As part of the run-up for next month’s Patch Tuesday, Microsoft has released a new set of optional Cumulative Updates for Windows 10.

For the Windows 10 October 2018 Update (1809), Microsoft is delivering KB4501371, taking the OS to 17763.592.

It brings the following fixes:

  • Addresses an issue that prevents Microsoft Edge from opening properly in certain scenarios when you select a link within an application.
  • Addresses an issue that prevents an application from opening when using the command-line tool (cmd.exe) with the minimum (min) or maximum (max) options.
  • Addresses an issue that prevents the Calculator application from following the Gannen setting when it is enabled. For more information, see KB4469068.
  • Addresses an issue that prevents the Your Phone application from connecting to the internet via a web proxy server in certain scenarios.
  • Addresses an issue that causes Windows graphics device interface (GDI+) to return an empty font family name for Bahnschrift.ttf.
  • Addresses an issue that causes a device to stop responding periodically when using an East Asian locale.
  • Addresses an issue that cause the mouse pointer to disappear when using a Citrix Remote PC to connect to a Citrix XenDesktop Virtual Delivery Agent (VDA) session. For more information, see XenDesktop 7 Remote PC explained.
  • Addresses an issue that may cause a mouse press and release event to sometimes produce an extra mouse move event.
  • Addresses an issue that may cause the UI to stop responding for several seconds when scrolling in windows that have many child windows.
  • Addresses an issue that may cause Windows Media Player to close unexpectedly when playing media files in a loop.
  • Address an issue that prevents SharedPC policies from migrating properly during an upgrade.
  • Addresses an issue that creates duplicate profile folders during an upgrade if the profile folders have previously been redirected.
  • Addresses an issue that allows users to disable the sign-in background image when the “Computer\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image” policy is enabled.
  • Addresses a desktop and taskbar flickering issue on Windows Server 2019 Terminal Server that occurs when using User Profile Disks.
  • Addresses an issue that causes a loss of audio when Windows hasn’t been restarted for more than 50 days.
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue that prevents Internet of Things (IoT) devices from activating after the installation of an earlier cumulative update package.
  • Addresses an issue that fails to update a user hive when you publish an optional package in a Connection Group after the Connection Group was previously published.
  • Addresses an issue that may prevent a provisioning package from being applied correctly in some situations when it’s used to invoke the CleanPC configuration service provider (CSP).
  • Adds support for a customer configurable safe list for ActiveX controls when using Windows Defender Application Control. For more information, see Allow COM object registration in a Windows Defender Application Control policy.
  • Addresses an issue that prevents a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
  • Addresses an issue that may prevent Windows Information Protection (WIP) from enforcing encryption on a removable USB drive.
  • Addresses an issue that may cause Microsoft Edge and other Universal Windows Platform (UWP) applications to display an error when attempting to print. The error is “Your printer has experienced an unexpected configuration problem. 0x80070007e.”
  • ?Addresses an issue that prevents an antivirus filter from attaching to DirectAccess (DAX) volumes.
  • Addresses an issue that causes Disk Management and DiskPart to stop responding when presenting some removable disks to Windows.
  • Addresses an issue with resetting a PC.
  • Addresses an issue that may occur when repairing Storage Spaces.
  • Addresses an issue that triggers a Group Policy update even when there are no policy changes. This issue occurs when using the client-side extension (CSE) for folder redirection.
  • Enhances isolated browsing when using Windows Defender Application Guard in Microsoft Edge.
  • Addresses an issue that causes Office 365 applications to stop working after opening when they are deployed as App-V packages.
  • Addresses an issue with programmatic scrolling in Internet Explorer 11.
  • Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.
  • Addresses an issue that may cause Realtek Bluetooth radio drivers to not pair or connect in some circumstances after installing the May 14, 2019 update.

There are also the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD _ IMPERSONATION _LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_  MATCHING_COMPONENT _NOT_FOUND.”
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.
  2. Select Get Started under the Reset this PC recovery option.
  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.

We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

We are working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

Those on the Windows 10 April 2018 Update (1803), Microsoft is delivering KB4503288, taking the OS  to 17134.858.

It brings the following fixes:

