More Windows 10 cumulative updates headed out with fixes in tow

Surface Laptop display
Surface Laptop display

Following up on September's scheduled "Patch Tuesday" updates, and yet another set released earlier this week, Microsoft is issuing yet a third round of cumulative updates for Windows 10. Multiple versions of Windows 10 are in line for today's updates, going back to the Anniversary Update. And there are a lot of fixes tagging along (via Neowin).

Here's a look at what's new.

April 2018 Update (KB4458469):

  • Addresses an issue that causes the prompt "You'll need a new app to open" to appear. This occurs when reloading a website on a non-standard port by pressing Enter .
  • Addresses an issue that causes downloads to fail because Mark of the Web (MOTW) isn't supported at the download location.
  • Addresses an issue that prevents the DefaultSearchProvider policy from working when the FirstRunPage policy is in use.
  • Addresses issue that causes the address bar to lose focus when a new tab is opened and the Allow web content on New Tab page policy is off.
  • Addresses an issue that prevents the Microsoft Edge Configure Password Manager policy from suppressing the Save password prompt when the policy is disabled.
  • Addresses an issue that causes downloads to WebDAV locations to fail.
  • Addresses an issue with the file previewer for .html, .mht, and email (MIME) attachments in Microsoft Outlook.
  • Addresses an issue that causes Internet Explorer security and certificate dialogs to display prompts in the background instead of the foreground in certain circumstances.
  • Addresses an issue that may cause the system to become unresponsive when applications call the EnableEUDC API.
  • Addresses an issue in multi-monitor scenarios that causes a spell checker context menu to appear on the wrong monitor. This issue occurs when the customer right-clicks a misspelled word in Internet Explorer.
  • Addresses an issue that occurs when entering Japanese characters in a remote desktop session (mstsc.exe).
  • Addresses an issue that occurs when using low-level mouse hooks with high integrity-level processes.
  • Addresses an issue that prevents custom keyboard layouts from working correctly.
  • Makes the visibility policy for the Settings Page available under User Configuration. The GPO is at the following path: User Configuration/Administrative Template/Control Panel/Settings Page Visibility
  • Addresses an issue that prevents some Bluetooth devices from pairing with Windows.
  • Addresses an issue in the Universal CRT that returns the expected output or a null character when calling _getch().
  • Addresses an issue in the Universal CRT that returns unexpected characters when calling the _findfirst() or _findnext() functions.
  • Addresses an issue in the Universal CRT that prevents some functions from accepting narrow input or producing proper output with certain ANSI Code Pages. This issue affects setargv.obj when using wildcard parsing and calls to get the current module name for debug windows. The issue also affects the following functions:
    • _chdir()
    • _exec()
    • _fullpath()
    • _loaddll
    • _popen()
    • _system()
    • _spawn() (and variants)
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue with the diagnostic pipeline for devices enrolled in Windows Analytics when the CommercialID registry key, "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" is present.
  • Addresses an issue that prevents the App-V client's scheduled task from syncing if the Device Guard lockdown policy is enabled.
  • Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) process to stop working when attempting to process a malformed security identifier (SID).
  • Addresses an issue that causes a delay in unlocking or signing in to a computer that was moved to a different network. For example, a delay occurs when moving from a corporate LAN or WLAN to a home LAN where domain controllers can't be reached.
  • Addresses an issue on some laptops that prevents sign-out from completing. The issue occurs when a customer signs out and immediately closes the laptop. As a result, when the laptop is reopened, the device must be restarted.
  • Addresses an issue that occurs when enabling BitLocker from a local administrator account.
  • Addresses an issue on devices with fingerprint sensors that were upgraded from Windows 10, version 1709. After the upgrade, users can't use the fingerprint sensor to log in.
