Related topics
×
Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Release Date:

9/02/2021

Version:

OS Build 14393.4225

NEW 8/5/21
EXPIRATION NOTICE

IMPORTANT As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update.

NEW 2/12/21
Important There is a Known Issue that halts the installation progress of the February 9, 2021 security update. To address this issue, we have released a new servicing stack update (SSU), KB5001078. You must install this new SSU before installing the February 9, 2021 security update.

11/19/20
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. To view other notes and messages, see the Windows 10, version 1607 update history home page

Highlights

  • Updates for verifying usernames and passwords. 

  • Corrects historical daylight savings time (DST) information for the Palestinian Authority.

  • Updates an issue with German translations of Central European Time.

Improvements and fixes

This security update includes quality improvements. Key changes include:

  • Enables administrators to disable standalone Internet Explorer using a Group Policy while continuing to use Microsoft Edge's IE Mode.

  • Updates Internet Explorer’s About dialog to use the standard modern dialog.

  • Addresses an issue with a Service Host (svchost.exe) process that causes excessive CPU usage in some Input Method Editor (IME) language environments, such as Traditional Chinese. This issue occurs when you try to add an input method in Control Panel.

  • Corrects historical daylight savings time (DST) information for the Palestinian Authority.

  • Addresses an issue with German translations of Central European Time.

  • Addresses an issue that causes LSASS.exe to stop working because of a race condition that results in a double free error in Schannel. The exception code is c0000374, and the Event Log displays Schannel event 36888, fatal error code 20, and error state 960. This issue occurs after installing Windows updates from September 2020 and later.

  • Addresses an issue that might cause systems that use BitLocker to stop working and display the error 0x120 (BITLOCKER_FATAL_ERROR).

  • Addresses an issue that prevents scheduled tasks that have multiple actions from running again if you have previously disabled them while they were running.

  • Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.

  • Addresses an issue that incorrectly reports that Lightweight Directory Access Protocol (LDAP) sessions are unsecure in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.

  • Addresses an issue with Server Message Block (SMB). This issue incorrectly logs the Microsoft-Windows-SMBClient 31013 event in the Microsoft-Windows-SMBClient or Security event log of an SMB client when an SMB server returns STATUS_USER_SESSION_DELETED. This issue occurs when SMB client users or applications open multiple SMB sessions using the same set of Transmission Control Protocol (TCP) connections on the same SMB Server. This issue most likely occurs on Remote Desktop Servers.

  • Addresses an issue that causes the LanmanServer service to stop unexpectedly. This issue occurs if the OptionalNames registry value is set and the service restarts.

  • Addresses an issue that causes stop error 0x54 in SRV2.SYS.

  • Updates the Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) to enable Enforcement mode. For more details, see CVE-2020-1472 and How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472.

  • Addresses an issue that might prevent the cluster service from starting and generates the error “2245 (NERR_PasswordTooShort)”. This occurs if you configure the “Minimum Password Length” Group Policy with more than 14 characters. For more information, see KB4557232.

  • Addresses an issue that causes the configuration of the “Minimum Password Length” Group Policy with more than 14 characters to have no effect. For more information, see KB4557232.

  • Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows Core Networking, and Windows Hybrid Cloud Networking.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, please refer to the new Security Update Guide website.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.

Known issues in this update

Symptom

Workaround

After installing the SSU KB4601392, installation of the Cumulative Update from Windows Update might not progress past 24%.

This issue was resolved in KB5001078.

To mitigate this issue on devices that have already installed KB4601392 and are not making progress installing KB4601318, restart your device and then follow only steps 1, 2 and 4a from Reset Windows Update components manually. Then restart your device again. KB5001078 should now install from Windows Update when you select "check for updates" or you can wait for it to install automatically. You should then be able to install the latest Cumulative Update from Windows Update.

Note KB4601392 has been removed and will no longer be offered to devices.

How to get this update

Before installing this update

Prerequisite

You must install the new servicing stack update (SSU) KB5001078 before installing this cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

If you are using Windows Update, the latest SSU (KB5001078) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

Yes

This update will automatically sync with WSUS if you configure Products and Classifications as follows:

Product: Windows 10

Classification: Security Updates

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4601318

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×