Microsoft Is Investigating Lost Windows 10 Certificates Issue

Microsoft is investigating a known issue leading to missing system and user certificates after updating certain managed Windows 10 systems using outdated installation media through update management tools, physical media, or ISO images.

Computers updated via Windows Update or Windows Update for Business are not impacted by this issue as they always receive the latest feature updates.

Working on a fix

Affected platforms include both client (Windows 10 1903 or later) and server (Windows Server 1903 or later) releases in managed environments.

“System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10,” Microsoft explains.

Also Read: How Singapore Cybersecurity Masterplan 2020 Is Formidable

“Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated.”

The issues appears when the devices are upgraded using outdated bundles via update management tool (e.g., Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager), ISO images, or physical media.

Microsoft says that it will provide refreshed installation media and updated bundles within the next few weeks, as soon as a resolution is available for this new known issue.

BleepingComputer has reached out to Microsoft for more details on what are the certificates getting lost due to this issue but did not hear back at the time of publication.

Workaround measures available

While a fix for this issue is not immediately available as Microsoft has just started investigating it and working on a solution over the weekend, you can work around it by going to a previous Windows 10 version using instructions available here.

“The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to,” Redmond says.

Also Read: Going Beyond DPO Meaning: Ever Heard Of Outsourced DPO?

“You will then need to update to the later version of Windows 10 after the issue is resolved in your environment.”

You can also increase the number of days you can go back to choose a previous system version with the help of the following DISM command (make sure you do this before the default uninstall window lapses):

DISM /Online /Set-OSUninstallWindow /Value:[days]

You can choose any time interval between 2 or 60 days; if it’s lower or above that range, the number of days after the upgrade that an uninstall can be initiated will be set to 10 days.