Windows 10 KB4512941 High CPU Usage
Operating SystemFind Computers Affected by the Cortana CPU Usage Bug
Microsoft released KB4512941 on 30 August, 2019 for Windows 10 version 1903. However, this update included a rather impactful bug which causes Cortana to use a high amount of CPU power. The high CPU usage might not be immediately noticed by end-users but will easily result into complaints of computers being slow as their CPU is being consumed by the Cortana, also known as Windows search. A mitigation from Reddit suggests that deleting a specific registry key and terminating the SearchUI process will solve the issue. If you want to read more about this issue, you can do so in our Windows 10 KB4512941 blog post.
To check whether your computers are impacted, the audit below check whether your machines have the KB4512941 update. Additionally, by adding custom registry scanning, you can also check whether the registry key is still present and monitor your mitigation process.
Windows 10 KB4512941 Bug Query
Select Top 1000000 tsysOS.Image As icon, tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tblAssets.Username, tblAssets.Userdomain, tblAssets.IPAddress, tblOperatingsystem.Caption as OS, Case When tsysOS.OScode Like '10.0.18362%' Then '1903' End As Version, Case When SubQuery1.Valuename Is Not Null And SubQuery1.Valuename <> '' Then 'Yes' Else 'No' End As ValuenameFound, SubQuery1.Regkey, SubQuery1.Valuename, SubQuery1.Value, Case When tblAssets.AssetID = Subquery2.AssetID And SubQuery1.Valuename Is Not Null Then 'Remove Registry Key' When tblAssets.AssetID = Subquery2.AssetID And SubQuery1.Valuename Is Null Then 'Fixed' Else 'Update not installed' End As Status, SubQuery1.Lastchanged, tblAssets.Firstseen, tblAssets.Lastseen, tblAssets.Lasttried, TsysLastscan.Lasttime As LastRegistryScan, Case When TsysLastscan.Lasttime < GetDate() - 1 Then 'Last registry scan more than 24 hours ago! Scanned registry information may not be up-to-date. Try rescanning this machine.' End As Comment, Case When tblAssets.AssetID = Subquery2.AssetID And SubQuery1.Valuename Is Not Null Then '#ffadad' When tblAssets.AssetID = Subquery2.AssetID And SubQuery1.Valuename Is Null Then '#d4f4be' Else '#d4f4be' End As backgroundcolor From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode Inner Join TsysLastscan On tblAssets.AssetID = TsysLastscan.AssetID Inner Join TsysWaittime On TsysWaittime.CFGCode = TsysLastscan.CFGcode Inner Join tblOperatingsystem on tblOperatingsystem.assetid = tblassets.assetid Left Join (Select Top 1000000 tblRegistry.AssetID, tblRegistry.Regkey, tblRegistry.Valuename, tblRegistry.Value, tblRegistry.Lastchanged From tblRegistry Where tblRegistry.Regkey Like '%SOFTWARE\Microsoft\Windows\CurrentVersion\Search' And tblRegistry.Valuename = 'BingSearchEnabled') SubQuery1 On SubQuery1.AssetID = tblAssets.AssetID Left Join (Select Top 1000000 tblAssets.AssetID From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode Where tblAssets.AssetID In (Select Top 1000000 tblQuickFixEngineering.AssetID From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID Where tblQuickFixEngineeringUni.HotFixID Like '%KB4512941%') And tblAssetCustom.State = 1) As Subquery2 On Subquery2.AssetID = tblAssets.AssetID Where tblAssetCustom.State = 1 And TsysWaittime.CFGname = 'registry' And tsysOS.OScode Like '10.0.18362%' Order By tblAssets.Domain, tblAssets.AssetName