KB5034441 Security Update for Windows 10 (21H2 and 22H2) - Jan. 9 Win Update

The xml file Custom view definitions in my last post are:-

WU

<ViewerConfig>
<QueryConfig>
<QueryParams>
<UserQuery/>

</QueryParams>

<QueryNode>
<Name LanguageNeutralValue="WU">WU</Name>
<Description>FullWU, WinDefr updates, App updates - shows failures</Description>
<SortConfig Asc="0">
<Column Name="Date and Time" Type="System.DateTime" Path="Event/System/TimeCreated/@SystemTime" Visible="">115</Column>

</SortConfig>

<QueryList>
<Query Id="0" Path="Microsoft-Windows-Windows Defender/Operational">
<Select Path="Microsoft-Windows-Windows Defender/Operational">*[System[(EventID=2000 or EventID=2001)]]</Select>
<Select Path="Microsoft-Windows-WindowsUpdateClient/Operational">*[System[(EventID=41 or EventID=31 or EventID=26)]]</Select>

</Query>


</QueryList>


</QueryNode>


</QueryConfig>

<ResultsConfig>
<Columns>
<Column Name="Level" Type="System.String" Path="Event/System/Level" Visible="">87</Column>
<Column Name="Date and Time" Type="System.DateTime" Path="Event/System/TimeCreated/@SystemTime" Visible="">115</Column>
<Column Name="Log" Type="System.String" Path="Event/System/Channel" Visible="">307</Column>
<Column Name="Source" Type="System.String" Path="Event/System/Provider/@Name" Visible="">144</Column>
<Column Name="Event ID" Type="System.UInt32" Path="Event/System/EventID" Visible="">144</Column>
<Column Name="Task Category" Type="System.String" Path="Event/System/Task" Visible="">144</Column>
<Column Name="Keywords" Type="System.String" Path="Event/System/Keywords">70</Column>
<Column Name="User" Type="System.String" Path="Event/System/Security/@UserID">50</Column>
<Column Name="Operational Code" Type="System.String" Path="Event/System/Opcode">110</Column>
<Column Name="Computer" Type="System.String" Path="Event/System/Computer">170</Column>
<Column Name="Process ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessID">70</Column>
<Column Name="Thread ID" Type="System.UInt32" Path="Event/System/Execution/@ThreadID">70</Column>
<Column Name="Processor ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessorID">90</Column>
<Column Name="Session ID" Type="System.UInt32" Path="Event/System/Execution/@SessionID">70</Column>
<Column Name="Kernel Time" Type="System.UInt32" Path="Event/System/Execution/@KernelTime">80</Column>
<Column Name="User Time" Type="System.UInt32" Path="Event/System/Execution/@UserTime">70</Column>
<Column Name="Processor Time" Type="System.UInt32" Path="Event/System/Execution/@ProcessorTime">100</Column>
<Column Name="Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@ActivityID">85</Column>
<Column Name="Relative Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@RelatedActivityID">140</Column>
<Column Name="Event Source Name" Type="System.String" Path="Event/System/Provider/@EventSourceName">140</Column>

</Columns>


</ResultsConfig>


</ViewerConfig>

WU - System log incl Apps

<ViewerConfig>

<QueryConfig>
<QueryParams>
<Simple>
<Channel>System</Channel>
<EventId>19</EventId>
<Source>Microsoft-Windows-WindowsUpdateClient</Source>
<RelativeTimeInfo>0</RelativeTimeInfo>
<BySource>False</BySource>

</Simple>


</QueryParams>

<QueryNode>
<Name LanguageNeutralValue="Windows updates - System log">WU - System log incl Apps</Name>
<Description>FullWU, WinDefr updates, App updates - Useful for extracting update lists, does not show failures</Description>
<QueryList>
<Query Id="0" Path="System">
<Select Path="System">*[System[Provider[@Name='Microsoft-Windows-WindowsUpdateClient'] and (EventID=19)]]</Select>

