Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.
IMPORTANT: Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the Lifecycle Policy page. Windows 10 Anniversary Update (v. 1607) devices running the Intel “Clovertrail” chipset will continue to receive updates until January 2023 per the Microsoft Community blog.
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
- Updates the music metadata service provider used by Windows Media Player.
- Addresses an issue from the March 2018 update that prevents the correct lock screen image from appearing when the following GPO policies are enabled:
- Computer Configuration\Administrative Templates\Control Panel\Personalization\Force a specific default lock screen and logon image
- Computer Configuration\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image
- Addresses an issue that prevents users of PIV/CAC smart cards from authenticating to use enterprise resources or prevents Windows Hello for Business from configuring on first logon.
- Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.
- Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.
- Addresses an issue that causes PowerShell scripts to stop working when attempting operations such as Get-Credentials.
- Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.
Addresses a Windows Task Scheduler issue that occurs when setting up an event to start on a specific day of the month. Instead of starting on the specific day of the month you selected, the event starts one week ahead of schedule. For example, if you set an event to start on the third Tuesday of August 2018, instead of starting on 08/21/18, the event starts on 08/14/18.
Addresses an issue that prevents Hypervisor from automatically launching on restart when running a nested or non-nested virtualization scenario after enabling Device Guard.
- Addresses an issue that causes the event viewer for Microsoft-Windows-Hyper-V-VMMS-Admin to receive excessive Event ID 12660 “Cannot open handle to Hyper-V storage provider” messages. This issue occurs when performing migration testing on a Windows Server 2016 S2D Cluster Platform. As a result, events are deleted after three hours when the event log size reaches 1 MB.
- Addresses an issue that causes virtual functions (VF) to be unintentionally removed when a virtual machine (VM) is saved in Hyper-V Manager. This issue occurs when assigning and loading multiple virtual functions to a single VM during live migration on Windows Server 2016. Saving the VM doesn’t result in a normal shutdown of the virtual functions and doesn’t allow the VF driver to have backchannel communication with the physical function (PF).
- Addresses an issue that causes an Azure to on-premise failback operation to fail and puts the virtual machine (VM) into an unresponsive state. This issue occurs if the failback is interrupted by an event such as restarting the Virtual Machine Management Service (VMMS) or restarting the host machine. The failback operation then continues to fail even when the VMMS is running.
- Addresses an Active Directory Federation Services (AD FS) issue where Multi-Factor Authentication does not work correctly with mobile devices that use custom culture definitions.
- Addresses an issue in Windows Hello for Business that causes a significant delay (15 seconds) in new user enrollment. This issue occurs when a hardware security module is used to store an ADFS Registration Authority (RA) certificate.
- Addresses an Active Directory Domain Services (AD DS) issue that causes Local Security Authority Subsystem Service (LSASS) to stop working intermittently. This issue occurs when a custom component binds over Transport Layer Security (TLS) to a Domain Controller using Simple Authentication and Security Layer (SASL) EXTERNAL authentication.
- Addresses an issue that generates Event ID 2006 and prevents the Windows Performance counter from reading Server Message Block (SMB) performance counters. This issue occurs when Hot-Plug is enabled for CPUs on Windows 2016 virtual machines.
- Addresses an issue that causes users to disconnect from a remote session when the Remote Desktop Gateway service stops working.
- Addresses an issue that causes svchost.exe to stop working intermittently. This issue occurs when the SessionEnv service is running, which causes a partial load of the user’s configuration during a Remote Desktop session.
- Addresses an issue that may cause the server to be restarted because the system nonpaged pool consumes too much memory.
- Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
Addresses an issue that prevents a drive from being made writable even after BitLocker encryption has completed. This issue occurs when using the FDVDenyWriteAccess policy.
Addresses an issue that occasionally displays a blue screen instead of the lock screen when a device wakes up from sleep.
Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.
Addresses an issue that occurs when performing backup of a Virtual Machine (VM) or removing VM snapshots in a guest OS on Windows Server 2016. A “153 disk error” appears because the I/O takes longer than expected.
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, see the Security Update Guide.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
How to get this update
To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Prerequisite: The servicing stack update (SSU) (KB4132216) must be installed before installing the latest cumulative update (LCU) (KB4343884). The LCU will not be reported as applicable until the SSU is installed.
For a list of the files that are provided in this update, download the file information for cumulative update 4343884.