Windows 10 KB4512941 High CPU Usage

Find Computers Affected by the Cortana CPU Usage Bug

Microsoft released KB4512941 on 30 August, 2019 for Windows 10 version 1903. However, this update included a rather impactful bug which causes Cortana to use a high amount of CPU power. The high CPU usage might not be immediately noticed by end-users but will easily result into complaints of computers being slow as their CPU is being consumed by the Cortana, also known as Windows search. A mitigation from Reddit suggests that deleting a specific registry key and terminating the SearchUI process will solve the issue. If you want to read more about this issue, you can do so in our Windows 10 KB4512941 blog post.

To check whether your computers are impacted, the audit below check whether your machines have the KB4512941 update. Additionally, by adding custom registry scanning, you can also check whether the registry key is still present and monitor your mitigation process.

To run this audit, you will have to add the following registry key and value name to custom registry scanning configuration.
Rootkey: HKEY_CURRENT_USER
Regpath: SOFTWARE\Microsoft\Windows\CurrentVersion\Search
Regvalue: BingSearchEnabled

Windows KB4512941 Cortana Bug

Windows 10 KB4512941 Bug Query

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblOperatingsystem.Caption as OS,
Case
When tsysOS.OScode Like '10.0.18362%' Then '1903'
End As Version,
Case
When SubQuery1.Valuename Is Not Null And SubQuery1.Valuename <> ''
Then 'Yes'
Else 'No'
End As ValuenameFound,
SubQuery1.Regkey,
SubQuery1.Valuename,
SubQuery1.Value,
Case
When tblAssets.AssetID = Subquery2.AssetID And SubQuery1.Valuename
Is Not Null Then 'Remove Registry Key'
When tblAssets.AssetID = Subquery2.AssetID And SubQuery1.Valuename Is Null
Then 'Fixed'
Else 'Update not installed'
End As Status,
SubQuery1.Lastchanged,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried,
TsysLastscan.Lasttime As LastRegistryScan,
Case
When TsysLastscan.Lasttime < GetDate() - 1 Then
'Last registry scan more than 24 hours ago! Scanned registry information may not be up-to-date. Try rescanning this machine.'
End As Comment,
Case
When tblAssets.AssetID = Subquery2.AssetID And SubQuery1.Valuename
Is Not Null Then '#ffadad'
When tblAssets.AssetID = Subquery2.AssetID And SubQuery1.Valuename Is Null
Then '#d4f4be'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join TsysLastscan On tblAssets.AssetID = TsysLastscan.AssetID
Inner Join TsysWaittime On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Inner Join tblOperatingsystem on tblOperatingsystem.assetid = tblassets.assetid
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value,
tblRegistry.Lastchanged
From tblRegistry
Where
tblRegistry.Regkey Like
'%SOFTWARE\Microsoft\Windows\CurrentVersion\Search' And
tblRegistry.Valuename = 'BingSearchEnabled') SubQuery1 On
SubQuery1.AssetID = tblAssets.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where
tblAssets.AssetID In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni On
tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID Like '%KB4512941%') And
tblAssetCustom.State = 1) As Subquery2 On Subquery2.AssetID =
tblAssets.AssetID
Where tblAssetCustom.State = 1 And TsysWaittime.CFGname = 'registry' And tsysOS.OScode Like '10.0.18362%'
Order By tblAssets.Domain,
tblAssets.AssetName

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting