Cumulative Updates for Windows 10 / Server Changelog

What's new in Cumulative Updates for Windows 10 / Server 21H1 - May 11, 2021

May 21, 2021

Highlights:
Updates to improve security when Windows performs basic operations.
Updates to improve Windows OLE (compound documents) security.
Updates security for Bluetooth drivers.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Security updates to Windows App Platform and Frameworks, the Windows Kernel, Windows Media, the Microsoft Scripting Engine, and the Windows Silicon Platform.

New in Cumulative Updates for Windows 10 / Server 20H2 - May 11, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 2004 - May 11, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1909 - May 11, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1809 - May 11, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1803 - May 11, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1607 - May 11, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1507 - May 11, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 20H2 - April 28, 2021 (May 21, 2021)

Highlights:
Introducing news and interests on the Windows 10 taskbar
With news and interests on the Windows taskbar, you get quick access to an integrated feed of dynamic content, such as news, weather, sports, and more, that updates throughout the day. You can personalize your feed with relevant content tailored for you. In the coming weeks, you will be able to seamlessly peek into your feed directly from the taskbar throughout your day without disrupting your workflow. For more information, see Personalized content at a glance: Introducing news and interests on the Windows 10 taskbar.
Updates an issue to prevent blank tiles from appearing on the Start menu after updating to a newer version of Windows 10.
Adds the ability to adjust the amount of idle time before a headset goes to sleep in the Settings app for Windows Mixed Reality.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue that prevents a site from transitioning out of Microsoft Edge IE Mode when expected.
Addresses an issue that fails to remove mandatory profiles completely when you sign out when using the “Delete cached copies of roaming profiles” Group Policy.
Addresses an issue that causes blank tiles to appear on the Start menu with names such as “ms-resource:AppName” or "ms-resource:appDisplayName". These blank tiles represent the installed applications and appear for approximately 15 minutes after updating to a newer version of Windows 10. Installing this update prevents these blank tiles from appearing on the Start menu.
Addresses an issue with the Microsoft Japanese Input Method Editor (IME) that prevents an app's custom candidate window from displaying correctly.
Addresses an issue that occurs when you install inventory applications.
Addresses an issue that includes kernel mode rules for .NET applications in Windows Defender Application Control policies. As a result, the generated policies are significantly larger than necessary.
Addresses an issue that causes devices to fail Device Health Attestation.
Addresses an issue that turns off S Mode when you enable System Guard Secure Launch on a system running Windows 10 in S Mode.
Addresses an issue that causes lsass.exe memory usage to grow until the system becomes unusable. This occurs when Transport Layer Security (TLS) resumes a session.
Addresses an issue with a race condition between Task Scheduler and the Workstation Service. As a result, users cannot automatically join a hybrid Azure Active Directory (AAD) domain and error 0x80070490 is generated.
Addresses an issue that causes Azure Active Directory authentication to fail after signing in on Windows Virtual Desktop machines.
Addresses an issue that causes AAD Work Accounts to unexpectedly disappear from certain apps such Microsoft Teams or Microsoft Office.
Addresses an issue that accidently triggers hybrid AAD joining when the Group Policy “Register domain-joined computers as devices” is set to DISABLED. For more information, see Post configuration tasks for Hybrid Azure AD join.
Addresses an issue with a partial Service Connection Point (SCP) configuration that causes dsregcmd.exe to stop working. This issue occurs because of a case-sensitive domain ID name comparison that occurs when joining a hybrid Azure Active Directory domain using single sign-on (SSO).
Adds the ability to adjust the amount of idle time before a headset goes to sleep in the Settings app for Windows Mixed Reality.
Addresses an issue that might generate a stop error when Docker containers run with process isolation.
Addresses an issue that causes automatic enrollment and certificate retrieval to fail with the error, “The parameter is incorrect.”
Addresses an issue that might cause Microsoft Defender Application Guard virtual machines to stop responding when Microsoft Defender Application Guard for Office opens a document. This issue might occur on some devices or in drivers that utilize GPU Hardware Accelerated Scheduling.
Addresses an issue that prevents some media players from playing content on hybrid devices that are running with dGPU on iGPU displays.
Addresses an issue with race conditions that cause high CPU usage. As a result, the system stops working and deadlocks occur.
Addresses an issue with a deadlock in the New Technology File System (NTFS).
Addresses an issue that causes DWM.exe to stop working in some cases.
Addresses an issue that might prevent an application screen from working when using a Remote Desktop ActiveX control that is embedded in an HTML page.
Improves the Windows Server Storage Migration Service by:
Adding support for migration from NetApp FAS arrays to Windows Servers and clusters.
Resolving multiple issues and improving reliability.
For more information, see Storage Migration Service overview.

New in Cumulative Updates for Windows 10 / Server 2004 - April 28, 2021 (May 21, 2021)

Highlights:
Introducing news and interests on the Windows 10 taskbar
With news and interests on the Windows taskbar, you get quick access to an integrated feed of dynamic content, such as news, weather, sports, and more, that updates throughout the day. You can personalize your feed with relevant content tailored for you. In the coming weeks, you will be able to seamlessly peek into your feed directly from the taskbar throughout your day without disrupting your workflow. For more information, see Personalized content at a glance: Introducing news and interests on the Windows 10 taskbar.
Updates an issue to prevent blank tiles from appearing on the Start menu after updating to a newer version of Windows 10.
Adds the ability to adjust the amount of idle time before a headset goes to sleep in the Settings app for Windows Mixed Reality.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue that prevents a site from transitioning out of Microsoft Edge IE Mode when expected.
Addresses an issue that fails to remove mandatory profiles completely when you sign out when using the “Delete cached copies of roaming profiles” Group Policy.
Addresses an issue that causes blank tiles to appear on the Start menu with names such as “ms-resource:AppName” or "ms-resource:appDisplayName". These blank tiles represent the installed applications and appear for approximately 15 minutes after updating to a newer version of Windows 10. Installing this update prevents these blank tiles from appearing on the Start menu.
Addresses an issue with the Microsoft Japanese Input Method Editor (IME) that prevents an app's custom candidate window from displaying correctly.
Addresses an issue that occurs when you install inventory applications.
Addresses an issue that includes kernel mode rules for .NET applications in Windows Defender Application Control policies. As a result, the generated policies are significantly larger than necessary.
Addresses an issue that causes devices to fail Device Health Attestation.
Addresses an issue that turns off S Mode when you enable System Guard Secure Launch on a system running Windows 10 in S Mode.
Addresses an issue that causes lsass.exe memory usage to grow until the system becomes unusable. This occurs when Transport Layer Security (TLS) resumes a session.
Addresses an issue with a race condition between Task Scheduler and the Workstation Service. As a result, users cannot automatically join a hybrid Azure Active Directory (AAD) domain and error 0x80070490 is generated.
Addresses an issue that causes Azure Active Directory authentication to fail after signing in on Windows Virtual Desktop machines.
Addresses an issue that causes AAD Work Accounts to unexpectedly disappear from certain apps such Microsoft Teams or Microsoft Office.
Addresses an issue that accidently triggers hybrid AAD joining when the Group Policy “Register domain-joined computers as devices” is set to DISABLED. For more information, see Post configuration tasks for Hybrid Azure AD join.
Addresses an issue with a partial Service Connection Point (SCP) configuration that causes dsregcmd.exe to stop working. This issue occurs because of a case-sensitive domain ID name comparison that occurs when joining a hybrid Azure Active Directory domain using single sign-on (SSO).
Adds the ability to adjust the amount of idle time before a headset goes to sleep in the Settings app for Windows Mixed Reality.
Addresses an issue that might generate a stop error when Docker containers run with process isolation.
Addresses an issue that causes automatic enrollment and certificate retrieval to fail with the error, “The parameter is incorrect.”
Addresses an issue that might cause Microsoft Defender Application Guard virtual machines to stop responding when Microsoft Defender Application Guard for Office opens a document. This issue might occur on some devices or in drivers that utilize GPU Hardware Accelerated Scheduling.
Addresses an issue that prevents some media players from playing content on hybrid devices that are running with dGPU on iGPU displays.
Addresses an issue with race conditions that cause high CPU usage. As a result, the system stops working and deadlocks occur.
Addresses an issue with a deadlock in the New Technology File System (NTFS).
Addresses an issue that causes DWM.exe to stop working in some cases.
Addresses an issue that might prevent an application screen from working when using a Remote Desktop ActiveX control that is embedded in an HTML page.
Improves the Windows Server Storage Migration Service by:
Adding support for migration from NetApp FAS arrays to Windows Servers and clusters.
Resolving multiple issues and improving reliability.
For more information, see Storage Migration Service overview.

New in Cumulative Updates for Windows 10 / Server 1909 - April 22, 2021 (May 21, 2021)

Highlights:
Introducing news and interests on the Windows 10 taskbar
With news and interests on the Windows taskbar, you get quick access to an integrated feed of dynamic content, such as news, weather, sports, and more, that updates throughout the day. You can personalize your feed with relevant content tailored for you. In the coming weeks, you will be able to seamlessly peek into your feed directly from the taskbar throughout your day without disrupting your workflow. For more information, see Personalized content at a glance: Introducing news and interests on the Windows 10 taskbar.
Updates an issue that causes blank tiles to appear on the Start menu with names such as “ms-resource:AppName” or "ms-resource:appDisplayName".
Adds the ability to adjust the amount of idle time before a headset goes to sleep in the Settings app for Windows Mixed Reality.
Updates an issue that generates a stop error when you delete a file or folder from locations that sync with Microsoft OneDrive.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue that prevents a site from transitioning out of Microsoft Edge IE Mode when expected.
Addresses an issue that fails to remove mandatory profiles completely when you sign out when using the “Delete cached copies of roaming profiles” Group Policy.
Addresses an issue that causes blank tiles to appear on the Start menu with names such as “ms-resource:AppName” or "ms-resource:appDisplayName". These blank tiles represent the installed applications and appear for approximately 15 minutes after updating to a newer version of Windows 10. Installing this update prevents these blank tiles from appearing on the Start menu.
Addresses an issue with window activation that occurs when an owned window is removed.
Addresses an issue with searching after you select File > Open in a 32-bit application. When you click in the search box, the application stops working.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue that includes kernel mode rules for .NET applications in Windows Defender Application Control policies. As a result, the generated policies are significantly larger than necessary.
Addresses an issue that causes devices to fail Device Health Attestation.
Addresses an issue that causes lsass.exe memory usage to grow until the system becomes unusable. This occurs when Transport Layer Security (TLS) resumes a session.
Addresses an issue with a race condition between Task Scheduler and the Workstation Service. As a result, users cannot automatically join a hybrid Azure Active Directory (AAD) domain and error 0x80070490 is generated.
Addresses an issue that turns off S Mode when you enable System Guard Secure Launch on a system running Windows 10 in S Mode.
Addresses an issue that causes Azure Active Directory (AAD) Work Accounts to unexpectedly disappear from certain apps such Microsoft Teams or Microsoft Office.
Addresses an issue that accidently triggers hybrid AAD joining when the Group Policy “Register domain-joined computers as devices” is set to DISABLED. For more information, see Post configuration tasks for Hybrid Azure AD join.
Addresses an issue with a partial Service Connection Point (SCP) configuration that causes dsregcmd.exe to stop working. This issue occurs because of a case-sensitive domain ID name comparison that occurs when joining a hybrid Azure Active Directory domain using single sign-on (SSO).
Adds the ability to adjust the amount of idle time before a headset goes to sleep in the Settings app for Windows Mixed Reality.
Addresses an issue that might generate a stop error when Docker containers run with process isolation.
Addresses an issue that causes automatic enrollment and certificate retrieval to fail with the error, “The parameter is incorrect.”
Addresses an issue that generates a stop error when you delete a file or folder from locations that sync with Microsoft OneDrive.
Addresses an issue with a deadlock in the New Technology File System (NTFS).
Improves the Windows Server Storage Migration Service by:
Adding support for migration from NetApp FAS arrays to Windows Servers and clusters.
Resolving multiple issues and improving reliability.

New in Cumulative Updates for Windows 10 / Server 1809 - April 22, 2021 (May 21, 2021)

Highlights:
Updates an issue that resets the speaker configuration when you cancel the speaker configuration wizard.
Updates an issue that prevents you from turning on the flashlight utility when the Camera application is in use.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Removes the Microsoft Edge Legacy desktop application that is out of support and installs the new Microsoft Edge. For more information, see New Microsoft Edge to replace Microsoft Edge Legacy with April’s Windows 10 Update Tuesday release.
Addresses an issue that fails to remove mandatory profiles completely when you sign out when using the “Delete cached copies of roaming profiles” Group Policy.
Addresses an issue with window activation that occurs when an owned window is removed.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue with a race condition between Task Scheduler and the Workstation Service. As a result, users cannot automatically join a hybrid Azure Active Directory (AAD) domain and error 0x80070490 is generated.
Addresses an issue with a partial Service Connection Point (SCP) configuration that causes dsregcmd.exe to stop working. This issue occurs because of a case-sensitive domain ID name comparison that occurs when joining a hybrid Azure Active Directory domain using single sign-on (SSO).
Addresses an issue that accidently triggers hybrid AAD joining when the Group Policy “Register domain-joined computers as devices” is set to DISABLED. For more information, see Post configuration tasks for Hybrid Azure AD join.
Addresses an issue that causes lsass.exe memory usage to grow until the system becomes unusable. This occurs when Transport Layer Security (TLS) resumes a session.
Addresses an issue that includes kernel mode rules for .NET applications in Windows Defender Application Control policies. As a result, the generated policies are significantly larger than necessary.
Addresses an issue that causes Azure Active Directory (AAD) Work Accounts to unexpectedly disappear from certain apps such Microsoft Teams or Microsoft Office.
Addresses an issue that might generate a stop error when Docker containers run with process isolation.
Addresses an issue that causes automatic enrollment and certificate retrieval to fail with the error, “The parameter is incorrect.”
Addresses an issue in Task Scheduler that causes monthly tasks and tasks scheduled for 0:00 UTC to occur at the wrong time.
Addresses an issue with Windows Virtual Desktop sessions. A blank list of output devices appears in the Windows Sound Settings app when you plug in a new audio device during a session.
Addresses an issue that resets the speaker configuration when you cancel the speaker configuration wizard.
Addresses an issue that prevents you from turning on the flashlight utility when the Camera application is in use.
Addresses an issue that might prevent an application screen from working when using a Remote Desktop ActiveX control that is embedded in an HTML page.
Addresses an issue that fails to apply the “false” setting for the RequirePDC flag in Active Directory Federation Services (ADFS).
Improves the Windows Server Storage Migration Service by:
Adding support for migration from NetApp FAS arrays to Windows Servers and clusters.
Resolving multiple issues and improving reliability.

New in Cumulative Updates for Windows 10 / Server 20H2 - April 13, 2021 (May 21, 2021)

Highlights:
Updates to improve security when Windows performs basic operations.
Updates to improve security when using input devices such as a mouse, keyboard, or pen.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).
Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP - Authentication.
Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, “Failed to start the backup of user links (error 8007005)”.
Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, and Windows Media.

New in Cumulative Updates for Windows 10 / Server 2004 - April 13, 2021 (May 21, 2021)

Highlights:
Updates to improve security when Windows performs basic operations.
Updates to improve security when using input devices such as a mouse, keyboard, or pen.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).
Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP - Authentication.
Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, “Failed to start the backup of user links (error 8007005)”.
Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, and Windows Media.

New in Cumulative Updates for Windows 10 / Server 1909 - April 13, 2021 (May 21, 2021)

Highlights:
Updates to improve security when Windows performs basic operations.
Updates to improve security when using input devices such as a mouse, keyboard, or pen.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).
Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP - Authentication.
Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, “Failed to start the backup of user links (error 8007005)”.
Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.

New in Cumulative Updates for Windows 10 / Server 1809 - April 13, 2021 (May 21, 2021)

Highlights:
Updates to improve security when Windows performs basic operations.
Updates to improve security when using input devices such as a mouse, keyboard, or pen.
Improvements and fixes:
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).
Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP - Authentication.
Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, “Failed to start the backup of user links (error 8007005)”.
Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.

New in Cumulative Updates for Windows 10 / Server 1803 - April 13, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1607 - April 13, 2021 (May 21, 2021)

Highlights:
Updates to improve security when Windows performs basic operations.
Updates to improve security when using input devices such as a mouse, keyboard, or pen.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Address an issue that causes a system to stop working occasionally when users sign out or disconnect from remote sessions.
Addresses an issue with a heap leak that might cause explorer.exe to consume high amounts of memory.
Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.
Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan.
Addresses a race condition that causes PowerShell to stop working periodically and generates an Access Violation error. This issue occurs when you enable transcription on the system and run multiple PowerShell scripts simultaneously.
Addresses an issue that causes the sleep time defined in HKLMSoftwareMicrosoftAppVMAVConfigurationMaxAttachWaitTimeInMilliseconds to be shorter than intended.
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Addresses an issue with high memory usage when performing XSLT transforms using MSXLM6.
Addresses an issue in spaceport.sys that might cause stop error 0x7E.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).
Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.
Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, “Failed to start the backup of user links (error 8007005)”.
Security updates to Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, and Windows Media.
Updates the default values for the following Internet Explorer registry keys:
svcKBFWLink = “ ” (string with one empty space)
svcKBNumber = “ ” (string with one empty space)
svcUpdateVersion = 11.0.1000.
In addition, these values will no longer be updated automatically.

