Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.
Addresses an issue with printing content generated by ActiveX in Internet Explorer.
Addresses additional issues with updated time zone information.
Addresses an issue where AppLocker publisher rules that are applied to MSI files don’t match the files correctly.
Addresses an issue that prevents the system from booting when you enable LSA (lsass.exe) to run as a protected process by setting the “RunAsPPL” registry entry. Additionally, the Automatic Repair screen may appear.
Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with Audit mode turned on. Netlogon.log may show the following:
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered
NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413
Addresses an issue that generates a certificate validation error (0x800B0109 (CERT_E_UNTRUSTEDROOT)) from http.sys.
Addresses an issue that prevents PIV smart cards from being recognized.
Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
- Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Windows kernel, Windows graphics, Windows Server, Windows datacenter networking, Windows wireless hetworking, and Windows Hyper-V.
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, see the Security Update Guide.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
How to get this update
This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.
Important When installing both the servicing stack update (SSU) (KB4093430) and the latest cumulative update (LCU) from the Microsoft Update Catalog, install the SSU before installing the LCU.
For a list of the files that are provided in this update, download the file information for cumulative update 4093111.