This security update includes improvements and fixes in the functionality of Windows 10 Version 1511. It also resolves the following vulnerabilities in Windows:
3193229 MS16-125: Security update for diagnostics hub: October 11, 2016
3193227 MS16-124: Security update for Windows registry: October 11, 2016
3192892 MS16-123: Security update for kernel-mode drivers: October 11, 2016
3195360 MS16-122: Security update for Microsoft video control: October 11, 2016
3192884 MS16-120: Security update for Microsoft graphics component: October 11, 2016
3192890 MS16-119: Cumulative security update for Microsoft Edge: October 11, 2016
3192887 MS16-118: Cumulative security update for Internet Explorer: October 11, 2016
3178465 MS16-101: Security update for Windows authentication methods: August 9, 2016
Windows 10 updates are cumulative. Therefore, this package contains all previously released fixes.
If you have installed previous updates, only the new fixes that are contained in this package will be downloaded and installed to your computer. If you are installing a Windows 10 update package for the first time, the package for the x86 version is 525 MB and the package for the x64 version is 989 MB.
Known issues in this security update
After you install this security update, System Center Operations Manager (SCOM) Management Console crashes in State view.
To resolve this issue, install the following update:
3200068 Cumulative Update for Windows 10 Version 1511: October 18, 2016
After you install this security update, some DFS-N mapped network drives may be inaccessible to members of the Administrators group when UAC and EnableLinkedConnections are enabled. This occurs when the process that is attempting to access the mapped network drive, is running in a different elevation status than the process that created the mapped network drive. For example, an Explorer window, that is an unelevated process, is unable to access a mapped drive created by a logon script, that runs in an elevated context.
To resolve this issue, install the update KB4013198.
How to get this update
Method 1: Windows Update
This update will be downloaded and installed automatically.
Method 2: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
There are no prerequisites for installing this update.
You must restart the computer after you apply this update.
Update replacement information
For a list of the files that are provided in this cumulative update, download the file information for cumulative update 3192441.
This package updates the Connected User Experiences and Telemetry service to provide benefit for enterprises by using Upgrade Analytics to plan and manage the Windows upgrade process. This update includes the following:
Support to enable upload of telemetry and download of settings in an authenticated proxy environment
Support to configure a specific proxy to upload telemetry and download settings
Support for Azure Active Directory (AAD) tenant identity
The Connected User Experiences and Telemetry service collects usage and diagnostics information from Windows. You can learn more about configuring Windows telemetry in your organization here.
This update also resolves known issues that are caused by security update 3170005. For more information about the known issues, see the
Oct 2016 Update: Mitigation for known issues section in KB 3170005.
Additionally, this update uses SSL (TCP Port 443) to download manifests and upload telemetry to Microsoft that uses the following DNS endpoints:
This update contains the following two manifests that are used by the service.
ImportantFollow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
By default on Windows 10, support for sending usage and diagnostics information through an authenticated proxy is disabled. When the setting isn't disabled (0x0) through the following registry subkey, the Connected User Experiences and Telemetry service will impersonate a logged on user to authenticate with the proxy to send the information. If you are using Upgrade Analytics in a network environment that uses an authenticated proxy, we recommends configuring this setting to 0x0.
Locate and then select the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
On the Edit menu, point to New, and then click DWORD Value.
Type DisableEnterpriseAuthProxy, and then press the Enter key.
In the Details pane, right-click DisableEnterpriseAuthProxy, and then click Modify.
In the Value data box, type 0 (not disabled) or 1 (disabled), and then click OK.
You can also configure Connected User Experiences and Telemetry to forward usage and diagnostics information to a specific proxy server by using the following registry path. You can specify the FQDN or IP address of the proxy server and optionally a port number.
Locate and then select the registry subkeyHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
On the Edit menu, point to New, and then click String Value.
Type TelemetryProxy, and then press the Enter key.
In the Details pane, right-click TelemetryProxy, and then click Modify.
In the Value data box, type server:port, and then click OK.
Learn about the terminology that Microsoft uses to describe software updates.