New in Cumulative Updates for Windows 10 / Server 1507 - April 13, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 20H2 - March 29, 2021 (May 21, 2021)

Highlights:
Updates an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.
Updates an issue that makes high dynamic range (HDR) screens appear much darker than expected.
Updates an issue that causes video playback to be out of sync in duplicate mode when you use multiple monitors.
Updates an issue that displays nothing or shows “Computing Filters” indefinitely when you filter File Explorer search results.
Updates an issue that makes the split layout unavailable for the touch keyboard when you rotate a device to portrait mode.
Informs users when a child account in the Family Safety plan has administrative privileges.
Updates an issue that prevents you from closing Toast Notifications using the Close button on touchscreen devices.
Updates an issue with 7.1 channel audio technology.
Updates an issue that causes a device to stop working if you delete files or folders that OneDrive syncs.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.
Allows administrators to use a Group Policy to enable extended keyboard shortcuts, including Ctrl+S, for users in Microsoft Edge IE Mode.
Addresses an issue that prevents the icon for a Toast collection from appearing in the Action Center if the icon file’s URI contains spaces.
Addresses an issue that makes high dynamic range (HDR) screens appear much darker than expected.
Addresses an issue that causes video playback to be out of sync in duplicate mode when you use multiple monitors.
Addresses an issue that might cause applications to stop working while you type Japanese characters using the Microsoft Japanese Input Method Editor (IME) in compatibility mode.
Addresses an issue that might cause a device to stop responding during hybrid shutdown.
Addresses an issue that prevents users from adjusting or turning off the touchpad because of administrative settings.
Addresses a window rendering issue that causes content in a window to flash frequently when FlipEx is used.
Addresses a window rendering issue that causes content in a window to flash frequently when multi-plane overlay (MPO) is used.
Addresses an issue with Japanese input that occurs after focus changes between boxes in Microsoft Edge Legacy.
Addresses an issue that displays nothing or shows “Computing Filters” indefinitely when you filter File Explorer search results.
Addresses an issue that makes the split layout unavailable for the touch keyboard when you rotate a device to portrait mode.
Informs users when a child account in the Family Safety plan has administrative privileges.
Addresses an issue that prevents you from closing Toast Notifications using the Close button on touchscreen devices.
Addresses an issue with a heap leak that might cause explorer.exe to consume high amounts of memory.
Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.
Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan.
Addresses an issue with the Windows Event Log Forwarding client, which returns the first matching certificate without checking private key permissions. With this update, the Windows Event Log Forwarding client selects the client’s certificate only if the Network Service has read permissions for the private key.
Addresses an issue that causes PowerShell-based monitors to stop working when you enable transcription on the systems.
Addresses an issue that stops BranchCache from working if you activate Windows using Cloud Solution Provider (CSP) license.
Addresses an issue that prevents Windows 10 Home edition devices from upgrading to the Windows 10 Pro Education edition using mobile device management (MDM) services such as Microsoft Intune.
Addresses an issue that prevents App-V applications from opening and generates error 0xc0000225.
Addresses an issue in which some machines enrolled with an MDM service fail to sync if the device manufacturer's name contains a reserved character.
Addresses an issue with using a configuration service provider (CSP) policy to configure a custom setting for Audit Other Logon/Logoff events. The custom setting fails to take effect.
Addresses an issue that causes a system to stop working when no Trusted Platform Module (TPM) is present in the system. The error code in TpmTasks.dll!TrackTPMStateChanges is c0000005.
Addresses an issue that causes multiple instances of appidcertstorecheck.exe to run on a system when AppLocker is enabled and the system is not on the internet.
Addresses an issue with credential roaming that occurs when Windows Hello for Business is enabled.
Addresses an issue that prevents performance monitoring tools from displaying logged data for single instance counter objects.
Addresses an issue that prevents the Chromium-based Microsoft Edge from working. This issue occurs when Microsoft Edge is used in combination with Microsoft App-V and fonts are enabled inside the virtual environment.
Addresses an issue that causes a black screen or delays signing in to a Hybrid Azure Active Directory joined machine while the machine attempts to connect to login.microsoftonline.com.
Addresses an issue that causes the system to stop working and generates error code 0xC9.
Addresses an issue with 7.1 channel audio technology.
Addresses an issue that turns on Caps lock unexpectedly when using RemoteApp.
Addresses an issue with high memory usage when performing XSLT transforms using MSXLM6.
Addresses an issue that might cause File Explorer and other applications to stop responding for several minutes. This issue occurs after a client reconnects to the corporate network and attempts to use mapped drives to access file shares on the corporate network.
Addresses an issue that prevents Server Message Block 1 (SMB1) clients from accessing the SMB share after restarting the LanmanServer service.
Addresses an issue that might cause the cluster network interface to stop working for a short time. As a result, the network interface controller (NIC) is marked as failed. When the network is operational again, the system might not detect that the NIC is working and the NIC remains in a failed status.
Addresses an issue with signing in to a device that is in the current domain by using the default user profile of a device that is in a different, but trusted domain. The profile service of the current domain cannot retrieve the default user profile from the trusted domain and uses the local default user profile instead.
Addresses an issue that causes a device to stop working if you delete files or folders that OneDrive syncs.
Addresses an issue that prevents Windows from activating Windows 10, version 2004 using the OA 3.0 key after installing KB4598291.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Removes the Microsoft Edge Legacy desktop application that is out of support. For more information, see New Microsoft Edge to replace Microsoft Edge Legacy with April’s Windows 10 Update Tuesday release.
Addresses an issue that prevents users from using the Remote Desktop Protocol (RDP) to connect to a Windows Server 2019 device that is in Desktop Experience mode.
Addresses an issue to allow our enterprise partners to work with the Microsoft Support program to create customized mitigations.
Addresses an issue that causes Remote Desktop sessions to end unexpectedly.
Addresses an issue with an HTTP Keep-Alive connection in Azure Front Door. After completing a previous request and response to keep the connection open, Azure Front Door will try to reuse the connection. After an idle timeout, a race condition might occur that closes the Transmission Control Protocol (TCP) connection. As a result, the client might fail with an invalid server response.
Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format .

New in Cumulative Updates for Windows 10 / Server 2004 - March 29, 2021 (May 21, 2021)

Highlights:
Updates an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.
Updates an issue that makes high dynamic range (HDR) screens appear much darker than expected.
Updates an issue that causes video playback to be out of sync in duplicate mode when you use multiple monitors.
Updates an issue that displays nothing or shows “Computing Filters” indefinitely when you filter File Explorer search results.
Updates an issue that makes the split layout unavailable for the touch keyboard when you rotate a device to portrait mode.
Informs users when a child account in the Family Safety plan has administrative privileges.
Updates an issue that prevents you from closing Toast Notifications using the Close button on touchscreen devices.
Updates an issue with 7.1 channel audio technology.
Updates an issue that causes a device to stop working if you delete files or folders that OneDrive syncs.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.
Allows administrators to use a Group Policy to enable extended keyboard shortcuts, including Ctrl+S, for users in Microsoft Edge IE Mode.
Addresses an issue that prevents the icon for a Toast collection from appearing in the Action Center if the icon file’s URI contains spaces.
Addresses an issue that makes high dynamic range (HDR) screens appear much darker than expected.
Addresses an issue that causes video playback to be out of sync in duplicate mode when you use multiple monitors.
Addresses an issue that might cause applications to stop working while you type Japanese characters using the Microsoft Japanese Input Method Editor (IME) in compatibility mode.
Addresses an issue that might cause a device to stop responding during hybrid shutdown.
Addresses an issue that prevents users from adjusting or turning off the touchpad because of administrative settings.
Addresses a window rendering issue that causes content in a window to flash frequently when FlipEx is used.
Addresses a window rendering issue that causes content in a window to flash frequently when multi-plane overlay (MPO) is used.
Addresses an issue with Japanese input that occurs after focus changes between boxes in Microsoft Edge Legacy.
Addresses an issue that displays nothing or shows “Computing Filters” indefinitely when you filter File Explorer search results.
Addresses an issue that makes the split layout unavailable for the touch keyboard when you rotate a device to portrait mode.
Informs users when a child account in the Family Safety plan has administrative privileges.
Addresses an issue that prevents you from closing Toast Notifications using the Close button on touchscreen devices.
Addresses an issue with a heap leak that might cause explorer.exe to consume high amounts of memory.
Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.
Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan.
Addresses an issue with the Windows Event Log Forwarding client, which returns the first matching certificate without checking private key permissions. With this update, the Windows Event Log Forwarding client selects the client’s certificate only if the Network Service has read permissions for the private key.
Addresses an issue that causes PowerShell-based monitors to stop working when you enable transcription on the systems.
Addresses an issue that stops BranchCache from working if you activate Windows using Cloud Solution Provider (CSP) license.
Addresses an issue that prevents Windows 10 Home edition devices from upgrading to the Windows 10 Pro Education edition using mobile device management (MDM) services such as Microsoft Intune.
Addresses an issue that prevents App-V applications from opening and generates error 0xc0000225.
Addresses an issue in which some machines enrolled with an MDM service fail to sync if the device manufacturer's name contains a reserved character.
Addresses an issue with using a configuration service provider (CSP) policy to configure a custom setting for Audit Other Logon/Logoff events. The custom setting fails to take effect.
Addresses an issue that causes a system to stop working when no Trusted Platform Module (TPM) is present in the system. The error code in TpmTasks.dll!TrackTPMStateChanges is c0000005.
Addresses an issue that causes multiple instances of appidcertstorecheck.exe to run on a system when AppLocker is enabled and the system is not on the internet.
Addresses an issue with credential roaming that occurs when Windows Hello for Business is enabled.
Addresses an issue that prevents performance monitoring tools from displaying logged data for single instance counter objects.
Addresses an issue that prevents the Chromium-based Microsoft Edge from working. This issue occurs when Microsoft Edge is used in combination with Microsoft App-V and fonts are enabled inside the virtual environment.
Addresses an issue that causes a black screen or delays signing in to a Hybrid Azure Active Directory joined machine while the machine attempts to connect to login.microsoftonline.com.
Addresses an issue that causes the system to stop working and generates error code 0xC9.
Addresses an issue with 7.1 channel audio technology.
Addresses an issue that turns on Caps lock unexpectedly when using RemoteApp.
Addresses an issue with high memory usage when performing XSLT transforms using MSXLM6.
Addresses an issue that might cause File Explorer and other applications to stop responding for several minutes. This issue occurs after a client reconnects to the corporate network and attempts to use mapped drives to access file shares on the corporate network.
Addresses an issue that prevents Server Message Block 1 (SMB1) clients from accessing the SMB share after restarting the LanmanServer service.
Addresses an issue that might cause the cluster network interface to stop working for a short time. As a result, the network interface controller (NIC) is marked as failed. When the network is operational again, the system might not detect that the NIC is working and the NIC remains in a failed status.
Addresses an issue with signing in to a device that is in the current domain by using the default user profile of a device that is in a different, but trusted domain. The profile service of the current domain cannot retrieve the default user profile from the trusted domain and uses the local default user profile instead.
Addresses an issue that causes a device to stop working if you delete files or folders that OneDrive syncs.
Addresses an issue that prevents Windows from activating Windows 10, version 2004 using the OA 3.0 key after installing KB4598291.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Removes the Microsoft Edge Legacy desktop application that is out of support. For more information, see New Microsoft Edge to replace Microsoft Edge Legacy with April’s Windows 10 Update Tuesday release.
Addresses an issue that prevents users from using the Remote Desktop Protocol (RDP) to connect to a Windows Server 2019 device that is in Desktop Experience mode.
Addresses an issue to allow our enterprise partners to work with the Microsoft Support program to create customized mitigations.
Addresses an issue that causes Remote Desktop sessions to end unexpectedly.
Addresses an issue with an HTTP Keep-Alive connection in Azure Front Door. After completing a previous request and response to keep the connection open, Azure Front Door will try to reuse the connection. After an idle timeout, a race condition might occur that closes the Transmission Control Protocol (TCP) connection. As a result, the client might fail with an invalid server response.
Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format .

New in Cumulative Updates for Windows 10 / Server 1909 - March 25, 2021 (May 21, 2021)

Highlights:
Updates an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.
Updates an issue with Japanese input that occurs after focus changes between boxes in Microsoft Edge Legacy.
Updates an issue that displays nothing or shows “Computing Filters” indefinitely when you filter File Explorer search results.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Removes the Microsoft Edge Legacy desktop application that is out of support. For more information, see New Microsoft Edge to replace Microsoft Edge Legacy with April’s Windows 10 Update Tuesday release
Addresses an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.
Allows administrators to use a Group Policy to enable extended keyboard shortcuts, including Ctrl+S, for users in Microsoft Edge IE Mode.
Addresses an issue that might cause a deadlock when a COM server delivers an event to multiple subscribers in parallel.
Addresses an issue with Japanese input that occurs after focus changes between boxes in Microsoft Edge Legacy.
Addresses issue that causes 16-bit apps that run on NT Virtual DOS Machine (NTVDM) to stop working when you open them.
Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Addresses an issue that prevents users from adjusting or turning off the touchpad because of administrative settings.
Addresses an issue that displays nothing or shows “Computing Filters” indefinitely when you filter File Explorer search results.
Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.
Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan.
Addresses an issue with the Windows Event Log Forwarding client, which returns the first matching certificate without checking private key permissions. With this update, the Windows Event Log Forwarding client selects the client’s certificate only if the Network Service has read permissions for the private key.
Addresses an issue that causes PowerShell-based monitors to stop working when you enable transcription on the systems.
Addresses an issue that stops BranchCache from working if you activate Windows using Cloud Solution Provider (CSP) license.
Addresses an issue that prevents App-V applications from opening and generates error 0xc0000225.
Addresses an issue in which some machines enrolled with a mobile device management (MDM) service fail to sync if the device manufacturer's name contains a reserved character.
Addresses an issue with using a configuration service provider (CSP) policy to configure a custom setting for Audit Other Logon/Logoff events. The custom setting fails to take effect.
Updates the Open Mobile Alliance (OMA) Device Management (DM) sync protocol by adding a check-in reason for requests from the client to the server. The check-in reason will allow the MDM service to make better decisions about sync sessions. With this change, the OMA-DM service must negotiate a protocol version of 4.0 with the Windows OMA-DM client.
Addresses an issue with credential roaming that occurs when Windows Hello for Business is enabled.
Addresses an issue that prevents users from using the Remote Desktop Protocol (RDP) to connect to a Windows Server 2019 device that is in Desktop Experience mode.
Addresses an issue that might prevent Hypervisor-Protected Code Integrity (HVCI) from being enabled when you configure it using a Group Policy.
Addresses an issue that causes multiple instances of appidcertstorecheck.exe to run on a system when AppLocker is enabled and the system is not on the internet.
Addresses an issue that causes a black screen or delays signing in to a Hybrid Azure Active Directory joined machine while the machine attempts to connect to login.microsoftonline.com.
Addresses an issue that prevents the Chromium-based Microsoft Edge from working. This issue occurs when Microsoft Edge is used in combination with Microsoft App-V and fonts are enabled inside the virtual environment.
Addresses possible race conditions that occur when the system calls NtOpenKeyEx(),which results in a stop error.
Addresses an issue with high memory usage when performing XSLT transforms using MSXLM6.
Addresses an issue that prevents Server Message Block 1 (SMB1) clients from accessing the SMB share after restarting the LanmanServer service.
Addresses an issue that might cause the cluster network interface to stop working for a short time. As a result, the network interface controller (NIC) is marked as failed. When the network is operational again, the system might not detect that the NIC is working and the NIC remains in a failed status.
Addresses an issue with signing in to a device that is in the current domain by using the default user profile of a device that is in a different, but trusted domain. The profile service of the current domain cannot retrieve the default user profile from the trusted domain and uses the local default user profile instead.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue that turns on Caps lock unexpectedly when using RemoteApp.
Addresses an issue with the svhost process that hosts the Microsoft-Windows-TerminalServices-LocalSessionManager. The svhost process consumes increasingly large amounts of memory because of a leak in COMMAND_ENTRY objects. Memory leaks might cause issues when signing in to an application or to the Remote Desktop. In extreme cases, the server might stop responding.
Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.

New in Cumulative Updates for Windows 10 / Server 1809 - March 25, 2021 (May 21, 2021)

Highlights:
Updates an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.
Updates an issue that displays nothing or shows “Computing Filters” indefinitely when you filter File Explorer search results.
Updates an issue with Japanese input that occurs after focus changes between boxes in Microsoft Edge Legacy.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.
Allows administrators to use a Group Policy to enable extended keyboard shortcuts, including Ctrl+S, for users in Microsoft Edge IE Mode.
Addresses an issue that prevents users from adjusting or turning off the touchpad because of administrative settings.
Addresses an issue with Japanese input that occurs after focus changes between boxes in Microsoft Edge Legacy.
Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Addresses an issue that displays nothing or shows “Computing Filters” indefinitely when you filter File Explorer search results.
Addresses an issue with a heap leak that might cause explorer.exe to consume high amounts of memory.
Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.
Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan.
Addresses an issue with the Windows Event Log Forwarding client, which returns the first matching certificate without checking private key permissions. With this update, the Windows Event Log Forwarding client selects the client’s certificate only if the Network Service has read permissions for the private key.
Addresses an issue that causes PowerShell-based monitors to stop working when you enable transcription on the systems.
Addresses an issue that prevents App-V applications from opening and generates error 0xc0000225.
Addresses an issue in which some machines enrolled with a mobile device management (MDM) service fail to sync if the device manufacturer's name contains a reserved character.
Addresses an issue with RSA key generation that generates a damaged key.
Addresses an issue that prevents users from using the Remote Desktop Protocol (RDP) to connect to a Windows Server 2019 device that is in Desktop Experience mode.
Addresses an issue that might prompt for credentials when not needed and might fail to authenticate in an Azure Active Directory environment.
Addresses an issue that causes multiple instances of appidcertstorecheck.exe to run on a system when AppLocker is enabled and the system is not on the internet.
Addresses an issue that might prevent Hypervisor-Protected Code Integrity (HVCI) from being enabled when you configure it using a Group Policy.
Addresses an issue that causes a black screen or delays signing in to a Hybrid Azure Active Directory joined machine while the machine attempts to connect to login.microsoftonline.com.
Addresses an issue that prevents the Chromium-based Microsoft Edge from working. This issue occurs when Microsoft Edge is used in combination with Microsoft App-V and fonts are enabled inside the virtual environment.
Addresses an issue that causes a virtual machine (VM) to lose internet connectivity when you configure the Instance-Level Public IP and outbound network address translation (NAT) for the VM.
Addresses an issue with input-output memory management unit (IoMMU) support on certain processors for Windows Server 2019 guest VMs that are on server virtualization software.
Addresses possible race conditions that occur when the system calls NtOpenKeyEx(),which results in a stop error.
Addresses an issue with high memory usage when performing XSLT transforms using MSXLM6.
Addresses an issue that prevents Server Message Block 1 (SMB1) clients from accessing the SMB share after restarting the LanmanServer service.
Addresses an issue that might cause the cluster network interface to stop working for a short time. As a result, the network interface controller (NIC) is marked as failed. When the network is operational again, the system might not detect that the NIC is working and the NIC remains in a failed status.
Addresses an issue with signing in to a device that is in the current domain by using the default user profile of a device that is in a different, but trusted domain. The profile service of the current domain cannot retrieve the default user profile from the trusted domain and uses the local default user profile instead.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue that turns on Caps lock unexpectedly when using RemoteApp.
Adds new capabilities to the Packet Monitor (PKTMON) network diagnostic tool.
Addresses an issue with the svhost process that hosts the Microsoft-Windows-TerminalServices-LocalSessionManager. The svhost process consumes increasingly large amounts of memory because of a leak in COMMAND_ENTRY objects. Memory leaks might cause issues when signing in to an application or to the Remote Desktop. In extreme cases, the server might stop responding.
Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.

New in Cumulative Updates for Windows 10 / Server 20H2 - March 18, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 2004 - March 18, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1909 - March 18, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1809 - March 18, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1803 - March 18, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1607 - March 18, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1507 - March 18, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 20H2 - March 15, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 2004 - March 15, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1909 - March 15, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1809 - March 15, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1803 - March 15, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 20H2 - March 9, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 2004 - March 9, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1909 - March 9, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1809 - March 9, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1803 - March 9, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1703 - March 9, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1607 - March 9, 2021 (May 21, 2021)

Highlights:
Updates security for the Windows user interface.
Updates to improve security when Windows performs basic operations.
Updates to improve security when using Microsoft Office products.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Turns off token binding by default in Windows Internet (WinINet).
Addresses an issue in the Windows Management Instrumentation (WMI) service that causes a heap leak each time security settings are applied to WMI namespace permissions.
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.
Addresses a reliability issue in Remote Desktop.
Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
Addresses an issue that causes an increase in network traffic during update detection for Windows Updates. This issue occurs on devices that are configured to use an authenticated user proxy as the fallback method if update detection with a system proxy fails or there is no proxy.
Security updates to the Windows Shell, Windows User Account Control (UAC), Windows Fundamentals, Windows Core Networking, Windows Hybrid Cloud Networking, Windows Kernel, Windows Virtualization, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media.
Adds a new dfslogkey as described below:
Keypath: HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/dfslog.
The RootShareAcquireSuccessEvent field has the following possible values:
Default value = 1; enables the log.
Value other than 1; disables the log.
If this key does not exist, it will be created automatically. To take effect, any change to
dfslog/RootShareAcquireSuccessEvent in the registry requires that you restart the DFSN service.