  • Addresses an issue that prevents the operating system from loading new icon files if it encounters an icon file that has a bad format.
  • Addresses an issue that prevents Microsoft Edge from opening properly in certain scenarios when you select a link within an application.
  • Addresses an issue that prevents the Calculator application from following the Gannen setting when it is enabled. For more information, see KB4469068.
  • Addresses an issue that may cause a mouse press and release event to sometimes produce an extra mouse move event.
  • Addresses an issue that may cause the user interface to stop responding for several seconds when scrolling in windows that have many child windows.
  • Addresses an issue that allows users to disable the sign-in background image when the “Computer\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image” policy is enabled.
  • Addresses an issue that may cause Microsoft Outlook to stop working when closing a mail item.
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue that fails to update a user hive when you publish an optional package in a Connection Group after the Connection Group was previously published.
  • Addresses an issue that removes UserRights policies from all users in a security group when you remove a device from a mobile device management (MDM) server or Microsoft Intune deletes a UserRights policy.
  • Addresses an issue that may prevent a provisioning package from being applied correctly in some situations when it’s used to invoke the CleanPC configuration service provider (CSP).
  • Adds support for a customer configurable safe list for ActiveX controls when using Windows Defender Application Control. For more information, see Allow COM object registration in a Windows Defender Application Control policy.
  • Addresses an issue with using Data Protection Application Programming Interface NG (DPAPI-NG) or a group-protected Personal Information Exchange Format (PFX) file. Data you protected using one of these mechanisms on Windows 10, version 1607 and Windows Server 2016 or earlier cannot be decrypted using Windows 10, version 1703 or later.
  • Addresses an issue that prevents a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
  • Addresses an issue that may prevent Windows Information Protection (WIP) from enforcing encryption on a removable USB drive.
  • Addresses an issue that causes Windows Account Manager (WAM) to fail when using a Trusted Platform Module (TPM) and prevents the user from authenticating.
  • Addresses an issue that causes Disk Management and DiskPart to stop responding when presenting some removable disks to Windows.
  • Addresses an issue with a system that has preboot kernel Direct Memory Access (DMA) protection enabled. When the system starts Windows in safe mode, the system stops working with the error, “DRIVER_VERIFIER_DMA_VIOLATION.”
  • Addresses an issue that causes Office 365 applications to stop working after opening when they are deployed as App-V packages.
  • Disables Microsoft Visual Basic Script (VBScript) by default in the Internet and Restricted sites zones in Internet Explorer and the WebBrowser control.
  • Addresses an issue with programmatic scrolling in Internet Explorer 11.
  • Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.

There are also the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_  IMPERSONATION _LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

We are working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

If you’re on the Windows 10 Fall Creators Update (1709), Microsoft is delivering KB4503281, taking the OS  to 16299.1237.

It brings the following fixes:

  • Addresses an issue that prevents the operating system from loading new icon files if it encounters an icon file that has a bad format.
  • Addresses an issue that prevents Microsoft Edge from opening properly in certain scenarios when you select a link within an application.
  • Addresses an issue that prevents the Calculator application from following the Gannen setting when it is enabled. For more information, see KB4469068.
  • Addresses an issue that doesn’t detect when you hover over a 3D animation that is flipping in Internet Explorer 11 and other applications that use direct composition.
  • Addresses an issue that may cause the UI to stop responding for several seconds when scrolling in windows that have many child windows.
  • Addresses an issue that allows users to disable the sign-in background image when the “Computer\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image” policy is enabled.
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue that fails to update a user hive when you publish an optional package in a Connection Group after the Connection Group was previously published.
  • Adds support for a customer configurable safe list for ActiveX controls when using Windows Defender Application Control. For more information, see Allow COM object registration in a Windows Defender Application Control policy.
  • Addresses an issue with using Data Protection Application Programming Interface NG (DPAPI-NG) or a group-protected Personal Information Exchange Format (PFX) file. Data you protected using one of these mechanisms on Windows 10, version 1607 and Windows Server 2016 or earlier cannot be decrypted using Windows 10, version 1703 or later.
  • Addresses an issue that prevents a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
  • Addresses an issue that may prevent Windows Information Protection (WIP) from enforcing encryption on a removable USB drive.
  • Addresses an issue that causes Windows Account Manager (WAM) to fail when using a Trusted Platform Module (TPM) and prevents the user from authenticating.
  • Addresses an issue that causes Disk Management and DiskPart to stop responding when presenting some removable disks to Windows.
  • Addresses an issue that causes Office 365 applications to stop working after opening when they are deployed as App-V packages.
  • Disables Microsoft Visual Basic Script (VBScript) by default in the Internet and Restricted sites zones in Internet Explorer and the WebBrowser control.
  • Addresses an issue with programmatic scrolling in Internet Explorer 11.
  • Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.

There are also the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_  IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

If you’re on the Windows 10 Creators Update (1703), Microsoft is delivering KB4503289, taking the OS  to 15063.1897.

