Everything You Need to Know About Windows – August 2018

Windows 10 Hero Good

This month sees lots of changes in Windows Server 2019 Insider builds, Microsoft announced more efficient Windows 10 updates, and a last minute zero-day drama.

Windows 10 and Server 2019 Insider Builds

As we rapidly approach the general release of Windows 10 version 1809 (Redstone 5), Microsoft has updated the Insider builds on the Fast Ring several times this month. Mainly with bug fixes, and fit and finish. Slow Ring users got build 17738, although that’s not the latest build available on the Fast Ring. A working version of the new Your Phone app, which connects users directly to their Android phones, has been available since build 17728 but was also made available recently to users on the Release Preview Ring running build 17134 or later. We’re near the finishing gate for Windows 10 version 1809, so I’m not expecting so see any major changes in new builds.

Windows Server 2019 Insider Preview Build 17733

Windows Server 2019 Insider Preview Build 17733 brought with it a new preview version of the Windows Admin Center (version 1808). The new Apps & Features tool allows admins to manage Microsoft Store and Win32 apps on Windows 10. Microsoft also updated the Task Scheduler, File Share, Azure Update Management, and Hyper-Converged Infrastructure tools.

New networking features in Server and Windows 10 debuted in this build. Microsoft Edge on Windows 10 clients use connection coalescing for HTTP/2 and there’s better security in Microsoft Edge due to guaranteeing HTTP/2 preferred cipher suites. Performance also gets a boost from Cubic, the new default TCP congestion provider.

Software Defined Networking (SDN) is now easier to configure with a new deployment wizard and a Windows Admin Center extension. ‘SDN Express’ is a graphical user interface, a PowerShell script, and set of PowerShell modules that are available on Github.

Cluster Sets also see some changes. Cluster Sets allow admins to loosely group failover clusters together and manage them under one namespace. Windows then determines in which failover cluster to deploy new VMs based on the resources assigned to it, such as CPU, memory, and storage. VMs can also be deployed to a specific failover cluster in a Cluster Set using tags. In this build, Windows Server places new VMs more intelligently in the Cluster Set.

Lastly, Cluster Network Objects (CNOs) can be assigned a Distributed Network Name using IP node addresses rather than a single DHCP or static IP address. The idea is to make creating clusters in Azure easier because there is no need to create an Internal Load Balancer (ILB) for the cluster.

Windows Server 2019 Insider Preview Build 17738

Windows Server 2019 Insider Preview Build 17738 got two significant improvements this month. The first is device access for Windows Server containers. Now applications running in containers can access devices using SPI, I2C, GPIO, and UART/COM. According to Microsoft, this functionality is primarily for enabling Internet of Things (Iot) workloads through Azure IoT Edge.

High Performance SDN Gateways provide up to 6 times better performance in scenarios where organizations need to connect private and public clouds. Microsoft claims that even without SDN, network throughput has improved in Windows Server 2019. But with SDN, that improvement is even more marked.

Windows Server 2019 Insider Preview Build 17744

Finally, Windows Server 2019 Insider Preview Build 17744 sees minor changes to Microsoft Hyper-V Server, including installation without prompting for a product key and administrators are now properly prompted to change their passwords when signing in for the first time.

Driver Module Framework

No doubt you’ve heard of the Windows Driver Framework (WDF). This month Microsoft introduced the Driver Module Framework (DMF). It isn’t a replacement for WDF but an extension to it. DMF is a new layer that communicates directly with the driver and comprises of shareable modules that can be reused and extended to meet the requirements of different drivers. The idea is to expedite driver development and make bug fixing easier. For more information on the Driver Module Framework, see Microsoft’s blog post here.

Windows Community Toolkit v4.0

At the beginning of the month, Microsoft announced an update to its Windows Community Toolkit. The toolkit is collection of helper functions, custom controls, and app services to simplify developing UWP apps for Windows 10. Version 4.0 of the toolkit has several new features according to Microsoft’s blog post:

  • New DataGrid with fluent design for all UWP developers
  • Two new Microsoft Graph controls. PowerBIEmbedded enables embedding PowerBI dashboards in your UWP apps and PlannerTasksList allows users to work with Microsoft Planner tasks
  • The Twitter, LinkedIn, and Microsoft Translator services have moved to the .NET Standard services package and available to even more developers, including desktop and Xamarin developers
  • Strong-named packages for those developers that require strong-named assemblies
  • Dark theme support for the sample app and theme chooser for each sample

Delta Updates for Windows 10 to be Retired

Microsoft introduced delta updates in Windows 10 version 1607. They allow users who had the previous cumulative update (CU) installed to download just the changes in the new update rather than the entire package. Delta updates are on average 30% smaller than full update packages and are usually 300-400 MB in size but still contain the full updated components rather than just files that have changed since the previous CU.

Express updates were introduced in the Windows 10 Creators Update. Even smaller than delta updates, express updates generate differential downloads and are usually around 150-200 MB in size if the system is update-to-date with previously released updates. Unlike delta updates, express updates only contain files that have specifically changed rather than full components. Last month, Microsoft announced that it would be retiring delta updates in February 2019 to concentrate on full and express updates.

Windows 10 Enterprise for Remote Sessions SKU

In May, Mary Jo Foley reported for ZDNet that Microsoft was preparing a new version of Windows 10 that would be able to host multiple remote desktops/apps. At the beginning of August, Tero Alhonen tweeted that it is possible to install the new SKU from setup in Windows 10 Redstone 5 and connect up to 10 remote sessions. Remote Sessions first appeared in Redstone 3, and was developed in Redstone 4, but this is the first time that it can be installed from setup.

There has been no official comment from Microsoft, so the feature could be removed from Redstone 5 at any time before release. If Remote Sessions is going to make it into Redstone 5, I’d expect Microsoft to talk about it at Ignite in September.

For more information on Windows 10 Remote Sessions, see Windows 10 Enterprise for Remote Sessions on Petri.

InPrivate Desktop

Earlier this month, BleepingComputer.com reported on a new security feature in Windows 10 that was exposed during a bug-bash quest in the Feedback Hub. The text of the quest read:

“Microsoft is Developing a Sandboxed “InPrivate Desktop” for Windows 10 Enterprise. InPrivate Desktop (Preview) provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software. This is basically an in-box, speedy VM that is recycled when you close the app!”

InPrivate Desktop seems to provide a readymade environment that users can spin up with no configuration and easily start from scratch each time InPrivate Desktop is launched. I think that InPrivate Desktop will work like Windows Defender Application Guard (WDAG) and is based on container technology. But there is no official word from Microsoft on this feature or even if it will definitely appear in a future release of Windows.

For more information on InPrivate Desktop, take a look at ‘InPrivate Desktop’ Coming to Windows 10 Enterprise on Petri.

Windows Zero-Day Patched Revealed on Twitter

Finally, in a bit of last minute drama, on 27th August a Twitter user (@SandboxEscaper) publicly released information about a zero-day vulnerability in Windows that could allow hackers with local access to the Task Scheduler to elevate privileges to SYSTEM. There was even a link to proof-of-concept code, which was verified independently by the United States Computer Emergency Readiness Team (US-CERT) to work on fully-patched Windows 10 and Windows Server 2016 64-bit systems.

The flaw was found in the way Task Scheduler handles Advanced Local Procedure Calls (ALPCs), which is a kernel process that allows client processes to communicate with server processes. Microsoft has acknowledged the bug and has promised to provide a fix in next month’s Patch Tuesday updates. The flaw cannot be exploited remotely.