It"s been a couple of months since Microsoft released new cumulative updates in-between Patch Tuesdays, but it seems that now that the holidays are over, the company is back on schedule. Yesterday evening, it released new updates for all supported versions except for the newest and the oldest ones, a common trend for the first mid-stream patch day. Updates for versions 1903 and 1909 will likely come later.
It"s worth noting, however, that in previous months when these mid-stream updates were released, there"s only been a build missing from the newest and oldest versions, rather than the two newest. That change is because versions 1903 and 1909 gets the exact same updates, so this current trend will continue.
If you"re on Windows 10 version 1809, you"re going to see KB4534321, which brings the build number to 17763.1012. You can manually download it here, and these are the highlights:
- Updates an issue with Windows Mixed Reality that occurs after upgrading to a new version of Microsoft Edge.
- Updates an issue that causes a device to repeatedly go into the Windows Out Of Box Experience (OOBE) restart loop in certain situations.
- Updates an issue that causes the touch keyboard to close when you select any key.
- Updates an issue that prevents users from reducing the size of a window in some cases.
- Updates an issue that changes the user-customized order of tiles in the Start menu even though the layout is locked or partially locked.
- Updates an issue that causes the Settings page to close unexpectedly.
- Updates an issue that might prevent a user’s settings from syncing across devices.
Here"s the full list of fixes:
- Addresses an issue with Windows Mixed Reality that occurs after upgrading to a new version of Microsoft Edge.
- Addresses an issue with download notifications that have multiple short-duration tabs and redirects.
- Addresses an issue that causes the Microsoft Windows Search Indexer (searchindexer.exe) to add or repair required access control lists (ACLs) without checking if ACLs exist.
- Addresses an issue that causes a device to repeatedly go into the Windows Out Of Box Experience (OOBE) restart loop in certain situations.
- Addresses an issue with syncing settings from the Accounts page when the "Continue experiences on this device" Group Policy is disabled.
- Addresses an issue that prevents software Indirect Display drivers from being signed with more than one certificate.
- Addresses an issue with a memory leak in ctfmon.exe that occurs when you refresh an application that has an editable box.
- Addresses an issue that, in some instances, prevents the Language Bar from appearing when the user signs in to a new session. This occurs even though the Language Bar is configured properly.
- Addresses an issue that causes the touch keyboard to close when you select any key.
- Addresses an issue that prevents users from reducing the size of a window in some cases.
- Addresses an issue that changes the user-customized order of tiles in the Start menu even though the layout is locked or partially locked.
- Addresses an issue with incorrect permissions on a user’s class registry keys that might prevent users that have local or roaming user profiles from opening files, links, and applications.
- Addresses an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set properly.
- Addresses an issue that causes Windows Search to close unexpectedly when a Group Policy applies sub-groups to the Start menu layout.
- Addresses an issue with the multifactor unlock policy of Windows Hello for Business that fails to show the default option to sign in on Windows 10 devices.
- Addresses an issue that prevents a remote PowerShell session job from reporting that the session on the target machine has ended.
- Addresses an issue with a handle leak in the EnableTraceEx2() function.
- Addresses an issue that prevents Internet Explorer from opening when Microsoft User Experience Virtualization (UE-V) is being used to roam many favorites.
- Improves the reliability of the UE-V AppMonitor.
- Addresses an issue that might prevent a user’s settings from syncing across devices.
- Addresses an issue that causes the Local Security Authority Subsystem Service (LSASS) process to stop working when you sign in using an updated user principal name (UPN) (for example, changing UserN@contoso.com to User.Name@contoso.com). The error code is, “0xc0000005 (STATUS_ACCESS_VIOLATION).”
- Addresses an issue with unsigned program files that will not run when Windows Defender Application Control is in Audit Mode, but will allow unsigned images to run.
- Addresses an issue that might cause the Print Management console to display script errors when you enable the Extended View option.
- Addresses an issue with the Always On Virtual Private Network (VPN) that fails to remove the Name Resolution Policy Table (NRPT) rules after you disconnect.
- Addresses an issue with AppContainer firewall rules that leak when guest users or mandatory user profile users sign in and sign out from Windows Server.
