Patchday: Windows 10 Updates April 10, 2018

[German]Microsoft released several cumulative updates for the supported Windows 10 builds on April 10, 2018. Here are some details about the updates.

A list of updates can be found on this Microsoft website. I have compiled a list of details below. Starting March 2018 patchday, Microsoft has removed the installation check for mandatory compatibility with the installed antivirus solution for Windows 10. Some of these updates for Windows 10 versions 1607 to 1709 are also available as delta updates for WSUS.

Updates for Windows 10 Version 1709

Several updates are available for Windows 10 Fall Creators Update (version 1709).

Update KB4093112 foür Windows 10 Version 1709

Cumulative Update KB4093112 for Windows 10 Version 1709 (Fall Creators Update) contains quality improvements and the following problem fixes:

  • Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
  • Addresses an issue that causes an access violation in Internet Explorer when it runs on the Microsoft Application Virtualization platform.
  • Addresses an issue in Enterprise Mode related to redirects in Internet Explorer and Microsoft Edge.
  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
  • Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn't available).
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses an issue that causes document.execCommand("copy") to always return False in Internet Explorer.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft Edge, Windows kpp platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows virtualization and Kernel, and Windows Hyper-V.

Update KB4093112 changes the OS build to 16299.371. This update is available via Windows Update, but may also be downloaded from Microsoft Update Catalog.

Please note that when installing the Servicing Stack Update (SSU KB4099989) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

There is currently only one known issue with this update: Windows incorrectly displays the update as not installed and reports the error 0x80070643, but an update check or winver indicates that the update has been installed.

Update KB4099989 for Windows 10 Version 1709

Update KB4099989 is a Servicing Stack Update for Windows 10 version 1709, which is imported via Windows Update. According to Microsoft, the update brings stability improvements for the Windows 10 version 1709 service stack. A restart is required after installation.

Update KB4099572  for Windows 10 Version 1709 Mobile

Update KB4099572 is for Windows 10 Mobile and changes OS build to 15254.369. This update contains all updates from KB4093107.

Updates for Windows 10 Version 1703

Several updates are available for Windows 10 Creators Update (version 1703).

Update KB4093107  for Windows 10 Version 1703

Cumulative Update KB4093107 for Windows 10 Version 1703 (Creators Update) contains quality improvements and the following fixes (partly also for Windows 10 Mobile):

  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
  • Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn't available).
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft Edge, Windows app platform and frameworks, Microsoft scripting engine, Windows graphics, Windows Server, Windows kernel, Windows datacenter networking, Windows wireless networking, Windows Hyper-V, and Windows virtualization and kernel.

The package is offered out via Windows Update, but is also available in the Microsoft Update Catalog . There are no known problems. The OS build changes to 15063.1029.

Please note that when installing the Servicing Stack Update (SSU KB4093432) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

Microsoft has also released a direct update for the Windows Update Client to increase reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business deferral policy. This does not apply to Windows 10 LTSC systems.

Update KB4093432 for Windows 10 Version 1703

Update KB4093432 is a Servicing Stack Update for Windows 10 version 1703, which is imported via Windows Update. According to Microsoft, the update brings stability improvements for the Windows 10 service stack. A restart is required after installation.

Updates for Windows 10 Version 1607

Several updates are available for Windows 10 Anniversary Update (version 1607) and Windows Server 2016.

Update KB4093119 for Windows 10 Version 1607

Cumulative Update KB4093119 for Windows 10 Anniversary Update (Version 1607) and Windows Server 2016 ontains quality improvements and the following fixes (partly also for Windows 10 Mobile, OS Build 14393.2189):

  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue where user accounts are locked when applications are moved to a shared platform using App-V (e.g., XenApp 7.15+ with Windows Server 2016, where Kerberos authentication isn't available).
  • Addresses an issue that might cause the App-V service to stop working on an RDS server that hosts many users.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Microsoft Edge, Windows graphics, Windows Server, Windows wireless networking, Windows Hyper-V, Windows kernel, and Windows virtualization and kernel.

The update is available via Windows Update and raises the OS build to 14393.2189. The update is also available in the Microsoft Update Catalog . There are no known issue. The update is not available for Express installation in Windows Server.