It brings the following fixes:

  • Addresses an issue that prevents the operating system from loading new icon files if it encounters an icon file that has a bad format.
  • Addresses an issue that prevents Microsoft Edge from opening properly in certain scenarios when you select a link within an application.
  • Addresses an issue that prevents the Calculator application from following the Gannen setting when it is enabled. For more information, see KB4469068.
  • Addresses an issue with log collection for Microsoft Surface Hub 2S.
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue that prevents a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
  • Adds support for a customer configurable safe list for ActiveX controls when using Windows Defender Application Control. For more information, see Allow COM object registration in a Windows Defender Application Control policy.
  • Addresses an issue with using Data Protection Application Programming Interface NG (DPAPI-NG) or a group-protected Personal Information Exchange Format (PFX) file. Data you protected using one of these mechanisms on Windows 10, version 1607 and Windows Server 2016 or earlier cannot be decrypted using Windows 10, version 1703 or later.
  • Addresses an issue that sends all input and output to the Non-Volatile Memory (NVMe) driver, which causes the system to stop working.
  • Addresses an issue that causes Disk Management and DiskPart to stop responding when presenting some removable disks to Windows.
  • Disables Microsoft Visual Basic Script (VBScript) by default in the Internet and Restricted sites zones in Internet Explorer and the WebBrowser control.
  • Addresses an issue with programmatic scrolling in Internet Explorer 11.
  • Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.

There are also the following known issues:

SymptomWorkaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_ IMPERSONATION_ LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

Finally, if you’re on the Windows 10 Anniversary Update (1607), Microsoft is delivering KB4503294, taking the OS to 14393.3053.

It brings the following fixes:

  • Addresses an issue that causes system processes to stop working when loading ole32.dll and tracking is enabled.
  • Addresses an issue that prevents the Calculator application from following the Gannen setting when it is enabled. For more information, see KB4469068.
  • Addresses an issue that prevents Microsoft Edge from opening properly in certain scenarios when you select a link within an application.
  • Addresses an issue that may cause the UI to stop responding for several seconds when scrolling in windows that have many child windows.
  • Addresses a desktop and taskbar flickering issue on Windows Server 2019 Terminal Server that occurs when using User Profile Disks.
  • Addresses an issue that causes a loss of audio when Windows hasn’t been restarted for more than 50 days.
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue that returns an error when using certutil.exe to verify a certificate. The error is “Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)”.
  • Addresses an issue with using Data Protection Application Programming Interface NG (DPAPI-NG) or a group-protected Personal Information Exchange Format (PFX) file. Data you protected using one of these mechanisms on Windows 10, version 1607 and Windows Server 2016 or earlier cannot be decrypted using Windows 10, version 1703 or later.
  • Adds support for a customer configurable safe list for ActiveX controls when using Windows Defender Application Control. For more information, see Allow COM object registration in a Windows Defender Application Control policy.
  • Addresses an issue that prevents a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
  • Addresses an issue that causes Disk Management and DiskPart to stop responding when presenting some removable disks to Windows.
  • Addresses an issue that sends all input and output to the Non-Volatile Memory (NVMe) driver, which causes the system to stop working.
  • Addresses an issue that causes the REFS.sys driver to stop working.
  • Reinforces the Certificate Revocation List (CRL) on Internet Key Exchange version 2 (IKEv2) machines for certificate-based virtual private network (VPN) connections, such as Device Tunnel, in an Always On VPN deployment.
  • Improves the response time for access token requests from Active Directory Federation Services (AD FS) servers.
  • Addresses a latency issue with acquiring access tokens when AD FS and SQL servers are in different datacenters.
  • Addresses an issue that may cause a Lightweight Directory Access Protocol (LDAP) paged search against a Windows 2016 Domain Controller to fail. The error message is “00000057: LdapErr: DSID-0C090AB0, comment: Error processing control, data 0, v3839.”
  • Disables Microsoft Visual Basic Script (VBScript) by default in the Internet and Restricted sites zones in Internet Explorer and the WebBrowser control.
  • Addresses an issue with programmatic scrolling in Internet Explorer 11.
  • Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.
  • Addresses a reliability issue with automatically starting a virtual machine (VM) after enabling Hyper-V Replica.
  • Enables Hygon C86 7xxx processor support on Windows Server 2016 for the China market only.
  • Addresses an issue in Windows Update that may cause proxy server resolution to fail.

There are also the following known issues:

SymptomWorkaround
For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update.

Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts.

  1. Run mofcomp on the following mof files on the affected host:
    1. Scvmmswitchportsettings.mof
    2. VMMDHCPSvr.mof
  2. Follow the best practices while patching to avoid a stop error in vfpext.sys in an SDN v2 environment (NC managed hosts).
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_Password TooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_ IMPERSONATION_ LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.Do one of the following:

  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

After installing this update and restarting, some devices running Windows Server 2016 with Hyper-V enabled may enter Bitlocker recovery mode and receive an error, “0xC0210000”.

Note Windows 10, version 1607 may also be affected when Bitlocker and Hyper-V are enabled.

For a workaround for this issue, please see KB4505821.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of this update on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.You can use the Allow-From value of the header if the IFRAME is only accessing pages from a single-origin URL. On the affected server, open a PowerShell window as an administrator and run the following command: set-AdfsResponse Headers -SetHeaderName X-Frame-Options -SetHeaderValue “allow-from https://example.com”

Microsoft is working on a resolution and will provide an update in an upcoming release.

You can manually download it here.

Via Neowin

Comments