[German]Microsoft has released Update KB4034661 for Windows 10 Anniversary Update (Version 1607) on August 16, 2017. This update shall be blocked in WSUS environments, because it breaks update search in Windows 10 clients.
Here is, what Update KB4034661 fixes
Update KB4034661 doesn’t contains security fixes nor new features. It just contains quality improvements (according to Microsoft). This update fixes issues, that has been addressed for Windows 8.1/Windows Server 2012 R2 August 15, 2017 Preview Update Rollup. Microsoft lists the following issues, that has been addressed:
- This package contains d3dcompiler_47.dll; for more information, read the blog post, HLSL, FXC, and D3DCompile.
- Addressed issue where a black screen appears when launching an application on Citrix XenApp that was deployed from Windows Server 2016. For more details, read CTX225819.
- Addressed issue where the User Account Control (UAC) prompt sometimes appears hidden under other opened windows.
- Addressed issue in the event collector data that caused data corruption with % symbols in the user logon events (ID 4624) from other Domain Controllers (DCs).
- Addressed issue where the PowerShell command Add-HgsAttestationTpmHost fails to find the Endorsement Key Certificate for a system even though the certificate exists.
- Addressed issue where, in some cases, an Encrypted Hard Drive device would not automatically unlock at system startup.
- Addressed issue where the AppLocker rules wizard crashes when selecting accounts.
- Addressed issue where third-party directory structures caused Disk Cleanup to render a boot drive inaccessible.
- Addressed issue where unsynchronized access in NtfsQueryLinksInfo led to a system crash.
- Addressed issue where an extremely high number of I/O flushes might lead to an error.
- Addressed a reliability issue that occurs when a user gives the wrong input to the smart card pin prompt.
- Addressed issue by increasing the time out window when starting Docker for Windows to avoid 0x5b4 errors.
- Addressed issue with Azure Multi Factor Authentication (MFA) when an ADFX server is configured to use an HTTP Proxy.
- Addressed issue where the calling IP address is not logged by 411 events in the Security Event log of ADFS 4.0 and Windows Server 2016 RS1 ADFS servers. This issue occurs even after enabling Success Audits and Failure Audits.
- Addressed issue where a computer account loses its domain membership with the error 1789, “The trust relationship between this workstation and the primary domain failed.” The same problem happens internally when a user password cannot be changed with error 0xc0000206, “The size of the buffer is invalid for the specified operation.”
- Addressed issue where, after a planned restart of the primary server, storage replication doesn’t automatically resume as expected. Also, Storage Replication service randomly fails after restart.
- Addressed issue where using a GPO logon script to map a network drive fails if the user disconnects from the network and restarts. When the user logs in again, the mapped drive is not available. This issue occurs even though the logon script has the persistence flag set to TRUE.
- Addressed issue where after uninstalling SMBv1, if you set the SPN validation level to 2, when you access a UNC share remotely (e.g., \\<MachineName>\C$), the request will fail with STATUS_ACCESS_DENIED.
- Addressed issue where the Remote Desktop client cannot connect or disconnects intermittently when trying to connect using the RD Gateway.
- Addressed issue where presenting an expired or revoked certificate to the ADFS Proxy server does not return an error to the user.
Browsing this list, I recognized the addressed error in User Account Control (UAC) prompt, I probably addressed within my blog post Windows: UAC opens hidden in background. Also the Disk Cleanup issue, that renders a boot drive inaccessible has been a topic in several MS Answers forum posts. Update KB4034661 changes the build number to 14393.1613 an. This Update is available via Windows Update or as download from Microsoft Update Catalog.
Update history lost and WSUS issues
Microsoft mentions several known issues. For instance, this update also cleans the update history (same as in KB4034658, see Windows 10 V1607: KB4034658 clears update history). And hidden updates will be shown again after installing this update and rebooting the machine. So the updates needs to be hidden again.
The more critical issue occurs in WSUS environments. Microsoft says, that the client is causing higher load (CPU, memory, network) during first scan. I’ve has addressed this issue briefly within my blog post Issues after Microsoft’s August Updates for KB4034658 (August 8, 2017). The clients stalls with error code 0x8024401C. A discussion may be found also here. Microsoft is investigation these issues, but a fix isn’t known till yet. My recommendation is to block this update in WSUS environments.
Issues after Microsoft’s August Updates
Microsoft’s Windows (Preview) Updates (August 15, 2017)
LDAP-Bug in Updates KB4034679, KB4034664, KB4034670
Windows 10 V1607: KB4034658 clears update history
Microsoft August 2017 Patchday Summary
Windows 10 V1703: Update KB4032188 (July 31, 2017)
Windows 10: Critical Updates KB4035631 and KB4035632
Patchday August 2017: Updates for Windows 7/8.1
Windows 10: August 2017 Updates KB4038220, KB4034674, KB4034658, KB4034660
Further Microsoft Updates August 8, 2017