Windows 10 and Windows 8.1 Updates (April 21, 2020)

[German]On April 21, 2020, Microsoft released a monthly preview rollup for Windows 8.1 as well as optional updates for various Windows 10 versions. Here is an overview about these optional updates.

Updates for Windows 10

These are so-called C-Week-Updates, which are released as optional updates in the third week of a month. A list of the updates can be found on this Microsoft website. I have pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Microsoft now publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001 (if it is not up to date, have the Microsoft Update Catalog search for Servicing Stack Updates).

Update KB4550945 for Windows 10 Version 1903/1909

Cumulative Update KB4550945 raises the OS build to 18362.815 (Windows 10 Version 1903) and 18363.815 (Windows 10 Version 1909). It contains improvements and bug fixes but no new operating system features. The following is listed as highlights:

• Updates an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image error message appears. 
• Updates in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network. 
• Updates an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows. 
• Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios. 
• Updates an issue that generates unexpected notifications when you change the default application settings. 
• Updates an issue that causes Windows Update to stop responding when you check for updates. 
• Updates an issue that fails to print content that is outside of the margins of a document.

Here is the list of improvements brought by this update:

• Addresses an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image exception dialog box appears. 
• Addresses in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network. 
• Addresses an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows. 
• Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios. 
• Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password. 
• Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected. 
• Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH. 
• Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
  • The Group Policy Object (GPO) policy "Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Do not require Ctrl+Alt+Del Computer" is disabled.
  • The GPO policy "Computer Configuration\Administrative Templates\System\Logon\Turn off app notifications on the lock screen" is enabled.
  • The registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\
    DisableLogonBackgroundImage is set to 1.
• Addresses an issue that generates unexpected notifications related to changing the default application settings.

• Addresses an issue that causes the sign in screen to be blurry. 
• Addresses an issue that causes Windows Update to stop responding when you check for updates. 
• Addresses an issue that prevents the Sign in options page from opening using the ms–settings:signinoptions-launchfingerprintenrollment Uniform Resource Identifier (URI). 
• Addresses an issue with Bluetooth group policy settings on Microsoft Surface Pro X devices. 
• Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets. 
• Addresses a reliability issue in WDF01000.sys. 
• Addresses an issue that causes an error in logman.exe. The error is, "A user account is required in order to commit the current Data collector Set properties." 
• Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios. 
• Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled. 
• Addresses an issue that causes the Trusted Platform Module (TPM) initialization to fail with system event error 14 and prevents Windows from accessing the TPM. 
• Addresses an issue that causes communication with the TPM to time out and fail. 
• Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications. 
• Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API. 
• Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate. 
• Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail. 
• Addresses an issue that prevents a user's PIN from being changed after connecting the device to Microsoft Workplace Join. 
• Addresses an issue that fails to print content that is outside of the margins of a document.
• Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
• Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.
• Addresses an issue that causes the Clipboard service to unexpectedly stop working.
• Addresses an issue that displays a black screen to Windows Virtual Desktop users when they attempt to sign in.

This update is optional and does not need to be installed. To get it you have to download and install it (after a search if necessary) in the Windows Update settings page. This update is also available in the Microsoft Update Catalog and via WSUS. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system if you install the latest optional cumulative update (LCU). Microsoft is not aware of any issues with this update. 

Microsoft has also released an update directly to the Windows Update client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and is not an LTSC variant and updates have not been blocked by GPO.

Update KB4550969 for Windows 10 Version 1809

Cumulative Update KB4550969 raises the OS build to 17763.1192. t contains improvements and bug fixes but no new operating system features. The following is given as highlights:

• Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer. 
• Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios. 
• Updates an issue that fails to print content that is outside of the margins of a document.