- Addresses an issue that causes some systems to stop responding when operating embedded MultiMediaCard (eMMC) storage devices.
- Addresses an issue with ntdsutil.exe that prevents you from moving Active Directory database files. The error is, “Move file failed with source <original_full_db_path> and Destination <new_full_db_path> with error 5 (Access is denied.)”
- Addresses an issue in which netdom.exe fails to correctly identify trust relationships when an unconstrained delegation is explicitly enabled by adding bitmask 0x800 to the trust object. The bitmask setting is required because of security changes to the default behavior of unconstrained delegations in Windows updates released on or after July 8, 2019. For more information, see KB4490425 and 6.1.6.7.9 trustAttributes.
- Addresses an issue that uses an incorrect number of bytes to perform backups across partitions; this causes backups to fail even when there is adequate space.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue with the Windows Out of Box Experience (OOBE) phase of setup for a new device. When you use the Input Method Editor (IME) for Chinese, Japanese, or Korean languages, you might not be able to create a local user account.
- Addresses an issue that corrupts a log file when a storage volume is full and data is still being written to the Extensible Storage Engine Technology (ESENT) database.
- Addresses an issue that might cause the Application Virtualization (App-V) Streaming Driver (appvstr.sys) to leak memory when you enable Shared Content Store (SCS) mode.
- Improves the performance of block cloning for the Resilient File System (ReFS) in scenarios that involve a large number of operations on ReFS-cloned files.
There are also a couple of known issues to be aware of:
Symptom | Workaround |
---|---|
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. | Do one of the following:
|
After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." |
Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
Microsoft is working on a resolution and will provide an update in an upcoming release. |
For Windows 10 version 1803, you"ll get KB4534308, bringing the build number to 17134.1276. You can manually download it here, and there"s one highlight:
- Updates an issue that might prevent a user’s settings from syncing across devices.
Here"s the full list of fixes:
- Addresses an issue with using Web Account Manager to sign in to Office Apps.
- Addresses an issue with download notifications that have multiple short-duration tabs and redirects.
- Addresses an issue with a memory leak in ctfmon.exe that occurs when you refresh an application that has an editable box.
- Addresses an issue with the Windows Out of Box Experience (OOBE) phase of setup for a new device. When you use the Input Method Editor (IME) for Chinese, Japanese, or Korean languages, you might not be able to create a local user account.
- Addresses an issue with the multifactor unlock policy of Windows Hello for Business, which fails to show the default option to sign in on Windows 10 devices.
- Addresses an issue that prevents computer objects from being added to local groups using the Group Policy Preference “Local Users and Groups”. The Group Policy Editor returns the error message, “The object selected does not match the type of destination source. Select again.”
- Addresses an issue that prevents Internet Explorer from opening when Microsoft User Experience Virtualization (UE-V) is being used to roam many favorites.
- Improves the reliability of the UE-V AppMonitor.
- Addresses an issue that might prevent a user’s settings from syncing across devices.
- Addresses an issue that might cause high CPU consumption in Microsoft Defender Advanced Threat Protection when using Microsoft Teams.
- Addresses an issue that causes the Local Security Authority Subsystem Service (LSASS) process to stop working when you sign in using an updated user principal name (UPN) (for example, changing UserN@contoso.com to User.Name@contoso.com). The error code is, “0xc0000005 (STATUS_ACCESS_VIOLATION).”
- Addresses an issue that causes a connection secured by IP security (IPSec) Internet Key Exchange Version 1 (IKEv1) to consume multiple, short-lived security associations (SA) instead of utilizing one until it expires.
- Addresses an issue with AppContainer firewall rules that leak when guest users or mandatory user profile users sign in and sign out from Windows Server.
- Addresses an issue that uses an incorrect number of bytes to perform backups across partitions; this causes backups to fail even when there is adequate space.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue in which netdom.exe fails to correctly identify trust relationships when an unconstrained delegation is explicitly enabled by adding bitmask 0x800 to the trust object. The bitmask setting is required because of security changes to the default behavior of unconstrained delegations in Windows updates released on or after July 8, 2019. For more information, see KB4490425 and 6.1.6.7.9 trustAttributes.