New in Cumulative Updates for Windows 10 / Server 1507 - March 9, 2021 (May 21, 2021)

New in Cumulative Updates for Windows 10 / Server 1909 - February 16, 2021 (Feb 18, 2021)

Highlights:
Updates an issue that sometimes prevents the input of strings into the Input Method Editor (IME).
Updates an issue that renders fonts incorrectly.
Updates an issue with screen rendering after opening games with certain hardware configurations.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Updates the default values for the following Internet Explorer registry keys
svcKBFWLink = “ ” (empty string)
svcKBNumber = “ ” (empty string)
svcUpdateVersion = 11.0.1000.
In addition, these values will no longer be updated automatically.
Addresses an issue with a memory leak in Internet Explorer 11 that occurs when you use the Chinese language pack.
Addresses an issue with certain COM+ callout policies that cause a deadlock in certain applications.
Addresses an issue that renders fonts incorrectly.
Addresses an issue that sometimes prevents the input of strings into the Input Method Editor (IME).
Addresses an issue with the SetWindowRgn API. It incorrectly sets the window region’s coordinates relative to the client area instead of relative to the upper-left corner of the window. As a result, users cannot maximize, minimize, or close a window.
Addresses an issue with a stop error that occurs at startup.
Removes the history of previously used pictures from a user account profile.
Addresses an issue that might delay a Windows Hello for Business (WHfB) Certificate Trust deployment when you open the Settings-> Accounts-> Sign-in Options page.
Addresses an issue that causes the host process of Windows Remote Management (WinRM) to stop working when it formats messages from a PowerShell plugin.
Addresses an issue in the Windows Management Instrumentation (WMI) service that causes a heap leak each time security settings are applied to WMI namespace permissions.
Addresses an issue with screen rendering after opening games with certain hardware configurations.
Improves startup times for applications that have roaming settings when User Experience Virtualization (UE-V) is turned on.
Addresses an issue that prevents the Trusted Platform Module (TPM) from starting. As a result, TPM-based scenarios do not work.
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Addresses high memory and CPU utilization in Microsoft Defender for Endpoint.
Enhances data loss prevention and insider risk management solution functionalities in Microsoft 365 endpoints.
Addresses an issue with the x86 version of Microsoft Excel 365 Version 2011. It fails to open if you enable the SimExec feature of Defender Exploit Protection or stops working if you disable the SimExec exploit protection and enable the CallerCheck protection.
Addresses an issue that displays an error when you attempt to open an untrusted webpage using Microsoft Edge or open an untrusted Microsoft Office document. The error is, "WDAG Report - Container: Error: 0x80070003, Ext error: 0x00000001". This issue occurs after installing the .NET update KB4565627.
Addresses an issue that prevents wevtutil from parsing an XML file.
Addresses an issue that fails to report an error when the Elliptic Curve Digital Signature Algorithm (ECDSA) generates invalid keys of 163 bytes instead of 165 bytes.
Adds support for using the new Chromium-based Microsoft Edge as the assigned access single kiosk app. Now, you can also customize a breakout key sequence for single app kiosks. For more information, see Configure Microsoft Edge kiosk mode.
Addresses an issue with User Datagram Protocol (UDP) broadcast packets that are larger than the maximum transmission unit (MTU). Devices that receive these packets discard them because the checksum is not valid.
Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically.
Improves the ability of the WinHTTP Web Proxy Auto-Discovery Service to ignore invalid Web Proxy Auto-Discovery Protocol (WPAD) URLs that the Dynamic Host Configuration Protocol (DHCP) server returns.
Addresses an issue that might cause the IKEEXT service to stop working intermittently.
Addresses an issue with updating to Windows Server 2019 using a .iso image. If you renamed the default administrator account, the Local Security Authority (LSA) process might stop working.
Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
Addresses an issue that prevents the User Profile Service from detecting a slow or a fast link reliably.
Addresses an issue that causes contention for a metadata lock when using Work Folders.
Addresses an issue that causes a Work Folder sync to fail with the error code 0x8007017c if you have turned on On-Demand File Access.
Updates the Open Mobile Alliance (OMA) Device Management (DM) sync protocol by adding a check-in reason for requests from the client to the server. The check-in reason will allow the mobile device management (MDM) service to make better decisions about sync sessions. With this change, the OMA-DM service must negotiate a protocol version of 4.0 with the Windows OMA-DM client.
Addresses an issue with failover in an environment that only has IPv6 clusters. If the failover cluster has been running for more than 24 days, attempts to do a failover might not succeed or might be delayed.
Adds a new dfslogkey as described below:
Keypath: HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/dfslog.
The RootShareAcquireSuccessEvent field has the following possible values:
Default value = 1; enables the log.
Value other than 1; disables the log.
If this key does not exist, it will be created automatically. To take effect, any change to
dfslog/RootShareAcquireSuccessEvent in the registry requires that you restart the DFSN service.

New in Cumulative Updates for Windows 10 / Server 1809 - February 16, 2021 (Feb 18, 2021)

Highlights:
Updates an issue that renders fonts incorrectly.
Updates an issue that sometimes prevents the input of strings into the Input Method Editor (IME).
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Updates the default values for the following Internet Explorer registry keys
svcKBFWLink = “ ” (empty string)
svcKBNumber = “ ” (empty string)
svcUpdateVersion = 11.0.1000.
In addition, these values will no longer be updated automatically.
Addresses an issue with a memory leak in Internet Explorer 11 that occurs when you use the Chinese language pack.
Turns off token binding by default in Windows Internet (WinINet).
Addresses an issue that displays a User Account Control (UAC) dialog box unexpectedly when you turn on speech recognition.
Addresses an issue with certain COM+ callout policies that cause a deadlock in certain applications.
Addresses an issue that renders fonts incorrectly.
Addresses an issue with the SetWindowRgn API. It incorrectly sets the window region’s coordinates relative to the client area instead of relative to the upper-left corner of the window. As a result, users cannot maximize, minimize, or close a window.
Addresses an issue that sometimes prevents the input of strings into the Input Method Editor (IME).
Removes the history of previously used pictures from a user account profile.
Addresses an issue that displays the wrong language when you sign in to a console after you change the system locale.
Addresses an issue that causes the host process of Windows Remote Management (WinRM) to stop working when it formats messages from a PowerShell plugin.
Addresses an issue in the Windows Management Instrumentation (WMI) service that causes a heap leak each time security settings are applied to WMI namespace permissions.
Improves startup times for applications that have roaming settings when User Experience Virtualization (UE-V) is turned on.
Addresses an issue that prevents the Trusted Platform Module (TPM) from starting. As a result, TPM-based scenarios do not work.
Addresses an issue with unsigned program files that will not run when Windows Defender Application Control is in Audit Mode, but will allow unsigned images to run.
Addresses an issue with Key Distribution Center (KDC) code, which fails to check for an invalid domain state when the domain controller restarts. The error message is “STATUS_INVALID_DOMAIN_STATE”.
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Enhances data loss prevention and insider risk management solution functionalities in Microsoft 365 endpoints.
Addresses an issue with the x86 version of Microsoft Excel 365 Version 2011. It fails to open if you enable the SimExec feature of Defender Exploit Protection or stops working if you disable the SimExec exploit protection and enable the CallerCheck protection.
Addresses an issue that displays an error when you attempt to open an untrusted webpage using Microsoft Edge or open an untrusted Microsoft Office document. The error is, "WDAG Report - Container: Error: 0x80070003, Ext error: 0x00000001". This issue occurs after installing the .NET update KB4565627.
Addresses an issue that prevents wevtutil from parsing an XML file.
Addresses an issue that fails to report an error when the Elliptic Curve Digital Signature Algorithm (ECDSA) generates invalid keys of 163 bytes instead of 165 bytes.
Addresses an issue with User Datagram Protocol (UDP) broadcast packets that are larger than the maximum transmission unit (MTU). Devices that receive these packets discard them because the checksum is not valid.
Addresses an issue that might cause the IKEEXT service to stop working intermittently.
Addresses an issue with updating to Windows Server 2019 using a .iso image. If you renamed the default administrator account, the Local Security Authority (LSA) process might stop working.
Addresses an issue that causes a cluster disk to go offline, and the cluster log reports the error, “RPC_X_BAD_STUB_DATA”.
Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
Addresses an issue that prevents the User Profile Service from detecting a slow or a fast link reliably.
Addresses an issue that causes contention for a metadata lock when using Work Folders.
Addresses an issue that causes a Work Folder sync to fail with the error code 0x8007017c if you have turned on On-Demand File Access.
Updates the Open Mobile Alliance (OMA) Device Management (DM) sync protocol by adding a check-in reason for requests from the client to the server. The check-in reason will allow the mobile device management (MDM) service to make better decisions about sync sessions. With this change, the OMA-DM service must negotiate a protocol version of 4.0 with the Windows OMA-DM client.
Addresses an issue with failover in an environment that only has IPv6 clusters. If the failover cluster has been running for more than 24 days, attempts to do a failover might not succeed or might be delayed.
Adds a new dfslogkey as described below:
Keypath: HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/dfslog.
The RootShareAcquireSuccessEvent field has the following possible values:
Default value = 1; enables the log.
Value other than 1; disables the log.
If this key does not exist, it will be created automatically. To take effect, any change to
dfslog/RootShareAcquireSuccessEvent in the registry requires that you restart the DFSN service.

New in Cumulative Updates for Windows 10 / Server 1909 - February 11, 2021 (Feb 18, 2021)

New in Cumulative Updates for Windows 10 / Server 20H2 - February 9, 2021 (Feb 18, 2021)

New in Cumulative Updates for Windows 10 / Server 2004 - February 9, 2021 (Feb 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1909 - February 9, 2021 (Feb 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1809 - February 9, 2021 (Feb 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1803 - February 9, 2021 (Feb 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1703 - February 9, 2021 (Feb 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1607 - February 9, 2021 (Feb 18, 2021)

Highlights:
Updates for verifying usernames and passwords.
Corrects historical daylight savings time (DST) information for the Palestinian Authority.
Updates an issue with German translations of Central European Time.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Enables administrators to disable standalone Internet Explorer using a Group Policy while continuing to use Microsoft Edge's IE Mode.
Updates Internet Explorer’s About dialog to use the standard modern dialog.
Addresses an issue with a Service Host (svchost.exe) process that causes excessive CPU usage in some Input Method Editor (IME) language environments, such as Traditional Chinese. This issue occurs when you try to add an input method in Control Panel.
Corrects historical daylight savings time (DST) information for the Palestinian Authority.
Addresses an issue with German translations of Central European Time.
Addresses an issue that causes LSASS.exe to stop working because of a race condition that results in a double free error in Schannel. The exception code is c0000374, and the Event Log displays Schannel event 36888, fatal error code 20, and error state 960. This issue occurs after installing Windows updates from September 2020 and later.
Addresses an issue that might cause systems that use BitLocker to stop working and display the error 0x120 (BITLOCKER_FATAL_ERROR).
Addresses an issue that prevents scheduled tasks that have multiple actions from running again if you have previously disabled them while they were running.
Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.
Addresses an issue that incorrectly reports that Lightweight Directory Access Protocol (LDAP) sessions are unsecure in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.
Addresses an issue with Server Message Block (SMB). This issue incorrectly logs the Microsoft-Windows-SMBClient 31013 event in the Microsoft-Windows-SMBClient or Security event log of an SMB client when an SMB server returns STATUS_USER_SESSION_DELETED. This issue occurs when SMB client users or applications open multiple SMB sessions using the same set of Transmission Control Protocol (TCP) connections on the same SMB Server. This issue most likely occurs on Remote Desktop Servers.
Addresses an issue that causes the LanmanServer service to stop unexpectedly. This issue occurs if the OptionalNames registry value is set and the service restarts.
Addresses an issue that causes stop error 0x54 in SRV2.SYS.
Updates the Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) to enable Enforcement mode. For more details, see CVE-2020-1472 and How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472.
Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows Core Networking, and Windows Hybrid Cloud Networking.

New in Cumulative Updates for Windows 10 / Server 1507 - February 9, 2021 (Feb 18, 2021)

New in Cumulative Updates for Windows 10 / Server 20H2 - January 12, 2021 (Jan 18, 2021)

New in Cumulative Updates for Windows 10 / Server 2004 - January 12, 2021 (Jan 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1909 - January 12, 2021 (Jan 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1809 - January 12, 2021 (Jan 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1803 - January 12, 2021 (Jan 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1703 - January 12, 2021 (Jan 18, 2021)

New in Cumulative Updates for Windows 10 / Server 1607 - January 12, 2021 (Jan 18, 2021)

Highlights:
Updates to improve security when using Microsoft Office products.
Updates to improve security when using external devices, such as game controllers, printers, and web cameras.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Adds the ability to set a Group Policy to show only the domain and username when a user signs in.
Addresses an issue that delays authentication traffic because of Netlogon scalability issues.
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
Addresses a security bypass vulnerability that exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface. For more information, see KB4599464.
Addresses a security vulnerability issue with HTTPS-based intranet servers. After installing this update, HTTPS-based intranet servers cannot, by default, use a user proxy to detect updates. Scans using these servers will fail if you have not configured a system proxy on the clients. If you must use a user proxy, you must configure the behavior using the policy “Allow user proxy to be used as a fallback if detection using system proxy fails.” To ensure the highest levels of security, also use Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate pinning on all devices. This change does not affect customers who are using HTTP WSUS servers. For more information, see Changes to scans, improved security for Windows devices.
Addresses an issue in the Remote Desktop Protocol (RDP) redirector (rdpdr.sys) that causes a stop error.
Security updates to the Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services.

New in Cumulative Updates for Windows 10 / Server 1507 - January 12, 2021 (Jan 18, 2021)

New in Cumulative Updates for Windows 10 / Server 20H2 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 2004 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1909 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1903 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1809 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1803 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1703 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1607 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1507 - December 8, 2020 (Dec 9, 2020)

New in Cumulative Updates for Windows 10 / Server 20H2 - November 30, 2020 (Dec 1, 2020)

Highlights:
Updates an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device.
Updates an issue that prevents you from finding certain Microsoft Xbox consoles on a Windows device.
Updates an issue that fails to display the Microsoft Xbox Game Bar app controls on supported monitors. This issue occurs in certain Microsoft DirectX® 9.0 (DX9) games that are running with Variable Refresh Rate enabled on these monitors.
Updates an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Updates an issue that randomly changes the input focus of edit controls when using the Japanese IME or the Chinese Traditional IME.
Updates an issue that makes the touch keyboard unstable in the Mail app.
Improves the visual quality of Windows Mixed Reality headsets that run in lower resolution mode.
Updates an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files.
This non-security update includes quality improvements. Key changes include:
Updates Internet Explorer’s About dialog to use the standard modern dialog.
Addresses an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device.
Addresses an issue that fails to display the local account groups in the localized language even after you deploy the language pack.
Addresses an issue that prevents a user from finding certain Microsoft Xbox consoles on a Windows device.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses an issue with a certain COM API that causes a memory leak.
Addresses an issue that fails to display the Microsoft Xbox Game Bar app controls on supported monitors. This issue occurs in certain Microsoft DirectX® 9.0 (DX9) games that are running with Variable Refresh Rate enabled on these monitors.
Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected.
Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Addresses an issue that crops the touch keyboard when you use a Remote Desktop Connection on a device that has a different screen resolution.
Addresses an issue with excessive network traffic that occurs when you use the Open File dialog box in File Explorer and browse to a shared folder that has the Previous Version feature available.
Addresses an issue that causes the ImmGetCompositionString() function to return the full-width Hiragana when using the Microsoft Input Method Editor (IME) for Japanese instead of returning the half-width Katakana.
Addresses an issue that prevents JumpList items from functioning. This occurs when you create them using the Windows Runtime (WinRT) Windows.UI.StartScreen API for desktop applications that are packaged in the MSIX format.
Addresses an issue that prevents applications from receiving the Shift and Ctrl keystroke events when the Bopomofo, Changjie, or Quick Input Method Editors (IME) are in use.
Addresses an issue that randomly changes the input focus of edit controls when using the Japanese IME or the Chinese Traditional IME.
Addresses an issue that prevents you from signing in on certain servers. This occurs when you enable a Group Policy that forces the start of a computer session to be interactive.
Addresses an issue that fails to set the desktop wallpaper as configured by a GPO when you specify the local background as a solid color.
Addresses an issue with the Microsoft Pinyin IME that unexpectedly dismisses the candidate pane when you type certain phrases.
Addresses an issue that fails to send the Shift keyup event to an application when you use the Japanese IME.
Addresses an issue that renders Kaomoji incorrectly on the emoji panel.
Addresses an issue that makes the touch keyboard unstable in the Mail app.
Addresses an issue that enters unexpected characters, such as half-width Katakana, when you type a password while the IME is in Kana input mode.
Addresses an issue that might fail to pair certain MIDI devices that connect using Bluetooth Low Energy (LE).
Addresses a runtime error that causes Visual Basic 6.0 (VB6) to stop working when duplicate windows messages are sent to WindowProc().
Addresses an issue that generates a 0x57 error when the wecutil ss /c: command is used to update an Event Forwarding subscription.
Addresses an issue that causes applications to fail when they call the LookupAccountSid() API. This occurs after migrating accounts to a new domain whose name is shorter than the name of the previous domain.
Addresses an issue in which loading a Code Integrity Policy causes PowerShell to leak a large amount of memory.
Addresses an issue that causes a system to stop working during startup. This occurs when the CrashOnAuditFail policy is set to 1 and command-line argument auditing is turned on.
Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, “MMC cannot initialize the snap-in.”
Addresses an issue that fails to free a system’s non-paged pool and requires a restart of the system. This occurs when running 32-bit applications with the Federal Information Processing Standard (FIPS) mode enabled.
Addresses an issue that might prevent updates from installing and generates an “E_UNEXPECTED” error.
Addresses an issue that causes the “I forgot my Pin" functionality on the lock screen to fail. This failure occurs if the user has signed in using a username and password and the DontDisplayLastUserName or HideFastUserSwitching policy settings are enabled.
Addresses an issue that prevents access to Azure Active Directory (AD) using the Google Chrome browser because of a Conditional Access policy error.
Improves the visual quality of Windows Mixed Reality headsets that run in lower resolution mode.
Extends Microsoft Defender for Endpoint support to new regions.
Enables a new Hardware-enforced Stack Protection feature called shadow stacks on supported hardware. This update allows applications to opt in to user-mode shadow stack protection, which helps harden backward-edge control-flow integrity and prevents return-oriented programming-based attacks.
Addresses an issue in the Microsoft Remote Procedure Call (RPC) runtime that causes the Distributed File System Replication (DFSR) service to stop responding. This issue generates log events for DFS Replication (5014), RPC (1726), and no reconnection (5004) for a default timeout of 24 hours with no replication.
Adds the touch keyboard to the allowed apps list, and it now works in multi-app assigned access mode.
Addresses an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files.
Addresses an issue that might cause a non-paged pool memory leak in some scenarios.
Addresses an issue that allows an app that has been blocked from hydrating files to continue hydrating files in some cases.
Addresses an issue that might cause a memory leak in bindflt.sys when copying files in a container scenario.
Addresses an issue with Active Directory Certificate Services (AD CS) that fails to submit Certificate Transparency (CT) logs when they are enabled.
Addresses an issue in which cluster validation tests internal switches that are not for cluster use and re-communication.
Addresses an issue that causes stop error 0x27 when you attempt to sign in to a device that is not in a domain using credentials for a device that is in the domain.

New in Cumulative Updates for Windows 10 / Server 2004 - November 30, 2020 (Dec 1, 2020)

Highlights:
Updates an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device.
Updates an issue that prevents you from finding certain Microsoft Xbox consoles on a Windows device.
Updates an issue that fails to display the Microsoft Xbox Game Bar app controls on supported monitors. This issue occurs in certain Microsoft DirectX® 9.0 (DX9) games that are running with Variable Refresh Rate enabled on these monitors.
Updates an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Updates an issue that randomly changes the input focus of edit controls when using the Japanese IME or the Chinese Traditional IME.
Updates an issue that makes the touch keyboard unstable in the Mail app.
Improves the visual quality of Windows Mixed Reality headsets that run in lower resolution mode.
Updates an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files.
This non-security update includes quality improvements. Key changes include:
Updates Internet Explorer’s About dialog to use the standard modern dialog.
Addresses an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device.
Addresses an issue that fails to display the local account groups in the localized language even after you deploy the language pack.
Addresses an issue that prevents a user from finding certain Microsoft Xbox consoles on a Windows device.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses an issue with a certain COM API that causes a memory leak.
Addresses an issue that fails to display the Microsoft Xbox Game Bar app controls on supported monitors. This issue occurs in certain Microsoft DirectX® 9.0 (DX9) games that are running with Variable Refresh Rate enabled on these monitors.
Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected.
Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Addresses an issue that crops the touch keyboard when you use a Remote Desktop Connection on a device that has a different screen resolution.
Addresses an issue with excessive network traffic that occurs when you use the Open File dialog box in File Explorer and browse to a shared folder that has the Previous Version feature available.
Addresses an issue that causes the ImmGetCompositionString() function to return the full-width Hiragana when using the Microsoft Input Method Editor (IME) for Japanese instead of returning the half-width Katakana.
Addresses an issue that prevents JumpList items from functioning. This occurs when you create them using the Windows Runtime (WinRT) Windows.UI.StartScreen API for desktop applications that are packaged in the MSIX format.
Addresses an issue that prevents applications from receiving the Shift and Ctrl keystroke events when the Bopomofo, Changjie, or Quick Input Method Editors (IME) are in use.
Addresses an issue that randomly changes the input focus of edit controls when using the Japanese IME or the Chinese Traditional IME.
Addresses an issue that prevents you from signing in on certain servers. This occurs when you enable a Group Policy that forces the start of a computer session to be interactive.
Addresses an issue that fails to set the desktop wallpaper as configured by a GPO when you specify the local background as a solid color.
Addresses an issue with the Microsoft Pinyin IME that unexpectedly dismisses the candidate pane when you type certain phrases.
Addresses an issue that fails to send the Shift keyup event to an application when you use the Japanese IME.
Addresses an issue that renders Kaomoji incorrectly on the emoji panel.
Addresses an issue that makes the touch keyboard unstable in the Mail app.
Addresses an issue that enters unexpected characters, such as half-width Katakana, when you type a password while the IME is in Kana input mode.
Addresses an issue that might fail to pair certain MIDI devices that connect using Bluetooth Low Energy (LE).
Addresses a runtime error that causes Visual Basic 6.0 (VB6) to stop working when duplicate windows messages are sent to WindowProc().
Addresses an issue that generates a 0x57 error when the wecutil ss /c: command is used to update an Event Forwarding subscription.
Addresses an issue that causes applications to fail when they call the LookupAccountSid() API. This occurs after migrating accounts to a new domain whose name is shorter than the name of the previous domain.
Addresses an issue in which loading a Code Integrity Policy causes PowerShell to leak a large amount of memory.
Addresses an issue that causes a system to stop working during startup. This occurs when the CrashOnAuditFail policy is set to 1 and command-line argument auditing is turned on.
Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, “MMC cannot initialize the snap-in.”
Addresses an issue that fails to free a system’s non-paged pool and requires a restart of the system. This occurs when running 32-bit applications with the Federal Information Processing Standard (FIPS) mode enabled.
Addresses an issue that might prevent updates from installing and generates an “E_UNEXPECTED” error.
Addresses an issue that causes the “I forgot my Pin" functionality on the lock screen to fail. This failure occurs if the user has signed in using a username and password and the DontDisplayLastUserName or HideFastUserSwitching policy settings are enabled.
Addresses an issue that prevents access to Azure Active Directory (AD) using the Google Chrome browser because of a Conditional Access policy error.
Improves the visual quality of Windows Mixed Reality headsets that run in lower resolution mode.
Extends Microsoft Defender for Endpoint support to new regions.
Enables a new Hardware-enforced Stack Protection feature called shadow stacks on supported hardware. This update allows applications to opt in to user-mode shadow stack protection, which helps harden backward-edge control-flow integrity and prevents return-oriented programming-based attacks.
Addresses an issue in the Microsoft Remote Procedure Call (RPC) runtime that causes the Distributed File System Replication (DFSR) service to stop responding. This issue generates log events for DFS Replication (5014), RPC (1726), and no reconnection (5004) for a default timeout of 24 hours with no replication.
Adds the touch keyboard to the allowed apps list, and it now works in multi-app assigned access mode.
Addresses an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files.
Addresses an issue that might cause a non-paged pool memory leak in some scenarios.
Addresses an issue that allows an app that has been blocked from hydrating files to continue hydrating files in some cases.
Addresses an issue that might cause a memory leak in bindflt.sys when copying files in a container scenario.
Addresses an issue with Active Directory Certificate Services (AD CS) that fails to submit Certificate Transparency (CT) logs when they are enabled.
Addresses an issue in which cluster validation tests internal switches that are not for cluster use and re-communication.
Addresses an issue that causes stop error 0x27 when you attempt to sign in to a device that is not in a domain using credentials for a device that is in the domain.

New in Cumulative Updates for Windows 10 / Server 20H2 - November 19, 2020 (Nov 20, 2020)

New in Cumulative Updates for Windows 10 / Server 2004 - November 19, 2020 (Nov 20, 2020)

New in Cumulative Updates for Windows 10 / Server 1909 - November 19, 2020 (Nov 20, 2020)

Highlights:
Updates an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode.
Updates an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device.
Updates an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Updates an issue that might cause games that use spatial audio to stop working.
Updates the visual quality of Windows Mixed Reality headsets that run in lower resolution mode.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Updates Internet Explorer’s About dialog to use the standard modern dialog.
Addresses an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode.
Addresses an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses an issue with using Microsoft Changjie that causes apps to stop working because of a stack overflow.
Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Addresses an issue that might cause Windows to inadvertently modify settings for certain IP cameras that are on the same network as the Windows device.
Addresses an issue that might cause games that use spatial audio to stop working.
Addresses an issue with leaking Graphics Device Interface (GDI) Font Handles that result in unexpected behaviors in certain applications.
Addresses an issue with missing enforced groups in the Start menu layout, which occurs when using mobile device management (MDM) to set the tile groups.
Addresses an issue that fails to set the desktop wallpaper as configured by a Group Policy object (GPO) when you specify the local background as a solid color.
Addresses an issue with excessive network traffic that occurs when you use the Open File dialog box in File Explorer and browse to a shared folder that has the Previous Version feature available.
Addresses an issue with the Search bar in Shell namespace extension products, which causes File Explorer to stop working unexpectedly.
Addresses an issue that prevents you from signing in on certain servers. This occurs when you enable a Group Policy that forces the start of a computer session to be interactive.
Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfaceenrollment URI.
Addresses an issue that generates a 0x57 error when the wecutil ss /c: command is used to update an Event Forwarding subscription.
Addresses an issue that might prevent user settings from syncing across devices.
Addresses an issue that causes the “I forgot my Pin" functionality on the lock screen to fail. This failure occurs if the user has signed in using a username and password and the DontDisplayLastUserName or HideFastUserSwitching policy settings are enabled.
Addresses an issue that causes applications to fail when they call the LookupAccountSid() API. This occurs after migrating accounts to a new domain whose name is shorter than the name of the previous domain.
Addresses an issue in which loading a Code Integrity Policy causes PowerShell to leak a large amount of memory.
Addresses an issue that causes a system to stop working during startup. This occurs when the CrashOnAuditFail policy is set to 1 and command-line argument auditing is turned on.
Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, “MMC cannot initialize the snap-in.”
Addresses an issue that fails to free a system’s non-paged pool and requires a restart of the system. This occurs when running 32-bit applications with the Federal Information Processing Standard (FIPS) mode enabled.
Addresses an issue that prevents access to Azure Active Directory (AD) using the Google Chrome browser because of a Conditional Access policy error.
Improves the visual quality of Windows Mixed Reality headsets that run in lower resolution mode.
Extends Microsoft Defender for Endpoint support to new regions.
Addresses an issue in the Microsoft Remote Procedure Call (RPC) runtime that causes the Distributed File System Replication (DFSR) service to stop responding. This issue generates log events for DFS Replication (5014), RPC (1726), and no reconnection (5004) for a default timeout of 24 hours with no replication.
Addresses an issue that causes a wireless receiver to disconnect during a wireless projection session.
Addresses an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files.
Addresses an issue that might cause a non-paged pool memory leak in some scenarios.
Addresses an issue that might cause a memory leak in bindflt.sys when copying files in a container scenario.
Addresses an issue with Active Directory Certificate Services (AD CS) that might prevent Certificate Transparency (CT) logs from being submitted, if enabled.
Addresses an issue in which cluster validation tests internal switches that are not for cluster use and re-communication.

New in Cumulative Updates for Windows 10 / Server 1903 - November 19, 2020 (Nov 20, 2020)

Highlights:
Updates an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode.
Updates an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device.
Updates an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Updates an issue that might cause games that use spatial audio to stop working.
Updates the visual quality of Windows Mixed Reality headsets that run in lower resolution mode.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Updates Internet Explorer’s About dialog to use the standard modern dialog.
Addresses an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode.
Addresses an issue that causes Narrator to stop responding after you unlock a device if Narrator was in use before you locked the device.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses an issue with using Microsoft Changjie that causes apps to stop working because of a stack overflow.
Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Addresses an issue that might cause Windows to inadvertently modify settings for certain IP cameras that are on the same network as the Windows device.
Addresses an issue that might cause games that use spatial audio to stop working.
Addresses an issue with leaking Graphics Device Interface (GDI) Font Handles that result in unexpected behaviors in certain applications.
Addresses an issue with missing enforced groups in the Start menu layout, which occurs when using mobile device management (MDM) to set the tile groups.
Addresses an issue that fails to set the desktop wallpaper as configured by a Group Policy object (GPO) when you specify the local background as a solid color.
Addresses an issue with excessive network traffic that occurs when you use the Open File dialog box in File Explorer and browse to a shared folder that has the Previous Version feature available.
Addresses an issue with the Search bar in Shell namespace extension products, which causes File Explorer to stop working unexpectedly.
Addresses an issue that prevents you from signing in on certain servers. This occurs when you enable a Group Policy that forces the start of a computer session to be interactive.
Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfaceenrollment URI.
Addresses an issue that generates a 0x57 error when the wecutil ss /c: command is used to update an Event Forwarding subscription.
Addresses an issue that might prevent user settings from syncing across devices.
Addresses an issue that causes the “I forgot my Pin" functionality on the lock screen to fail. This failure occurs if the user has signed in using a username and password and the DontDisplayLastUserName or HideFastUserSwitching policy settings are enabled.
Addresses an issue that causes applications to fail when they call the LookupAccountSid() API. This occurs after migrating accounts to a new domain whose name is shorter than the name of the previous domain.
Addresses an issue in which loading a Code Integrity Policy causes PowerShell to leak a large amount of memory.
Addresses an issue that causes a system to stop working during startup. This occurs when the CrashOnAuditFail policy is set to 1 and command-line argument auditing is turned on.
Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, “MMC cannot initialize the snap-in.”
Addresses an issue that fails to free a system’s non-paged pool and requires a restart of the system. This occurs when running 32-bit applications with the Federal Information Processing Standard (FIPS) mode enabled.
Addresses an issue that prevents access to Azure Active Directory (AD) using the Google Chrome browser because of a Conditional Access policy error.
Improves the visual quality of Windows Mixed Reality headsets that run in lower resolution mode.
Extends Microsoft Defender for Endpoint support to new regions.
Addresses an issue in the Microsoft Remote Procedure Call (RPC) runtime that causes the Distributed File System Replication (DFSR) service to stop responding. This issue generates log events for DFS Replication (5014), RPC (1726), and no reconnection (5004) for a default timeout of 24 hours with no replication.
Addresses an issue that causes a wireless receiver to disconnect during a wireless projection session.
Addresses an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files.
Addresses an issue that might cause a non-paged pool memory leak in some scenarios.
Addresses an issue that might cause a memory leak in bindflt.sys when copying files in a container scenario.
Addresses an issue with Active Directory Certificate Services (AD CS) that might prevent Certificate Transparency (CT) logs from being submitted, if enabled.
Addresses an issue in which cluster validation tests internal switches that are not for cluster use and re-communication.

New in Cumulative Updates for Windows 10 / Server 1809 - November 19, 2020 (Nov 20, 2020)

Highlights:
Updates an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode.
Updates an issue that causes the hard drive to fill up in certain error situations.
Updates an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Updates Internet Explorer’s About dialog to use the standard modern dialog.
Addresses an issue that causes the Chromium-based Microsoft Edge browser to open in the background when a device is in tablet mode.
Addresses an issue that causes the hard drive to fill up in certain error situations.
Addresses an issue with USB 3.0 hubs. A device connected to the hub might stop working when you set the device to hibernate or restart the device.
Addresses an issue that generates a 0x57 error when the wecutil ss /c: command is used to update an Event Forwarding subscription.
Addresses an issue that causes applications to fail when they call the LookupAccountSid() API. This occurs after migrating accounts to a new domain whose name is shorter than the name of the previous domain.
Addresses an issue that causes Windows Defender Application Control to generate too many events related to dynamic code generation.
Addresses an issue that causes the “I forgot my Pin" functionality on the lock screen to fail. This failure occurs if the user has signed in using a username and password and the DontDisplayLastUserName or HideFastUserSwitching policy settings are enabled.
Addresses an issue that causes a system to stop working during startup. This occurs when the CrashOnAuditFail policy is set to 1 and command-line argument auditing is turned on.
Addresses an issue that prevents access to Azure Active Directory (AD) using the Google Chrome browser because of a Conditional Access policy error.
Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, “MMC cannot initialize the snap-in.”
Addresses an issue that fails to free a system’s non-paged pool and requires a restart of the system. This occurs when running 32-bit applications with the Federal Information Processing Standard (FIPS) mode enabled.
Extends Microsoft Defender for Endpoint support to new regions.
Addresses high memory and CPU utilization in Microsoft Defender for Endpoint.
Addresses an issue in the Microsoft Remote Procedure Call (RPC) runtime that causes the Distributed File System Replication (DFSR) service to stop responding. This issue generates log events for DFS Replication (5014), RPC (1726), and no reconnection (5004) for a default timeout of 24 hours with no replication.
Addresses an issue that might cause Dynamic Host Configuration Protocol (DHCP) servers to ignore Link Selection information (DHCP Option 82, sub-option 5) in DHCP Request packets from clients.
Addresses an issue that prevents the PDF24 app, version 9.1.1, from opening .txt files.
Addresses an issue that might cause a non-paged pool memory leak in a Remote Desktop Protocol (RDP) over virtual private network (VPN) scenario.
Addresses an issue that might cause a memory leak in bindflt.sys when copying files in a container scenario.
Addresses an issue with Active Directory Certificate Services (AD CS) that might prevent Certificate Transparency (CT) logs from being submitted, if enabled.
Addresses an issue that fails to implement the terminal services (termsrv.dll) idle timeout settings.
Addresses an issue with the User Datagram Protocol (UDP) rate controller feature that causes Remote Desktop Services (Terminal Services) to intermittently stop working. As a result, all RDP connections are lost.
Addresses an issue with incorrect Canonical Display Driver (CDD) buffer flushing, which degrades performance in Remote Desktop Protocol (RDP) Windows 2000 Display Driver Model (XDDM) scenarios. This issue affects applications that use graphics processing units (GPU) to operate, such as Microsoft Teams, Microsoft Office, and web browsers.

New in Cumulative Updates for Windows 10 / Server 20H2 - November 10, 2020 (Nov 12, 2020)

New in Cumulative Updates for Windows 10 / Server 2004 - November 10, 2020 (Nov 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1909 - November 10, 2020 (Nov 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1903 - November 10, 2020 (Nov 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1809 - November 10, 2020 (Nov 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1803 - November 10, 2020 (Nov 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1703 - November 10, 2020 (Nov 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1607 - November 10, 2020 (Nov 12, 2020)

Highlights:
Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.
Updates to improve security when using Microsoft Office products.
Updates to improve security when Windows performs basic operations.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.
Allows you to restrict the JScript Scripting Engine to a process.
Address an issue that causes an application to stop working if the app uses a hook.
Addresses an issue that causes the Microsoft Management Console (MMC) Group Policy application to stop working when you are editing the Group Policy Security settings. The error message is, “MMC cannot initialize the snap-in.”
Addresses an issue with devices on which Credential Guard is enabled; if these devices use a Machine Bound certificate, authentication requests might fail. This occurs because Windows 2016 and Windows 2019 domain controllers add duplicate KeyID values to the msDS-KeyCredentialLink attribute of these devices.
Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
Addresses an issue with Remote Desktop Session Host (RDSH) connection brokers that prevents users from connecting to a Remote Desktop in collections. This issue occurs because of an access violation in tssdis.exe.
Addresses an issue that causes the Windows Management Instrumentation (WMI) Provider Host (WmiPrvSE.exe) to leak registry key handles when querying Win32_RDCentralPublishedDeploymentSettings.
Updates the 2020 DST start date for the Fiji Islands to December 20, 2020.
Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.
Security updates to the Microsoft Scripting Engine, the Microsoft Graphics Component, the Windows Wallet Service, Windows Fundamentals, the Windows Kernel, and Windows Virtualization.

New in Cumulative Updates for Windows 10 / Server 1507 - November 10, 2020 (Nov 12, 2020)

New in Cumulative Updates for Windows 10 / Server 20H2 - October 29, 2020 (Oct 31, 2020)

Highlights:
Introducing Meet Now in the Windows 10 Taskbar
Earlier this year we introduced Meet Now in Skype. Meet Now makes it easy to connect with anyone in as little as two clicks for free and each call can last up to 24 hours. Today, we’re excited to share that we will be extending this capability in Windows 10 by bringing Meet Now right to the taskbar. In the coming weeks, you will be able to easily set up a video call and reach friends and family in an instant by clicking the Meet Now icon in the taskbar notification area. No sign ups or downloads needed.
Updates an issue that causes a device to stop responding after you have been using a pen for several hours.
This non-security update includes quality improvements. Key changes include:
Addresses an issue with using Group Policy Preferences to configure the homepage in Internet Explorer.
Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.
Addresses an issue with untrusted URL navigations from Internet Explorer 11 by opening them in Microsoft Defender Application Guard using Microsoft Edge.
Addresses an issue that occurs when using the full suite of developer tools in Microsoft Edge for remote debugging on a Windows 10 device.
Addresses an issue that displays nothing on the screen for five minutes or more during the Remote Desktop Protocol (RDP) session.
Addresses an issue that prevents certain Windows Virtual Desktop (WVD) users from searching for files using File Explorer.
Addresses an issue that causes a device to stop responding after you have been using a pen for several hours.
Addresses an issue that causes an application to stop responding temporarily, which causes extra z-order operations that affect the Window.Topmost property of a window.
Addresses an issue that might cause Dynamic Data Exchange (DDE) apps to stop working.
Addresses an issue that occurs when you first sign in to an account or unlock an existing user session using Remote Desktop Services (RDS). If you enter an incorrect password, the current keyboard layout changes unexpectedly to the system default keyboard layout. This keyboard layout change might cause additional attempts to sign in to fail or lead to account lockouts in domains with low account lockout thresholds.
Addresses an issue that displays the incorrect CPU frequency for certain processors.
Addresses a performance issue that occurs when PowerShell reads the registry to check if the ScriptBlockLogging registry key is in the registry.
Addresses an issue that randomly changes the time offset of the time format returned by the command WMIC.exe OS Get localdatetime/ value.
Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) from assigning the Microsoft Outlook Signatures.
Addresses an issue that prevents Hybrid Azure Active Directory joined devices from updating portal information when a device name or Windows version changes.
Addresses an issue that might prevent the Smart Cards for Windows service from starting.
Adds a new Microsoft Event Tracing for Windows (ETW) provider named "Microsoft-Antimalware-UacScan". This ETW provider reports the details of the context for each User Account Control (UAC) request in the ETW provider manifest.
Addresses an issue with virtual private network (VPN) connections that use Secured Password (EAP-MSCHAP v2) for authentication and have enabled the “Automatically use my Windows logon user name and password” property. When you connect to this type of VPN, an authentication dialog box incorrectly prompts for your credentials.
Displays Recovery Partitions in the diskpart utility.
Addresses an issue that causes stop error 0xd1 in msiscsi.sys. This issue occurs when moving certain arrays from one cluster node to another.
Addresses an issue that causes the IAutomaticUpdatesResults::get_LastInstallationSuccessDate method to return 1601/01/01 when there are no active updates.
Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Windows Defender Application Control (WDAC).
Addresses an issue with SQL Server that might cause performance issues if you configure a Linked Server provider to load out-of-process.
Addresses an issue that might degrade Windows performance and prevent the LanmanServer service from starting when third-party software uses LanmanServer custom file system controls (FSCTL).
Addresses an issue with deduplication that causes long wait times on Resilient File System (ReFS) Cluster Shared Volumes (CSV).
Addresses an issue that might prevent some applications from behaving correctly. This occurs when you publish them as Remote Application Integrated Locally (RAIL) applications using RDS and change the docking for an AppBar window.
Addresses an issue with a deadlock in the Transmission Control Protocol/Internet Protocol (TCPIP) driver that causes the operating system to stop working or stop responding.
Addresses an issue that causes the Routing and Remote Access Service (RRAS) to stop responding for new connections. However, RRAS continues working for existing connections.
Addresses an issue that causes the RRAS administrator Microsoft Management Console (MMC) to stop responding randomly when you are performing administrative tasks or at startup.
Addresses an issue with starting Windows Subsystem for Linux 2 (WSL2) on ARM64 devices that occurs after installing KB4579311.

New in Cumulative Updates for Windows 10 / Server 2004 - October 29, 2020 (Oct 31, 2020)

Highlights:
Introducing Meet Now in the Windows 10 Taskbar
Earlier this year we introduced Meet Now in Skype. Meet Now makes it easy to connect with anyone in as little as two clicks for free and each call can last up to 24 hours. Today, we’re excited to share that we will be extending this capability in Windows 10 by bringing Meet Now right to the taskbar. In the coming weeks, you will be able to easily set up a video call and reach friends and family in an instant by clicking the Meet Now icon in the taskbar notification area. No sign ups or downloads needed.
Updates an issue that causes a device to stop responding after you have been using a pen for several hours.
This non-security update includes quality improvements. Key changes include:
Addresses an issue with using Group Policy Preferences to configure the homepage in Internet Explorer.
Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.
Addresses an issue with untrusted URL navigations from Internet Explorer 11 by opening them in Microsoft Defender Application Guard using Microsoft Edge.
Addresses an issue that occurs when using the full suite of developer tools in Microsoft Edge for remote debugging on a Windows 10 device.
Addresses an issue that displays nothing on the screen for five minutes or more during the Remote Desktop Protocol (RDP) session.
Addresses an issue that prevents certain Windows Virtual Desktop (WVD) users from searching for files using File Explorer.
Addresses an issue that causes a device to stop responding after you have been using a pen for several hours.
Addresses an issue that causes an application to stop responding temporarily, which causes extra z-order operations that affect the Window.Topmost property of a window.
Addresses an issue that might cause Dynamic Data Exchange (DDE) apps to stop working.
Addresses an issue that occurs when you first sign in to an account or unlock an existing user session using Remote Desktop Services (RDS). If you enter an incorrect password, the current keyboard layout changes unexpectedly to the system default keyboard layout. This keyboard layout change might cause additional attempts to sign in to fail or lead to account lockouts in domains with low account lockout thresholds.
Addresses an issue that displays the incorrect CPU frequency for certain processors.
Addresses a performance issue that occurs when PowerShell reads the registry to check if the ScriptBlockLogging registry key is in the registry.
Addresses an issue that randomly changes the time offset of the time format returned by the command WMIC.exe OS Get localdatetime/ value.
Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) from assigning the Microsoft Outlook Signatures.
Addresses an issue that prevents Hybrid Azure Active Directory joined devices from updating portal information when a device name or Windows version changes.
Addresses an issue that might prevent the Smart Cards for Windows service from starting.
Adds a new Microsoft Event Tracing for Windows (ETW) provider named "Microsoft-Antimalware-UacScan". This ETW provider reports the details of the context for each User Account Control (UAC) request in the ETW provider manifest.
Addresses an issue with virtual private network (VPN) connections that use Secured Password (EAP-MSCHAP v2) for authentication and have enabled the “Automatically use my Windows logon user name and password” property. When you connect to this type of VPN, an authentication dialog box incorrectly prompts for your credentials.
Displays Recovery Partitions in the diskpart utility.
Addresses an issue that causes stop error 0xd1 in msiscsi.sys. This issue occurs when moving certain arrays from one cluster node to another.
Addresses an issue that causes the IAutomaticUpdatesResults::get_LastInstallationSuccessDate method to return 1601/01/01 when there are no active updates.
Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Windows Defender Application Control (WDAC).
Addresses an issue with SQL Server that might cause performance issues if you configure a Linked Server provider to load out-of-process.
Addresses an issue that might degrade Windows performance and prevent the LanmanServer service from starting when third-party software uses LanmanServer custom file system controls (FSCTL).
Addresses an issue with deduplication that causes long wait times on Resilient File System (ReFS) Cluster Shared Volumes (CSV).
Addresses an issue that might prevent some applications from behaving correctly. This occurs when you publish them as Remote Application Integrated Locally (RAIL) applications using RDS and change the docking for an AppBar window.
Addresses an issue with a deadlock in the Transmission Control Protocol/Internet Protocol (TCPIP) driver that causes the operating system to stop working or stop responding.
Addresses an issue that causes the Routing and Remote Access Service (RRAS) to stop responding for new connections. However, RRAS continues working for existing connections.
Addresses an issue that causes the RRAS administrator Microsoft Management Console (MMC) to stop responding randomly when you are performing administrative tasks or at startup.
Addresses an issue with starting Windows Subsystem for Linux 2 (WSL2) on ARM64 devices that occurs after installing KB4579311.

New in Cumulative Updates for Windows 10 / Server 1909 - October 20, 2020 (Oct 22, 2020)

Highlights:
Introducing Meet Now in the Windows 10 Taskbar: Earlier this year we introduced Meet Now in Skype. Meet Now makes it easy to connect with anyone in as little as two clicks for free and each call can last up to 24 hours. Today, we’re excited to share that we will be extending this capability in Windows 10 by bringing Meet Now right to the taskbar. In the coming weeks, you will be able to easily set up a video call and reach friends and family in an instant by clicking the Meet Now icon in the taskbar notification area. No sign ups or downloads needed.
Updates an issue that might prevent a Microsoft Xbox Game Pass user from playing certain games that are eligible for play.
Updates a reliability issue that causes the screen to flash constantly.
Updates an issue that causes a USB printer port to disappear after restarting when the printer device is turned power off.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue with using Group Policy Preferences to configure the homepage in Internet Explorer.
Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.
Addresses an issue with untrusted URL navigations from Internet Explorer 11 by opening them in Microsoft Defender Application Guard using Microsoft Edge.
Addresses an issue that occurs when using the full suite of developer tools in Microsoft Edge for remote debugging on a Windows 10 device.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses an issue that might prevent a Microsoft Xbox Game Pass user from playing certain games that are eligible for play.
Addresses an issue that displays nothing on the screen for five minutes or more during the Remote Desktop Protocol (RDP) session.
Addresses a reliability issue that causes the screen to flash constantly.
Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
Addresses an issue that causes an application to stop responding temporarily, which causes extra z-order operations that affect the Window.Topmost property of a window.
Addresses an issue that might cause DDE apps to stop working.
Addresses an issue that occurs when you first sign in to an account or unlock an existing user session using Remote Desktop Services (RDS). If you enter an incorrect password, the current keyboard layout changes unexpectedly to the system default keyboard layout. This keyboard layout change might cause additional attempts to sign in to fail or lead to account lockouts in domains with low account lockout thresholds.
Addresses an issue with the CleanupProfiles Group Policy object (GPO). After you upgrade the operating system, when you configure the CleanupProfiles GPO, it fails to remove unused user profiles.
Addresses an issue that displays the incorrect CPU frequency for certain processors.
Addresses a performance issue that occurs when PowerShell reads the registry to check if the ScriptBlockLogging registry key is in the registry.
Addresses an issue that randomly changes the time offset of the time format returned by the command WMIC.exe OS Get localdatetime/ value.
Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) from assigning the Microsoft Outlook Signatures.
Addresses an issue that prevents Hybrid Azure Active Directory joined devices from updating portal information when a device name or Windows version changes.
Addresses an issue that causes Windows to stop working and generates error 0x17. This issue occurs when Windows Defender Device Guard is enabled and a driver is loaded with a 4K Microsoft Portable Executable (PE) header.
Adds a new Microsoft Event Tracing for Windows (ETW) provider named "Microsoft-Antimalware-UacScan". This ETW provider reports the details of the context for each User Account Control (UAC) request in the ETW provider manifest.
Addresses issue that causes a USB printer port to disappear after restarting when the printer device is turned power off.
Addresses an issue that causes stop error 0xd1 in msiscsi.sys. This issue occurs when moving certain arrays from one cluster node to another.
Addresses an issue that prevents Windows Update and Microsoft Store from connecting to peers over virtual private networks (VPN) for downloads.
Adds functionality that shows a preview of the features and capabilities included in an update when a new update is offered to your device. On the Windows Update page (Start > Settings > Update & Security > Windows Update), there’s an option to “See what’s in this update.”
Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Windows Defender Application Control (WDAC).
Addresses an issue with SQL Server that might cause performance issues if you configure a Linked Server provider to load out-of-process.
Addresses an issue that might degrade Windows performance and prevent the LanmanServer service from starting when third-party software uses LanmanServer custom file system controls (FSCTL).
Addresses an issue with deduplication that causes long wait times on Resilient File System (ReFS) Cluster Shared Volumes (CSV).
Addresses an issue that might prevent some applications from behaving correctly. This occurs when you publish them as Remote Application Integrated Locally (RAIL) applications using RDS and change the docking for an AppBar window.
Addresses an issue with a deadlock in the Transmission Control Protocol/Internet Protocol (TCPIP) driver that causes the operating system to stop working or stop responding.
Addresses an issue that causes the Routing and Remote Access Service (RRAS) to stop responding for new connections. However, RRAS continues working for existing connections.
Addresses an issue that causes the RRAS administrator Microsoft Management Console (MMC) to stop responding randomly when you are performing administrative tasks or at startup.
Improves the Windows Server Storage Migration Service by:
Adding inventory validation.
Improving retransfer performance .
Resolving multiple issues, including reliability issues.
Verifying that source machines have installed the current update.

New in Cumulative Updates for Windows 10 / Server 1903 - October 20, 2020 (Oct 22, 2020)

Highlights:
Introducing Meet Now in the Windows 10 Taskbar: Earlier this year we introduced Meet Now in Skype. Meet Now makes it easy to connect with anyone in as little as two clicks for free and each call can last up to 24 hours. Today, we’re excited to share that we will be extending this capability in Windows 10 by bringing Meet Now right to the taskbar. In the coming weeks, you will be able to easily set up a video call and reach friends and family in an instant by clicking the Meet Now icon in the taskbar notification area. No sign ups or downloads needed.
Updates an issue that might prevent a Microsoft Xbox Game Pass user from playing certain games that are eligible for play.
Updates a reliability issue that causes the screen to flash constantly.
Updates an issue that causes a USB printer port to disappear after restarting when the printer device is turned power off.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue with using Group Policy Preferences to configure the homepage in Internet Explorer.
Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.
Addresses an issue with untrusted URL navigations from Internet Explorer 11 by opening them in Microsoft Defender Application Guard using Microsoft Edge.
Addresses an issue that occurs when using the full suite of developer tools in Microsoft Edge for remote debugging on a Windows 10 device.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses an issue that might prevent a Microsoft Xbox Game Pass user from playing certain games that are eligible for play.
Addresses an issue that displays nothing on the screen for five minutes or more during the Remote Desktop Protocol (RDP) session.
Addresses a reliability issue that causes the screen to flash constantly.
Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
Addresses an issue that causes an application to stop responding temporarily, which causes extra z-order operations that affect the Window.Topmost property of a window.
Addresses an issue that might cause DDE apps to stop working.
Addresses an issue that occurs when you first sign in to an account or unlock an existing user session using Remote Desktop Services (RDS). If you enter an incorrect password, the current keyboard layout changes unexpectedly to the system default keyboard layout. This keyboard layout change might cause additional attempts to sign in to fail or lead to account lockouts in domains with low account lockout thresholds.
Addresses an issue with the CleanupProfiles Group Policy object (GPO). After you upgrade the operating system, when you configure the CleanupProfiles GPO, it fails to remove unused user profiles.
Addresses an issue that displays the incorrect CPU frequency for certain processors.
Addresses a performance issue that occurs when PowerShell reads the registry to check if the ScriptBlockLogging registry key is in the registry.
Addresses an issue that randomly changes the time offset of the time format returned by the command WMIC.exe OS Get localdatetime/ value.
Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) from assigning the Microsoft Outlook Signatures.
Addresses an issue that prevents Hybrid Azure Active Directory joined devices from updating portal information when a device name or Windows version changes.
Addresses an issue that causes Windows to stop working and generates error 0x17. This issue occurs when Windows Defender Device Guard is enabled and a driver is loaded with a 4K Microsoft Portable Executable (PE) header.
Adds a new Microsoft Event Tracing for Windows (ETW) provider named "Microsoft-Antimalware-UacScan". This ETW provider reports the details of the context for each User Account Control (UAC) request in the ETW provider manifest.
Addresses issue that causes a USB printer port to disappear after restarting when the printer device is turned power off.
Addresses an issue that causes stop error 0xd1 in msiscsi.sys. This issue occurs when moving certain arrays from one cluster node to another.
Addresses an issue that prevents Windows Update and Microsoft Store from connecting to peers over virtual private networks (VPN) for downloads.
Adds functionality that shows a preview of the features and capabilities included in an update when a new update is offered to your device. On the Windows Update page (Start > Settings > Update & Security > Windows Update), there’s an option to “See what’s in this update.”
Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Windows Defender Application Control (WDAC).
Addresses an issue with SQL Server that might cause performance issues if you configure a Linked Server provider to load out-of-process.
Addresses an issue that might degrade Windows performance and prevent the LanmanServer service from starting when third-party software uses LanmanServer custom file system controls (FSCTL).
Addresses an issue with deduplication that causes long wait times on Resilient File System (ReFS) Cluster Shared Volumes (CSV).
Addresses an issue that might prevent some applications from behaving correctly. This occurs when you publish them as Remote Application Integrated Locally (RAIL) applications using RDS and change the docking for an AppBar window.
Addresses an issue with a deadlock in the Transmission Control Protocol/Internet Protocol (TCPIP) driver that causes the operating system to stop working or stop responding.
Addresses an issue that causes the Routing and Remote Access Service (RRAS) to stop responding for new connections. However, RRAS continues working for existing connections.
Addresses an issue that causes the RRAS administrator Microsoft Management Console (MMC) to stop responding randomly when you are performing administrative tasks or at startup.
Improves the Windows Server Storage Migration Service by:
Adding inventory validation.
Improving retransfer performance .
Resolving multiple issues, including reliability issues.
Verifying that source machines have installed the current update.

New in Cumulative Updates for Windows 10 / Server 1809 - October 20, 2020 (Oct 22, 2020)

Highlights:
Updates an issue with the out of box user experience on some devices that prevents an upgrade from completing. This issue occurs because the device will not allow user input on the Microsoft Software License Terms page or the Cortana page.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Allows administrators to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.
Addresses an issue with untrusted URL navigations from Internet Explorer 11 by opening them in Microsoft Defender Application Guard using Microsoft Edge.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses a reliability issue in the graphics kernel.
Addresses an issue with the out of box user experience on some devices that prevents an upgrade from completing. This issue occurs because the device will not allow user input on the Microsoft Software License Terms page or the Cortana page.
Addresses an issue that causes an application to stop responding temporarily, which causes extra z-order operations that affect the Window.Topmost property of a window.
Addresses an issue with the CleanupProfiles Group Policy object (GPO). After you upgrade the operating system, when you configure the CleanupProfiles GPO, it fails to remove unused user profiles.
Addresses an issue that fails to set the desktop wallpaper as configured by a GPO when you specify the local background as a solid color.
Addresses an issue that prevents you from signing in on certain servers. This occurs when you enable a Group Policy that forces the start of a computer session to be interactive.
Addresses an issue that occurs when you first sign in to an account or unlock an existing user session using Remote Desktop Services (RDS). If you enter an incorrect password, the current keyboard layout changes unexpectedly to the system default keyboard layout. This keyboard layout change might cause additional attempts to sign in to fail or lead to account lockouts in domains with low account lockout thresholds.
Addresses stop error 0xC2 in usbccgp.sys.
Addresses an issue that displays the incorrect CPU frequency for certain processors.
Addresses an issue that randomly changes the time offset of the time format returned by the command WMIC.exe OS Get localdatetime/ value.
Addresses an issue with Task Manager reports that show an incorrect cache value for the CPU.
Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) from assigning the Microsoft Outlook Signatures.
Addresses an issue that prevents the Smart Cards for Windows service from starting, which prevents the use of a smart card for authentication. The event log shows the error, “Server Control failed to access start event: 621”.
Addresses an issue that causes Windows to stop working and generates error 0x17. This issue occurs when Windows Defender Device Guard is enabled, and a driver is loaded with a 4K Microsoft Portable Executable (PE) header.
Adds a new Microsoft Event Tracing for Windows (ETW) provider named "Microsoft-Antimalware-UacScan". This ETW provider reports the details of the context for each User Account Control (UAC) request in the ETW provider manifest.
Addresses an issue that causes stop error 0xd1 in msiscsi.sys. This issue occurs when moving certain arrays from one cluster node to another.
Addresses an issue that prevents Windows Update and Microsoft Store from connecting to peers over virtual private networks (VPN) for downloads.
Addresses an issue with support for On-Behalf-Of flows (OBO) when using the Microsoft Authentication Library (MSAL).
Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Windows Defender Application Control (WDAC).
Addresses an issue with SQL Server that might cause performance issues if you configure a Linked Server provider to load out-of-process.
Addresses an issue with cluster validation that incorrectly tests internal switches that are not being used in a cluster.
Addresses an issue with deduplication that causes long wait times on Resilient File System (ReFS) Cluster Shared Volumes (CSV).
Addresses an issue that might prevent some applications from behaving correctly. This occurs when you publish them as Remote Application Integrated Locally (RAIL) applications using RDS and change the docking for an AppBar window.
Addresses an issue with a deadlock in the Transmission Control Protocol/Internet Protocol (TCPIP) driver that causes the operating system to stop working or stop responding.
Addresses an issue that causes the Routing and Remote Access Service (RRAS) to stop responding for new connections. However, RRAS continues working for existing connections.
Addresses an issue that causes the RRAS administrator Microsoft Management Console (MMC) to stop responding randomly when you are performing administrative tasks or at startup.
Improves the Windows Server Storage Migration Service by:
Adding inventory validation.
Improving retransfer performance.
Resolving multiple issues, including reliability issues.
Verifying that source machines have installed the current update.

New in Cumulative Updates for Windows 10 / Server 2004 - October 13, 2020 (Oct 14, 2020)

New in Cumulative Updates for Windows 10 / Server 1909 - October 13, 2020 (Oct 14, 2020)

New in Cumulative Updates for Windows 10 / Server 1903 - October 13, 2020 (Oct 14, 2020)

New in Cumulative Updates for Windows 10 / Server 1809 - October 13, 2020 (Oct 14, 2020)

New in Cumulative Updates for Windows 10 / Server 1803 - October 13, 2020 (Oct 14, 2020)

New in Cumulative Updates for Windows 10 / Server 1709 - October 13, 2020 (Oct 14, 2020)

New in Cumulative Updates for Windows 10 / Server 1703 - October 13, 2020 (Oct 14, 2020)

New in Cumulative Updates for Windows 10 / Server 1607 - October 13, 2020 (Oct 14, 2020)

Highlights:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Updates 2021 time zone information for Fiji.
Updates to improve security when Windows performs basic operations.
Updates for storing and managing files.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Provides the ability to sync the Microsoft Edge IE Mode unidirectional session cookie when an administrator configures the session cookie.
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge.
Addresses an issue that causes apps that use Dynamic Data Exchange (DDE) to stop responding when you attempt to close the app.
Updates 2021 time zone information for Fiji.
Addresses an issue with creating HTML reports using tracerpt.
Addresses an issue with the Group Policy service that might recursively delete critical files in alphabetic order from %systemroot%system32. This issue occurs when a policy has been configured to delete cached profiles. These file deletions might cause stop error “0x5A (CRITICAL_SERVICE_FAILED)” boot failures.
Addresses an issue that causes Windows to stop working and generates error 0x17. This issue occurs when Windows Defender Device Guard is enabled, and a driver is loaded with a 4K Microsoft Portable Executable (PE) header.
Addresses an issue with creating null ports using the user interface.
Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.
Addresses an issue that might prevent you from accessing the Security Options data view in the Group Policy Management Editor (gpedit.msc) or Local Security Policy Editor (secpol.msc). The error is, "MMC has detected an error in a snap-in”.
Security updates to Windows App Platform and Frameworks, Windows Fundamentals, Windows Virtualization, Windows Kernel, and Windows Storage and Filesystems.

