[German]Microsoft has released a series of cumulative updates for Windows 10 effective March 22, 2018. Here is an overview of what is available and what else there is to know.
When I checked for updates on Tuesday, I didn’t find anything. Thanks to Crysta T. Lacey for the tip.
Update KB4089848 for Windows 10 Version 1709
Update KB4089848 has been re-released on March 22, 2018 for Windows 10 Fall Creators Update (version 1709). This is a revised edition of a package, which was released on March 13, 2018 (see Patchday: Windows 10 Updates (March 13, 2018)). The update contains quality improvements, addressing the following.
- Addresses issue with a GDI handle leak in the Windows Ribbon control.
- Addresses issue where users can’t select OK after entering credentials in command line on Windows Server version 1709.
- Addresses issues where Bluetooth devices fail to receive data after a restart.
- Addresses issue where, during BitLocker decryption or encryption of a drive, files protected with the Encrypting File System (EFS) may become corrupted.
- Addresses issue where the server may occasionally encounter an error during file transfer. The error is “Stop D1 in tcpip!TcpSegmentTcbSend”.
- Addresses issue where an iSCSI RESET might trigger a cluster failover.
- Addresses issue in MPIO where pass-through SCSI requests might lead to a stop error if the disk is pending removal.
- Addresses issue where processing of group policies may fail, and policies may be removed as a result. This occurs if the length of the Windows Defender Firewall policy rule exceeds 260 characters.
- Addresses issue caused by a new privilege in Windows Server 2016 and Windows 10 version 1709 named “Obtain an impersonation token for another user in the same session”. When applied using Group Policy to those computers, gpresult /h fails to generate reporting data for any setting configured by the Security Configuration Engine (SCE) extension. The error message is “Requested value ‘SeDelegateSessionUserImpersonatePrivilege’ was not found”. The Group Policy Management Console fails to show the privilege in the Settings tab for a GPO where the setting has been configured.
- Addresses issue where errors may occur when accessing WebDAV files or folders on a SharePoint site if the file or folder name contains multibyte characters.
- Addresses issue where the Remote Desktop License report gets corrupted when it exceeds the 4 KB size limit.
- Addresses issue where an Azure point-to-site VPN connection that uses IKEv2 may fail when the user’s device contains a large number of trusted root certificates.
- Addresses rendering issue in Microsoft Edge for PDF documents with backgrounds created using various third-party publishing tools.
- Addresses issue where a media platform stops responding when changing cameras rapidly on a device.
- Addresses issue where a media platform stops responding, which affects media playback in Microsoft Edge, Internet Explorer, and Microsoft PowerPoint.
- Addresses issue with spatial audio when used in connection to Dolby Atmos for Headphones.
- Addresses issue where a credential prompt that requires administrative privileges appears when a standard user account performs the first logon to a Windows 10 device that has been deployed using Windows Autopilot.
- Addresses issue where tiles in the Start menu aren’t preserved when upgrading from Windows 10 version 1607 to Windows 10 version 1709.
- Addresses issue with Spell Check and custom dictionaries.
- Addresses issue with the press and hold feature when using a pen in Tablet mode.
- Addresses issue with editing web password fields using a touch keyboard.
- Addresses issue where some Bluetooth card readers don’t work after a restart.
The update is automatically distributed via Windows Update, but is also available from Microsoft Update Catalog for download and manual installation. This update upgrades Windows to OS build 16299.334.
The package is also provided for Windows Server 2016 (V1709). Cumulative updates install only what was not installed in previous updates.
Important If you install both the SSU (Servicing Stack Updates) and LCU (Latest Cumulative Updates) updates from the Microsoft Update Catalog, you should install the SSU updates before the LCU updates.
Known issues…
Microsoft hasn’t managed to eliminate the error 0x80070643, which is reported during the update installation, for months. This bug causes the package to be listed in the update process as failed during installation. But the package is installed. Microsoft has been asking users for months to check for updates again after the update installation. If nothing is found, you should conclude that the update has been installed.
Second known issue: For Windows 10, version 1709 Enterprise users who installed the January 2018 delta package, the February and March 2018 updates from the Microsoft Update Catalog may fail. In particular, the installation of the February delta update for Windows 10, version 1709, may fail.
