Windows 10 Version 1607 will reach end of service on April 10, 2018. Devices that are running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.
IMPORTANT: Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the Lifecycle Policy page. Windows 10 Anniversary Update (Version 1607)-based devices that are running the Intel “Clovertrail” chipset will continue to receive updates until January 2023 per the Microsoft Community blog.
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
Addresses an issue in apps that occurs when using the Japanese IME.
Addresses an issue where AppLocker publisher rules applied to MSI files don’t match the files correctly.
Addresses an issue that causes Microsoft and Azure Active Directory accounts to receive the password prompt repeatedly instead of only once.
Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.
Addresses an issue that displays name-constraint information incorrectly when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.
Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered
NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
Addresses an issue that generates certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
Addresses an issue that prevents ReFS partitions from being expanded if the volume was originally formatted using ReFS v1.
Addresses an issue that causes the host Hyper-V node to stop working when starting the hosted VM.
Addresses a Kernel deadlock that affects server availability.
Addresses an issue with Windows Update that prevents VMs from being saved after restarting or shutting down a computer after applying an update. vmms.exe doesn't wait for vmwp.exe to finish copying VM memory data.
Addresses an issue in which DTC stops responding in msdtcprx!CIConnSink::SendReceive during an XA recovery. During this failure, IXaMapper objects with identical RMIDs become corrupted.
Addresses an issue that prevents you from modifying or restoring Active Directory objects that have invalid backlink attributes populated in their class. The error you receive is, “Error 0x207D An attempt was made to modify an object to include an attribute that is not legal for its class.”
Addresses an unhandled refresh token validation issue. It generates the following error: “Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidRefreshTokenException: MSIS9312: Received invalid OAuth refresh token. The refresh token was received earlier than the permitted time in the token.”
Addresses an issue that prevents ADDS DSAC from running on a client that has PowerShell Transcripting enabled. The following error appears: “Cannot connect to any domain. Refresh or try again when connection is available.”
Addresses an issue that causes the failover of an NFS server cluster resource to take a long time if the communication from the NFS server to the NFS client is blocked. If the failover takes more than 20 minutes, stop error 0x9E (USER_MODE_HEALTH_MONITOR) occurs.
Addresses an issue that may generate a capacity reserve fault warning during cluster validation or while running the Debug-StorageSubSystem cmdlet even though enough capacity is actually reserved. The warning is "The storage pool does not have the minimum recommended reserve capacity. This may limit your ability to restore data resiliency in the event of drive failure(s)."
Addresses an issue that may cause some files to be skipped and may create duplicate files in the Work Folder locations during full enumeration sync sessions.
Addresses an issue in Windows Multipoint Server 2016 that may generate the error “The MultiPoint service is not responding on this machine. To fix the issue try restarting the machine.”
Addresses an issue that prevents User Profile Disks (UPDs) from loading. This loading failure generates the error "We can't sign into your account", and users receive a temporary profile.
- Addresses an issue that causes the high contrast theme setting to be applied incorrectly when a user logs in using RDP.
- Addresses an issue that causes a pairing problem for low-energy Bluetooth devices.
- Addresses a reliability issue with Microsoft Outlook.
- Addresses a reliability issue that occurs while pressing the Alt key when using a Microsoft Office application hosted in an ActiveX container.
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, see the Security Update Guide.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.
Known issues in this update
After you install the March 13, 2018 or later Cumulative Update for Windows 10 Version 1607, only the latest Windows 10 feature update is returned as applicable. This prevents the deployment of previously released feature updates using ConfigMgr (current branch) and Windows 10 servicing plans.
This issue is resolved in KB4103723.
Reliability issues have been observed during the creation of shielded VMs and the required artifacts for their deployment. There are also reliability issues for the Shielding File Wizard with or without the SCVMM interface.
Note: Existing shielded VMs and HGSs are not affected.
|This issue is resolved in KB4284880.|
How to get this update
To download and install this update, go to Settings > Update & Security > Windows Update, and then select Check online for updates from Microsoft Update.
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
For a list of the files that are provided in this update, download the file information for cumulative update 4093120.