Improvements and fixes
This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
Addressed issue where the PC Settings pages do not display the correct options after the installation of KB3213986 and a language pack.
Addressed issue where fonts appear differently based on whether an app uses Graphics Device Interface (GDI) or GDI Plus.
Addressed issue where applications that use msado15.dll stop working after installing security update KB4015550.
- Addressed issue that causes a device to become unresponsive when users try to enable end-user-defined characters (EUDCs).
- Addressed issue that causes a device to crash every time a user logs off from a remote session using a Virtual Desktop Agent (VDA).
- Addressed issue where changing the scaling setting of the display prevents DPI-aware tools (Notepad, MS Paint, etc.) from accepting input or drawing correctly when using the Japanese IME.
- Addressed issue that causes Windows Explorer’s CPU usage to be at 20% when an executable file is hosted on a file share and its Offline attribute is set.
- Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports incompatible with third-party Security Information and Event Management software.
- Addressed issue where the BitLocker Drive Encryption wizard shows the "Choose which encryption mode to use" page even when the BitLocker GPO is enabled.
- Addressed issue where AppLocker fails to block binaries with revoked certificates.
- Addressed issue where a virtual machine (VM) loses network connectivity if the VM does not send Address Resolution Protocol packets for five minutes and the VM is connected to a wireless NIC.
- Addressed issue that causes the loss of a VPN connection when using a computer with an integrated WAN card (cellular card).
- Addressed issue where multipath I/O did not properly restore service after the check condition "Illegal request, LUN not available (sense codes 05/25/00)" occurs.
Addressed issue where a Stop 0x27 error occurs after a user provides the domain username and password.
Addressed issue where users can create folders on a USB flash drive when "Deny write access" is set for Removable Storage Access.
- Addressed an issue where crash dump generation hangs at 0% on a system with over 750 GB of physical memory and Hyper-V enabled.
- Addressed an issue with a paging file space leak that leads Windows to a crash, blue screen, or data loss.
- Addressed issue that prevents access to a website when Automatic Rebind of Renewed Certificate and Directory Service Mapper are enabled.
- Addressed a crash in Services.exe with the error code “0xc0000374 - A heap has been corrupted,” and requires a system restart.
- Addressed issue where Windows Defender anti-virus definitions, which are regulated by the network, prevent other updates (LCU, drivers) from being downloaded.
- Addressed issue that prevents Internet Explorer 11 from following redirects when the Include-Referer-Token-Binding-ID header is set to “true.”
- Addressed issue that causes users to get logged out from a Web-application intermittently.
- Updated Internet Explorer 11’s New Tab Page with an integrated newsfeed.
Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See Advisory 4010323 for more information.
- Addressed additional issues with the Windows Shell, enterprise security, Datacenter Networking, storage networking, Internet Information Services, Active Directory, clustering, Windows Server, the client platform, and Internet Explorer.
- Security updates to Windows COM, Windows SMB Server, Windows server, Internet Explorer, and Microsoft Edge.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
Known issues in this update
End User Defined Characters (EUDC) may not be visible in some applications.
There is not yet a mitigation for this issue. We are working on a fix and will make it available for download when ready.
|This security update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected.||Microsoft is working on a resolution and will provide an update in an upcoming release. For more information about this issue, see the following section.|
How to get this update
This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.