  • Addresses an issue that causes some systems to take as much as 60 seconds longer to start. This occurs on systems that don't have a smart card reader installed.
  • Addresses an issue that prevents customers from logging in to a Windows 10S device with a PIN after upgrading to Windows 10, version 1803. Customers see the error "Your PIN is no longer available due to a change to the security settings on this device."
  • Addresses an issue that causes a Direct Access connection to fail when the client authentication certificate is stored in the TPM device.
  • Addresses an issue that causes the system to log negative events for drivers that are valid and should be trusted. The issue occurs when running Windows Defender Application Control (Device Guard) in audit mode.
  • Addresses an issue that causes a third-party VPN provider's user interface to stop working after dynamically unloading Cryptui.dll.
  • Addresses an issue that causes logging on to a Remote Desktop Session Host Server to occasionally stop responding.
  • Addresses an issue that causes printing to an open or existing file to fail without displaying an error. This issue occurs when using Microsoft Print to PDF or XPS Document Writer.
  • Addresses an issue where a daily, repetitive task starts unexpectedly when the task is first created or starts when the task is updated.
  • Addresses an issue that prevents running subsequent actions when you create multiple actions in a task using Task Scheduler and the task is scheduled under the Stop the existing instance rule.
  • Addresses an issue with a task that has a repetition setting. The task fails to be scheduled and doesn't start after disabling and re-enabling the task. The Next Run Time in Task Scheduler displays the correct time, but the task doesn't start at that time.
  • Addresses an issue that prevents the debugging of minimized UWP applications.
  • Addresses an issue with Visual Studio UWP Deployments that displays the error "The operation could not be completed because an unexpected host ID was encountered".
  • Addresses an issue that ignores the MM_DONT_ZERO_ALLOCATION flag. This issue leads to degraded performance, and, occasionally, error 0x139 appears.
  • Addresses an issue that causes NTLTEST, DCLOCATOR, or joining an Active Directory and SAMBA domain to fail when using the NetBIOS domain name. The error is "An Active Directory domain Controller (AD DC) for the domain %domain% could not be contacted".
  • Addresses an issue that occurs when using encrypted email. If the customer selects Cancel when first asked for a PIN, multiple PIN prompts appear before the prompt finally goes away.
  • Addresses an issue that prevents the Microsoft Help Viewer from rendering HTML content inside a Windows Help .chm file when the .chm file is stored on a network location.
  • Addresses an issue in which the lock screen shows a solid color instead of an image specified by a policy before a customer signs in for the first time.
  • Addresses an issue that causes Microsoft Edge to stop working when printing a PDF in a size 0 window.
  • Addresses an issue that causes Microsoft Edge to stop working and to close associated webpage tabs. This occurs when certain PDF documents have timing issues when loading.
  • Addresses an issue with a scheduled task that has an indefinite duration. The task starts immediately after it is created instead of starting at the time specified in the Triggers tab.
  • Addresses an issue where GetSystemTime() may sometimes return an invalid value after using SetSystemTime() immediately before.
  • Addresses an issue that occurs when using the "X509HintsNeeded" group policy to prepopulate the Username hint field. The Username hint field is unexpectedly empty when unlocking a machine after a successful logon. Username hint caching is expected to only work for lock and unlock scenarios and is not designed for logoff and logon scenarios.
  • Addresses an issue that fails to maintain the tile layout after upgrading to Windows 10, version 1803 from Windows 10, versions 1703 and 1607.
  • Addresses an issue that returns temporary values for the new Japanese Calendar Era.
  • Addresses an issue in which Background Apps settings the user configured are lost when the device restarts because of incorrect registry ACLs.
  • Addresses an issue that prevents Microsoft Centennial apps and some OS apps from displaying toast notifications.
  • Addresses an issue in which all Guest Virtual Machines running Unicast dual NIC NLB fail to respond to NLB requests after the Virtual Machines restart.

