June 2021 k5003671 (x64) CU installed without issue.
As per first post, the results were the same for kb5003671 (with the exception of an SSU)
No issues on 3off full metal install Win8.1 devices again 🙂

If debian is good enough for NASA...

1 user thanked author for this post.

DrBonzo

Reply | Quote

Installed June Rollup KB5003671, .NET CU KB5003781 and MSRT on three out of my 4 Win8.1 machines without issue.
I have moved all my Win7/8.1 installations to .NET 4.8 in anticipation of the EOL of earlier versions coming next year. (Just so I won’t forget!)

2 users thanked author for this post.

Microfix, DrBonzo

Reply | Quote

Installing security only update for June – KB5003681 breaks Windows Defender on my PC. Real-time monitoring is disabled and can’t be enabled (times out trying to enable). Removing the update fixes the problem. Running CCleaner’s registry scan (after removing the update and rebooting) shows missing software: C:\program files\Windows Defender\msascuil.exe, which after some searching shows the file to be a windows 10 defender system tray icon.  Anybody else seeing this problem? Any suggestions? Thanks

Reply | Quote

I have Windows 8.1 on 2 PCs and successfully installed the Security Only update KB5003681 on both without any problems. However I do not run Windows Defender, but a 3rd party AV (Panda).

I have had a look in my “C:\program files\Windows Defender” folder (the Defender software is still there, lying dormant, when running a 3rd party AV) and I do not have a file called “msascuil.exe” (with a ‘l’), but there is a file called “MSASCui.exe” (without a ‘l’). I have also searched my Registry and found no reference for “msascuil” (with a ‘l’). So have you mistyped the name?

To recover a Windows file which has gone missing, you could open a command prompt using your right mouse button and selecting “run as administrator”. Then type “sfc /scannow” followed by <Enter> on this command line and let it do its thing. There is a percentage completion indication so you should be able to see it doing something. Let it complete and see if the missing file has been restored.

There is a 3rd party program called “SFCFix” which it is claimed can restore files which the basic “sfc /scannow” cannot fix, but I have not used this myself, so I cannot comment on its effectiveness. Maybe someone else here has used it and will comment?

Of course this does not answer the question as to why the W8.1 Windows Defender did not run after installing KB5003681. I cannot help you with that. Sorry.

HTH. Garbo.

PS: Or did you mean that the “MSASCui.exe” (or “msascuil.exe?) file was missing after installing KB5003681? That is not what you wrote, so I assume that is not what you meant. But if it was what you meant, you could try “sfc /scannow” in administrative command prompt after installing KB5003681.)

 

 

Reply | Quote

Garbo continues from above:

On an old, spare disk drive (I didn’t want to mess up my PC), I restored a Macrium Reflect backup image from before I’d installed the security only update KB5003681, uninstalled the Panda AV so that Defender would run and fully updated Defender from its User Interface (UI). (The fully up to date Defender’s UI file is (still) called “MSASCui.exe” without a ‘l’.)

I installed KB5003681 and like you found that Defender’s real-time protection did not start and could not be started.

I tried another manual update of Defender and although this took a long time and there was a lot of processing going on by the module installer seen in Task Manager, this did not fix it.

The problem seemed to be related to Group Policy and the error code was 0x800705b4. I searched for this online and it seems that this is a widespread problem. In particular the occasional AskWoody contributor “gborn” has an article about it here https://borncity.com/win/2021/06/12/windows-8-1-server-2012-r2-kb5003681-blockt-defender-echtzeitschutz-error-0x800705b4/  . He referenced a possible fix at https://www.thewindowsclub.com/error-0x80508020-0x800705b4-for-windows-defender  which did not work for me, but might for you?

Otherwise it seems that your options are to install the full “security and quality rollup”, or replace Defender with a 3rd party AV or wait for a different solution to appear in the coming days/weeks/months (if at all – Microsoft may not fix their SO bug in a later SO update, preferring people to install their rollup instead?).

HTH. Garbo.

 

Reply | Quote

Garbo ends the previous comment:

Before swapping back my usual disk drive, I’ve installed the June 2021 “security and quality rollup” (which took a really long time, which is why this comment is separate from the last comment, I was about to abandon it) and this did solve the Defender real-time protection problem as “gborn” and his contributors found.

The UI file is still called “MSASCui.exe” without a ‘l’, but now its icon in the lower left notification bar is the Windows 10-like white shield with dark cross symbol, replacing the previous Windows 7-like castle symbol. (And while writing this it has nagged me to perform a scan.)

I don’t think that there is anything more I can add.

HTH. Garbo.

 

Reply | Quote

Thanks for the response. I’m running a home version of win 8.1 and don’t have the registry entry referenced by gborn: HKLM\software\policies\windows defender.

I reinstalled kb5003681 this morning and tried looking at entries in HKLM\software\microsoft\windows defender – both disableantispyware and disableantivirus were set to 0 as should be. The entry disablerealtimemonitoring (HKLM\software\microsoft\windowsdefender\real-time protection) was also set to 0.

Uninstalled kb5003681 and everything is OK again. I’ll wait to see if they update kb5003681 before trying the monthly rollup. I currently have a slow internet (DSL) connection which is why I avoid the rollups. Again thanks for your response.

Reply | Quote

kb5003681 has been released.
MS will not update it. They might release a fix, but it would be a different patch.

Reply | Quote

OP – Just downloaded and installed rollup KB5003671. Everything appears to be working fine. As noted by Garbo above the Windows Defender icon has changed to a white shield with a blue cross inside.

Reply | Quote

That behaviour is to be expected moving from security only to CU rollups. Nothing to be concerned about.

If debian is good enough for NASA...

Reply | Quote

I totally missed this thread before installing Security Only KB5003681 yesterday on a HP machine running Windows 8.1 Pro x64.  Windows Defender stopped real time monitoring and won’t let me enabled it.  I tried the sfc scan and the gpedit tips, but nothing got real time working  other than uninstalling KB5003681.  If Microsoft doesn’t fix this in next month’s update, it will be time to replace Defender with a third-party antivirus package.

1 user thanked author for this post.

DrBonzo

Reply | Quote

Win 8.1 Pro x64 – July 2021 SQMR kb5004298
No issues encountered here post installation.
System is stable after a couple of hours continual use.
Pixma Canoscan Printer works fine.

June-July:
Previous MSFT non-stick plasters for printnightmare exploit were ignored.
This system went from June CU to July CU and only Defender.defs between.

I exercised my instinct to patch quickly given that zero-days are mitigated within kb5004298, then tackle any problems that surface later.
Given there are 2 critical RCE fixes for Defender CVE-2021-34522 and CVE-2021-34464 with the following being actively exploited CVE-2021-33771, CVE-2021-34448 and CVE-2021-31979 contributed heavily to my decision this month.

Event Viewer:
Performance/ Data Collector Sets:
No change in either Event Trace Sessions or Startup Event Trace Sessions with telemetry mitigations still in place.

Windows Logs/ Setup:

(Warning is for a post update restart, nothing more)

TaskScheduler:
no changes

SFC Verifyonly:
no integrity violations

MS Defender:
Updated and Scanned without issue post install settings as they were, nominal.

2 more Win8.1 devices to do..then Win7 ESUb and finally 21H1

If debian is good enough for NASA...

1 user thanked author for this post.

DrBonzo

Reply | Quote