June 27, 2019—KB4501375 (OS Build 18362.207)

Applies to: Windows 10, version 1903Windows Server version 1903

Improvements and fixes


This update includes quality improvements. Key changes include:

  • Addresses an issue with Hyper-V virtualization on a specific AMD CPU Stepping.
  • Addresses an issue that fails to display the cursor when you hover over the keyboard magnifier. 
  • Addresses an issue with looping redirects between Microsoft Edge and Internet Explorer 11. 
  • Addresses an issue with Scalable Vector Graphics (SVG) marker display. 
  • Addresses an issue with programmatic scrolling in Internet Explorer 11. 
  • Addresses an issue with displaying portions of a webpage that has many elements and multiple nesting levels under certain conditions in Internet Explorer. 
  • Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi or .msp files on a virtual drive. 
  • Addresses an issue that may cause Night light, Color Management profiles, or gamma correction to stop working after shutting down a device. 
  • Addresses an issue that only shows grey scale in the camera during Windows Hello enrollment. 
  • Addresses an issue that may cause playback of some video content generated by iOS devices to fail. 
  • Addresses a desktop and taskbar flickering issue on Windows Server 2019 Terminal Server that occurs when using User Profile Disks. 
  • Addresses an issue that allows users to disable the sign-in background image when the "Computer\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image" policy is enabled. 
  • Addresses a disconnection issue when using fitness software on an Android phone that has the Your Phone application installed. 
  • Addresses an issue that prevents the Windows Event Log service from processing notifications that the log is full. This makes event log behaviors, such as archiving the log when it reaches a maximum file size, impossible. Additionally, the Local Security Authority (LSA) cannot handle CrashOnAuditFail scenarios when the Security log is full, and events cannot be written. 
  • Addresses an issue that causes Office 365 applications to stop working after opening when they are deployed as App-V packages. 
  • Addresses an issue that may prevent Container Hosts from receiving an address from a Dynamic Host Configuration Protocol (DHCP) server. 
  • Addresses an issue that may prevent some upgrades from Windows 7 from completing successfully when third-party antivirus software is installed. 
  • Reinforces the Certificate Revocation List (CRL) on Internet Key Exchange version 2 (IKEv2) machines for certificate-based virtual private network (VPN) connections, such as Device Tunnel, in an Always On VPN deployment. 
  • Addresses an issue that triggers a Group Policy update even when there are no policy changes. This issue occurs when using the client-side extension (CSE) for folder redirection. 
  • Addresses an issue that may prevent the Preboot Execution Environment (PXE) from starting a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
  • Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.
  • Unpins, by default, the Microsoft Store app from the taskbar for Windows 10 Home users that do not use a Microsoft account.
  • Addresses an issue with WinHTTP registrations that increase the registry size and delay the operating system’s startup. This occurs on devices that use proxy auto-config (PAC) files to define how web browsers and agents select an appropriate proxy server. To stop the incremental growth of the registry, update the following:

Path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

Setting: CleanupLeakedContainerRegistrations

Type: DWORD

Value: 1

A value of 1 removes preexisting registrations; a value of 0 (default) retains existing registrations.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Known issues in this update


Symptom Workaround
Windows Sandbox may fail to start with "ERROR_FILE_NOT_FOUND (0x80070002)" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903. Microsoft is working on a resolution and will provide an update in an upcoming release.

The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the Application section of Windows Logs in Event Viewer with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.

This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.

To mitigate this issue, use one of the steps below, either the group policy step or the registry step, to configure one of the default telemetry settings.

Set the value for the following group policy settings:

  1. Group Policy Path: Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Allow Telemetry
  2. Safe Policy Setting: Enabled and set to 1 (Basic) or 2 (Enhanced) or 3 (Full)

Or set the following registry value:

SubKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection

Setting: AllowTelemetry

Type: REG_DWORD

Value: 1, 2 or 3

Note If the Remote Access Connection Manager service is not running after setting the Group Policy or registry key, you will need to manually start the service or restart the device.

We are working on a resolution and estimate a solution will be available in late July.

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error "Status: 0xc0000001, Info: A required device isn't connected or can't be accessed" after installing this update on a WDS server.

For mitigation instructions, see KB4512816.

We are working on a resolution and will provide an update in an upcoming release.

How to get this update


Before installing this update

Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For more information, see Servicing stack updates.

If you are using Windows Update, the latest SSU (KB4506933) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Install this update

To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4501375