Patch Tuesday was just a week ago, and even those cumulative updates got replaced two days later. Now, it"s time for the first round of mid-stream optional cumulative updates. Today"s builds are available for Windows 10 versions 1809, 1803, 1709, and 1607. In other words, it"s all supported versions except for the newest and the oldest.
If you"re on version 1809, you"ll get KB4541331, bringing the build number to 17763.1131. You can manually download it here, and these are the highlights:
- Updates an issue that causes an error when printing to a document share.
- Updates an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
- Updates an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone.
- Improves application and device compatibility with Windows updates.
Here"s the full list of fixes:
- Addresses an issue that causes an error when printing to a document repository.
- Addresses a drawing issue with the Microsoft Foundation Class (MFC) toolbar that occurs when dragging in a multi-monitor environment.
- Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
- Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
- Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
- Addresses an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone.
- Addresses an issue with reading logs using the OpenEventLogA() function.
- Addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is "The server"s clock is not synchronized with the primary domain controller"s clock."
- Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
- Addresses an issue that causes authentication to fail when using Azure Active Directory and the user’s security identifier (SID) has changed.
- Addresses an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS.
DNS zone. This occurs when DC computer names contain one or more uppercase characters. - Addresses an issue that causes authentication in an Azure Active Directory environment to fail and no error appears.
- Addresses an issue that causes high CPU utilization when retrieving a session object.
- Addresses high latency in Active Directory Federation Services (AD FS) response times for globally distributed datacenters in which SQL might be on a remote datacenter.
- Improves the performance for all token requests coming to AD FS, including OAuth, Security Assertion Markup Language (SAML), WS-Federation, and WS-Trust.
- Addresses a high latency issue in acquiring OAuth tokens when AD FS front-end servers and back-end SQL servers are in different datacenters.
- Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname.
- Addresses an issue to prevent SAML errors and the loss of access to third-party apps for users who do not have multi-factor authentication (MFA) enabled.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) settings from roaming to enable the signature files that are used for new messages, forwarded messages, and replies.
- Addresses an issue with high CPU usage on AD FS servers that occurs when the backgroundCacheRefreshEnabled feature is enabled.
- Addresses an issue that creates the Storage Replica administrator group with the incorrect SAM-Account-Type and Group-Type. This makes the Storage Replica administrator group unusable when moving the primary domain controller (PDC) emulator.
- Addresses an issue that prevents some machines from automatically going into Sleep mode under certain circumstances because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
- Addresses an issue that prevents some machines from running Microsoft Defender ATP Threat & Vulnerability Management successfully.
- Improves support for non-ASCII file paths for Microsoft Defender ATP Auto IR.
- Addresses an issue that, in some scenarios, causes stop error 0xEF while upgrading to Windows 10, version 1809.
There"s also one known issue:
Symptom | Workaround |
---|---|
After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." |
Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
Microsoft is working on a resolution and will provide an update in an upcoming release. |
Windows 10 version 1803 is only supported for Enterprise and Education SKUs, but those users will get KB4541333, bringing the build number to 17134.1399. You can manually download it here, and these are the highlights:
- Updates an issue that causes an error when printing to a document share.
- Updates an issue that causes a stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
- Improves application and device compatibility with Windows updates.
Here"s the full list of fixes:
- Addresses an issue that causes an error when printing to a document repository.
- Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
- Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
- Addresses an issue that causes authentication in an Azure Active Directory environment to fail and no error appears.
- Addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is "The server"s clock is not synchronized with the primary domain controller"s clock."
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) settings from roaming to enable the signature files that are used for new messages, forwarded messages, and replies.
- Addresses an issue that prevents some machines from automatically going into Sleep mode under certain circumstances because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
- Addresses an issue that prevents some machines from running Microsoft Defender ATP Threat & Vulnerability Management successfully.
- Improves support for non-ASCII file paths for Microsoft Defender ATP Auto IR.
There are no known issues with this update.
Windows 10 version 1709 is also only supported for Enterprise and Education SKUs, and those users will get KB4541330, bringing the build number to 16299.1775. You can manually download it here, and there"s only one highlight:
- Improves application and device compatibility with Windows updates.
Here"s the full list of fixes:
- Addresses an issue that causes File Explorer to close unexpectedly when using roaming profiles between different versions of Windows 10.
- Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
- Addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is "The server"s clock is not synchronized with the primary domain controller"s clock."
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) settings from roaming to enable the signature files that are used for new messages, forwarded messages, and replies.
- Addresses an issue that prevents some machines from running Microsoft Defender ATP Threat & Vulnerability Management successfully.
There are no known issues with this update.
Finally, Windows 10 version 1607 is only supported on the Long Term Servicing Channel and for Windows Server 2016, but those users will get KB4541329, bringing the build number to 14393.3595. You can manually download it here, and there"s one highlight:
- Improves application and device compatibility with Windows updates.
Here"s the full list of fixes:
- Addresses an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS.
DNS zone. This occurs when DC computer names contain one or more uppercase characters. - Addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is "The server"s clock is not synchronized with the primary domain controller"s clock."
- Addresses an issue with running an application in RemoteApp that might cause the application window to flicker and DWM.exe might stop working on the session host.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) settings from roaming to enable the signature files that are used for new messages, forwarded messages, and replies.
- Addresses an issue with high CPU usage on Active Directory Federation Services (AD FS) servers that occurs when the backgroundCacheRefreshEnabled feature is enabled.
There"s also one known issue:
Symptom | Workaround |
---|---|
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters. | Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution and will provide an update in an upcoming release. |
As usual, these updates are optional, meaning that you can either install them manually or you can opt into installing them via Windows Update. If you don"t, these fixes will be bundled into next month"s Patch Tuesday update.