Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.
IMPORTANT: Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the Lifecycle Policy page. Windows 10 Anniversary Update (v. 1607) devices running the Intel “Clovertrail” chipset will continue to receive updates until January 2023 per the Microsoft Community blog.
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
- Addresses an issue that causes Internet Explorer security and certificate dialogs to display prompts in the background instead of the foreground in certain circumstances.
- Makes the visibility Group Policy for the Settings Page available under User Configuration and Computer Configuration. The GPOs are at the following paths:
- User Configuration/Administrative Template/Control Panel/Settings Page Visibility
- Computer Configuration/Administrative Template/Control Panel/Settings Page Visibility
- Addresses an issue with showing the correct changes to folder contents on some Network Attached Storage (NAS) configurations.
- Addresses an issue with the diagnostic pipeline for devices enrolled in Windows Analytics when the CommercialID registry key, "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" is present.
- Addresses an issue that prevents the App-V client’s scheduled task from syncing if the Device Guard lockdown policy is enabled.
- Addresses an issue that causes login to fail when using a smart card to log in to a Remote Desktop Server. The error is “STATUS_LOGON_FAILURE”.
- Addresses an issue that sometimes causes event log entries to appear corrupted for the following:
- Microsoft-Windows-Kerberos-Key-Distribution-Center source.
- Event IDs 4933, 4928, and 4937.
- Addresses an issue that occurs when using encrypted email. If the customer selects Cancel when first prompted for a PIN, multiple PIN prompts appear before the prompt finally goes away.
- Addresses an issue that causes a Direct Access connection to fail when the client authentication certificate is stored in the TPM device.
- Addresses an issue that causes the system to log negative events for drivers that are valid and should be trusted. The issue occurs when running Windows Defender Application Control (Device Guard) in audit mode.
- Addresses an issue that causes a Remote Desktop Session Host server to occasionally stop responding during login.
- Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) process to stop working when attempting to process a malformed security identifier (SID).
- Addresses an issue that causes printing to an open or existing file to fail without displaying an error message. This issue occurs when using Microsoft Print to PDF or XPS Document Writer.
- Addresses an issue that may cause a DNS server to return an error to a query when handling a large recursive response that requires truncation.
- Addresses an issue that prevents running subsequent actions when you create multiple actions in a task using Task Scheduler and the task is scheduled under the Stop the existing instance rule.
- Addresses an issue with a task that has a repetition setting. The task isn't scheduled and doesn't start after disabling and re-enabling the it. The Next Run Time in Task Scheduler shows the correct time, but the task doesn't start at that time.
- Addresses an issue with a scheduled task that has an indefinite duration. The task starts immediately after it's created instead of at the time set on the Triggers tab.
- Addresses an issue where a daily, repetitive task starts unexpectedly when the task is first created or starts when the task is updated.
- Addresses an issue that occurs when a guest Service Host (svchost) stops working in Windows Server 2016. The Hyper-V time synchronization service (vmictimesync) in the guest may stop working, and a time sync issue may occur. The guest would then be vulnerable to time drift because of inaccurate hardware or incorrect Network Time Protocol (NTP) samples.
- Addresses an issue that prevents the lastLogonTimestamp attribute of new Active Directory users from updating. This issue occurs when performing LDAP simple binds against a Windows Server 2016 domain controller.
- Addresses an Active Directory Certificate Services (AD CS) issue that causes certificate enrollment requests from some enterprise routers to the MSCEP/NDES server to fail. The requests fail with the error "The Network Device Enrollment Service cannot convert encoded portions of the client's http message (or request body for POSTPKIOperation), or the converted message (or request body for POSTPKIOperation) is larger than 64K (%1). %2".
- Addresses an Active Directory Domain Services (AD DS) Privileged Access Management issue that may cause a user to retain association with the configured shadow principal beyond the configured Time to Live (TTL). This issue occurs when a DC is promoted while the TTL is valid.
- Addresses an issue that causes Windows Server Backup to fail when backing up two volumes together in one location on NetApp.
- Addresses an issue where Windows Server Backup fails to restore backups for Microsoft Exchange 2016.
- Addresses an issue where creating a Client Access Point may take a long time when a firewall blocks access to child domain controllers.
- Addresses memory leaks in the Cluster Health Service.
- Addresses an issue that may cause an error when you attempt to access an NFS share.
- Addresses an issue where opening Explorer view on a SharePoint server site using TMG proxy fails. This issue occurs when the server requires SSL and TLS client certificate authentication and sends trusted CA issuer lists.
- Addresses an issue that may cause a system to stop working when you mount an NFS drive using the command line with the option -u -p. This issue occurs if the length of the password is different from the length of the domain name.
- Addresses an issue that may cause setup to fail during OEM-OOBE implementation if French or Spanish language setting is selected on the Hyper-V host.
- Addresses an issue that displays the report date as "Unknown" in the Remote Desktop License Manager.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue in which all Guest Virtual Machines running Unicast NLB fail to respond to NLB requests after the Virtual Machines restart.
Addresses an issue that causes many input and output (I/O) failures when QoS is enabled. The system does not attempt a retry, and the error code is “STATUS_Device_Busy”. This occurs during the periodic failover if Windows Cluster uses storage pool and Multipath I/O (MPIO) is enabled. After installing this update, you can create a registry key (Red_DWORD) with the value “0x1” to allow a retry. The registry path is “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorPort\QoSFlags “
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.
Known issues in this update
|After installing this update, installing Window Server 2019 Key Management Service (KMS) host keys (CSVLK) on Window Server 2016 KMS hosts does not work as expected.||Microsoft is working on a resolution and will provide an update in an upcoming release.|
How to get this update
Before installing this update
Windows cumulative updates require that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). This helps to mitigate potential issues while installing the LCU. For more information, see Servicing stack updates.
Install this update
To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.
To get the standalone package for this update, go to the Microsoft Update Catalog website.
For a list of files provided in this update, download the file information for cumulative update 4457127.