June 12, 2018—KB4284819 (OS Build 16299.492)

Applies to: Windows 10, version 1709

Improvements and fixes


This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
  • Addresses an issue in Microsoft Edge that causes incorrect responses to XML requests. 
  • Adds support for the SameSite cookie web standard to Microsoft Edge and Internet Explorer. 
  • Addresses an issue with Internet Explorer that prevents it from using an updated version of location services.
  • Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:

    1. Temporarily suspending BitLocker.
    2. Immediately installing firmware updates before the next OS startup.
    3. Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
  • Addresses a binary serialization compatibility issue for the CultureAwareComparer class.
  • Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows shell, Windows storage and filesystems, Windows app platform and frameworks, Windows virtualization and kernel, Windows wireless networking, and Windows Server.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

Known issues in this update


Symptom Workaround
Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you've created and Device Guard is enabled

After evaluation, Microsoft has determined that this is a low probability and a low-risk issue, and we will not provide a solution at this time for Windows 10, version 1709.

If you believe that you are affected by this issue, please contact Microsoft Support.

When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:

  • "Cannot use '&' or '.' operators to invoke a module scope command across language boundaries."
  • "'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery."

After evaluation, Microsoft has determined that this is a low probability and a low-risk issue, and we will not provide a solution at this time for Windows 10, version 1709.

If you believe that you are affected by this issue, please contact Microsoft Support.

How to get this update


This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4284819