</Query>


</QueryList>


</QueryNode>


</QueryConfig>

<ResultsConfig>
<Columns>
<Column Name="Level" Type="System.String" Path="Event/System/Level" Visible="">87</Column>
<Column Name="Date and Time" Type="System.DateTime" Path="Event/System/TimeCreated/@SystemTime" Visible="">115</Column>
<Column Name="Log" Type="System.String" Path="Event/System/Channel" Visible="">80</Column>
<Column Name="Source" Type="System.String" Path="Event/System/Provider/@Name" Visible="">144</Column>
<Column Name="Event ID" Type="System.UInt32" Path="Event/System/EventID" Visible="">144</Column>
<Column Name="Task Category" Type="System.String" Path="Event/System/Task" Visible="">144</Column>
<Column Name="Keywords" Type="System.String" Path="Event/System/Keywords">70</Column>
<Column Name="User" Type="System.String" Path="Event/System/Security/@UserID">50</Column>
<Column Name="Operational Code" Type="System.String" Path="Event/System/Opcode">110</Column>
<Column Name="Computer" Type="System.String" Path="Event/System/Computer">170</Column>
<Column Name="Process ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessID">70</Column>
<Column Name="Thread ID" Type="System.UInt32" Path="Event/System/Execution/@ThreadID">70</Column>
<Column Name="Processor ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessorID">90</Column>
<Column Name="Session ID" Type="System.UInt32" Path="Event/System/Execution/@SessionID">70</Column>
<Column Name="Kernel Time" Type="System.UInt32" Path="Event/System/Execution/@KernelTime">80</Column>
<Column Name="User Time" Type="System.UInt32" Path="Event/System/Execution/@UserTime">70</Column>
<Column Name="Processor Time" Type="System.UInt32" Path="Event/System/Execution/@ProcessorTime">100</Column>
<Column Name="Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@ActivityID">85</Column>
<Column Name="Relative Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@RelatedActivityID">140</Column>
<Column Name="Event Source Name" Type="System.String" Path="Event/System/Provider/@EventSourceName">140</Column>

</Columns>


</ResultsConfig>


</ViewerConfig>

WU - Setup log

<ViewerConfig>
<QueryConfig>
<QueryParams>
<Simple>
<Channel>Setup</Channel>
<RelativeTimeInfo>0</RelativeTimeInfo>

</Simple>


</QueryParams>

<QueryNode>
<Name LanguageNeutralValue="Windows updates - Setup log">WU - Setup log</Name>
<Description>I used to capture wusa event 2 only and do not understand all the other sources and events yet</Description>
<SortConfig Asc="0">
<Column Name="Date and Time" Type="System.DateTime" Path="Event/System/TimeCreated/@SystemTime" Visible="">115</Column>

</SortConfig>

<QueryList>
<Query Id="0" Path="Setup">
<Select Path="Setup">*</Select>

</Query>


</QueryList>


</QueryNode>


</QueryConfig>

<ResultsConfig>
<Columns>
<Column Name="Level" Type="System.String" Path="Event/System/Level" Visible="">87</Column>
<Column Name="Date and Time" Type="System.DateTime" Path="Event/System/TimeCreated/@SystemTime" Visible="">115</Column>
<Column Name="Log" Type="System.String" Path="Event/System/Channel" Visible="">80</Column>
<Column Name="Source" Type="System.String" Path="Event/System/Provider/@Name" Visible="">225</Column>
<Column Name="Event ID" Type="System.UInt32" Path="Event/System/EventID" Visible="">225</Column>
<Column Name="Task Category" Type="System.String" Path="Event/System/Task" Visible="">229</Column>
<Column Name="Keywords" Type="System.String" Path="Event/System/Keywords">70</Column>
<Column Name="User" Type="System.String" Path="Event/System/Security/@UserID">50</Column>
<Column Name="Operational Code" Type="System.String" Path="Event/System/Opcode">110</Column>
<Column Name="Computer" Type="System.String" Path="Event/System/Computer">170</Column>
<Column Name="Process ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessID">70</Column>
<Column Name="Thread ID" Type="System.UInt32" Path="Event/System/Execution/@ThreadID">70</Column>
<Column Name="Processor ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessorID">90</Column>
<Column Name="Session ID" Type="System.UInt32" Path="Event/System/Execution/@SessionID">70</Column>
<Column Name="Kernel Time" Type="System.UInt32" Path="Event/System/Execution/@KernelTime">80</Column>
<Column Name="User Time" Type="System.UInt32" Path="Event/System/Execution/@UserTime">70</Column>
<Column Name="Processor Time" Type="System.UInt32" Path="Event/System/Execution/@ProcessorTime">100</Column>
<Column Name="Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@ActivityID">85</Column>
<Column Name="Relative Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@RelatedActivityID">140</Column>
<Column Name="Event Source Name" Type="System.String" Path="Event/System/Provider/@EventSourceName">140</Column>

