Microsoft rolls out cumulative updates for the supported versions of Windows 10

Reading time icon 13 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Just weeks after Patch Tuesday, Microsoft has rolled out cumulative updates for the supported versions of Windows 10. Today’s update is rolled out Windows 10 users running versions 1803, 1709, 1703, and 1607.

For people running April 2018 Update, KB4346783 is being rolled out by Microsoft and it bumps the build number to 17134.254. You can head below to take a look at the official changelog for the update.

  • Addresses an issue in Microsoft Foundation Class applications that may cause applications to flicker.
  • Addresses an issue where touch and mouse events were handled differently in Windows Presentation Foundation (WPF) applications that have a transparent overlay window.
  • Addresses a reliability issue in applications that have extensive window nesting.
  • Addresses an issue in the Universal CRT that sometimes causes the AMD64 FMOD to return an incorrect result when given very large inputs.
  • Addresses an issue in the Universal CRT that causes the _get_pgmptr() function to return an empty string.
  • Addresses an issue in the Universal CRT that causes isprint() to return TRUE for a tab when using the C locale.
  • Addresses an issue where Microsoft Edge or other UWP applications can’t perform client authentication when the private key is stored on a TPM 2.0 device.
  • Addresses an issue that causes computer certificate enrollment or renewal to fail with an “Access denied” error after installing the April 2018 update. This issue occurs when the registry process has a lower process ID (PID) than all other processes except SYSTEM.
  • Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
  • Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
  • Addresses an issue where not all network printers are connected after a user signs in. The HKEY_USERS\User\Printers\Connections key shows the correct network printers for the affected user; however, the missing list for network printers from this registry key isn’t populated in any app, including Microsoft Notepad, or in Devices and Printers. Printers may disappear or stop functioning.
  • Addresses an issue that prevents printing on a 64-bit OS when 32-bit applications impersonate other users (typically by calling LogonUser). This issue occurs after installing monthly updates starting with KB4034681, released in August 2017. To resolve the issue for the affected applications, install this update, and then do one of the following:
    • Use Microsoft Application Compatibility Toolkit to globally enable the Splwow64Compat App Compat Shim
    • Use the following registry setting, and then restart the 32-bit application:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print Setting: Splwow64CompatType: DWORDValue1: 1
  • Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
  • Addresses an issue that causes devices that have 802.1x Extensible Authentication Protocol (EAP) enabled to randomly stop working with the stop code ”0xD1 DRIVER_IRQL_NOT_LESS_OR_EQUAL”. The issue occurs when the kernel memory pool becomes corrupted. Crashes will generally occur in nwifi.sys.
  • Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
  • Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.
  • If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

Unfortunately, the new patch also comes with some known issues which are listed below. Luckly, Microsoft has shared the workaround for the issues as well.

Launching Microsoft Edge using the New Application Guard Windows may fail; normal Microsoft Edge instances aren’t affected. If you’ve experienced the issue and already installed KB4343909, uninstall it.

  1. Install KB4340917.
  2. Install KB4343909.

Microsoft is working on a resolution and will provide an update in an upcoming release.

If you’re running Fall Creators Update then you will get KB4343893. The latest patch bumps the build number to 16299.637. You can check out the changelog for the update below.

  • Addresses an issue in Microsoft Foundation Class (MFC) applications that may cause applications to flicker.
  • Addresses an issue that causes win32kfull.sys to stop working (Stop 3B) when cancelling journal hook operations or disconnecting a remote session.
  • Addresses an issue that caused users to press Ctrl+Alt+Delete twice to exit assigned access mode when autologon was enabled.
  • Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
  • Addresses an issue that prevents users of PIV/CAC smart cards from authenticating to use enterprise resources or prevents Windows Hello for Business from configuring on first logon.
  • Addresses an issue that causes Microsoft Edge to stop working after setting a DLL rule in AppLocker.
  • Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
  • Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
  • Addresses an issue that causes high CPU usage on machines with built-in Sierra broadband modules when switching from WLAN to LAN. The WWanSvc service continually claims additional memory until the machine becomes unresponsive and a black screen appears.
  • Addresses an issue that prevents a checkpoint created on a Windows Server 2016 cluster from being reapplied. This occurs when VMs are running on a cluster-shared volume (CSV), and the error is “Failed to read from stream. HRESULT = 0xC00CEE3A.”
  • Addresses an issue where changes to the %HOMESHARE% path aren’t reflected in the folder redirection configuration. As a result, folder redirection for a known folder doesn’t work.
  • Addresses an issue that requires a password to be input twice if you connect to a locked device using Remote Desktop Connect.
  • Addresses an issue that causes devices that have 802.1x Extensible Authentication Protocol (EAP) enabled to randomly stop working with the stop code ”0xD1 DRIVER_IRQL_NOT_LESS_OR_EQUAL”. The issue occurs when the kernel memory pool becomes corrupted. Crashes will generally occur in nwifi.sys.
  • Provides a stability resolution for native Peripheral Component Interconnect Express (PCIe) enumeration and the runtime D3 (RTD3) state.
  • Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
  • Addresses an issue that may prevent the Start menu from opening after refreshing your PC.
  • Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.

The patch also comes with a couple of issues. Microsoft has shared the workaround for the issues. You can check out the list of known issues below.

Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you’ve created and Device Guard is enabled Microsoft is working on a resolution and will provide an update in an upcoming release.
When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:

  • “Cannot use ‘&’ or ‘.’ operators to invoke a module scope command across language boundaries.”
  • “‘Script’ resource from ‘PSDesiredStateConfiguration’ module is not supported when Device Guard is enabled. Please use ‘Script’ resource published by PSDscResources module from PowerShell Gallery.”
Microsoft is working on a resolution and will provide an update in an upcoming release.

