Improvements and fixes
This non-security update includes improvements and fixes that were a part of KB4056895 (released January 8, 2018) and also includes these new quality improvements as a preview of the next Monthly Rollup update:
Addresses issue where every smart card logon to a Windows Terminal Server/Remote Desktop Server may result in a handle leak in the certprop service. Token leaks result in session leaks on computers that have installed MS16-111/KB3175024 and superseding fixes.
Addresses issue where servers running AppLocker stop working.
Addresses issue where an unexpected system restart occurs because of exception code 0xc0000005 (Access Violation) in LSASS.exe, where the faulting module is cryptnet.dll.
Addresses issue where, if the Online Certificate Status Protocol (OCSP) renewal date comes after the certificate expiration date, the OCSP-stapled response is used until the renewal date even though the certificate has expired.
Addresses multiple symptoms that occur during power transitions including a stop error 0x9F (0000009F) when a device tries to enter sleep mode or restart. USB PnP devices may also be unusable after waking from sleep.
Addresses issue where the iSCSI Initiator Properties Devices list doesn't display certain targets.
Addresses issue where Event ID 1511 appears when you start a task that is created in Task Scheduler.
Addresses issue where a race condition in memory management may lead to Error 0x50 or 0x149 when trimming sparse files.
Addresses issue where AD FS incorrectly processed the wct parameter in a ws-federation request as a local time instead of a UTC value. This affects customers that federate AD FS with other third-party identity providers. Authentication failed because incorrect wct values implied bad or old requests.
- Addresses issue where attempts to view the previous versions of a file on a file share fail. This occurs after a disk that hosts file shares goes offline and comes back online.
Addresses the following issues with the WinRM service:
- A threading issue that may cause the WinRM service to crash under load. This is a client-side solution, so you must apply it to the affected computers(s) and the computers that communicate with the WinRM service.
- A system performance issue that may cause logon to stop responding with the message, "Please wait for the Remote Desktop Configuration". This was caused by a deadlock in the WinRM service.
Addresses issue originally called out in KB4056895 where calling CoInitializeSecurity with the authentication parameter set to RPC_C_AUTHN_LEVEL_NONE resulted in the error STATUS_BAD_IMPERSONATION_LEVEL.
For more information about the resolved security vulnerabilities, see the Security Update Guide.
Known issues in this update
|Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.|| |
Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following REGKEY on the computer:
After installing this update, some systems running both PIC and APIC interrupt controllers may experience system crashes.
|This issue is resolved in KB4077561|
|Editing some group policies using GPMC or AGPM 4.0 may fail with error "The data present in the reparse point buffer is invalid. (Exception from HRESULT: 0x80071128)" after installing this update on a domain controller.||This issue is resolved in KB4074594.|
How to get this update
This is provided as an Optional update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.
For a list of the files that are provided in this update, download the file information for update 4057401.