Please note that when installing the Servicing Stack Update (SSU) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

Microsoft has also released a direct update for the Windows Update Client to increase reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business deferral policy. This does not apply to Windows 10 LTSC systems.

Update KB4093137 for Windows 10 Version 1607

Update KB4093137 is a Servicing Stack Update for Windows 10 version 1607, which is imported via Windows Update. According to Microsoft, the update brings stability improvements for the Windows 10 service stack. A restart is required after installation.

Notes: Windows 10 version 1607 will reach the End of Life on April 10, 2018. Devices running Windows 10 Home or Pro editions no longer receive monthly security and quality updates. Only Windows 10 Enterprise and Windows 10 Education Editions receive six months of additional service at no cost. Devices in Long-Term Servicing Channel (LTSC) will be supplied with updates until October 2026. Devices with Clovertrail chipset and Windows 10 Anniversary Update (v. 1607) will be updated until January 2023 via Microsoft Update.

Updates for Windows 10 Version 1511

Various updates are also available for Windows 10 Enterprise and Windows 10 Education version 1511 (no updates for Windows 10 Home and Pro). After this update cyle support for Windows 10 Version 1511 also ends.

Update KB4093109 for Windows 10 Version 1511

Cumulative Update KB44093109 for Windows 10 Version 1511 contains the following fixes:

  • Addresses additional issues with updated time zone information.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Microsoft scripting engine, Windows RDP, Windows kernel, Windows IIS, Windows datacenter networking, Microsoft scripting engine, Microsoft Edge, Windows Hyper-V , and Windows virtualization and kernel.

The update is available via Windows Update and raises the OS build to 10586.154. The update is also available in the Microsoft Update Catalog.

Please note that when installing the Servicing Stack Update (SSU) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

Microsoft has also released a direct update for the Windows Update Client to increase reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business deferral policy. This does not apply to Windows 10 LTSC systems.

Updates for Windows 10 Version 1507 (RTM)

Updates are also available for Windows 10 Enterprise (LTSC) version 1507 only.

Update KB4093111 for Windows 10 Version 1507

Cumulative Update KB4093111 for Windows 10 Version 1507 contains the following fixes:

  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.
  • Addresses additional issues with updated time zone information.
  • Addresses an issue where AppLocker publisher rules that are applied to MSI files don't match the files correctly.
  • Addresses an issue that prevents the system from booting when you enable LSA (lsass.exe) to run as a protected process by setting the "RunAsPPL" registry entry. Additionally, the Automatic Repair screen may appear.
  • Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with Audit mode turned on. Netlogon.log may show the following:SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered
    NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
    SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413
  • Addresses an issue that generates a certificate validation error (0x800B0109 (CERT_E_UNTRUSTEDROOT)) from http.sys.
  • Addresses an issue that prevents PIV smart cards from being recognized.
  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
  • Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Windows kernel, Windows graphics, Windows Server, Windows datacenter networking, Windows wireless hetworking, and Windows Hyper-V.

The update is available via Windows Update and raises the OS build to 10240.17831. The update is also available via Microsoft Update Catalog.

Please note that when installing the Servicing Stack Update (SSU) and the Cumulative Update (Live Cycle Update, LCU) via the Microsoft Update Catalog, the SSU must be installed before the LCU.

Microsoft has also released a direct update for the Windows Update Client to increase reliability. Any Windows 10 device configured to automatically receive updates from Windows Update, including Enterprise and Pro Edition, is offered the latest Windows 10 feature update based on device compatibility and the Windows Update for Business deferral policy. This does not apply to Windows 10 LTSC systems.

Update KB4093430 for Windows 10 Version 1507

Update KB4093430 is a Servicing Stack Update for Windows 10 Version 1507, which is installed via Windows Update. According to Microsoft, the update brings stability improvements for the Windows 10 service stack. A restart is required after installation.

Similar articles:
Adobe Flash Player Update to version 29.0.0.140
Microsoft Office Patchday (April 3, 2018)
Microsoft Patchday Summary April 10, 2018
Patchday: Windows 10 Updates April 10, 2018

This entry was posted in Update, Windows. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *