Patch Tuesday was two weeks ago, and that"s when all supported versions of Windows 10 got their mandatory monthly cumulative updates. As is common though, Microsoft releases new updates throughout the month, although these updates are optional. Today, cumulative updates are rolling out to Windows 10 versions 1809, 1803, 1709, and 1607.
This leaves out the two newest versions, 1909 and 1903, and the oldest version, 1507, which is still supported on the Long-Term Servicing Branch. Version 1511 is the only version of Windows 10 that isn"t supported anymore at all, and version 1703 is only supported for Surface Hub.
If you"re on Windows 10 version 1809, you"ll get KB4537818, which brings the build number to 17763.1075. You can manually download it here, and these are the highlights:
- Updates an issue that prevents the speech application from opening for several minutes in a high noise environment.
- Improves the accuracy of Windows Hello face authentication.
- Updates an issue that might prevent ActiveX content from loading.
- Improves the battery performance during Modern Standby mode.
- Updates an issue that prevents you from taking a screenshot of a window.
- Updates an issue that adds an unwanted keyboard layout as the default after an upgrade even if you have already removed it.
- Updates an issue that prevents users from reactivating their copy of Windows using the product key stored in their Managed Service Account (MSA).
- Updates an issue that prevents some applications from printing to network printers.
There"s also a long list of fixes:
- Addresses an issue that prevents the speech platform application from opening for several minutes in a high noise environment.
- Improves the accuracy of Windows Hello face authentication.
- Improves Urlmon resiliency when receiving incorrect Content-Length for a PeerDist response.
- Addresses an issue that might prevent ActiveX content from loading.
- Addresses an issue that might cause Microsoft browsers to bypass proxy servers.
- Improves the battery performance during Modern Standby mode.
- Addresses an issue that causes the power dependency coordinator (PDC) driver to unnecessarily drain the battery in certain scenarios.
- Addresses an issue that prevents a user from upgrading or uninstalling some Universal Windows Platforms (UWP) apps in certain scenarios.
- Addresses an issue that causes attempts to take a screenshot of a window using the PrintWindow API to fail.
- Addresses an issue that adds an unwanted keyboard layout as the default after an upgrade or migration even if you have already removed it.
- Addresses an issue that fails to return search results in the Start menu Search box for users that have no local profile.
- Addresses an issue that causes the installation process to stop when installing Windows on a VMware guest machine that has a USB 3.0 hub attached.
- Addresses an issue in which re-running PowerShell workflows might fail with compilation errors for long sessions.
- Improves Event Forwarding scalability to ensure thread safety and increase resources.
- Addresses an issue in the Windows activation troubleshooter that prevents users from reactivating their copy of Windows using the product key stored in their Managed Service Account (MSA).
- Addresses an issue that generates an “unknown username or bad password” error when attempting to sign in. This occurs in an environment that has a Windows Server 2003 domain controller (DC) and a Windows Server 2016 or later DC.
- Addresses an issue with sign in scripts that fail to run when a user signs in or signs out.
- Addresses an issue that continues to collect IsTouchCapable and GetSystemSku data when they should no longer be collected.
- Addresses an issue that might cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd).
- Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically.
- Addresses an issue that prevents some applications from printing to network printers.
- Addresses an issue that causes the wrong printer name to be selected when you click the Print button in the SQL reporting service.
- Addresses an issue that might cause a printer to be a hidden device in Device Manager after a restart.
- Addresses an issue that prevents the Background Intelligent Transfer Service (BITS) from downloading files; the error is “0x80190191.”
- Addresses an issue that causes the Windows firewall to drop network traffic from Modern apps, such as Microsoft Edge, when you connect to a corporate network using a virtual private network (VPN).
- Addresses an issue that causes Host Networking Service (HNS) PortMapping policies to leak when the container host is reinstated after a restart.
- Addresses an issue that causes some systems to stop responding when operating embedded MultiMediaCard (eMMC) storage devices.
- Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, "No administrator accounts are available on this machine", appears.
- Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove "Guest" from the "Guests" local group.
- Addresses an issue that causes the Local Security Authority Subsystem Service (LSASS) to stop working and triggers a restart of the system. This issue occurs when invalid restart data is sent with a non-critical paged search control.
- Addresses an Open Database Connectivity (ODBC) issue that causes an infinite loop in the retry logic when there are several lost connections in the connection pool.
- Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.” This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests.
- Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request.
- Addresses an issue that prevents Server Message Block (SMB) Multichannel from working within a cluster network that has IPv6 Local-Link addresses.
- Addresses an issue that might cause Storage Migration Service inventory operations on a Windows Server 2003 source computer to fail in clustered environments.
- Addresses an issue in which canceling a deduplication (dedup) job to rebuild hotspots prevents other deduplication PowerShell commands from responding.
- Addresses an issue that causes window ordering to fail after displaying tooltips in the RemoteApp window.
- Addresses an issue in which the Remote Desktop (RD) Licensing Diagnoser shows an incorrect version of the Remote Desktop Session Host (RDSH) and the Remote Desktop Licensing Server (RDLS).
- Addresses an issue with certificate validation that causes Internet Explorer mode in Microsoft Edge to fail.
There are also a couple of known issues to be aware of:
Symptom | Workaround |
---|---|
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. | Do one of the following:
|
After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_ COMPONENT_NOT_FOUND." |
Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
Microsoft is working on a resolution and will provide an update in an upcoming release. |
Windows 10 version 1803 isn"t supported on Home or Pro SKUs, but if you"re on Enterprise or Education, you"ll get KB4537795, which brings the build number to 17134.1345. You can manually download it here, and these are the highlights:
- Improves the accuracy of Windows Hello face authentication.
- Updates an issue that might prevent ActiveX content from loading.
