Microsoft has released new optional updates for those using Windows 10 21H2, 21H1, and Windows Server 20H2. KB5014666 (build versions 19042.1806, 19043.1806, and 19044.1806 respectively) brings traditional for cumulative updates bugfixes and minor improvements, plus, surprisingly, a couple of new printing features.
Here are the new features in KB5014666:
New! Adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection.
New! Adds Server Message Block (SMB) redirector (RDR) specific public File System Control (FSCTL) code FSCTL_LMR_QUERY_INFO.
New! Introducing the following Print and Scan features:
IPP over USB support – Microsoft has supported Internet Print Protocol (IPP) for network printers starting in 2018 with the release of Windows 10, version 1809. We are now expanding IPP support to USB printers.
Print support app (PSA) APIs – Using the PSA framework, printer manufacturers can extend printer functionalities and user experience. For more information, see Print support app design guide.
PIN-protected printing for IPP and Universal Print - Standard print dialogs now include a user interface to enter a PIN code.
eSCL Mopria Scan protocol - Windows now supports the eSCL Mopria Scan protocol. It can be used with Mopria certified scanner devices.
If you consider yourself a regular consumer who does not care about enterprise-related features and improvements, then KB5014666 brings you the following notable changes Microsoft mentioned in the update highlights:
Addresses an issue that prevents the Pashto language from appearing in the language list.
Addresses an issue that affects the touchpad area that responds to a right-click (the right-click zone).
Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature.
Addresses an issue that affects the Cloud Clipboard service and prevents syncing between machines after a period of inactivity.
And here is the rest of the changelog:
Enables the InternetExplorerModeEnableSavePageAs Group Policy. For more information, see Microsoft Edge Browser Policy Documentation.
Addresses an issue that affects some certificates chains to Root Certification Authorities that are members of the Microsoft Root Certification Program. For these certificates, the certificate chain status can be, “This certificate was revoked by its certification authority”.
Addresses an issue that leads to a false negative when you run scripts while Windows Defender Application Control (WDAC) is turned on. This might generate AppLocker events 8029, 8028, or 8037 to appear in the log when they should not.
Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection.
Addresses an issue that causes a domain controller to incorrectly write Key Distribution Center (KDC) event 21 in the System event log. This occurs when the KDC successfully processes a Kerberos Public Key Cryptography for Initial Authentication (PKINIT) authentication request with a self-signed certificate for key trust scenarios (Windows Hello for Business and Device Authentication).
Addresses an issue that causes the LocalUsersAndGroups configuration service provider (CSP) policy to fail when you modify the built-in Administrators group. This issue occurs if the local Administrator account isn"t specified in the membership list when you perform a replace operation.
Addresses an issue in which malformed XML inputs might cause an error in DeviceEnroller.exe. This prevents CSPs from being delivered to the device until you restart the device or correct the XML.
Addresses an issue that causes Microsoft NTLM authentication using an external trust to fail. This issue occurs when a domain controller that contains the January 11, 2022 or later Windows update services the authentication request, is not in a root domain, and does not hold the Global Catalog role. The affected operations might log the following errors:
The security database has not been started.
The domain was in the wrong state to perform the security operation.
0xc00000dd (STATUS_INVALID_DOMAIN_STATE).
- Addresses an issue that affects devices enrolled in Update Compliance and have installed the April 2022 Windows non-security or later updates. For more information, see Monitor Windows Updates with Update Compliance. Devices that are enrolled in other Windows diagnostic data processor configuration programs or have a combined enrollment with any of these programs and Update Compliance are not affected.
Windows 10 21H2 and 21H1 users can download KB5014666 from Windows Update or the Windows Update Catalog using this link.
Earlier this month, Microsoft released an optional update for Windows 11 with Search Highlights and a massive list of fixes and improvements. Also, changes in the latest Windows 10 cumulative updates confirmed Microsoft is working on a new feature update called Windows 10 22H2.