June 21, 2018—KB4284822 (OS Build 16299.522)

Applies to: Windows 10, version 1709

Improvements and fixes


This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addresses an application performance degradation issue in operating system functions. This degradation locks and frees large blocks of memory (such as VirtualLock and Heapfreeafter installing KB4056892 and superseding fixes.
  • Addresses performance regression in App-V that slows many actions in Windows 10. 
  • Adds a new MDM Policy, “DisallowCloudNotification", for enterprises to turn off Windows Notification traffic. 
  • Changes the music metadata service provider used by Windows Media Player. 
  • Addresses an issue with the placement of text symbols in right-to-left languages. 
  • Addresses an issue with editing web password fields using a touch keyboard. 
  • Adds a Group Policy that provides the ability to hide recently added apps from the Start menu. 
  • Updates the Segoe UI Emoji font to use a water gun to represent a pistol emoji. 
  • Addresses a reliability issue with resuming from hibernation. 
  • Addresses an issue where SmartHeap doesn't work with UCRT. 
  • Addresses an issue to ensure that Windows Defender Application Guard endpoints comply with regional policies. 
  • Increases the user account minimum password length in Group Policy from 14 to 20 characters. 
  • Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager. 
  • Addresses an issue where an Azure Active Directory account domain change prevents customers from logging on. 
  • Addresses an issue that displays unnecessary “Credential Required” and “Do you want to allow the app to access your private key?” messages. This issue occurs when running a Universal Windows Platform (UWP) application. 
  • Addresses an issue that causes the LSASS service to become unresponsive, and the system needs to be restarted to recover. 
  • Addresses an issue where client applications running in a container image don't conform to the dynamic port range. 
  • Adds a new registry key that prevents access to the Internet using WWAN if a non-routable ethernet is connected. To use this new registry key, add IgnoreNonRoutableEthernet” (Dword) on HKEY_LOCAL_MACHINE\Software\Microsoft\Wcmsvc using regedit, and set it to 1. 
  • Adds a new registry key that allows customers to control access to the Internet using WWAN without using the default connection manager. To use this new registry key, fMinimizeConnections” (Dword) on HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WcmSvc\Local using regedit, and set it to 0. 
  • Addresses an issue that prevented ISO/DVD mounts and eject from working using VM settings and Powershell because of menu transition issues in VMConnect. 
  • Addresses an issue where restarting the Hyper-V host with Hyper-V Replica (HVR) enabled could cause replication to stop. It may also require a manual restart to resume the replication from a suspended state. The replication state should be normal after the Hyper-V host/VMMS is restarted. 
  • Addresses an issue that might cause the Mitigation Options Group Policy client-side extension to fail during GPO processing. The possible errors are “Windows failed to apply the MitigationOptions settings. MitigationOptions settings might have its own log file” or “ProcessGPOList: Extension MitigationOptions returned 0xea.” This issue occurs when Mitigation Options have been defined using Group Policy, the Windows Defender Security Center, or the PowerShell Set-ProcessMitigation cmdlet. 
  • Addresses an issue that causes a connection failure when a Remote Desktop connection doesn’t read the bypass list for a proxy that has multiple entries. 
  • Addresses an issue where Windows Defender Security Center and the Firewall Pillar app stop working when opened. This is caused by a race condition that occurs if third-party antivirus software has been installed.
  • Addresses an issue that causes Task Scheduler tasks configured with an S4U logon to fail with the error, "ERROR_NO_SUCH_LOGON_SESSION/STATUS_NO_TRUST_SAM_ACCOUNT".
  • Addresses an issue in which Wi-Fi credentials must be entered each time a device restarts and tries to reconnect to Wi-Fi using Group Policy-distributed Preferred Network Profiles.

  • Addresses an issue that caused devices that installed KB4103727 (May 8, 2018 update) to become unresponsive at the device's OEM logo before starting Windows. Before installing this update, a power cycle is required for the affected devices to recover.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

Known issues in this update


Symptom Workaround
Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you've created and Device Guard is enabled

After evaluation, Microsoft has determined that this is a low probability and a low-risk issue, and we will not provide a solution at this time for Windows 10, version 1709. 

If you believe that you are affected by this issue, please contact Microsoft Support.

When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:

  • "Cannot use '&' or '.' operators to invoke a module scope command across language boundaries."
  • "'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery."

After evaluation, Microsoft has determined that this is a low probability and a low-risk issue, and we will not provide a solution at this time for Windows 10, version 1709. 

If you believe that you are affected by this issue, please contact Microsoft Support.

After installing this update on a DHCP Failover Server, Enterprise clients may receive an invalid configuration when requesting a new IP address.  This may result in loss of connectivity as systems fail to renew their leases.

This issue is resolved in KB4345420.

How to get this update


To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

 

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4284822.