Microsoft is aware of this problem and therefore marked the following delta update KBs for Windows 10, version 1709, as obsolete in the Microsoft catalog on March 13, 2018:
Microsoft recommends that users uninstall the January delta update package KB4056892 for Windows 10, version 1709, and install the complete latest cumulative update from March 2018, KB4088776. Customers can still use delta update packages with the monthly cumulative April 2018 update for Windows 10, version 1709.
Three years after the first release we still have a buggy Windows 10 still under construction – Windows as a surprise – unbelievable.
Update KB4088891 for Windows 10 Version 1703
Update KB4088891 was released on March 22, 2018 for Windows 10 Creators Update (version 1703). This is a new update which contains quality improvements. The following fixes are explicitly listed:
- Addresses issue with a GDI handle leak in the Windows Ribbon control.
- Addresses issue where, during BitLocker decryption or encryption of a drive, files protected with the Encrypting File System (EFS) may become corrupted.
- Addresses issue where, when an iSCSI request contains an incomplete header in the first packet, iSCSI may not recognize when a request has been sent.
- Adds support in stornvme for additional SSDs.
- Addresses issue where the Japanese keyboard layout was not functioning properly during a Remote Assistance session.
- Addresses rendering issue in Microsoft Edge for PDF documents with backgrounds created using various third-party publishing tools.
The update is distributed via Windows Update, but can be obtained from the Microsoft Update Catalog . The patch raises the OS build to version 15063.994. There are no known problems.
Microsoft has also released a direct update for the Windows Update Client to increase its reliability. Any system configured for automatic updates to Windows 10 (including Enterprise and Pro) will receive the latest Windows 10 feature update (version 1803). Distribution of the new version of Windows 10 depends on the device compatibility and the update defer policy set in Windows Update for Business. The only exception where feature upgrades are not mandatory are the Windows 10 Enterprise LTSC versions.
Update KB4088825 for Windows 10 Version 1703
Critical update KB4088825 has also been released on March 22, 2018 for Windows 10 Creators Update (version 1703). This is a servicing stack update that contains improvements to the servicing stack.
Update KB4088889 for Windows 10 Version 1607
Update KB4088889 was released on March 22, 2018 for Windows 10 Anniversary Update (version 1607). This is a new update which contains quality improvements and addresses the following fixes.
- Addresses issue with a GDI handle leak in the Windows Ribbon control.
- Addresses issue where customers can’t change the lock screen image from the Settings app. This occurs if the “Force a specific default lock screen and logon image” Group Policy is turned on and the “Prevent changing lock screen and logon image” Group Policy is turned off.
- Addresses issue where, during BitLocker decryption or encryption of a drive, files protected with the Encrypting File System (EFS) may become corrupted.
- Adds support for additional high-speed eMMC devices.
- Adds support in stornvme for additional SSDs.
- Addresses issue where UWF file exclusion failed when non-ASCII characters were used in the directory name.
- Addresses issue where ID:55 and ID:130 might be logged when using UWF in DISK mode, which eventually requires a restart.
- Addresses issue where the VSS API ResyncLun failed to find the hardware provider.
- Addresses issue where Hyper-V replication suspends when the primary server restarts and Azure Site Recovery (ASR) is used to replicate Hyper-V virtual machines.
- Addresses issue where an error might occur when the memory manager finds an undeleted page table space when a process terminates.
- Addresses issue where Windows Server 2016 Domain Controllers (DC) may periodically restart after a Local Security Authority Subsystem Service (LSASS) module faults with exception code 0xc0000005. This interrupts applications and services bound to the DC at that time. DCs may log the following events:
- Application Error event ID 1000; the faulty module is NTDSATQ.dll with exception code 0xc0000005.
- User32 event ID 1074 and Microsoft-Windows-Wininit event ID 1015, which indicates that lsass.exe failed with status code 255.
- Addresses issue where the AdminSDHolder task fails to run when a protected group contains a member attribute that points to a deleted object. Additionally, Event 1126 is logged with “Active Directory Domain Services was unable to establish a connection with the global catalog. Error value: 8430. The directory service encountered an internal failure. Internal ID: 320130e.”
