Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.
IMPORTANT: Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the Lifecycle Policy page. Windows 10 Anniversary Update (version 1607) devices running the Intel “Clovertrail” chipset will continue to receive updates until January 2023 per the Microsoft Community blog.
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
- Addresses additional issues with updated time zone information.
- Addresses an issue that causes Internet Explorer dialogs on a second monitor to also appear on the primary monitor when using extended display.
- Addresses an issue that prevents adding performance counters to the Performance Monitor on systems with many processors.
- Addresses an issue that causes sporadic authentication issues when using Web Account Manager.
- Addresses an issue that causes BitLocker to go into recovery mode when updates are applied.
- Addresses an issue that can cause excessive memory usage when using smart cards on a Windows Terminal Server system.
- Addresses an issue that makes it impossible to revert to a virtual machine checkpoint. Reapplying the checkpoint fails with an error.
- Enables the Visual Studio IntelliTrace step-back feature to take snapshots of an application whose debug platform target is set to x86.
- Ensures that CPU Groups function properly.
- Addresses an issue where querying the Hyper-V Dynamic Memory Integration Service\Maximum Memory, Mbytes performance counter always returns 0 instead of returning the maximum configured RAM for a VM.
- Addresses an issue that causes a VM to throw an error after creating the VM with static memory. This occurs when you enable HYPER-V and disable NUMA in the BIOS on a physical machine that has more than 64 logical processors. The error is “The data is invalid. (0x8007000D)”, and the VM fails to start.
- Addresses an issue with ADFS that causes an IdP-initiated login to a SAML relying party to fail when PreventTokenReplays is enabled.
- Addresses an issue where PolicySOM (WMI policy provider) consumes all available dynamic ports on UDP, which causes affected machines to become unresponsive. The component that doesn’t close the sockets properly is the LDAP client.
- Addresses an issue where an NDES server connection to ADCS sometimes doesn't automatically reconnect after the ADCS server restarts. If this occurs, new devices won't be issued certificates without restarting the NDES server.
- Addresses an ADFS issue that occurs when OAUTH authenticates from a device or browser application. A user password change generates a failure and requires the user to exit the app or browser to log in.
- Addresses an issue where enabling Extranet Smart Lockout in UTC +1 and higher (Europe and Asia) did not work. Additionally, it causes normal Extranet Lockout to fail with the following error:
Get-AdfsAccountActivity: DateTime values that are greater than DateTime.MaxValue or smaller than DateTime.MinValue when converted to UTC cannot be serialized to JSON.
- Addresses an issue where disks that have been blacklisted or marked as bad will be ignored and not be repaired when a user invokes S2D Repair. The Repair-S2D cmdlet will now work on a single node when the -RecoverUnboundDrives parameter isn't passed.
- Addresses an issue that causes docker builds to fail with the error message “hcsshim::ImportLayer failed in Win32: The system cannot find the path specified.”
- Addresses an issue where Windows 10 clients that authenticate to 802.1x WLAN access points fail to apply Group Policy permissions, run scripts, or retrieve roaming profiles at user logon. This occurs because Kerberos authentication fails for \\domain\sysvol, \\domain\netlogon, and other DFS paths.
- Addresses an issue with default applications that reset for browsers on server platforms.
- Addresses an ADFS Windows Hello for business issue in which new users are not able to provision their PIN. This occurs when no MFA provider is configured.
- Complies with the size of the Capacity Data sent by the device (up to 32 bytes).
- Enhances the security of algorithms used by Windows Hello when performing facial recognition.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, see the Security Update Guide.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.
Known issues in this update
Reliability issues have been observed during the creation of shielded VMs and the required artifacts for their deployment. There are also reliability issues for the Shielding File Wizard with or without the SCVMM interface.
Note: Existing shielded VMs and HGSs are not affected.
|This issue is resolved in KB4284880.|
How to get this update
To download and install this update, go to Settings > Update & Security > Windows Update and select Check online for updates from Microsoft Update.
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Important When installing both the servicing stack update (SSU) KB4132216 and the latest cumulative update (LCU) from the Microsoft Update Catalog, install the SSU before installing the LCU.
For a list of the files provided in this update, download the file information for cumulative update 4103720.