This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
-
Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy.
-
Addresses an issue where AppLocker publisher rules applied to MSI files don’t match the files correctly.
-
Addresses an issue that causes Microsoft and Azure Active Directory accounts to receive the password prompt repeatedly instead of only once.
-
Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.
-
Addresses an issue that prevents users from unlocking their session and that sometimes displays incorrect user-name@domain-name information on the logon screen when multiple users log on to a machine using fast user switching. Specifically, this happens when users are logging on from several different domains, are using the UPN format for their domain credentials (user-name@domain-name), and are switching between users with fast user switching.
-
Addresses an issue related to smart cards that allow PINs or biometric entry. If the user enters an incorrect PIN or biometric input (e.g., a fingerprint), an error appears, and the user must wait up to 30 seconds. With this change, the 30-second delay is no longer required.
-
Addresses an issue that causes the browser to prompt for credentials often instead of only once when using the Office Chrome extension.
-
Increases the minimum password length in Group Policy to 20 characters.
-
Addresses an issue that incorrectly displays name-constraint information when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.
-
Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered
NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413
-
Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
-
Addresses an issue where the right-click context menu for encrypting and decrypting files using Windows Explorer is missing.
-
Addresses an issue that suspends BitLocker or Device Encryption during device unenrollment instead of keeping the drive protected.
-
Addresses an issue that might cause Centennial apps to block the ability to set user-level quotas for NTFS.
-
Addresses an issue that causes the connection bar to be missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.
-
Addresses an issue where using a GPO logon script to map a network drive fails if the user disconnects from the network and restarts. When the user logs in again, the mapped drive isn't available. This issue occurs even though the logon script has the persistence flag set to TRUE.
-
Addresses an issue that may cause some files to be skipped and may create duplicate files in the Work Folder locations during full enumeration sync sessions.
-
Addresses an issue that occurs when Volume Shadow Copy is enabled on a volume that hosts a file share. If the client accesses the UNC path to view the properties in the Previous Version tab, the Date Modified field is empty.
- Addresses an issue that occurs when a user with a roaming user profile first logs on to a machine running Windows 10, version 1607, and then logs off. Later, if the user tries to log on to a machine running Windows 10, version 1703, and opens Microsoft Edge, Microsoft Edge will stop working.
- Addresses a reliability issue with Internet Explorer when entering text in a RichEditText control.
- Addresses a potential leak caused by opening and closing a new web browser control.
- Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, see the Security Update Guide.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.