September 26, 2018—KB4457136 (OS Build 16299.699)

Applies to: Windows 10, version 1709

Note This update has been re-released because of a missing solution. If you installed build 16299.697, please install this newer version of OS build 16299.699.

Improvements and fixes


This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addresses an issue with the file previewer for .html, .mht, and email (MIME) attachments in Microsoft Outlook. 
  • Addresses an issue that causes Internet Explorer security and certificate dialogs to display prompts in the background instead of the foreground in certain circumstances. 
  • Addresses an issue that causes downloads to WebDAV locations to fail. 
  • Addresses an issue that causes downloads to fail because Mark of the Web (MOTW) was not supported at the download location. 
  • Addresses an issue that prevents Microsoft Narrator from accessing the contents of Windows Security dialogs displayed by a low integrity level process. 
  • Addresses an issue that, in some cases, prevents installing encrypted .appx packages. 
  • Addresses an issue that may cause the system to become unresponsive when applications call the EnableEUDC API. 
  • Addresses an issue that occurs when entering Japanese characters in a remote desktop session (mstsc.exe). 
  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. 
  • Addresses an issue with the diagnostic pipeline for devices enrolled in Windows Analytics when the CommercialID registry key, "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" is present.
  • Addresses an issue that prevents the App-V client’s scheduled task from synching if the Device Guard lockdown policy is enabled. 
  • Addresses an issue that causes login to fail when using a smart card to log in to a Remote Desktop Server. The error is “STATUS_LOGON_FAILURE”. 
  • Addresses an issue that causes a delay in unlocking or signing in to a computer that was moved to a different network. For example, a delay occurs when moving from a corporate LAN or WLAN to a home LAN where domain controllers aren't reachable. 
  • Addresses an issue that occurs when using encrypted email. If the customer selects Cancel when first asked for a PIN, multiple PIN prompts appear before the prompt finally goes away. 
  • Addresses an issue that causes a Direct Access connection to fail when the client authentication certificate is stored in the TPM device. 
  • Addresses an issue on some laptops that prevents sign-out from completing. The issue occurs when a customer signs out and immediately closes the laptop. As a result, when the laptop is reopened,  the device must be restarted. 
  • Addresses an issue that causes the system to log negative events for drivers that are valid and should be trusted. The issue occurs when running Windows Defender Application Control (Device Guard) in audit mode. 
  • Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) process to stop working when attempting to process a malformed security identifier (SID). 
  • Addresses an issue that causes logging on to a Remote Desktop Session Host Server to occasionally stop responding. 
  • Addresses an issue that causes printing to an open or existing file to fail without displaying an error. This issue occurs when using Microsoft Print to PDF or XPS Document Writer. 
  • Addresses an issue with scheduled tasks that don't start at the time that they are configured to start on a specific day of the week. 
  • Addresses an issue with a scheduled task that has an indefinite duration. The task starts immediately after it's created instead of starting at the time specified in the Triggers tab. 
  • Addresses an issue that prevents the running of subsequent actions in a task. This issue occurs when you create multiple actions in a task using Task Scheduler and the task is scheduled under the Stop the existing instance rule. 
  • Addresses an issue with a task that has a repetition setting. The task fails to be scheduled and doesn't start after disabling and re-enabling the task. The Next Run Time in Task Scheduler displays the correct time, but the task doesn't start at that time. 
  • Addresses an issue that may cause Service Control Manager (SCM) and Netlogon to stop working when one or more services are configured to run with domain credentials (service accounts).
  • Addresses an issue where a daily, repetitive task starts unexpectedly when the task is first created or starts when the task is updated.
  • Addresses an issue in which GetSystemTime() may sometimes return an invalid value after using SetSystemTime() immediately before.
  • Addresses an issue that occurs when using the “X509HintsNeeded” group policy to prepopulate the Username hint field. The Username hint field is unexpectedly empty when unlocking a machine after a successful logon. Username hint caching is expected to only work for lock and unlock scenarios and is not designed for logoff and logon scenarios.
  • Addresses an issue that fails to maintain the tile layout after upgrading to Windows 10, version 1709 from Windows 10, versions 1703 and 1607.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

Known issues in this update


Symptom Workaround

After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:

4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates

Microsoft is working on a resolution and will provide an update in an upcoming release.

How to get this update


Before installing this update

Windows cumulative updates require that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). This helps to mitigate potential issues while installing the LCU. For more information, see Servicing stack updates.

If you are using Windows Update, the latest SSU (KB4339420) will be offered to you automatically. To get the stand-alone package for the latest SSU, go to the Microsoft Update Catalog

Install this update

To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4457136