Windows 10 Updates (Oktober 10, 2017)

[German]Microsoft released cumulative updates for serveral Windows 10 Builds on Oktober 10, 2017. Here are some details about these updates.

Update KB4041676 for Windows 10 Version 1706

Cumulative security update KB4041676 for Windows 10 Version 1703 (Creators Update) from October 10, 2017 includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

• Addressed issue where some UWP and Centennial apps show a gray icon and display the error message "This app can't open" on launch.
• Addressed reliability issue that causes the AppReadiness service to stop working.
• Addressed issue where applications that use the Silverlight map stack stop working.
• Addressed issue where VSync prevents devices from entering Panel Self Refresh mode, which can lead to reduced battery life.
• Addressed issue where user customizations (like pinned tiles) made to an enforced partial Start layout are lost when upgrading to Windows 10 1703.
• Addressed issue where the Universal CRT caused the linker (link.exe) to stop working for large projects.
• Addressed issue that prevents Windows Error Reporting from saving error reports in a temporary folder that is recreated with incorrect permissions. Instead, the temporary folder is inadvertently deleted.
• Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role.
• Addressed issue with the token broker where it was leaking a token that caused sessions to remain allocated after logoff.
• Addressed issue where Personal Identity Verification (PIV) smart card PINs are not cached on a per-application basis. This caused users to see the PIN prompt multiple times in a short time period; normally, the PIN prompt only displays once.
• Addressed issue where using the Cipher.exe /u tool to update Data Recovery Agent (DRA) encryption keys fails unless user certification encryption already exists on the machine.
• Addressed issue where using AppLocker to block a Modern app fails. This issue occurs only with Modern apps that come pre-installed with Windows.
• Addressed issue with form submissions in Internet Explorer.
• Addressed issue with the rendering of a graphics element in Internet Explorer.
• Addressed issue that prevents an element from receiving focus in Internet Explorer.
• Addressed issue with the docking and undocking of Internet Explorer windows.
• Addressed issue caused by a pop-up window in Internet Explorer.
• Addressed issue where a Vendor API deleted data unexpectedly.
• Addressed issue where using the Robocopy utility to copy a SharePoint document library, which is mounted as a drive letter, fails to copy files. However, in this scenario, Robocopy will copy folders successfully.
• Addressed issue where MDM USB restrictions did not disable the USB port as expected.
• Addressed issue where creating an iSCSI session on a new OS installation may result in the "Initiator instance does not exist" error when attempting to connect to a target.
• Addressed issue where connecting to RDS applications published using Azure App Proxy fails. The error message is, "Your computer can't connect to the Remote Desktop Gateway server. Contact your network administrator for assistance". The error can occur when the RDP cookie size limit is exceeded. This update increased the size of the RDP cookie limit.
• Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
• Addressed issue that affects the download of some games from the Windows Store during the pre-order phase. Download fails with the error code 0x80070005, and the device attempts to restart the download from the beginning.
• Addressed issue where the ServerSecurityDescriptor registry value does not migrate when you upgrade to Windows 10 1703. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.
• Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Edge, Windows Authentication, Windows TPM, Device Guard, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft Scripting Engine, Windows Server, Windows Subsystem for Linux, Microsoft JET Database Engine, and the Windows SMB Server.

This update changed Windows 10 to build 15063.674 and is available via Windows Update and for download from Microsoft Update Catalog. There are known issues.

• Installing KB4034674 may change Czech and Arabic languages to English for Microsoft Edge and other applications. Microsoft is working on a resolution and will provide an update in an upcoming release.
• Systems with support enabled for USB Type-C Connector System Software Interface (UCSI) may experience a blue screen or stop responding with a black screen when a system shutdown is initiated. If available, disable UCSI in the computer system's BIOS. This will also disable UCSI features in the Windows operating system. Microsoft is working on a resolution and will provide an update in an upcoming release.

If the workarounds doesn't help, uninstall and block this update (see How to block Windows 10 updates).

Warning: In WSUS/SCCM environments is an install issue that resulted in 'inaccessible boot device' BSODs – see my blog post Windows 10 V1703: Update KB4041676 install issues.

Update KB4041691 for Windows 10 Version 1607

Cumulative security update KB4041691 for Windows 10 Version 1607 (Anniversary Update) from Oktober 10, includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

• Addressed issue where the Universal CRT caused the linker (link.exe) to stop working for large projects.
• Addressed issue with form submissions in Internet Explorer.
• Addressed issue with rendering a graphics element in Internet Explorer.
• Addressed issue with docking and undocking Internet Explorer windows.
• Addressed issue caused by a pop-up window in Internet Explorer.
• Addressed issue where a vendor API deleted data unexpectedly.
• Addressed issue where SD propagation stops working when you manually trigger Security Descriptor propagation (SDPROP) by setting the RootDse attribute FixupInheritance to 1. After setting this attribute, SD propagation and permissions changes made on Active Directory objects don't propagate to child objects. No errors are logged.
• Addressed access violation in LSASS that occurs during startup of domain controller role conditions. A race condition causes the violation when account management calls occur while the database is refreshing internal metadata. A password reset or change is one of the management calls that may trigger this problem.
• Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
• Addressed issue where the ServerSecurityDescriptor registry value does not migrate when you upgrade to Windows 10 1607. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.
• Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Edge, Windows Authentication, Windows TPM, Device Guard, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft Scripting Engine, Windows Server, Microsoft JET Database Engine, and the Windows SMB Server.