Fall Creators Update (KB4457136)

  • Addresses an issue with the file previewer for .html, .mht, and email (MIME) attachments in Microsoft Outlook.
  • Addresses an issue that causes Internet Explorer security and certificate dialogs to display prompts in the background instead of the foreground in certain circumstances.
  • Addresses an issue that causes downloads to WebDAV locations to fail.
  • Addresses an issue that causes downloads to fail because Mark of the Web (MOTW) was not supported at the download location.
  • Addresses an issue that prevents Microsoft Narrator from accessing the contents of Windows Security dialogs displayed by a low integrity level process.
  • Addresses an issue that, in some cases, prevents installing encrypted .appx packages.
  • Addresses an issue that may cause the system to become unresponsive when applications call the EnableEUDC API.
  • Addresses an issue that occurs when entering Japanese characters in a remote desktop session (mstsc.exe).
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue with the diagnostic pipeline for devices enrolled in Windows Analytics when the CommercialID registry key, "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" is present.
  • Addresses an issue that prevents the App-V client's scheduled task from synching if the Device Guard lockdown policy is enabled.
  • Addresses an issue that causes login to fail when using a smart card to log in to a Remote Desktop Server. The error is "STATUS_LOGON_FAILURE".
  • Addresses an issue that causes a delay in unlocking or signing in to a computer that was moved to a different network. For example, a delay occurs when moving from a corporate LAN or WLAN to a home LAN where domain controllers aren't reachable.
  • Addresses an issue that occurs when using encrypted email. If the customer selects Cancel when first asked for a PIN, multiple PIN prompts appear before the prompt finally goes away.
  • Addresses an issue that causes a Direct Access connection to fail when the client authentication certificate is stored in the TPM device.
  • Addresses an issue on some laptops that prevents sign-out from completing. The issue occurs when a customer signs out and immediately closes the laptop. As a result, when the laptop is reopened, the device must be restarted.
  • Addresses an issue that causes the system to log negative events for drivers that are valid and should be trusted. The issue occurs when running Windows Defender Application Control (Device Guard) in audit mode.
  • Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) process to stop working when attempting to process a malformed security identifier (SID).
  • Addresses an issue that causes logging on to a Remote Desktop Session Host Server to occasionally stop responding.
  • Addresses an issue that causes printing to an open or existing file to fail without displaying an error. This issue occurs when using Microsoft Print to PDF or XPS Document Writer.
  • Addresses an issue with scheduled tasks that don't start at the time that they are configured to start on a specific day of the week.
  • Addresses an issue with a scheduled task that has an indefinite duration. The task starts immediately after it's created instead of starting at the time specified in the Triggers tab.
  • Addresses an issue that prevents the running of subsequent actions in a task. This issue occurs when you create multiple actions in a task using Task Scheduler and the task is scheduled under the Stop the existing instance rule.
  • Addresses an issue with a task that has a repetition setting. The task fails to be scheduled and doesn't start after disabling and re-enabling the task. The Next Run Time in Task Scheduler displays the correct time, but the task doesn't start at that time.
  • Addresses an issue that may cause Service Control Manager (SCM) and Netlogon to stop working when one or more services are configured to run with domain credentials (service accounts).
  • Addresses an issue where a daily, repetitive task starts unexpectedly when the task is first created or starts when the task is updated.
  • Addresses an issue in which GetSystemTime() may sometimes return an invalid value after using SetSystemTime() immediately before.
  • Addresses an issue that occurs when using the "X509HintsNeeded" group policy to prepopulate the Username hint field. The Username hint field is unexpectedly empty when unlocking a machine after a successful logon. Username hint caching is expected to only work for lock and unlock scenarios and is not designed for logoff and logon scenarios.
  • Addresses an issue that fails to maintain the tile layout after upgrading to Windows 10, version 1709 from Windows 10, versions 1703 and 1607.
  • Addresses an issue in which all Guest Virtual Machines running Unicast dual NIC NLB fail to respond to NLB requests after the Virtual Machines restart.

Creators Update (KB4457141)

  • Addresses an issue that causes Internet Explorer security and certificate dialogs to display prompts in the background instead of the foreground in certain circumstances.
  • Addresses an issue that may cause the system to become unresponsive when applications call the EnableEUDC API.
  • Addresses an issue in which the "EnterpriseAssignedAccess" policy on mobile devices cannot configure some Settings pages, including Language, Region, Keyboard, and Airplane Mode.
  • Addresses an issue with the diagnostic pipeline for devices enrolled in Windows Analytics when the CommercialID registry key, "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" is present.
  • Addresses an issue that prevents the App-V client's scheduled task from synching if the Device Guard lockdown policy is enabled.
  • Addresses an issue that occurs when using encrypted email. If the customer selects Cancel when first prompted for a PIN, multiple PIN prompts appear before the prompt finally goes away.
  • Addresses an issue that causes logon to fail when using a smart card to log in to a Remote Desktop Server. The error is "STATUS_LOGON_FAILURE".
  • Addresses an issue that causes a Direct Access connection to fail when the client authentication certificate is stored in the TPM device.
  • Addresses an issue that causes a third-party VPN provider's user interface to stop working after dynamically unloading Cryptui.dll.
  • Addresses an issue that causes the system to log negative events for drivers that are valid and should be trusted. The issue occurs when running Windows Defender Application Control (Device Guard) in audit mode.
  • Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) process to stop working when attempting to process a malformed security identifier (SID).
  • Addresses an issue that causes logging on to a Remote Desktop Session Host Server to occasionally stop responding.
  • Addresses an issue that may cause Service Control Manager (SCM) and Netlogon to stop working when one or more services are configured to run with domain credentials (service accounts).
  • Addresses an issue that causes the OS to stop responding during startup under certain circumstances.
  • Addresses an issue that occurs when using the "X509HintsNeeded" group policy to prepopulate the Username hint field. The Username hint field is unexpectedly empty when unlocking a machine after a successful logon. Username hint caching is expected to only work for lock and unlock scenarios and is not designed for logoff and logon scenarios.
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue in which all Guest Virtual Machines running Unicast dual NIC NLB fail to respond to NLB requests after the Virtual Machines restart.

Anniversary Update (KB4457127)

  • Addresses an issue that causes Internet Explorer security and certificate dialogs to display prompts in the background instead of the foreground in certain circumstances.
  • Makes the visibility Group Policy for the Settings Page available under User Configuration and Computer Configuration. The GPOs are at the following paths:
    • User Configuration/Administrative Template/Control Panel/Settings Page Visibility
    • Computer Configuration/Administrative Template/Control Panel/Settings Page Visibility
  • Addresses an issue with showing the correct changes to folder contents on some Network Attached Storage (NAS) configurations.
  • Addresses an issue with the diagnostic pipeline for devices enrolled in Windows Analytics when the CommercialID registry key, "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" is present.
  • Addresses an issue that prevents the App-V client's scheduled task from syncing if the Device Guard lockdown policy is enabled.
  • Addresses an issue that causes login to fail when using a smart card to log in to a Remote Desktop Server. The error is "STATUS_LOGON_FAILURE".
  • Addresses an issue that sometimes causes event log entries to appear corrupted for the following:
    • Microsoft-Windows-Kerberos-Key-Distribution-Center source.
    • Event IDs 4933, 4928, and 4937.
  • Addresses an issue that occurs when using encrypted email. If the customer selects Cancel when first prompted for a PIN, multiple PIN prompts appear before the prompt finally goes away.
  • Addresses an issue that causes a Direct Access connection to fail when the client authentication certificate is stored in the TPM device.
  • Addresses an issue that causes the system to log negative events for drivers that are valid and should be trusted. The issue occurs when running Windows Defender Application Control (Device Guard) in audit mode.
  • Addresses an issue that causes a Remote Desktop Session Host server to occasionally stop responding during login.
  • Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) process to stop working when attempting to process a malformed security identifier (SID).
  • Addresses an issue that causes printing to an open or existing file to fail without displaying an error message. This issue occurs when using Microsoft Print to PDF or XPS Document Writer.
  • Addresses an issue that may cause a DNS server to return an error to a query when handling a large recursive response that requires truncation.
  • Addresses an issue that prevents running subsequent actions when you create multiple actions in a task using Task Scheduler and the task is scheduled under the Stop the existing instance rule.
  • Addresses an issue with a task that has a repetition setting. The task isn't scheduled and doesn't start after disabling and re-enabling the it. The Next Run Time in Task Scheduler shows the correct time, but the task doesn't start at that time.
  • Addresses an issue with a scheduled task that has an indefinite duration. The task starts immediately after it's created instead of at the time set on the Triggers tab.
  • Addresses an issue where a daily, repetitive task starts unexpectedly when the task is first created or starts when the task is updated.
  • Addresses an issue that occurs when a guest Service Host (svchost) stops working in Windows Server 2016. The Hyper-V time synchronization service (vmictimesync) in the guest may stop working, and a time sync issue may occur. The guest would then be vulnerable to time drift because of inaccurate hardware or incorrect Network Time Protocol (NTP) samples.
  • Addresses an issue that prevents the lastLogonTimestamp attribute of new Active Directory users from updating. This issue occurs when performing LDAP simple binds against a Windows Server 2016 domain controller.
  • Addresses an Active Directory Certificate Services (AD CS) issue that causes certificate enrollment requests from some enterprise routers to the MSCEP/NDES server to fail. The requests fail with the error "The Network Device Enrollment Service cannot convert encoded portions of the client's http message (or request body for POSTPKIOperation), or the converted message (or request body for POSTPKIOperation) is larger than 64K (%1). %2".
  • Addresses an Active Directory Domain Services (AD DS) Privileged Access Management issue that may cause a user to retain association with the configured shadow principal beyond the configured Time to Live (TTL). This issue occurs when a DC is promoted while the TTL is valid.
  • Addresses an issue where a DirSync client never finishes syncing when using a search filter that contains a linked attribute. For example, "memberOf=CN=Group1, OU=Accounts, DC=Contoso,DC=Com".
  • Addresses an issue that causes Windows Server Backup to fail when backing up two volumes together in one location on NetApp.
  • Addresses an issue where Windows Server Backup fails to restore backups for Microsoft Exchange 2016.
  • Addresses an issue where creating a Client Access Point may take a long time when a firewall blocks access to child domain controllers.
  • Addresses memory leaks in the Cluster Health Service.
  • Addresses an issue that may cause an error when you attempt to access an NFS share.
  • Addresses an issue where opening Explorer view on a SharePoint server site using TMG proxy fails. This issue occurs when the server requires SSL and TLS client certificate authentication and sends trusted CA issuer lists.
  • Addresses an issue that may cause a system to stop working when you mount an NFS drive using the command line with the option -u -p. This issue occurs if the length of the password is different from the length of the domain name.
  • Addresses an issue that may cause setup to fail during OEM-OOBE implementation if French or Spanish language setting is selected on the Hyper-V host.
  • Addresses an issue that displays the report date as "Unknown" in the Remote Desktop License Manager.
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
  • Addresses an issue in which all Guest Virtual Machines running Unicast dual NIC NLB fail to respond to NLB requests after the Virtual Machines restart.

Each of these updates should be available for the above versions of Windows 10 now via Windows Update.

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl