This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
- Addressed rare issue where fonts may be corrupted after the Out of Box Experience is completed. This issue occurs on images that have multiple language packs installed.
-
Addressed issue where downloading updates using express installation files may fail after installing OS Updates 14393.1670 through 14393.1770.
-
Addressed issue that causes an error when trying to access shares on a file server.
-
Addressed issue that prevents Windows Error Reporting from saving error reports in a temporary folder that is recreated with incorrect permissions. Instead, the temporary folder is inadvertently deleted.
-
Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role.
-
Addressed issue where restricting the RPC port of the Next Generation Credentials (Windows Hello) service causes the system to stop responding when logging on.
-
Addressed issue where Personal Identity Verification (PIV) smart card PINs are not cached on a per-application basis. This causes users to see the PIN prompt multiple times in a short time period. Normally, the PIN prompt only displays once.
-
Improved M.2 NVMe SSD throughput when the queue size increases.
-
Addressed issue where running Event Tracing for Windows with Volsnap may result in error 0x50.
-
Addressed issue where using the Robocopy utility to copy a SharePoint document library, which is mounted as a drive letter, fails to copy files. However, in this scenario, Robocopy copies folders successfully.
-
Addressed issue where Miniports that make 64-bit DMA requests from a single 4 GB region may fail, preventing the system from booting.
-
Addressed issue where a disk losing communication with its S2D cluster may lead to a stale fault domain descriptor for the enclosure.
-
Addressed issue where, if an update to a pool config header occurs when it’s performing a read function, a stop error may occur in a Windows Server 2016 Storage Spaces Directory (S2D) deployment.
-
Addressed issue to allow UEFI-based customers to pre-stage UEFI-based Gen 2 VMs to run Windows Setup automatically.
-
Addressed issue that intermittently misdirects AD Authority requests to the wrong Identity Provider because of incorrect caching behavior. This can affect authentication features like Multi-Factor Authentication.
-
Added the ability for AAD Connect Health to report AD FS server health with correct fidelity (using verbose auditing) on mixed WS2012R2 and WS2016 AD FS farms.
-
Addressed issue where the PowerShell cmdlet that raises the farm behavior level fails with a timeout during the upgrade from the 2012 R2 AD FS farm to AD FS 2016. The failure occurs because there are many relying party trusts.
-
Addressed issue where adding user rights to an RMS template causes the Active Directory RMS management console (mmc.exe) to stop working with an unexpected exception.
-
Addressed issue where AD FS causes authentication failures by modifying the WCT parameter value while federating the requests to another Security Token Server (STS).
-
Updated the SPN and UPN uniqueness feature to work within the forest root tree and across other trees in the forest. The updated NTDSAI.DLL won't allow a subtree to add an SPN or a UPN as a duplicate across the entire forest.
-
Addressed issue where the language bar stays open after closing a RemoteApp application, which prevents sessions from being disconnected.
- Addressed issue where the working directory of RemoteApps on Server 2016 is set to %windir%\System32 regardless of the application's directory.
- Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
-
Addressed issue where the ServerSecurityDescriptor registry value doesn't migrate when you upgrade to Windows 10 1607. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.
-
Addressed issue where policies are not pushed for servers that have an updated Instance ID. This occurs when synchronizing the removal of the old server resources with the notifications about NICs (port profile changes) from the host.
-
Addressed issue where SD propagation stops working when you manually trigger Security Descriptor propagation (SDPROP) by setting the RootDse attribute FixupInheritance to 1. After setting this attribute, SD propagation and permissions changes made on Active Directory objects don't propagate to child objects. No errors are logged.
-
Added support for LTO8 tape drives into ltotape.sys for Windows Server 2016.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.
Windows Update Client Improvement
Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed the most recent updates and are not currently managed (e.g., domain joined).