New in Cumulative Updates for Windows 10 / Server 1507 - October 13, 2020 (Oct 14, 2020)

New in Cumulative Updates for Windows 10 / Server 2004 - October 1, 2020 (Oct 2, 2020)

Highlights:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Updates an issue that causes games that use spatial audio to stop working.
Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).
Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate.
Adds support for certain new Windows Mixed Reality motion controllers.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge.
Addresses an issue that, in some instances, prevents the Language Bar from appearing when the user signs in to a new session. This occurs even though the Language Bar is configured properly.
Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid.
Addresses an issue the prevents you from reconnecting to a previously closed session because that session is in an unrecoverable state.
Addresses an issue that causes games that use spatial audio to stop working.
Addresses an issue that prevents the deletion of stale user profiles when you configure a profile cleanup Group Policy object (GPO).
Addresses an issue in which selecting I forgot my Pin from Settings>Accounts>Sign-in options fails in a Windows Hello for Business On-Premise deployment.
Updates 2021 time zone information for Fiji.
Addresses an issue that affects the Microsoft’s System Centre Operations Manager’s (SCOM) ability to monitor a customer's workload.
Addresses an issue that causes random line breaks when you redirect PowerShell console error output.
Addresses an issue with creating HTML reports using tracerpt.
Allows the DeviceHealthMonitoring Cloud Service Plan (CSP) to run on Windows 10 Business and Windows 10 Pro editions.
Addresses an issue that prevents the content under HKLMSoftwareCryptography from being carried over during Windows feature updates.
Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances.
Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only.
Addresses an issue that displays an error that states that a smart card PIN change was not successful even though the PIN change was successful.
Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag.
Updates the configuration of Windows Hello Face recognition to work well with 940nm wavelength cameras.
Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).
Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate.
Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer System Interface (SCSI) command.
Addresses an issue that might cause attempts to bind a socket to a shared socket to fail.
Addresses an issue that might prevent applications from opening or cause other errors when applications use Windows APIs to check for internet connectivity and the network icon incorrectly displays “No internet access” in the notification area. This issue occurs if you use a group policy or local network configuration to disable active probing for the Network Connectivity Status Indicator (NCSI). This also occurs if active probing fails to use a proxy and passive probes fail to detect internet connectivity.
Addresses an issue that prevents Microsoft Intune from syncing on a device using the virtual private network version 2 (VPNv2) configuration service provider (CSP).
Suspends uploads and downloads from peers when a VPN connection is detected.
Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
Addresses an issue with ntdsutil.exe that prevents you from moving Active Directory database files. The error is, “Move file failed with source <original_full_db_path> and Destination <new_full_db_path> with error 5 (Access is denied.)”
Addresses an issue that incorrectly reports that Lightweight Directory Access Protocol (LDAP) sessions are unsecure in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.
Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.
Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname.
Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.” This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests.
Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request.
Addresses an issue that displays strange characters before the day, month, and year fields in the output from console commands.
Addresses an issue that causes lsass.exe to stop working, which triggers a restart of the system. This issue occurs when invalid restart data is sent with a non-critical paged search control.
Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.
Addresses an issue with the Microsoft Cluster Shared Volumes File Systems (CSVFS) driver that prevents Win32 API access to SQL Server Filestream data. This occurs when the data is stored on a Cluster Shared Volume in a SQL Server failover cluster instance, which is on an Azure VM.
Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks.
Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents().
Addresses an issue that causes applications stop working when they use Microsoft’s Remote Desktop sharing APIs. The breakpoint exception code is 0x80000003.
Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Adds support for certain new Windows Mixed Reality motion controllers.
Addresses an issue that causes apps that use Dynamic Data Exchange (DDE) to stop responding when you attempt to close the app.
Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID.
Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the Remote Desktop Protocol (RDP) client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard".
Addresses an issue in Windows Subsystem for Linux (WSL) that generates an “Element not found” error when you try to start WSL.
Addresses an issue with certain WWAN LTE modems that might show no internet connection in the notification area after waking from sleep or hibernation. Additionally, these modems might not be able to connect to the internet.

New in Cumulative Updates for Windows 10 / Server 1909 - September 16, 2020 (Sep 17, 2020)

Highlights:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Updates an issue that causes certain apps to go into an unwanted repair cycle. As a result, a user cannot use that app during that time.
Updates an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming.
Updates an issue to reduce the likelihood of missing fonts.
Updates an issue that causes a device to stop responding after you have been using a pen for several hours.
Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).
This non-security update includes quality improvements. Key changes include:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge.
Addresses an issue that causes certain apps to go into an unwanted repair cycle. As a result, a user cannot use that app during that time.
Addresses an issue that, in certain scenarios, causes applications to stop working if they are created using Visual Basic for Applications (VBA). The error is, “Class not registered” error.
Addresses an issue that might display an empty black screen when a device is connecting to a Windows Virtual Desktop (WVD) machine.
Addresses an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming.
Addresses an issue that causes a stop error when the initialization of the graphics adapter fails.
Addresses an issue to reduce the likelihood of missing fonts.
Addresses an issue that causes a device to stop responding after you have been using a pen for several hours.
Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid.
Addresses an issue in which selecting I forgot my Pin from Settings>Accounts>Sign-in options fails in a Windows Hello for Business On-Premise deployment.
Addresses an issue that causes File Explorer to close unexpectedly when you use a Ribbon shell extension under specific circumstances.
Addresses an issue that affects default application associations during certain upgrade scenarios. This might cause numerous toast notifications to appear when you first sign in after the upgrade.
Addresses an issue that generates a "No features to install" message when you add a feature, even if you provide administrative credentials.
Addresses an issue that causes a stop error when using Microsoft Surface Slim Pen on certain editions of Microsoft Surface Pro X or Microsoft Surface Laptop 3.
Updates 2021 time zone information for Fiji.
Addresses stop error 0xC2 in usbccgp.sys.
Addresses an issue that causes random line breaks when you redirect PowerShell console error output.
Addresses an issue with creating HTML reports using tracerpt.
Allows the DeviceHealthMonitoring Cloud Service Plan (CSP) to run on Windows 10 Business and Windows 10 Pro editions.
Addresses an issue that prevents the content under HKLMSoftwareCryptography from being carried over during Windows feature updates.
Addresses an issue that displays an error that states that a smart card PIN change was not successful even though the PIN change was successful.
Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag.
Addresses an issue that prevents you from enabling BitLocker after installing the Server Core App Compatibility Feature on Demand (FOD).
Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances.
Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only.
Addresses an issue, which occurs after an update, that causes devices that have the Dynamic Root of Trust for Measurement (DRTM) enabled to unexpectedly reset when hibernating.
Updates the configuration of Windows Hello Face recognition to work well with 940nm wavelength cameras.
Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).
Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate.
Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer System Interface (SCSI) command.
Addresses an issue that prevents Always On VPN (AOVPN) from automatically reconnecting when resuming from Sleep or Hibernate.
Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID.
Addresses an issue that fails to log events 5136 for group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.
Addresses an issue with the Microsoft Cluster Shared Volumes File Systems (CSVFS) driver that prevents Win32 API access to SQL Server Filestream data. This occurs when the data is stored on a Cluster Shared Volume in a SQL Server failover cluster instance, which is on an Azure VM.
Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks.
Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents().
Addresses an issue that causes applications stop working when they use Microsoft’s Remote Desktop sharing APIs. The breakpoint exception code is 0x80000003.
Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway.
Adds support for certain new Windows Mixed Reality motion controllers.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the RDP client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard".

New in Cumulative Updates for Windows 10 / Server 1903 - September 16, 2020 (Sep 17, 2020)

Highlights:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Updates an issue that causes certain apps to go into an unwanted repair cycle. As a result, a user cannot use that app during that time.
Updates an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming.
Updates an issue to reduce the likelihood of missing fonts.
Updates an issue that causes a device to stop responding after you have been using a pen for several hours.
Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).
This non-security update includes quality improvements. Key changes include:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge.
Addresses an issue that causes certain apps to go into an unwanted repair cycle. As a result, a user cannot use that app during that time.
Addresses an issue that, in certain scenarios, causes applications to stop working if they are created using Visual Basic for Applications (VBA). The error is, “Class not registered” error.
Addresses an issue that might display an empty black screen when a device is connecting to a Windows Virtual Desktop (WVD) machine.
Addresses an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming.
Addresses an issue that causes a stop error when the initialization of the graphics adapter fails.
Addresses an issue to reduce the likelihood of missing fonts.
Addresses an issue that causes a device to stop responding after you have been using a pen for several hours.
Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid.
Addresses an issue in which selecting I forgot my Pin from Settings>Accounts>Sign-in options fails in a Windows Hello for Business On-Premise deployment.
Addresses an issue that causes File Explorer to close unexpectedly when you use a Ribbon shell extension under specific circumstances.
Addresses an issue that affects default application associations during certain upgrade scenarios. This might cause numerous toast notifications to appear when you first sign in after the upgrade.
Addresses an issue that generates a "No features to install" message when you add a feature, even if you provide administrative credentials.
Addresses an issue that causes a stop error when using Microsoft Surface Slim Pen on certain editions of Microsoft Surface Pro X or Microsoft Surface Laptop 3.
Updates 2021 time zone information for Fiji.
Addresses stop error 0xC2 in usbccgp.sys.
Addresses an issue that causes random line breaks when you redirect PowerShell console error output.
Addresses an issue with creating HTML reports using tracerpt.
Allows the DeviceHealthMonitoring Cloud Service Plan (CSP) to run on Windows 10 Business and Windows 10 Pro editions.
Addresses an issue that prevents the content under HKLMSoftwareCryptography from being carried over during Windows feature updates.
Addresses an issue that displays an error that states that a smart card PIN change was not successful even though the PIN change was successful.
Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag.
Addresses an issue that prevents you from enabling BitLocker after installing the Server Core App Compatibility Feature on Demand (FOD).
Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances.
Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only.
Addresses an issue, which occurs after an update, that causes devices that have the Dynamic Root of Trust for Measurement (DRTM) enabled to unexpectedly reset when hibernating.
Updates the configuration of Windows Hello Face recognition to work well with 940nm wavelength cameras.
Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).
Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate.
Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer System Interface (SCSI) command.
Addresses an issue that prevents Always On VPN (AOVPN) from automatically reconnecting when resuming from Sleep or Hibernate.
Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID.
Addresses an issue that fails to log events 5136 for group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.
Addresses an issue with the Microsoft Cluster Shared Volumes File Systems (CSVFS) driver that prevents Win32 API access to SQL Server Filestream data. This occurs when the data is stored on a Cluster Shared Volume in a SQL Server failover cluster instance, which is on an Azure VM.
Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks.
Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents().
Addresses an issue that causes applications stop working when they use Microsoft’s Remote Desktop sharing APIs. The breakpoint exception code is 0x80000003.
Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway.
Adds support for certain new Windows Mixed Reality motion controllers.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the RDP client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard".

New in Cumulative Updates for Windows 10 / Server 1809 - September 16, 2020 (Sep 17, 2020)

Highlights:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Updates an issue to reduce the likelihood of missing fonts.
Updates an issue that causes applications to close unexpectedly when a user inputs East Asian characters after changing the keyboard layout.
Updates an issue that causes Microsoft Office applications to close unexpectedly when using a Korean Input Method Editor (IME).
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
Addresses an issue with using Group Policy Preferences to configure the homepage in Internet Explorer.
Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge.
Addresses an issue that might generate the error ”0x80704006. Hmmmm…can’t reach this page” when using Microsoft Edge Legacy. This issue occurs when you attempt to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue.
Addresses an issue that displays nothing on the screen for 5 minutes or more during the Remote Desktop Protocol (RDP) session.
Addresses an issue that, in certain scenarios, causes applications to stop working if they are created using Visual Basic for Applications (VBA). The error is, “Class not registered” error.
Addresses an issue that might display an empty black screen when a device is connecting to a Windows Virtual Desktop (WVD) machine.
Addresses an issue that causes Cortana to stop working on multiuser devices when you install, uninstall, and reinstall the same update.
Addresses an issue that causes a stop error when the initialization of the graphics adapter fails.
Addresses an issue to reduce the likelihood of missing fonts.
Addresses an issue that displays a black screen momentarily when an application calls the Desktop Window Manager (DWM) Thumbnail API.
Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid.
Addresses an issue that causes File Explorer to close unexpectedly when you use a Ribbon shell extension under specific circumstances.
Addresses an issue that generates a "No features to install" message when you add a feature, even if you provide administrative credentials.
Provides the ability to set a Group Policy that displays only the domain and username when you sign in.
Addresses an issue that affects default application associations during certain upgrade scenarios. This might cause numerous toast notifications to appear when you first sign in after the upgrade.
Addresses an issue that causes applications to close unexpectedly when a user inputs East Asian characters after changing the keyboard layout.
Updates 2021 time zone information for Fiji.
Addresses an issue that affects the Microsoft’s System Centre Operations Manager’s (SCOM) ability to monitor a customer's workload.
Addresses a performance issue that occurs when PowerShell reads the registry to check if the ScriptBlockLogging registry key is in the registry.
Addresses an issue with creating HTML reports using tracerpt.
Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances.
Addresses an issue that prevents the content under HKLMSoftwareCryptography from being carried over during Windows feature updates.
Addresses an issue that prevents you from enabling BitLocker after installing the Server Core App Compatibility Feature on Demand (FOD).
Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag.
Addresses an issue that prevents a call to NCryptGetProperty() from returning the correct pbOutput value when pszProperty is set to "Algorithm Group" and you are using a Trusted Platform Module (TPM) 1.2 device.
Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only.
Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically.
Addresses an issue that might redirect Software Load Balancing (SLB) traffic to a different host when that traffic goes through a multiplexer. This causes the connection to an application to fail.
Adds new functionality to the robocopy command.
Adds Secure Sockets Layer (SSL) certificate authentication over HTTP/2.
Addresses an issue that prevents Always On VPN (AOVPN) from automatically reconnecting when resuming from Sleep or Hibernate.
Addresses an issue that causes Microsoft Office applications to close unexpectedly when using a Korean Input Method Editor (IME).
Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID.
Addresses an issue that fails to log events 5136 for group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.
Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks.
Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents().
Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the RDP client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard".

New in Cumulative Updates for Windows 10 / Server 2004 - September 8, 2020 (Sep 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1909 - September 8, 2020 (Sep 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1903 - September 8, 2020 (Sep 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1809 - September 8, 2020 (Sep 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1803 - September 8, 2020 (Sep 9, 2020)

Highlights:
Updates to improve security when Windows performs basic operations.
Updates to improve security when using input devices (such as a mouse, keyboard, or pen).
Updates time zone information for the Yukon, Canada.
Updates to improve security when using Microsoft Office products.
Updates to improve security in the Microsoft Store.
Updates an issue with unexpected notifications related to changing default applications settings.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Provides the ability to sync the Microsoft Edge IE Mode unidirectional session cookie when an administrator configures the session cookie.
Addresses an issue with unexpected notifications related to changing default applications settings.
Updates time zone information for the Yukon, Canada.
Addresses an issue that prevents the Event Viewer from properly saving filtered events.
Addresses an issue that causes delays during shutdown when running the Microsoft Keyboard Filter Service.
Addresses a security vulnerability issue with user proxies and HTTP-based intranet servers. After installing this update, HTTP-based intranet servers cannot leverage a user proxy by default to detect updates. Scans using these servers will fail if the clients do not have a configured system proxy. If you must leverage a user proxy, you must configure the behavior using the Windows Update policy “Allow user proxy to be used as a fallback if detection using system proxy fails.” This change does not affect customers who secure their Windows Server Update Services (WSUS) servers with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. For more information, see Improving security for devices receiving updates via WSUS.
Security updates to Windows App Platform and Frameworks, the Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, the Microsoft Store, Windows Cloud Infrastructure, Windows Fundamentals, Windows Management, Windows Kernel, Windows Virtualization, the Microsoft Scripting Engine, and the Microsoft JET Database Engine.

New in Cumulative Updates for Windows 10 / Server 1709 - September 8, 2020 (Sep 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1703 - September 8, 2020 (Sep 9, 2020)

New in Cumulative Updates for Windows 10 / Server 1607 - September 8, 2020 (Sep 9, 2020)

Highlights:
Updates time zone information for the Yukon, Canada.
Updates to improve security when using Microsoft Office products.
Updates to improve security in the Microsoft Store.
Updates to improve security when Windows performs basic operations.
Updates for storing and managing files.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Provides the ability to set a Group Policy that displays only the domain and username when you sign in.
Addresses an issue that stores restricted characters in the Input Method Editor (IME) conversion list.
Updates time zone information for the Yukon, Canada.
Addresses an issue that prevents the Event Viewer from properly saving filtered events.
Addresses an issue with object performance counters.
Addresses an issue that sometimes prevents AppLocker from running an application whose publisher rule allows it to run.
Addresses an issue that causes delays during shutdown when running the Microsoft Keyboard Filter Service.
Addresses a security vulnerability issue with user proxies and HTTP-based intranet servers. After installing this update, HTTP-based intranet servers cannot leverage a user proxy by default to detect updates. Scans using these servers will fail if the clients do not have a configured system proxy. If you must leverage a user proxy, you must configure the behavior using the Windows Update policy “Allow user proxy to be used as a fallback if detection using system proxy fails.” This change does not affect customers who secure their Windows Server Update Services (WSUS) servers with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. For more information, see Improving security for devices receiving updates via WSUS.
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
Addresses an issue that might prevent a client from reconnecting to a previous RemoteApp session unless an administrator closes the session on the server.
Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, the Microsoft Store, Windows Cloud Infrastructure, Windows Fundamentals, Windows Kernel, Windows Virtualization, Windows Storage and Filesystems, the Microsoft Scripting Engine, and the Microsoft JET Database Engine.

New in Cumulative Updates for Windows 10 / Server 1507 - September 8, 2020 (Sep 9, 2020)

New in Cumulative Updates for Windows 10 / Server 2004 - September 3, 2020 (Sep 7, 2020)

Highlights:
Updates an issue that might prevent ActiveX content from loading.
Updates an issue that might cause apps that use the custom text wrapping function to stop working in certain scenarios.
Updates an issue to reduce the likelihood of missing fonts.
Updates an issue that prevents users from reducing the size of a window in some cases.
Updates an issue that causes the touch keyboard to close when you touch any key.
Provides the ability for Dolby Atmos for Headphones and DTS Headphone: X to be used in 24-bit mode on devices that support 24-bit audio.
Updates an issue with a blurry sign in screen.
Updates an issue with Windows Update becoming unresponsive when checking for updates.
Updates an issue that causes File Explorer to stop working when you browse directories of raw images and other file types.
Improves the tablet experience for convertible or hybrid devices in docked scenarios.
Improves the user experience of the Windows Hello enrollment pages for face and fingerprint setup.
Updates an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.
Updates an issue that causes applications to take a long time to open.
Addresses an issue that prevents apps from downloading an update or opening in certain scenarios.
Updates an issue that causes Microsoft Office applications to close unexpectedly when using a Korean IME.
Updates time zone information for the Yukon, Canada.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue with pinned Add-ins that cause Microsoft Outlook to become unresponsive.
Provides the ability to sync the Microsoft Edge IE Mode unidirectional session cookie when an administrator configures the session cookie.
Addresses an issue with rendering PeerDist-encoded content in Internet Explorer and Microsoft Edge.
Addresses an issue that might prevent ActiveX content from loading.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses an issue that might cause apps that use the custom text wrapping function to stop working in certain scenarios.
Addresses an issue with Start menu apps and tiles in virtual desktop infrastructure (VDI) environments. The issue occurs after you sign in to the VDI environment a second time and use a Remote Desktop User Profile Disk in a non-persistent virtual desktop pool.
Addresses an issue that generates an error when printing to a document repository.
Addresses an issue that prevents Visual Basic 6.0 (VB6) applications from using ListView in MSCOMCTL.OCX after upgrading to Windows 10, version 1903 and later.
Addresses a runtime error that causes VB6 to stop working when duplicate windows messages are sent to WindowProc().
Addresses an issue that causes a stop error when the initialization of the graphics adapter fails.
Addresses an issue to reduce the likelihood of missing fonts.
Addresses an issue that prevents users from reducing the size of a window in some cases.
Addresses an issue that causes the touch keyboard to close when you touch any key.
Addresses an issue that adds an unwanted keyboard layout as the default after an upgrade or migration even if you have already removed the layout.
Addresses an issue the prevents applications from closing even though programming code directs them to close.
Addresses an issue that causes attempts to take a screenshot of a window using the PrintWindow API to fail.
Addresses an issue with a memory leak in ctfmon.exe that occurs when you refresh an application that has an editable box.
Addresses an issue that truncates a potential list of characters (candidates) when you type characters in the Simplified Chinese (Pinyin) input method editor (IME). When this happens, Chinese characters do not appear.
Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears.
Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
Addresses an issue that prevents Cortana Smart lighting from working as expected if you shut down the machine while Fast Shutdown is enabled.
Provides the ability for Dolby Atmos for Headphones and DTS Headphone: X to be used in 24-bit mode on devices that support 24-bit audio.
Addresses an issue that prevents the IME user dictionary from being used when leveraging folder redirection with user profiles.
Addresses an issue that causes Microsoft Office applications to close unexpectedly when using a Korean IME.
Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
Addresses an issue with a blurry sign in screen.
Addresses an issue with Windows Update becoming unresponsive when checking for updates.
Addresses an issue that prevents the correct lock screen from appearing when the following policies are set
Policy "Interactive Logon: Do not require Ctrl+Alt+Del" set to "Disabled"
HKLMSOFRWAREPoliciesMicrosoftWindowsSystem
DisableLockScreenAppNotifications = 1
DisableLogonBackgroundImage = 1
Addresses an issue that causes File Explorer to stop working when you browse directories of raw images and other file types.
Improves the tablet experience for convertible or hybrid devices in docked scenarios.
Improves the user experience of the Windows Hello enrollment pages for face and fingerprint setup.
Prevents accounts from a different tenant from signing in to a Surface Hub device.
Updates time zone information for the Yukon, Canada.
Addresses stop error 0xC2 in usbccgp.sys.
Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears.
Addresses an issue that prevents the migration of the Windows Remote Management (WinRM) service startup type.
Addresses an issue with object performance counters.
Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) settings from roaming to enable the signature files that are used for new messages, forwarded messages, and replies.
Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
Addresses an issue with the EnhancedAppLayerSecurity node in modern device management (MDM) that prevents its setting from being applied correctly to client devices.
Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
Addresses an issue that prevents hash signing from working correctly when using the Microsoft Platform Crypto Provider for Trusted Platform Modules (TPM). This issue might also affect networking software, such as virtual private network (VPN) applications.
Addresses an issue that continues to display the previous username hint in the smart card sign in box after a different user has used the machine with domain credentials.
Addresses an issue that causes communication with the TPM to time out and fail.
Addresses an issue that sometimes prevents AppLocker from running an application whose publisher rule allows it to run.
Addresses an issue in which AppLocker publisher rules might sometimes prevent applications from loading software modules; this can cause partial application failure.
Addresses an issue that causes the promotion of a server to a domain controller to fail. This occurs when the Local Security Authority Subsystem Service (LSASS) process is set as Protected Process Light (PPL).
Addresses an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.
Addresses an issue that causes a system to stop working and generates a 7E stop code.
Addresses an issue that causes applications to take a long time to open.
Addresses classification failures caused by the wrong User Principal Name (UPN).
Addresses an issue in cluster scenarios that causes handles to .vmcx and .vmrs files to become invalid after storage failover. As a result, live migration and other virtual machine (VM) maintenance activities fail with STATUS_UNEXPECTED_NETWORK_ERROR.
Addresses an issue with interrupt targeting that might cause an interrupt to arrive at an incorrect processor.
Addresses an issue that causes delays during shutdown when running the Microsoft Keyboard Filter Service.
Addresses an issue that causes a machine to request a new IP address after authentication.
Addresses an issue that causes the Background Intelligent Transfer Service (BITS) to download data while a device is in cellular mode without explicit user permission.
Addresses an issue that prevents Always On VPN (AOVPN) from automatically reconnecting when resuming from Sleep or Hibernate.
Addresses an issue that causes AOVPN user tunnels to use an incorrect certificate.
Addresses an issue with AOVPN that occurs when user and device tunnels are configured to connect to the same endpoint.
Addresses an issue that causes VPN apps to stop working in some cases when they attempt to enumerate VPN profiles.
Addresses an issue that causes the Optimize Drives dialog to incorrectly report that previously optimized drives need to be optimized again.
Addresses an issue that fails to turn off the host memory buffer (HMB) when you force the shutdown of a device. As a result, solid-state drives (SSDs) do not delete HMB contents.
Addresses an issue that prevents apps from downloading an update or opening in certain scenarios.
Addresses an issue that might cause a stop error (0xC00002E3) at startup. This issue occurs after installing certain Windows Updates that were released on or after April 21, 2020.
Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
Addresses an issue with Server Message Block (SMB). This issue incorrectly logs the Microsoft-Windows-SMBClient 31013 event in the Microsoft-Windows-SMBClient/Security event log of an SMB client when an SMB server returns STATUS_USER_SESSION_DELETED. This issue occurs when SMB client users or applications open multiple SMB sessions using the same set of Transmission Control Protocol (TCP) connections on the same SMB Server. This issue most likely occurs on Remote Desktop Servers.
Addresses an issue that causes SMB to incorrectly use the original, cached non-Continuous Available handle to a file. This handle becomes invalid after a network error or storage failover. As a result, applications fail with errors such as STATUS_UNEXPECTED_NETWORK_ERROR.
Addresses an issue that causes the loss of written data when an application opens a file and writes to the end of the file in a share folder.
Addresses an issue with some apps, such as Microsoft Excel, that occurs when using the Microsoft Input Method Editor (IME) for Chinese and Japanese languages. You might receive an error, or the app might stop responding or close when you attempt to drag using the mouse.

New in Cumulative Updates for Windows 10 / Server 1909 - August 20, 2020 (Aug 30, 2020)

Highlights:
Updates an issue that causes the hard drive to fill up in certain error situations.
Updates an issue that prevents Microsoft Gaming Services from starting because of error 15612.
Updates time zone information for the Yukon, Canada.
Updates a visual offset issue on a touchscreen. Edits you make with a pen or finger appear in a different region than expected if the device is connected to an external monitor.
Updates an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
Updates an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.
Updates an issue that causes applications to take a long time to open.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue with pinned Add-ins that cause Microsoft Outlook to become unresponsive.
Provides the ability to sync the Microsoft Edge IE Mode unidirectional session cookie when an administrator configures the session cookie.
Addresses an issue that causes the hard drive to fill up in certain error situations.
Addresses an issue that prevents Microsoft Gaming Services from starting because of error 15612.
Addresses an issue that prevents Visual Basic 6.0 (VB6) applications from using ListView in MSCOMCTL.OCX after upgrading to Windows 10, version 1903 and later.
Addresses a runtime error that causes VB6 to stop working when duplicate windows messages are sent to WindowProc().
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Updates time zone information for the Yukon, Canada.
Addresses an issue that prevents the deletion of Notification State registries for certain apps even after the user profile is deleted.
Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears.
Addresses a visual offset issue on a touchscreen. Edits you make with a pen or finger appear in a different area than expected if the device is connected to an external monitor.
Addresses an issue that prevents Cortana Smart lighting from working as expected if you shut down the machine while Fast Shutdown is enabled.
Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
Addresses an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
Addresses an issue with File Explorer’s preview of .msg files when Microsoft Outlook 64-bit is installed.
Addresses an issue that causes all open Universal Windows Platform (UWP) apps to close unexpectedly. This occurs when their installer calls the Restart Manager to restart File Explorer (explorer.exe).
Addresses an issue that prevents Windows 8.1 apps from projecting to a secondary display when those apps use the StartProjectingAsync API.
Addresses an issue that causes user profile folder names to get excessively long, which might lead to MAX_PATH issues.
Addresses an issue that prevents a delegated user from importing a Group Policy object (GPO) even though the user has the required privilege.
Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears.
Addresses an issue that sends a high volume of events during a real-time session in a short period of time.
Addresses an issue with object performance counters.
Addresses an issue that causes an error if you open Microsoft OneDrive files on demand when User Experience Virtualization (UE-V) is enabled. To apply this solution, set the following DWORD to 1: “HKEY_LOCAL_MACHINESOFTWAREMicrosoftUEVAgentConfigurationApplyExplorerCompatFix”
Addresses an issue that causes the promotion of a server to a domain controller to fail. This occurs when the Local Security Authority Subsystem Service (LSASS) process is set as Protected Process Light (PPL).
Addresses an issue in which AppLocker publisher rules might sometimes prevent applications from loading software modules; this can cause partial application failure.
Addresses an issue that sometimes prevents AppLocker from running an application whose publisher rule allows it to run.
Addresses an issue that generates a “Sync stopped, Can't encrypt files” error when users attempt to sync their Work Folder. This issue occurs after you configure encrypted Work Folders on the client.
Addresses an issue that causes the CryptCATAdminCalcHashFromFileHandle() function to leak memory when it’s called. That memory is not reclaimed until the calling application closes.
Addresses an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.
Addresses an issue that causes applications to take a long time to open.
Addresses an issue that causes a system to stop working and generates a 7E stop code.
Addresses classification failures caused by the wrong User Principal Name (UPN).
Addresses an issue with a sleep system call on Glibc-2.31 or later that’s running on a Windows Subsystem for Linux 1 (WSL 1) distribution.
Adds support for WSL 2; for more information, see WSL 2 Support is coming to Windows 10 Versions 1903 and 1909.
Addresses an issue that might display Processor Frequency as zero (0) for certain processors.
Addresses an issue that causes delays during shutdown when running the Microsoft Keyboard Filter Service.
Addresses an issue that prevents a host’s virtual private network (VPN) connection from sharing with virtual machines (VM) connected to the Default Switch.
Addresses an issue with sourcing the root domain directory partition of a global catalog from a child domain controller (DC) when promoting, unhosting, or rehosting the DC. This might cause LSASS to consume all the available memory on the child DC. This issue is specific to Active Directory forests that contain 100 or more domain controllers.
Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.
Addresses an issue that might prevent the cluster service from starting and generates the error “2245 (NERR_PasswordTooShort)”. This occurs if you configure the “Minimum Password Length” Group Policy with more than 14 characters. For more information, see KB4557232.
Addresses an issue that causes the configuration of the “Minimum Password Length” Group Policy with more than 14 characters to have no effect. For more information, see KB4557232.
Addresses an issue that causes the loss of written data when an application opens a file and writes to the end of the file in a share folder.
Addresses an issue with Server Message Block (SMB). This issue incorrectly logs the Microsoft-Windows-SMBClient 31013 event in the Microsoft-Windows-SMBClient/Security event log of an SMB client when an SMB server returns STATUS_USER_SESSION_DELETED. This issue occurs when SMB client users or applications open multiple SMB sessions using the same set of Transmission Control Protocol (TCP) connections on the same SMB Server. This issue most likely occurs on Remote Desktop Servers.

New in Cumulative Updates for Windows 10 / Server 1903 - August 20, 2020 (Aug 30, 2020)

Highlights:
Updates an issue that causes the hard drive to fill up in certain error situations.
Updates an issue that prevents Microsoft Gaming Services from starting because of error 15612.
Updates time zone information for the Yukon, Canada.
Updates a visual offset issue on a touchscreen. Edits you make with a pen or finger appear in a different region than expected if the device is connected to an external monitor.
Updates an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
Updates an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.
Updates an issue that causes applications to take a long time to open.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue with pinned Add-ins that cause Microsoft Outlook to become unresponsive.
Provides the ability to sync the Microsoft Edge IE Mode unidirectional session cookie when an administrator configures the session cookie.
Addresses an issue that causes the hard drive to fill up in certain error situations.
Addresses an issue that prevents Microsoft Gaming Services from starting because of error 15612.
Addresses an issue that prevents Visual Basic 6.0 (VB6) applications from using ListView in MSCOMCTL.OCX after upgrading to Windows 10, version 1903 and later.
Addresses a runtime error that causes VB6 to stop working when duplicate windows messages are sent to WindowProc().
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Updates time zone information for the Yukon, Canada.
Addresses an issue that prevents the deletion of Notification State registries for certain apps even after the user profile is deleted.
Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears.
Addresses a visual offset issue on a touchscreen. Edits you make with a pen or finger appear in a different area than expected if the device is connected to an external monitor.
Addresses an issue that prevents Cortana Smart lighting from working as expected if you shut down the machine while Fast Shutdown is enabled.
Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
Addresses an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
Addresses an issue with File Explorer’s preview of .msg files when Microsoft Outlook 64-bit is installed.
Addresses an issue that causes all open Universal Windows Platform (UWP) apps to close unexpectedly. This occurs when their installer calls the Restart Manager to restart File Explorer (explorer.exe).
Addresses an issue that prevents Windows 8.1 apps from projecting to a secondary display when those apps use the StartProjectingAsync API.
Addresses an issue that causes user profile folder names to get excessively long, which might lead to MAX_PATH issues.
Addresses an issue that prevents a delegated user from importing a Group Policy object (GPO) even though the user has the required privilege.
Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears.
Addresses an issue that sends a high volume of events during a real-time session in a short period of time.
Addresses an issue with object performance counters.
Addresses an issue that causes an error if you open Microsoft OneDrive files on demand when User Experience Virtualization (UE-V) is enabled. To apply this solution, set the following DWORD to 1: “HKEY_LOCAL_MACHINESOFTWAREMicrosoftUEVAgentConfigurationApplyExplorerCompatFix”
Addresses an issue that causes the promotion of a server to a domain controller to fail. This occurs when the Local Security Authority Subsystem Service (LSASS) process is set as Protected Process Light (PPL).
Addresses an issue in which AppLocker publisher rules might sometimes prevent applications from loading software modules; this can cause partial application failure.
Addresses an issue that sometimes prevents AppLocker from running an application whose publisher rule allows it to run.
Addresses an issue that generates a “Sync stopped, Can't encrypt files” error when users attempt to sync their Work Folder. This issue occurs after you configure encrypted Work Folders on the client.
Addresses an issue that causes the CryptCATAdminCalcHashFromFileHandle() function to leak memory when it’s called. That memory is not reclaimed until the calling application closes.
Addresses an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.
Addresses an issue that causes applications to take a long time to open.
Addresses an issue that causes a system to stop working and generates a 7E stop code.
Addresses classification failures caused by the wrong User Principal Name (UPN).
Addresses an issue with a sleep system call on Glibc-2.31 or later that’s running on a Windows Subsystem for Linux 1 (WSL 1) distribution.
Adds support for WSL 2; for more information, see WSL 2 Support is coming to Windows 10 Versions 1903 and 1909.
Addresses an issue that might display Processor Frequency as zero (0) for certain processors.
Addresses an issue that causes delays during shutdown when running the Microsoft Keyboard Filter Service.
Addresses an issue that prevents a host’s virtual private network (VPN) connection from sharing with virtual machines (VM) connected to the Default Switch.
Addresses an issue with sourcing the root domain directory partition of a global catalog from a child domain controller (DC) when promoting, unhosting, or rehosting the DC. This might cause LSASS to consume all the available memory on the child DC. This issue is specific to Active Directory forests that contain 100 or more domain controllers.
Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.
Addresses an issue that might prevent the cluster service from starting and generates the error “2245 (NERR_PasswordTooShort)”. This occurs if you configure the “Minimum Password Length” Group Policy with more than 14 characters. For more information, see KB4557232.
Addresses an issue that causes the configuration of the “Minimum Password Length” Group Policy with more than 14 characters to have no effect. For more information, see KB4557232.
Addresses an issue that causes the loss of written data when an application opens a file and writes to the end of the file in a share folder.
Addresses an issue with Server Message Block (SMB). This issue incorrectly logs the Microsoft-Windows-SMBClient 31013 event in the Microsoft-Windows-SMBClient/Security event log of an SMB client when an SMB server returns STATUS_USER_SESSION_DELETED. This issue occurs when SMB client users or applications open multiple SMB sessions using the same set of Transmission Control Protocol (TCP) connections on the same SMB Server. This issue most likely occurs on Remote Desktop Servers.

New in Cumulative Updates for Windows 10 / Server 1809 - August 20, 2020 (Aug 30, 2020)

Highlights:
Updates time zone information for the Yukon, Canada.
Updates an intermittent issue that causes a touchscreen to stop working after several sleep and wake cycles.
Updates an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
Updates an issue that causes applications to take a long time to open.
Updates an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Provides the ability to sync the Microsoft Edge IE Mode unidirectional session cookie when an administrator configures the session cookie.
Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.
Addresses an issue that, in certain scenarios, causes the GetConsoleWindow function to return an unusable value within a process that started with a CREATE_NO_WINDOW flag.
Updates time zone information for the Yukon, Canada.
Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
Addresses an intermittent issue that causes a touchscreen to stop working after several sleep and wake cycles.
Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
Addresses an issue with File Explorer’s preview of .msg files when Microsoft Outlook 64-bit is installed.
Addresses an issue that causes all open Universal Windows Platform (UWP) apps to close unexpectedly. This occurs when their installer calls the Restart Manager to restart File Explorer (explorer.exe).
Addresses an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
Addresses an issue that causes user profile folder names to get excessively long, which might lead to MAX_PATH issues.
Addresses an issue with unexpected notifications related to changing default applications settings.
Addresses an issue that creates random line breaks in PowerShell’s console error output when the output is redirected.
Addresses an issue that prevents a delegated user from importing a Group Policy object (GPO) even though the user has the required privilege.
Addresses an issue with Windows Management Instrumentation (WMI) queries that contain case insensitive names that affect the Patch Management solution for a customer.
Addresses an issue with object performance counters.
Addresses an issue that causes an error if you open Microsoft OneDrive files on demand when User Experience Virtualization (UE-V) is enabled. To apply this solution, set the following DWORD to 1: “HKEY_LOCAL_MACHINESOFTWAREMicrosoftUEVAgentConfigurationApplyExplorerCompatFix”
Addresses an issue that causes applications to take a long time to open.
Addresses an issue that sometimes prevents AppLocker from running an application whose publisher rule allows it to run.
Addresses an issue in which AppLocker publisher rules might sometimes prevent applications from loading software modules; this can cause partial application failure.
Addresses an issue that causes the CryptCATAdminCalcHashFromFileHandle() function to leak memory when it’s called. That memory is not reclaimed until the calling application closes.
Addresses an issue that might prevent the cluster service from starting and generates the error “2245 (NERR_PasswordTooShort)”. This occurs if you configure the “Minimum Password Length” Group Policy with more than 14 characters. For more information, see KB4557232.
Addresses an issue that causes the configuration of the “Minimum Password Length” Group Policy with more than 14 characters to have no effect. For more information, see KB4557232.
Addresses an issue that causes a system to stop working and generates a 7E stop code.
Addresses an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.
Addresses classification failures caused by the wrong User Principal Name (UPN).
Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer Systems Interface (SCSI) command.
Addresses an issue that might display Processor Frequency as zero (0) for certain processors.
Addresses an issue with a sleep system call on Glibc-2.31 or later that’s running on a Windows Subsystem for Linux 1 (WSL 1) distribution.
Addresses an issue that causes delays during shutdown when running the Microsoft Keyboard Filter Service.
Addresses a transient network disconnection issue that may happen when you enable packet capturing using "netsh start trace capture=yes". This issue might also occur when you install third-party Network Driver Interface Specification (NDIS) filter drivers.
Addresses an issue in Software Load Balancing scenarios that prevents a connection from being responsive to TCP resets.
Introduces support for Direct Server Return (DSR) configuration for container load balancers that are created by the Host Networking Service (HNS).
Adds new functionality to the robocopy command.
Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.
Addresses a Security Assertion Markup Language (SAML) Scoping support issue in the Active Directory Federation Service (AD FS) that is related to entityID and IDPList. For more information, see section 3.4.1.2 of the SAML Core specification.
Addresses an issue that logs incorrect IPs in the audit logs for Windows Transport requests because of missing or outdated data.
Addresses an issue that prevents Account activity cmdlets from executing when you specify an identity that is not in a UPN format.
Addresses an issue with Server Message Block (SMB). This issue incorrectly logs the Microsoft-Windows-SMBClient 31013 event in the Microsoft-Windows-SMBClient/Security event log of an SMB client when an SMB server returns STATUS_USER_SESSION_DELETED. This issue occurs when SMB client users or applications open multiple SMB sessions using the same set of Transmission Control Protocol (TCP) connections on the same SMB Server. This issue most likely occurs on Remote Desktop Servers.
Addresses an issue with the CsvFs driver that prevents the Win32 API from accessing SQL Server Filestream data. This occurs when you store that data on a Cluster Shared Volume in a SQL Server failover cluster instance on Azure VMs.
Addresses an issue with the Remote Desktop Session Host (RDSH) that fails to open the Start menu for mandatory profile users.
Addresses an issue that might cause a stop error (0xC00002E3) at startup. This issue occurs after installing certain Windows Updates that were released on or after April 21, 2020.
Addresses a runtime error that causes Visual Basic 6.0 (VB6) to stop working when duplicate windows messages are sent to WindowProc().