Here is the list of improvements that this update brings

• Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options. 
• Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer. 
• Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios. 
• Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell. 
• Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears. 
• Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
• The Group Policy Object (GPO) policy "Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Do not require Ctrl+Alt+Del Computer" is disabled.
• The GPO policy "Computer Configuration\Administrative Templates\System\Logon\Turn off app notifications on the lock screen" is enabled.
• The registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\
  DisableLogonBackgroundImage is set to 1.
• Addresses a reliability issue in WDF01000.sys. 
• Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets. 
• Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears. 
• Addresses an issue that causes an error in logman.exe. The error is, "A user account is required in order to commit the current Data collector Set properties." 
• Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios. 
• Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled. 
• Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications. 
• Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail. 
• Addresses an issue that prevents a user's PIN from being changed after connecting the device to Microsoft Workplace Join. 
• Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API. 
• Addresses an issue that fails to print content that is outside of the margins of a document. 
• Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config. 
• Addresses an issue that causes high CPU usage on Active Directory (AD) domain controllers when migrating to Windows Server 2019. This increases latency in Microsoft Exchange operations, causes Managed Store contention, and severely impacts index creation in Active Directory and the Global Catalog's performance. 
• Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from "windowstransport/usernamemixed/certificatemixed" endpoints. 
• Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory "Registered Device" container. 
• Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service. 
• Addresses an issue that might cause the Remote Desktop Gateway service to stop working. 
• Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
• Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.
• Addresses an issue that causes stop error 0x18 (REFERENCE_BY_POINTER) when Remote Desktop sessions redirect devices that are not input devices.
• Addresses an issue that displays a black screen to Windows Virtual Desktop users when they attempt to sign in.

This update is optional and does not need to be installed. To obtain it, you must download and install it (possibly after a search) from the Windows Update settings page. This update is also available in the Microsoft Update Catalog and through WSUS. Microsoft strongly recommends that you install the latest service stack update (SSU) for your operating system before you install the latest cumulative update (LCU). Microsoft lists a known issue. If update KB4493509 is installed on a machine, installing the update may cause the error code:

0x800f0982 = PSFX_E_MATCHING_COMPONENT_NOT_FOUND

when certain Asian language packs are installed. In this case, all subsequently installed Language Packs must be uninstalled and the cumulative update KB4493509 installed. Details can be found in the KB article.

Microsoft has also released an update directly for the Windows Update Client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates have not been blocked by GPO.

Updates for Windows 10 Version 1507 till 1803

For Windows 10 RTM up to version 1803, various updates are available for the LTSC versions and, if necessary, the Enterprise versions. The Home and Pro versions on the other hand have been dropped from support. Here is a short overview.

• Windows 10 Version 1803: Update KB4550944 is only available for Enterprise and Education. The update raises the OS build to 17134.1456. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.
• Windows 10 Version 1607: Update KB4550947 is only available for Enterprise LTSC. The update raises the OS build to 14393.3659. The fixes mentioned in the KB article are included. This update is automatically downloaded and installed by Windows Update, but is available for download from the Microsoft Update Catalog. Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details, including known issues, can be found in the KB article.

There was no update for other Windows 10 versions. If in doubt, details about the above updates can be found in the respective Microsoft KB articles.

Updates for Windows 8.1/Windows Server 2012 R2

A Preview Monthly Rollup has been released for Windows 8.1 and Windows Server 2012 R2. The update history for Windows 8.1 can be found on this Microsoft page. 

KB4550958 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB4550958 (Preview of Monthly Rollup for Windows 8.1 and Windows Server 2012 R2)contains improvements and fixes from the latest updates and a preview of the following month's updates. The preview update addresses the following issues.

• Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config. 
• Addresses an issue that might cause certain operations, such as rename, to fail when you perform those operations on files or folders that are on a Cluster Shared Volume (CSV). The error is, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This issue occurs when you perform the operation on a CSV owner node from a process that doesn't have administrator privilege.
• Addresses an issue that prevents certain apps from installing if they are published using a Group Policy Object.

This update is offered and installed via Windows Update, but is also available in the Microsoft Update Catalog and via WSUS. In case of a manual installation, the latest Servicing Stack Update (SSU KB4540725) must be installed before. According to Microsoft there should be no problems with the update – but I would not install it, because it is a preview update.

Similar articles:
Microsoft Office Patchday (April 7, 2020)
Microsoft Security Update Summary (April 14, 2020)
Patchday: Windows 10 Updates (April 14, 2020)