- Addresses issue where users may exist in a trusted domain with transitive trust (a child domain across Forest trust or AD FS in a child domain and the user is across Forest trust). However, users cannot locate a PDC or DC for the Extranet Lockout Feature. The following exception occurs: “Microsoft.IdentityServer.Service.AccountPolicy.ADAccountLookupException: MSIS6080: A bind attempt to domain ‘globalivewireless.local’ failed with error code ‘1722’.” A message appears on the IDP page, “Incorrect user ID or password. Type the correct user ID and password, and try again.”
- Addresses issue where, when Claims Provider Trust is set with OrganizationalAccountSuffix (even after performing HRD), AD FS doesn’t save the HRD information. The user will always see the HRD page for any new request. This breaks the SSO request for users because they need to type a username or email and password for each request.
- Improves the performance of AD FS MFA authentication response time by improving the utilization of Strong Authentication Service (SAS) calls.
- Addresses issue caused by a new privilege in Windows Server 2016 and Windows 10 version 1607 named “Obtain an impersonation token for another user in the same session”. When applied using Group Policy to those computers, gpresult /h fails to generate reporting data for any setting configured by the Security Configuration Engine (SCE) extension. The error message is “Requested value ‘SeDelegateSessionUserImpersonatePrivilege’ was not found”. The Group Policy Management Console fails to show the privilege in the Settings tab for a GPO where the setting has been configured.
- Addresses issue where WMI stops responding to queries and WMI-dependent operations fail after exceeding the 256 MB WMI Arbitrator memory limit. Computers that experience high WMI memory usage or that return error WBEM_E_INVALID_CLASS or WBEM_E_NOT_FOUND should install this update.
- Addresses a threading issue that might cause the WinRM service to stop working when under load. This is a client-side solution, so it should be applied to affected computers as well as computers that communicate with it using WinRM.
- Addresses issue with system performance that causes logons to become unresponsive with the message “Please wait for the Remote Desktop Configuration” because of a deadlock in the WinRM service.
- Addresses issue where the Remote Desktop License report gets corrupted when it exceeds the 4 KB size limit.
- Addresses a race condition in RemoteApp that occurs when an activated RemoteApp window opens behind the previous foreground window.
- Addresses rendering issue in Microsoft Edge for PDF documents with backgrounds created using various third-party publishing tools.
- Addresses issue caused by a race condition where Windows Server 2016 may restart after win32kbase.sys faults with error code 0x18.
The update is distributed via Windows Update, but can be obtained from the Microsoft Update Catalog. The patch raises the OS build to version 14393.2155. There are no known problems.
Microsoft has also released an update directly for the Windows Update Client to increase its reliability. Any system configured for automatic updates to Windows 10 (including Enterprise and Pro) will receive the latest Windows 10 feature update (version 1803). Distribution of the new version of Windows 10 takes into account device compatibility and the update delay policy set in Windows Update for Business. The only exception where feature upgrades are not mandatory are the Windows 10 Enterprise LTSC versions.
Update KB4089510 for Windows 10 Version 1607
Critical update KB4089510 was also released on March 22, 2018 for Windows 10 Anniversary Update (version 1607) and Windows Server 2016. This is a servicing stack update that contains improvements to the servicing stack.
Updates for Windows 10 Version 1803
For selected machines in the Windows Insider program the following updates were rolled out for testing
Update KB4093297 for Windows Version vnext
Update KB4093297 (Update to Windows 10 version vnext for update applicability) has been released on March 15, 2018 for a limited amount of Windows Insider installs for test purposes.
Similar articles
Adobe Flash Player Update to Version 29.0.0.113
Microsoft Patchday Summary March 13, 2018
Security Updates for Windows 7/8.1 (March 13, 2018)
Patchday: Windows 10 Updates (March 13, 2018)
Microsoft Office Patchday (March 13, 2018)
Network issues with Updates KB4088875 / KB4088878
Updates for Windows 8.1/Windows Server 2012/R2 (03/21/2018)