This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
-
Addresses an issue that causes modern applications to reappear after upgrading the OS version even though those applications have been deprovisioned using remove-AppXProvisionedPackages-Online.
-
Addresses an issue in which running an application as an administrator causes the application to stop working when pasting the user name or password into the user elevation prompt (LUA).
-
Addresses an issue that causes Skype and Xbox to stop working.
-
Addresses an issue that prevents Autodiscover in Microsoft Outlook 2013 from being used to set up email accounts when UE-V is enabled.
-
Addresses an issue where AppLocker publisher rules applied to MSI files don’t match the files correctly.
-
Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.
-
Addresses an issue that prevents users from unlocking their session and sometimes displays incorrect user-name@domain-name information on the logon screen when multiple users log on to a machine using fast user switching. This specifically happens when users are logging on from several different domains, are using the UPN format for their domain credentials (user-name@domain-name), and are switching between users using fast user switching.
-
Addresses an issue that causes the browser to prompt for credentials often instead of only once when using the Office Chrome extension.
-
Addresses an issue related to smart cards that allow PINs or biometric entry. If the user enters an incorrect PIN or biometric input (e.g., a fingerprint), an error appears, and the user must wait up to 30 seconds. With this change, the 30-second delay is no longer required.
-
Increases the user account minimum password length in Group Policy from 14 to 20 characters.
-
Addresses an issue that displays name-constraint information incorrectly when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.
-
Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered
NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413
-
Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
-
Addresses an issue in which resetting the Windows Hello PIN at the logon prompt puts the system in a state that makes resetting the PIN again impossible.
-
Addresses an issue where the right-click context menu for encrypting and decrypting files using Windows Explorer is missing.
-
Addresses an issue that suspends BitLocker or Device Encryption during device unenrollment instead of keeping the drive protected.
-
Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy.
-
Addresses an issue that may cause a file system mini-filter to fail to unload because of a leak in Filter Manager, which requires a restart.
-
Addresses an issue that causes the connection bar to be missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.
-
Addresses an issue that prevents certain devices from working on Windows 10, version 1709, machines when the “Disable new DMA devices when this computer is locked” Group Policy is active. The non-working devices are internal, PCI-based peripherals (wireless network drivers and input and audio peripherals). These peripherals can fail on systems whose firmware blocks the peripherals from performing Direct Memory Access (DMA) at boot.
-
Addresses an issue that might cause Windows Server 2016 Domain Controllers to log Microsoft Windows Security audit events ID 4625 and ID 4776. The username and domain name in the events may appear truncated, only showing the first character for logons coming from client applications using wldap32.dll.
-
Addresses an issue in which users may exist in a domain that is trusted using transitive trust, but are unable to locate a PDC or DC for the Extranet Lockout feature. The following exception occurs: “Microsoft.IdentityServer.Service.AccountPolicy.ADAccountLookupException: MSIS6080: A bind attempt to domain <FQDN> failed with error code 1722”. Also, the following message appears on the IDP page: "Incorrect user ID or password. Type the correct user ID and password, and try again."
-
Addresses an issue that prevents you from modifying or restoring Active Directory objects that have invalid backlink attributes populated in their class. The error you receive is “Error 0x207D An attempt was made to modify an object to include an attribute that is not legal for its class.”
-
Addresses an issue that prevents the AdminSDHolder task from running when a protected group contains a member attribute that points to a deleted object. Additionally, Event 1126 is logged as “Active Directory Domain Services was unable to establish a connection with the global catalog. Error value: 8430. The directory service encountered an internal failure. Internal ID: 320130e.”
-
Addresses an issue that occurs when Volume Shadow Copy is enabled on a volume that hosts a file share. If the client accesses the UNC path to view the properties in the Previous Version tab, the Date Modified field is empty.
-
Addresses an issue that occurs when a user with a roaming user profile first logs on to a machine running Windows 10, version 1607, and then logs off. Later, if the user tries to log on to a machine running Windows 10, version 1703, and opens Microsoft Edge, Microsoft Edge will stop working.
- Addresses an issue that makes a Japanese keyboard unusable in remote assistance sessions.
- Addresses an issue that causes the cursor to unexpectedly move to center of the screen when changing the display mode.
- Addresses a potential leak caused by opening and closing a new web browser control.
- Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.
- Addresses an issue with the first launch performance of UWP Desktop Bridge apps.
- Addresses an issue with the Search tab of Microsoft Outlook 2016 during the upgrade from Windows 10, version 1703, to Windows 10, version 1709.
- Addresses an issue that causes updates for large game apps to fail.
- Addresses an issue that removes user-pinned folders or tiles from the Start menu in some cases
- Addresses an issue that causes invisible apps to appear in the Start menu.
- Addresses an issue that might cause some users to experience unexpected panning or scrolling in certain apps while using the pen.
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, see the Security Update Guide.