Known issues in this update:

• After installing this update, downloading updates using express installation files may fail. A workaround is described here.
• After installing a delta update package, the KB numbers appear twice under Installed Updates. This issue doesn't occur when you install a full update package. Microsoft is working on a resolution and will provide an update in an upcoming release. When you uninstall the updates, uninstall the entries that have the same KB number.
• After installing KB4041691, package users may see an error dialog that indicates that an application exception has occurred when closing some applications. This can affect applications that use mshtml.dll to load web content. The failure only occurs when a process is already shutting down and will not impact application functionality. Microsoft is working on a resolution and will provide an update in an upcoming release.

If those bugs occur, uninstall and block this update (see How to block Windows 10 updates). This update changes Windows 10 to Build 14393.1770 and is available via Windows Update and via Microsoft Update Catalog (for download).

Windows Update Client Improvement

Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed the most recent updates and are not currently managed (e.g., domain joined).

Warning: In WSUS/SCCM environments is an install issue that resulted in 'inaccessible boot device' BSODs – see my blog post Windows 10 V1703: Update KB4041676 install issues.

Update KB4041689 for Windows 10 Version 1511

Microsoft has released on October 10, 2017 Update KB4041689 for Windows 10 Version 1511. This update changes the build to 10586.1176 and contains security and bug fixes.

• Addressed issue where the Universal CRT _splitpath was not handling multibyte strings correctly, which caused apps to fail when accessing multibyte filenames.
• Addressed issue where the Universal CRT caused the linker (link.exe) to stop working for large projects.
• Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role.
• Addressed issue with the Lock Workstation policy for smart cards where, in some cases, the system doesn't lock when you remove the smart card.
• Addressed issue where, when using Conditional Access with Azure Active Directory, authentication fails.
• Addressed issue with form submissions in Internet Explorer.
• Addressed issue where messages that should be in a non-English language display in English in Internet Explorer.
• Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
• Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Edge, Windows Authentication, Windows TPM, Microsoft PowerShell, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft Scripting Engine, Windows Server, Device Guard, and the Windows SMB Server.

There are no know issues. This update is available via Windows Update and via Microsoft Update Catalog. This is the last update, because Windows 10 version 1511 will reach end of service on October 10, 2017.

Windows Update Client Improvement

Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed the most recent updates and are not currently managed (e.g., domain joined).

Update KB4042895 for Windows 10 Version 1507

Microsoft released on October 10, 2017 Update KB4042895 for Windows 10 Version 1507 (RTM) for LTSC. This update changes the build number to 10240.17643 and contains security fixes and bug fixes. It addresses the following issues:

• Addressed issue where the Universal CRT _splitpath was not handling multibyte strings correctly, which caused apps to fail when accessing multibyte filenames.
• Addressed issue where the Universal CRT caused the linker (link.exe) to stop working for large projects.
• Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role.
• Addressed issue with the Lock Workstation policy for smart cards where, in some cases, the system doesn't lock when you remove the smart card.
• Addressed issue with form submissions in Internet Explorer.
• Addressed issue with URL encoding in Internet Explorer.
• Addressed issue that prevents an element from receiving focus in Internet Explorer.
• Addressed issue with the docking and undocking of Internet Explorer windows.
• Addressed issue with the rendering of a graphics element in Internet Explorer.
• Addressed issue caused by a pop-up window in Internet Explorer.
• Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
• Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Edge, Windows Authentication, Windows TPM, Device Guard, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft Scripting Engine, Windows Server, Microsoft JET Database Engine, and the Windows SMB Server.

Known issues in this update:

• After installing KB4042895, package users may see an error dialog that indicates that an application exception has occurred when closing some applications. This can affect applications that use mshtml.dll to load web content. The failure only occurs when a process is already shutting down and will not impact application functionality. Microsoft is working on a resolution and will provide an update in an upcoming release.

If the bug occurs, uninstall and block this update (see How to block Windows 10 updates). This update is available via Windows Update and Microsoft Update Catalog.

Windows Update Client Improvement

Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed the most recent updates and are not currently managed (e.g., domain joined).

Similar articles:
Microsoft Office Patchday (October 3, 2017)
Adobe Flash Update 27.0.0.159 (October 2017)
Microsoft Security Updates Summary October 2017
Windows 10 Updates (Oktober 10, 2017)
Microsoft Office Security Updates (October 10, 2017)

Windows 10 V1703: Update KB4041676 install issues