- Addresses an issue that might cause the Application Virtualization (App-V) Streaming Driver (appvstr.sys) to leak memory when you enable Shared Content Store (SCS) mode.
- Addresses an issue that corrupts a log file when a storage volume is full and data is still being written to the Extensible Storage Engine Technology (ESENT) database.
This one also has one known issue:
Symptom | Workaround |
---|---|
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. | Do one of the following:
|
The Windows 10 Fall Creators Update, or version 1709, is only supported for Enterprise and Education SKUs. Those users will get KB4534318, bringing the build number to 16299.1654. You can manually download it here, and there"s one highlight:
- Updates an issue that might prevent a user’s settings from syncing across devices.
Here"s the full list of fixes:
- Addresses an issue that prevents computer objects from being added to local groups using the Group Policy Preference “Local Users and Groups”. The Group Policy Editor returns the error message, “The object selected does not match the type of destination source. Select again.”
- Addresses an issue that prevents Internet Explorer from opening when Microsoft User Experience Virtualization (UE-V) is being used to roam many favorites.
- Improves the reliability of the UE-V AppMonitor.
- Addresses an issue that might prevent a user’s settings from syncing across devices.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue with the Windows Out of Box Experience (OOBE) phase of setup for a new device. When you use the Input Method Editor (IME) for Chinese, Japanese, or Korean languages, you might not be able to create a local user account.
- Addresses an issue that might cause the Application Virtualization (App-V) Streaming Driver (appvstr.sys) to leak memory when you enable Shared Content Store (SCS) mode.
This update has the same known issue as the update for version 1803. Also, there"s no new update for version 1703, since that"s unsupported for everyone except Surface Hub users.
Finally, the Windows 10 Anniversary Update, or version 1607, is still supported for LTSB and Windows Server 2016 users. They"ll get KB4534307, bringing the build number to 14393.3474. You can manually download it here, and there"s one highlight:
- Updates an issue that might sometimes occur in Microsoft Word when you change to Focus mode using the Korean Windows Input Method Editor (IME).
Here"s the full list of fixes:
- Addresses an issue that might sometimes occur in Microsoft Word when you change to Focus mode using the Korean Windows Input Method Editor (IME).
- Addresses an issue that occurs after you sign in, which causes an application to stop responding when you use the IME with the touch keyboard.
- Addresses an issue that might prevent you from signing in to a new Remote Desktop console session or reconnecting to an existing session on a device that has reached its active session limit. If attempts to sign in do not fail immediately, you might also experience a long wait at the Welcome screen. The error message is, “The task you are trying to do can"t be completed because Remote Desktop Services is currently busy. Please try again in a few minutes. Other users should still be able to log on.”
- Addresses a race condition that occurs when you run multiple PowerShell scripts simultaneously.
- Improves the reliability of the Microsoft User Experience Virtualization (UE-V) AppMonitor.
- Addresses an issue that might cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd).
- Addresses an issue with AppContainer firewall rules that leak when guest users or mandatory user profile users sign in and sign out from Windows Server.
- Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.”
- Addresses an Open Database Connectivity (ODBC) issue that causes an infinite loop in the retry logic when there are several lost connections in the connection pool.
- Addresses an issue that fails to apply the defined connection values for Remote Desktop Services (RDS).
- Addresses an issue that uses an incorrect number of bytes to perform backups across partitions; this causes backups to fail even when there is adequate space.
- Addresses an issue in which netdom.exe fails to correctly identify trust relationships when an unconstrained delegation is explicitly enabled by adding bitmask 0x800 to the trust object. The bitmask setting is required because of security changes to the default behavior of unconstrained delegations in Windows updates released on or after July 8, 2019. For more information, see KB4490425 and 6.1.6.7.9 trustAttributes.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue that might cause the Application Virtualization (App-V) Streaming Driver (appvstr.sys) to leak memory when you enable Shared Content Store (SCS) mode.
This update has two known issues:
Symptom | Workaround |
---|---|
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. | Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution and will provide an update in an upcoming release. |
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. | Do one of the following:
|
Like all mid-stream updates, these are optional, meaning that they won"t be automatically installed, even though you can get them through Windows Update. If you choose not to take them, these fixes will be bundled into next month"s Patch Tuesday updates.