Moving on, if you’re running Creators Update then you should see KB4343889 which will bump the build number to 15063.1292. You can check out the official changelog of the update below.

  • Addresses an issue that causes win32kfull.sys to stop working (Stop 3B) when cancelling journal hook operations or disconnecting a remote session.
  • Addresses an issue in Microsoft Foundation Class (MFC) applications that may cause applications to flicker.
  • Addresses an issue that displays incorrect changes to folder contents.
  • Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
  • Addresses an issue that prevents users of PIV/CAC smart cards from authenticating to use enterprise resources or prevents Windows Hello for Business from configuring on first logon.
  • Addresses an issue that causes Microsoft Edge to stop working after setting a DLL rule in AppLocker.
  • Addresses an issue that prevents users from logging on when an Azure Active Directory account domain changes.
  • Addresses an issue that causes PowerShell scripts to stop working when attempting operations such as Get-Credentials.
  • Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
  • Addresses an issue that causes high CPU usage on machines with built-in Sierra broadband modules when switching from WLAN to LAN. The WWanSvc service continually claims additional memory until the machine becomes unresponsive and a black screen appears.
  • Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
  • Addresses an issue that causes a connection failure when the Remote Desktop Service does not read the bypass list for a proxy that has multiple entries.

The patch doesn’t have any known issues which is a good thing for those on Creators Update.

Lastly, if you’re running Aniversary Update or Windows Server 2016 then you should see KB4343884 which bumps the build number to 14393.2457.

  • Updates the music metadata service provider used by Windows Media Player.
  • Addresses an issue from the March 2018 update that prevents the correct lock screen image from appearing when the following GPO policies are enabled:
    • Computer Configuration\Administrative Templates\Control Panel\Personalization\Force a specific default lock screen and logon image
    • Computer Configuration\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image
  • Addresses an issue that prevents users of PIV/CAC smart cards from authenticating to use enterprise resources or prevents Windows Hello for Business from configuring on first logon.
  • Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
  • Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
  • Addresses an issue that causes PowerShell scripts to stop working when attempting operations such as Get-Credentials.
  • Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
  • Addresses a Windows Task Scheduler issue that occurs when setting up an event to start on a specific day of the month. Instead of starting on the specific day of the month you selected, the event starts one week ahead of schedule. For example, if you set an event to start on the third Tuesday of August 2018, instead of starting on 08/21/18, the event starts on 08/14/18.
  • Addresses an issue that prevents Hypervisor from automatically launching on restart when running a nested or non-nested virtualization scenario after enabling Device Guard.
  • Addresses an issue that causes the event viewer for Microsoft-Windows-Hyper-V-VMMS-Admin to receive excessive Event ID 12660 “Cannot open handle to Hyper-V storage provider” messages. This issue occurs when performing migration testing on a Windows Server 2016 S2D Cluster Platform. As a result, events are deleted after three hours when the event log size reaches 1 MB.
  • Addresses an issue that causes virtual functions (VF) to be unintentionally removed when a virtual machine (VM) is saved in Hyper-V Manager. This issue occurs when assigning and loading multiple virtual functions to a single VM during live migration on Windows Server 2016. Saving the VM doesn’t result in a normal shutdown of the virtual functions and doesn’t allow the VF driver to have backchannel communication with the physical function (PF).
  • Addresses an issue that causes an Azure to on-premise failback operation to fail and puts the virtual machine (VM) into an unresponsive state. This issue occurs if the failback is interrupted by an event such as restarting the Virtual Machine Management Service (VMMS) or restarting the host machine. The failback operation then continues to fail even when the VMMS is running.
  • Addresses an Active Directory Federation Services (AD FS) issue where Multi-Factor Authentication does not work correctly with mobile devices that use custom culture definitions.
  • Addresses an issue in Windows Hello for Business that causes a significant delay (15 seconds) in new user enrollment. This issue occurs when a hardware security module is used to store an ADFS Registration Authority (RA) certificate.
  • Addresses an Active Directory Domain Services (AD DS) issue that causes Local Security Authority Subsystem Service (LSASS) to stop working intermittently. This issue occurs when a custom component binds over Transport Layer Security (TLS) to a Domain Controller using Simple Authentication and Security Layer (SASL) EXTERNAL authentication.
  • Addresses an issue that generates Event ID 2006 and prevents the Windows Performance counter from reading Server Message Block (SMB) performance counters. This issue occurs when Hot-Plug is enabled for CPUs on Windows 2016 virtual machines.
  • Addresses an issue that causes users to disconnect from a remote session when the Remote Desktop Gateway service stops working.
  • Addresses an issue that causes svchost.exe to stop working intermittently. This issue occurs when the SessionEnv service is running, which causes a partial load of the user’s configuration during a Remote Desktop session.
  • Addresses an issue that may cause the server to be restarted because the system nonpaged pool consumes too much memory.
  • Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
  • Addresses an issue that prevents a drive from being made writable even after BitLocker encryption has completed. This issue occurs when using the FDVDenyWriteAccess policy.
  • Addresses an issue that occasionally displays a blue screen instead of the lock screen when a device wakes up from sleep.
  • Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.

There are no known issues for this update either.

As usual, Microsoft will download the new patches automatically. However, if you’re keen to install them then you can either head to Microsoft Update Catalog to download the patch or go to Settings>Update and Security>Windows Update and Check for Updates to download and install updates manually.

Via: Neowin

User forum

0 messages