June 13, 2017—KB4022715 (OS Build 14393.1358)

Applies to: Windows 10, version 1607Windows Server 2016 Standard

Improvements and fixes


This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addressed issue where, after installing KB3164035, users cannot print enhanced metafiles (EMF) or documents containing bitmaps rendered out of bounds using the BitMapSection(DIBSection) function.  
  • Addressed issue where users may fail to access the Internet using a non-Microsoft proxy device after enabling Credential guard. The failure happens when NTLMv2 is used and the server does not send target information (TargetNameFields is 0) inside the NTLM CHALLENGE MESSAGE. 
  • Addressed issue where some Windows clients with Windows Information Protection (WIP) enabled cannot access their secured documents, such as protected documents or mail files. This may occur when the client connects to the enterprise network both directly and remotely (such as with a VPN connection). 
  • Addressed issue where Internet Explorer crashes when the Microsoft Active Accessibility application is running in the background.   
  • Addressed issue where adding a <select> element to the body of a JavaScript application crashes the application when users click the select box. 
  • Addressed an issue where certutil.exe could no longer generate an EPF file when attempting to recover a key for a version 1 style certificate. 
  • Addressed an issue where the network interface description name of a network adapter is not updated in Hyper-V after a device driver update. Management of a NIC Team or vSwitch within Hyper-V Administrator or System Center Virtual Machine Manager may be affected. 
  • Addressed issue where the Privacy Separator feature of a Wireless Access Point does not block communication between wireless devices on local subnets. 
  • Addressed issue that was causing devices to crash when hot plugging USB 3.0 Network Adapters
  • Addressed an issue where users on Windows 7 SP1 clients connecting to a Windows Server 2016 based domain controller cannot run applications such as Internet Explorer for a period of approximately 10 minutes after logging on. This issue occurs after upgrading the enterprise domain controllers to Windows Server 2016. 
  • Addressed an issue where Cluster health service fails to report fault event to MAS HM component. 
  • Addressed an issue that was not allowing users to customize the Application list in their Start menu using the Remove All Programs list from the Start menu setting.
  • Updated iDNA table to support resolving latest Unicode emoji characters from Punycode.
  • Addressed issue where after installing KB4019472, the end-user-defined characters (EUDCs) is not displayed.
  • Addressed additional issues with updated time zone information, storage file system, Windows Update logs, USB, Start menu and taskbar and Windows Shell.
  • Security updates to Microsoft Uniscribe, Windows kernel, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows Shell, Microsoft Windows PDF, Device Guard and Microsoft Edge. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Known issues in this update


Symptom Workaround

When you print a specific iframe or frame in a web page, the print output may be blank, or text is printed that resembles the following: 

404 – Not Found

 (A frame is a part of a web page or browser window that displays content independent of its container. A frame can load content independently.)

This problem has also been observed in both Internet Explorer 11, and in applications that host the IE Web Browser Control.

There is currently no workaround for this issue. However, if you print the entire web page, it will print correctly.

Microsoft is working on a resolution and will provide an update in an upcoming release. 

After a SET Virtual Switch is deployed via SCVMM and the system is rebooted, the newly deployed Virtual Switch loses the underlying Physical Adapters in the SET. This affects all QLogic BCM578 series–, 45000 series–, and 41000 series–based products.
 

The issue has been addressed in the QLogic Virtual Bus Driver (VBD) driver. For more information, see this QLogic knowledge base article or QLogic support

If an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected. Microsoft is working on a resolution and will provide an update in an upcoming release. 

For more information about the iSCSI issue, see the following section.

How to get this update


This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.