Reports appeared a few days ago regarding certificate issues that occur after the user upgrades to a newer Windows 10 build. Now, Microsoft has acknowledged the issue of certificates disappearing. Multiple versions of the operating system are affected by this bug.
More specifically, the issue appears after an upgrade from Windows 10 version 1809 to a later one:
System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated, the company explains.
Certificate issues after an upgrade of Windows 10
The glitch’s main reason stems from using outdated bundles or media via update management tools such as WSUS (Windows Server Update Services) or Microsoft Endpoint Configuration Manager.
Another possible cause is using old physical media or ISO images that lack the latest updates. It is noteworthy that devices running Windows Update for Business are not impacted. “Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps,” Microsoft adds.
Affected systems include:
Client: Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1903
Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1903
As a workaround for the certificate issues, Microsoft suggests using the uninstall window to go back to your previous Windows version. Depending on your environment or configuration, the uninstall window may be 10 or 30 days. More instructions are available in the official Microsoft documentation.
Last month, Microsoft released a new tool to enable system admins to update the Defender package within Windows installation images (WIM or VHD). The tool is designed for enterprises where administrators utilize installation images to service workstations and servers. These images may be reused multiple times, meaning that the Microsoft Defender package can be installed with an outdated detection database.