- Updates an issue that adds an unwanted keyboard layout as the default after an upgrade even if you have already removed it.
- Updates an issue that prevents some applications from printing to network printers.
Here"s the full list of fixes:
- Improves the accuracy of Windows Hello face authentication.
- Improves Urlmon resiliency when receiving incorrect Content-Length for a PeerDist response.
- Addresses an issue that might prevent ActiveX content from loading.
- Addresses an issue that might cause Microsoft browsers to bypass proxy servers.
- Addresses an issue that adds an unwanted keyboard layout as the default after an upgrade or migration even if you have already removed it.
- Addresses an issue that causes an error if you open Microsoft OneDrive files on demand when User Experience Virtualization (UE-V) is enabled. To apply this solution, set the following DWORD to 1: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\ApplyExplorerCompatFix.”
- Addresses an issue that generates an “unknown username or bad password” error when attempting to sign in. This occurs in an environment that has a Windows Server 2003 domain controller (DC) and a Windows Server 2016 or later DC.
- Addresses an issue with sign in scripts that fail to run when a user signs in or signs out.
- Addresses an issue that continues to collect IsTouchCapable and GetSystemSku data when they should no longer be collected.
- Provides live response capability that gives Security Operations (SecOps) immediate access to compromised machines using the Microsoft Defender Advanced Threat Protection (ATP) console (Microsoft Defender Security Center).
- Improves the accuracy of detection in Microsoft Defender ATP Threat & Vulnerability Management.
- Addresses an issue that might cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd).
- Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically.
- Addresses an issue that prevents some applications from printing to network printers.
- Addresses an issue that prevents the Background Intelligent Transfer Service (BITS) from downloading files; the error is “0x80190191.”
- Addresses an issue that causes the Windows firewall to drop network traffic from Modern apps, such as Microsoft Edge, when you connect to a corporate network using a virtual private network (VPN).
- Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request.
- Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.” This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests.
- Addresses an issue that corrupts a log file when a storage volume is full and data is still being written to the Extensible Storage Engine Technology (ESENT) database.
- Addresses an issue with certificate validation that causes Internet Explorer mode in Microsoft Edge to fail.
This update only has one known issue:
Symptom | Workaround |
---|---|
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. | Do one of the following:
|
For Windows 10 version 1709, you"ll get KB4537816, bringing the build number to 16299.1717. You can manually download it here, and these are the highlights:
- Updates an issue that might prevent ActiveX content from loading.
- Updates an issue that prevents some applications from printing to network printers.
Here"s the full list of fixes:
- Addresses an issue that might prevent ActiveX content from loading.
- Addresses an issue that might cause Microsoft browsers to bypass proxy servers.
- Addresses an issue that generates an “unknown username or bad password” error when attempting to sign in. This occurs in an environment that has a Windows Server 2003 domain controller (DC) and a Windows Server 2016 or later DC.
- Provides live response capability that gives Security Operations (SecOps) immediate access to compromised machines using the Microsoft Defender Advanced Threat Protection (ATP) console (Microsoft Defender Security Center).
- Improves the accuracy of detection in Microsoft Defender ATP Threat & Vulnerability Management.
- Addresses an issue that might cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd).
- Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically.
- Addresses an issue that prevents some applications from printing to network printers.
- Addresses an issue with certificate validation that causes Internet Explorer mode in Microsoft Edge to fail.
This update has the same known issue as the update for version 1803.
Finally, Windows 10 version 1607 is only supported in the Long-Term Servicing Branch and for Windows Server 2016 customers, but those users will get KB4537806, bringing the build number to 14393.3542. You can manually download it here, and there"s just one highlight:
- Updates an issue that prevents some applications from printing to network printers.
Here"s the full list of fixes:
- Addresses an issue that might cause Microsoft browsers to bypass proxy servers.
- Addresses an issue that propagates shared folder permissions incorrectly to parent folders after an administrator makes changes on the host system to shared subfolders that are not in the Users directory.
- Addresses an issue in which re-running PowerShell workflows might fail with compilation errors for long sessions.
- Improves Event Forwarding scalability to ensure thread safety and increase resources.
- Addresses an issue that generates an “unknown username or bad password” error when attempting to sign in. This occurs in an environment that has a Windows Server 2003 domain controller (DC) and a Windows Server 2016 or later DC.
- Addresses an issue that causes Transport Layer Security (TLS) sessions to fail with the error, "The request was aborted: Could not create SSL/TLS secure Channel."
- Addresses an issue that prevents some applications from printing to network printers.
- Addresses an issue that prevents the Network Policy Server (NPS) accounting feature from functioning. This occurs when NPS is configured to use SQL for accounting with the new OLE (compound document) database driver (MSOLEDBSQL.dll) after switching to TLS 1.2.
- Addresses an issue that causes Security Assertion Markup Language (SAML) errors and loss of access to third-party apps for users who do not have multi-factor authentication (MFA) enabled.
- Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request.
- Addresses an issue with the spell checker in RemoteApp. This issue prevents the spell checker from using the locale language the user selects when there is a mismatch between the locale setting and the keyboard layout of the local or client machine. For example, the issue occurs if using a Dutch locale language with the United States-International keyboard layout; the spell checker incorrectly uses the English language instead of the locale language (Dutch) configured in the OS.
- Addresses an issue with certificate validation that causes Internet Explorer mode in Microsoft Edge to fail.
This update has two known issues:
Symptom | Workaround |
---|---|
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. | Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution and will provide an update in an upcoming release. |
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. | Do one of the following:
|
As always, you can install these updates manually, but you can also get them via Windows Update. They won"t be installed automatically though. You"ll need to go into Windows Update and choose to install the optional updates. If you choose not to take them, these fixes will be bundled into next month"s Patch Tuesday updates.