New in Cumulative Updates for Windows 10 / Server 2004 - August 11, 2020 (Aug 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1909 - August 11, 2020 (Aug 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1903 - August 11, 2020 (Aug 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1809 - August 11, 2020 (Aug 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1803 - August 11, 2020 (Aug 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1709 - August 11, 2020 (Aug 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1703 - August 11, 2020 (Aug 12, 2020)

New in Cumulative Updates for Windows 10 / Server 1607 - August 11, 2020 (Aug 12, 2020)

Highlights:
Updates an issue that causes File Explorer to close unexpectedly when creating shortcuts.
Updates for verifying usernames and passwords.
Updates to improve security when Windows performs basic operations.
Updates for storing and managing files.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.
Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.
Addresses an issue with loading Browser Helper Objects in Microsoft Edge IE mode.
Addresses an issue that causes certain applications to stop responding when under load if they rely on the JScript Scripting Engine.
Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
Addresses an issue that causes File Explorer to close unexpectedly when creating shortcuts.
Addresses an issue that causes Remote Server Administration Tools (RSAT) to stop working on Windows 10 machines. This occurs when you create or edit a Group Policy Object that contains a Scheduled Task.
Addresses a race condition that occurs when you run multiple PowerShell scripts simultaneously.
Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of CVE-2020-1509, UWP applications might begin prompting the user for credentials.
Addresses an issue in cluster scenarios that causes handles to .vmcx and .vmrs files to become invalid after storage failover. As a result, live migration and other virtual machine (VM) maintenance activities fail with STATUS_UNEXPECTED_NETWORK_ERROR.
Updates the message users receive that tells them to check their phone for notifications from the Microsoft Authenticator application. This message only appears when authentication is done using the AD FS Azure Multi-Factor Authentication (MFA) adapter.
Addresses an issue that might cause a stop error (0xC00002E3) at startup. This issue occurs after installing certain Windows Updates that were released on or after April 21, 2020.
Security updates to the Microsoft Scripting Engine, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Storage and Filesystems, Windows File Server and Clustering, Windows App Platform and Frameworks, Windows Hybrid Storage Services, Microsoft JET Database Engine, and Windows Remote Desktop.

New in Cumulative Updates for Windows 10 / Server 1507 - August 11, 2020 (Aug 12, 2020)

New in Cumulative Updates for Windows 10 / Server 2004 - July 31, 2020 (Aug 2, 2020)

Highlights:
Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
Updates an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
Updates an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming.
Updates an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
Updates an issue that prevents some applications from printing to network printers.
Updates an issue that might prevent internet connectivity on some cellular modems after upgrading to Windows 10, version 2004.
Updates an issue that prevents family safety features, such as time limits and activity reporting, from working on ARM64 devices.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue that prevents you from using sharing functionality in Microsoft Office. This occurs when Conditional Access is enabled.
Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.
Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.
Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
Addresses an issue that might cause Microsoft browsers to incorrectly bypass proxy servers.
Addresses an issue in the Windows Push Notification (WNS) service that prevents you from selecting a virtual private network (VPN) interface to make outbound connections. As a result, you lose connectivity with the WNS service when forced tunneling is used.
Addresses an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.
Addresses an issue that might display 4K high dynamic range (HDR) content darker than expected when you configure certain non-HDR systems for HDR Streaming.
Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
Addresses an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.
Addresses an issue that causes all open Universal Windows Platform (UWP) apps to close unexpectedly. This occurs when their installer calls the Restart Manager to restart File Explorer (explorer.exe).
Addresses an issue that prevents Windows 8.1 apps from projecting to a secondary display when those apps use the StartProjectingAsync API.
Addresses an issue that prevents family safety features, such as time limits and activity reporting, from working on ARM64 devices.
Addresses an issue with File Explorer’s preview of .msg files when Microsoft Outlook 64-bit is installed.
Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
Addresses an issue that might prevent certain display driver reset utilities from properly reinstalling the same driver on the system.
Addresses a reliability issue in WDF01000.sys.
Addresses an issue that causes memory leaks when an application calls the CryptCATAdminCalcHashFromFileHandle() function. The leaked memory is reclaimed when the application closes.
Improves support for non-ASCII file paths for Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
Addresses an issue that prevents some machines from automatically going into Sleep mode under certain circumstances because of Microsoft Defender ATP Auto IR.
Addresses an issue that prevents some machines from running Microsoft Defender ATP Threat & Vulnerability Management successfully.
Addresses an issue that prevents Microsoft Defender ATP from applying file exclusions in some cases, which leads to application compatibility issues.
Addresses an issue in Microsoft Defender ATP that prevents some machines from reporting the installed applications to Threat & Vulnerability Management.
Addresses an issue that causes automatic investigations to fail in Microsoft Defender ATP.
Improves Microsoft Defender ATP's ability to identify malicious code injection activities.
Addresses an issue that prevents some applications from printing to network printers.
Addresses an issue that might cause a printer to be a hidden device in Device Manager after a restart.
Addresses an issue that might cause the Print Management console to display script errors when you enable the Extended View option.
Addresses an issue that causes printing to fail in certain scenarios.
Addresses an issue that might prevent a Windows 10 device from reaching the internet when using a wireless wide area network (WWAN) LTE modem. However, the Network Connectivity Status Indicator (NCSI) in the notification area might still indicate that you are connected to the internet.
Addresses an issue that might prevent internet connectivity on some cellular modems after upgrading to Windows 10, version 2004.
Addresses an issue that causes telephony applications to lose the first four digits.
Addresses an issue with in-memory parity bitmaps that can cause data integrity issues on Parity Storage Spaces.
Addresses an issue that prevents the creation of a storage pool using Manage Storage Spaces in Control panel.
Addresses an issue that might cause the Microsoft Remote Assistance process (msra.exe) to stop working when a user is receiving assistance during a computer session. The error is 0xc0000005 or 0xc0000409.

New in Cumulative Updates for Windows 10 / Server 1909 - July 21, 2020 (Jul 24, 2020)

Highlights:
Updates an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
Updates File Explorer to allow you to delete previous terms from the search box.
Updates an issue that causes File Explorer to stop working when you browse directories of raw images and other file types.
Updates an issue that prevents the system from recognizing the Windows Hello face camera.
Updates an issue that might prevent a Windows 10 device from reaching the internet when using a wireless wide area network (WWAN) LTE modem.
Updates an issue that prevents family safety features, such as time limits and activity reporting, from working on ARM64 devices.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue that prevents you from using sharing functionality in Microsoft Office. This occurs when Conditional Access is enabled.
Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.
Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.
Addresses an issue that causes provisioning for the Universal Windows Platform (UWP) to fail in certain scenarios when using Deployment Image Servicing and Management (DISM).
Addresses an issue that prevents you from opening documents in SharePoint in certain scenarios.
Addresses an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
Addresses an issue with Start menu apps and tiles in virtual desktop infrastructure (VDI) environments. The occurs after you sign in a second time and are using a Remote Desktop User profile Disk in a non-persistent virtual desktop pool.
Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.
Addresses an issue that might cause apps that use the custom text wrapping function to stop working in certain scenarios.
Addresses an issue that might increase the number of handles when using Microsoft Outlook.
Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
Addresses an issue that incorrectly calculates long path addresses that have Unicode characters outside of the current system.
Updates File Explorer to allow you to delete previous terms from the search box.
Addresses an issue that causes File Explorer to stop working when you browse directories of raw images and other file types.
Addresses an issue that prevents the migration of the Windows Remote Management (WinRM) service startup type.
Addresses an issue that prevents internet of things (IoT) devices from activating after installing an earlier cumulative update.
Addresses an issue that prevents family safety features, such as time limits and activity reporting, from working on ARM64 devices.
Addresses an issue that continues to display the previous username hint in the smart card sign in box after a different user has used the machine with domain credentials.
Addresses an issue that causes an upgrade from Windows 10, version 1903 or Windows 10, version 1909 to fail. This occurs when a system is joined to Azure Active Directory and BitLocker is configured for a PIN protector.
Addresses an issue that causes lsass.exe to stop working on a terminal server when you enable Remote Credential Guard. The exception code is 0xc0000374.
Addresses an issue that prevents the system from recognizing the Windows Hello face camera.
Addresses an issue that prevents Microsoft Defender Advanced Threat Protection (ATP) from applying file exclusions in some cases, which leads to application compatibility issues.
Addresses an issue that causes automatic investigations to fail in Microsoft Defender ATP.
Improves Microsoft Defender ATP's ability to identify malicious code injection activities.
Addresses an issue that displays strange characters before the day, month, and year fields in the output from console commands.
Updates dcpromo.exe to remove the "Network access: Restrict clients allowed to make remote calls to SAM" policy from member servers when they are promoted to domain controllers. This allows clients to make Security Accounts Manager (SAM) connections to these domain controllers.
Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.
Addresses an issue that incorrectly reports Lightweight Directory Access Protocol (LDAP) sessions as unsecure sessions in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.
Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
Addresses an issue that causes built-in modern applications to stop working on devices configured to use mandatory or roaming user profiles. The error is 802b000a (E_XAMLPARSEFAILED).
Addresses an issue that logs a Distributed Component Object Model (DCOM) error in the System event log when the Distributed File System (DFS) Replication service is started.
Addresses an issue that might prevent a Windows 10 device from reaching the internet when using a wireless wide area network (WWAN) LTE modem. However, the Network Connectivity Status Indicator (NCSI) in the notification area might still indicate that you are connected to the internet.
Addresses an issue that might cause the Microsoft Remote Assistance process (msra.exe) to stop working when a user is receiving assistance during a computer session. The error is 0xc0000005 or 0xc0000409.
Addresses an issue that causes Server Message Block (SMB) to incorrectly use the original, cached non-Continuous Available handle to a file, which becomes invalid after a network error or storage failover. As a result, applications to fail with errors such as STATUS_UNEXPECTED_NETWORK_ERROR.

New in Cumulative Updates for Windows 10 / Server 1903 - July 21, 2020 (Jul 24, 2020)

Highlights:
Updates an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
Updates File Explorer to allow you to delete previous terms from the search box.
Updates an issue that causes File Explorer to stop working when you browse directories of raw images and other file types.
Updates an issue that prevents the system from recognizing the Windows Hello face camera.
Updates an issue that might prevent a Windows 10 device from reaching the internet when using a wireless wide area network (WWAN) LTE modem.
Updates an issue that prevents family safety features, such as time limits and activity reporting, from working on ARM64 devices.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue that prevents you from using sharing functionality in Microsoft Office. This occurs when Conditional Access is enabled.
Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.
Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.
Addresses an issue that causes provisioning for the Universal Windows Platform (UWP) to fail in certain scenarios when using Deployment Image Servicing and Management (DISM).
Addresses an issue that prevents you from opening documents in SharePoint in certain scenarios.
Addresses an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
Addresses an issue with Start menu apps and tiles in virtual desktop infrastructure (VDI) environments. The occurs after you sign in a second time and are using a Remote Desktop User profile Disk in a non-persistent virtual desktop pool.
Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.
Addresses an issue that might cause apps that use the custom text wrapping function to stop working in certain scenarios.
Addresses an issue that might increase the number of handles when using Microsoft Outlook.
Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
Addresses an issue that incorrectly calculates long path addresses that have Unicode characters outside of the current system.
Updates File Explorer to allow you to delete previous terms from the search box.
Addresses an issue that causes File Explorer to stop working when you browse directories of raw images and other file types.
Addresses an issue that prevents the migration of the Windows Remote Management (WinRM) service startup type.
Addresses an issue that prevents internet of things (IoT) devices from activating after installing an earlier cumulative update.
Addresses an issue that prevents family safety features, such as time limits and activity reporting, from working on ARM64 devices.
Addresses an issue that continues to display the previous username hint in the smart card sign in box after a different user has used the machine with domain credentials.
Addresses an issue that causes an upgrade from Windows 10, version 1903 or Windows 10, version 1909 to fail. This occurs when a system is joined to Azure Active Directory and BitLocker is configured for a PIN protector.
Addresses an issue that causes lsass.exe to stop working on a terminal server when you enable Remote Credential Guard. The exception code is 0xc0000374.
Addresses an issue that prevents the system from recognizing the Windows Hello face camera.
Addresses an issue that prevents Microsoft Defender Advanced Threat Protection (ATP) from applying file exclusions in some cases, which leads to application compatibility issues.
Addresses an issue that causes automatic investigations to fail in Microsoft Defender ATP.
Improves Microsoft Defender ATP's ability to identify malicious code injection activities.
Addresses an issue that displays strange characters before the day, month, and year fields in the output from console commands.
Updates dcpromo.exe to remove the "Network access: Restrict clients allowed to make remote calls to SAM" policy from member servers when they are promoted to domain controllers. This allows clients to make Security Accounts Manager (SAM) connections to these domain controllers.
Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.
Addresses an issue that incorrectly reports Lightweight Directory Access Protocol (LDAP) sessions as unsecure sessions in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.
Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
Addresses an issue that causes built-in modern applications to stop working on devices configured to use mandatory or roaming user profiles. The error is 802b000a (E_XAMLPARSEFAILED).
Addresses an issue that logs a Distributed Component Object Model (DCOM) error in the System event log when the Distributed File System (DFS) Replication service is started.
Addresses an issue that might prevent a Windows 10 device from reaching the internet when using a wireless wide area network (WWAN) LTE modem. However, the Network Connectivity Status Indicator (NCSI) in the notification area might still indicate that you are connected to the internet.
Addresses an issue that might cause the Microsoft Remote Assistance process (msra.exe) to stop working when a user is receiving assistance during a computer session. The error is 0xc0000005 or 0xc0000409.
Addresses an issue that causes Server Message Block (SMB) to incorrectly use the original, cached non-Continuous Available handle to a file, which becomes invalid after a network error or storage failover. As a result, applications to fail with errors such as STATUS_UNEXPECTED_NETWORK_ERROR.

New in Cumulative Updates for Windows 10 / Server 1809 - July 21, 2020 (Jul 24, 2020)

Highlights:
Updates an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
Improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.
Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.
Addresses an issue that might cause the Magnifier to stop working in Microsoft Excel in certain scenarios. As a result, Microsoft Excel might also stop working.
Addresses an issue that might cause apps that use the custom text wrapping function to stop working in certain scenarios.
Addresses an issue that prevents you from opening documents in SharePoint in certain scenarios.
Addresses a reliability issue in dxgkrnl.sys that might cause stop error 0x50 PAGE_FAULT_IN_NONPAGED_AREA.
Addresses an issue that might increase the number of handles when using Microsoft Outlook.
Addresses an issue that causes an application to flicker or stop responding when sharing the application using Microsoft Teams.
Addresses an issue that incorrectly calculates long path addresses that have Unicode characters outside of the current system.
Addresses an issue that prevents Windows 8.1 apps from projecting to a secondary display when those apps use the StartProjectingAsync API.
Addresses an issue that prevents Event Viewer from saving a full set of filtered events when you filter by the date.
Addresses an issue that continues to display the previous username hint in the smart card sign in box after a different user has used the machine with domain credentials.
Addresses an issue that causes lsass.exe to stop working on a terminal server when you enable Remote Credential Guard. The exception code is 0xc0000374.
Addresses an issue that prevents Microsoft Defender Advanced Threat Protection (ATP) from applying file exclusions in some cases, which leads to application compatibility issues.
Addresses an issue that causes automatic investigations to fail in Microsoft Defender ATP.
Improves Microsoft Defender ATP's ability to identify malicious code injection activities.
Addresses an issue that causes the network controller (NC) host agent to incorrectly report that a virtual machine (VM) has moved.
Addresses an issue that might cause a deadlock in the Wired AutoConfig (dot3svc) service.
Addresses an issue that might prevent applications from running as expected on Active Directory Federation Services 2019 (AD FS 2019) clients. This occurs when applications use an iFrame during non-interactive authentication requests and receive X-Frame-Options set to DENY.
Addresses an issue that incorrectly reports Lightweight Directory Access Protocol (LDAP) sessions as unsecure sessions in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.
Updates the message users receive that tells them to check their phone for notifications from the Microsoft Authenticator application. This message only appears when authentication is done using the AD FS Azure Multi-Factor Authentication (MFA) adapter.
Updates dcpromo.exe to remove the "Network access: Restrict clients allowed to make remote calls to SAM" policy on member servers when they are promoted to domain controllers. This allows clients to make Security Accounts Manager (SAM) connections to these domain controllers.
Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.
Addresses an issue that might cause stop error 7E in nfssvr.sys on servers running the Network File System (NFS) service.
Addresses an issue that discards the Remote Desktop Gateway Secure Sockets Layer (SSL) Bridging settings and resets them to the default.
Addresses an issue that prevents you from updating the port number for HTTPS or the User Datagram Protocol (UDP) settings in the Remote Desktop Gateway Manager.
Addresses an issue that occurs when a standalone Remote Desktop Session Host (RDSH) server allows multiple sessions per user. After disconnecting from a session, if you attempt to reconnect to the original session, the server creates a new session instead.
Addresses an issue that causes the Windows Management Instrumentation (WMI) Provider Host (WmiPrvSE.exe) to leak registry key handles when querying Win32_RDCentralPublishedDeploymentSettings.
Addresses an issue that logs a Distributed Component Object Model (DCOM) error in the System event log when the Distributed File System (DFS) Replication service is started.
Addresses an issue that might cause the Microsoft Remote Assistance process (msra.exe) to stop working when a user is receiving assistance during a computer session. The error is 0xc0000005 or 0xc0000409.
Addresses an issue that causes Server Message Block (SMB) to incorrectly use the original, cached non-Continuous Available handle to a file, which becomes invalid after a network error or storage failover. As a result, applications to fail with errors such as STATUS_UNEXPECTED_NETWORK_ERROR.
Addresses an issue in SMB that causes Windows Server 2019 to stop working when using 100 GB network interface cards (NIC). This only applies to Storage Spaces Direct (S2D) and SMB Daemon (SMBD) scenarios.

New in Cumulative Updates for Windows 10 / Server 2004 - July 14, 2020 (Jul 24, 2020)

Highlights:
Improves security in the Microsoft Store.
Updates to improve security when using input devices (such as a mouse, keyboard, or stylus).
Updates to improve security when Windows performs basic operations.
Updates for storing and managing files.
Updates an issue that might cause certain games and applications to have visual distortion when resizing in windowed mode or switching from full screen to window mode.
Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.
Updates an issue that might prevent some applications from printing documents that contain graphics or large files.
Updates an issue that might prevent you from connecting to OneDrive using the OneDrive app.
Improvements and fixes:
This security update includes quality improvements. Key changes include:
Addresses an issue in certain apps that use the ImeMode property to control Input Method Editor (IME) mode in Windows 10, version 2004 (the May 2020 Update). For example, this issue prevents input mode from automatically switching to Full-width Katakana mode, Full-width Alphanumeric mode, or Full-width Hiragana mode. For more information, see KB4564002 and the blog post, Getting the May 2020 Update Ready for Release - UPDATED.
Addresses an issue that might prevent you from using PowerShell to change the system locale on Server Core platforms.
Addresses an issue that might cause certain games and applications to have visual distortion when resizing in windowed mode or switching from full screen to window mode.
Addresses an issue that might cause lsass.exe to fail with the error message, “A critical system process, C:WINDOWSsystem32lsass.exe, failed with status code c0000008. The machine must now be restarted."
Addresses an issue that might prevent some applications from printing documents that contain graphics or large files after installing Windows Updates released June 9, 2020.
Addresses an issue that might prevent you from connecting to OneDrive using the OneDrive app. This issue occurs on some older devices or on devices that have older apps, which use legacy file system filter drivers. As a result, this might prevent these devices from downloading new files or opening previously synced or downloaded files.
Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, the Microsoft Store, Windows Graphics, Windows Input and Composition, Windows Media, Windows Shell, Windows Fundamentals, Windows Management, Windows Kernel, Windows Hybrid Cloud Networking, Windows Storage and Filesystems, Windows Update Stack, Windows MSXML, Windows File Server and Clustering, Windows Remote Desktop, Internet Explorer, Microsoft Edge Legacy, and the Microsoft JET Database Engine.