April 10, 2018—KB4093111 (OS Build 10240.17831)

Applies to: Windows 10

Improvements and fixes


This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.

  • Addresses an issue with printing content generated by ActiveX in Internet Explorer.

  • Addresses additional issues with updated time zone information.

  • Addresses an issue where AppLocker publisher rules that are applied to MSI files don’t match the files correctly.

  • Addresses an issue that prevents the system from booting when you enable LSA (lsass.exe) to run as a protected process by setting the “RunAsPPL” registry entry. Additionally, the Automatic Repair screen may appear.

  • Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with Audit mode turned on. Netlogon.log may show the following:

    SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered

    NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM

    SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413

  • Addresses an issue that generates a certificate validation error (0x800B0109 (CERT_E_UNTRUSTEDROOT)) from http.sys.

  • Addresses an issue that prevents PIV smart cards from being recognized.

  • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.

  • Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Windows kernel, Windows graphics, Windows Server, Windows datacenter networking, Windows wireless hetworking, and Windows Hyper-V.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

Known issues in this update


Microsoft is not currently aware of any issues with this update.

How to get this update


This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.

Important When installing both the servicing stack update (SSU) (KB4093430) and the latest cumulative update (LCU) from the Microsoft Update Catalog, install the SSU before installing the LCU.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4093111.