Windows 10 V2004: Update KB4577063 released (Oct. 1, 2020)

[German]Microsoft has released after tests with Windows Insiders (see this blog post) cumulative update KB4577063 for the Windows 10 May 2020 Update (Version 2004) The update is also available for Windows Insider for Windows 10 20H2.

A list of updates can be found on this Microsoft website. I have pulled out the details below. The update installation requires an existing current Servicing Stack Updates (SSUs). Meanwhile, Microsoft publishes an overview of current Servicing Stack Updates (SSUs) under ADV990001 (if it is not up to date, please check the Microsoft Update Catalog for Servicing Stack Updates).

Important: From July 2020 all Windows updates disable the RemoteFX vGPU feature due to the CVE-2020-1036 vulnerability (see also KB4570006). After installing this update, attempts to start virtual machines (VM) with RemoteFX vGPU enabled will fail. More information can be found  here.

Update KB4577063 for Windows 10 Version 2004/20H2

Cumulative update KB4577063 raises the OS build to 19041.546 (Windows 10 2004) and to 19042.546 (Windows 10 20H2, only for Windows Insider). The update is available for Windows 10 version 2004 and for Windows Server version 2004 (as well as Windows 10 20H2 in the Insider program). It contains quality improvements but no new operating system features. Here is the list of improvements, called highlights by Microsoft:

• Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
• Updates an issue that causes games that use spatial audio to stop working.
• Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).
• Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate.
• Adds support for certain new Windows Mixed Reality motion controllers.

Here is the complete list of all fixes:

• Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
• Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge.
• Addresses an issue that, in some instances, prevents the Language Bar from appearing when the user signs in to a new session. This occurs even though the Language Bar is configured properly.
• Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid.
• Addresses an issue the prevents you from reconnecting to a previously closed session because that session is in an unrecoverable state.
• Addresses an issue that causes games that use spatial audio to stop working.
• Addresses an issue that prevents the deletion of stale user profiles when you configure a profile cleanup Group Policy object (GPO).
• Addresses an issue in which selecting I forgot my Pin from Settings>Accounts>Sign-in options fails in a Windows Hello for Business On-Premise deployment.
• Updates 2021 time zone information for Fiji.
• Addresses an issue that affects the Microsoft's System Centre Operations Manager's (SCOM) ability to monitor a customer's workload.
• Addresses an issue that causes random line breaks when you redirect PowerShell console error output.
• Addresses an issue with creating HTML reports using tracerpt.
• Allows the DeviceHealthMonitoring Cloud Service Plan (CSP) to run on Windows 10 Business and Windows 10 Pro editions.
• Addresses an issue that prevents the content under HKLM\Software\Cryptography from being carried over during Windows feature updates.
• Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances.
• Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only.
• Addresses an issue that displays an error that states that a smart card PIN change was not successful even though the PIN change was successful.
• Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have "CNF" added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag.
• Updates the configuration of Windows Hello Face recognition to work well with 940nm wavelength cameras.
• Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).
• Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate.
• Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer System Interface (SCSI) command.
• Addresses an issue that might cause attempts to bind a socket to a shared socket to fail.
• Addresses an issue that might prevent applications from opening or cause other errors when applications use Windows APIs to check for internet connectivity and the network icon incorrectly displays "No internet access" in the notification area. This issue occurs if you use a group policy or local network configuration to disable active probing for the Network Connectivity Status Indicator (NCSI). This also occurs if active probing fails to use a proxy and passive probes fail to detect internet connectivity.
• Addresses an issue that prevents Microsoft Intune from syncing on a device using the virtual private network version 2 (VPNv2) configuration service provider (CSP).
• Suspends uploads and downloads from peers when a VPN connection is detected.
• Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
• Addresses an issue with ntdsutil.exe that prevents you from moving Active Directory database files. The error is, "Move file failed with source <original_full_db_path> and Destination <new_full_db_path> with error 5 (Access is denied.)"
• Addresses an issue that incorrectly reports that Lightweight Directory Access Protocol (LDAP) sessions are unsecure in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.
• Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.
• Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname.
• Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, "MAPI_E_NOT_ENOUGH_RESOURCES." This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests.
• Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request.
• Addresses an issue that displays strange characters before the day, month, and year fields in the output from console commands.
• Addresses an issue that causes lsass.exe to stop working, which triggers a restart of the system. This issue occurs when invalid restart data is sent with a non-critical paged search control.
• Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the "Permissive Modify" control; for example, the Active Directory (AD) PowerShell modules use this control.
• Addresses an issue with the Microsoft Cluster Shared Volumes File Systems (CSVFS) driver that prevents Win32 API access to SQL Server Filestream data. This occurs when the data is stored on a Cluster Shared Volume in a SQL Server failover cluster instance, which is on an Azure VM.
• Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks.
• Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents().
• Addresses an issue that causes applications stop working when they use Microsoft's Remote Desktop sharing APIs. The breakpoint exception code is 0x80000003.
• Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway.
• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
• Adds support for certain new Windows Mixed Reality motion controllers.
• Addresses an issue that causes apps that use Dynamic Data Exchange (DDE) to stop responding when you attempt to close the app.
• Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID.
• Addresses an issue with setting the "Restrict delegation of credentials to remote servers" Group Policy with the "Restrict Credential Delegation" mode on the Remote Desktop Protocol (RDP) client. As a result, the Terminal Server service tries to use "Require Remote Credential Guard" mode first and will only use "Require Restricted Admin" if the server does not support "Require Remote Credential Guard".
• Addresses an issue in Windows Subsystem for Linux (WSL) that generates an "Element not found" error when you try to start WSL.
• Addresses an issue with certain WWAN LTE modems that might show no internet connection in the notification area after waking from sleep or hibernation. Additionally, these modems might not be able to connect to the internet.

This update is automatically offered as optional by Windows Update, and may be downloaded and installed by the user. This update is also available in the Microsoft Update Catalog (but not in WSUS). Microsoft strongly recommends that you install the latest service stack update (SSU)  KB4577266 before you install the latest cumulative update (LCU). For this update, Microsoft indicates that users of the Microsoft Input Method Editor (IME) for Chinese and Japanese may receive an error, or the application may stop responding or close when they try to drag the mouse.

Microsoft has also released an update directly to the Windows Update Client to improve its reliability. This is rolled out outside of Windows Update if the machine is compatible and not an LTSC variant and updates have not been blocked by GPO.