June 27, 2019—KB4501375 (OS Build 18362.207)

Applies to: Windows 10, version 1903Windows Server version 1903

Improvements and fixes


This update includes quality improvements. Key changes include:

  • Addresses an issue with Hyper-V virtualization on a specific AMD CPU Stepping.
  • Addresses an issue that fails to display the cursor when you hover over the keyboard magnifier. 
  • Addresses an issue with looping redirects between Microsoft Edge and Internet Explorer 11. 
  • Addresses an issue with Scalable Vector Graphics (SVG) marker display. 
  • Addresses an issue with programmatic scrolling in Internet Explorer 11. 
  • Addresses an issue with displaying portions of a webpage that has many elements and multiple nesting levels under certain conditions in Internet Explorer. 
  • Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi or .msp files on a virtual drive. 
  • Addresses an issue that may cause Night light, Color Management profiles, or gamma correction to stop working after shutting down a device. 
  • Addresses an issue that only shows grey scale in the camera during Windows Hello enrollment. 
  • Addresses an issue that may cause playback of some video content generated by iOS devices to fail. 
  • Addresses a desktop and taskbar flickering issue on Windows Server 2019 Terminal Server that occurs when using User Profile Disks. 
  • Addresses an issue that allows users to disable the sign-in background image when the "Computer\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image" policy is enabled. 
  • Addresses a disconnection issue when using fitness software on an Android phone that has the Your Phone application installed. 
  • Addresses an issue that prevents the Windows Event Log service from processing notifications that the log is full. This makes event log behaviors, such as archiving the log when it reaches a maximum file size, impossible. Additionally, the Local Security Authority (LSA) cannot handle CrashOnAuditFail scenarios when the Security log is full, and events cannot be written. 
  • Addresses an issue that causes Office 365 applications to stop working after opening when they are deployed as App-V packages. 
  • Addresses an issue that may prevent Container Hosts from receiving an address from a Dynamic Host Configuration Protocol (DHCP) server. 
  • Addresses an issue that may prevent some upgrades from Windows 7 from completing successfully when third-party antivirus software is installed. 
  • Reinforces the Certificate Revocation List (CRL) on Internet Key Exchange version 2 (IKEv2) machines for certificate-based virtual private network (VPN) connections, such as Device Tunnel, in an Always On VPN deployment. 
  • Addresses an issue that triggers a Group Policy update even when there are no policy changes. This issue occurs when using the client-side extension (CSE) for folder redirection. 
  • Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
  • Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.
  • Unpins, by default, the Microsoft Store app from the taskbar for Windows 10 Home users that do not use a Microsoft account.
  • Addresses an issue with WinHTTP registrations that increase the registry size and delay the operating system’s startup. This occurs on devices that use proxy auto-config (PAC) files to define how web browsers and agents select an appropriate proxy server. To stop the incremental growth of the registry, update the following:

Path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

Setting: CleanupLeakedContainerRegistrations

Type: DWORD

Value: 1

A value of 1 removes preexisting registrations; a value of 0 (default) retains existing registrations.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Known issues in this update


Symptom Workaround
Windows Sandbox may fail to start with "ERROR_FILE_NOT_FOUND (0x80070002)" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

This issue is resolved in KB4512941.

The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the Application section of Windows Logs in Event Viewer with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.

This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.

This issue is resolved in KB4505903.

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error "Status: 0xc0000001, Info: A required device isn't connected or can't be accessed" after installing this update on a WDS server.

This issue is resolved in KB4512941.

Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after installation of this update. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

This issue is resolved in KB4512941.

How to get this update


Before installing this update

Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For more information, see Servicing stack updates.

If you are using Windows Update, the latest SSU (KB4506933) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Install this update

To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4501375