</Columns>


</ResultsConfig>


</ViewerConfig>

Denis

Try3 said:

If anyone ever wants to check what updates have been applied then Event viewer can be a useful tool.
I use three Event viewer, Custom views for this. I cannot call one of them the 'best' as it depends on what I'm looking for on any given occasion.

Here are my three Event viewer, Custom view definitions in a single zip file.
Attachment 403628
Their names are
WU
WU - System log incl Apps
WU - Setup log

To import each one:
1 Unzip the file
then, for each xml file (each Custom view),
2 Open Event viewer, click on Import Custom view [on the right-hand side],
3 Browse to and select the xml, Open,
4 Change the name if you want to then OK,
5 You can see the records, on the left-hand side, within the group Custom views.

You can then select each Custom view in Event viewer's left-hand pane whenever you want.


All the best,
Denis

- - - Updated - - -

rpo said:

The only updates in between are the automatic windows defender updates. When i opened the PC today, a notification told that updates were available; windows update opened, searched for updates, downloaded and intalled KB5034441 (and a defender update). My intention was to enlarge the 980 MB recovery partition following the thread recommandations, but this was useless since the update installed successfully. The tasks manager showed an important CPU consumption (dism, recovery partiton configuration..).

Assuming you're right, it's very odd.
Did you try what @Try3 suggested just above?
Not that it matters as we've both found solutions to the problem, but I think most people on here just "want to understand" regardless.

This KB5034441 article has been updated by Microsoft. See first post for more details.

Brink said:

This KB5034441 article has been updated by Microsoft. See first post for more details.

Thanks @Brink
I rather liked "You do not need this update if the PC does not have a recovery partition. In this case, the error can be safely ignored."

Still legendary incompetence to put it out though.
As I said above "Makes a mockery of all the helpful advice given on this thread if it's true"

And as as @Pentagon said "If you have Backups you don't need it (the Recovery Partition) really. But it's nice to have for short troubleshootings"

Makes Macrium all the more essential, IMO - never really trusted MS's "solutions" to restoring /repairing a corrupted system

y2jman said:

well i never hidden update despite i downloaded that hide update tool back on 11 and yes it did fail last night and i do see it in history

however i just check for updates and it saying 12:28 am today up to date i don't even see it say fail retry i guess its been pulled from updates finally for me early this morning ha its odd

Or has it actually installed?
Might not be obvious in history - see 367 & 370 above for other ways of finding it

Just for fun, since I am off work for MLK day, I did a clean install with the latest MCT v.3803 (I know...I'm a nerd). All updates including this one installed with no issue. The recovery partition was set to 546MB by the MCT Installer. This is only slightly larger than it was on my previous install (510MB), but it seems that was just enough to work.

Off to finish setting things up.

peace
wanna

Wannagofast said:

Just for fun, since I am off work for MLK day, I did a clean install with the latest MCT v.3803 (I know...I'm a nerd). All updates including this one installed with no issue. The recovery partition was set to 546MB by the MCT Installer. This is only slightly larger than it was on my previous install (510MB), but it seems that was just enough to work.

Off to finish setting things up.

peace
wanna

Now that's just plain old cheating.