- Updates an issue with Windows Mixed Reality that occurs after upgrading to a new version of Microsoft Edge.
- Updates an issue that causes a device to repeatedly go into the Windows Out Of Box Experience (OOBE) restart loop in certain situations.
- Updates an issue that causes the touch keyboard to close when you select any key.
- Updates an issue that prevents users from reducing the size of a window in some cases.
- Updates an issue that changes the user-customized order of tiles in the Start menu even though the layout is locked or partially locked.
- Updates an issue that causes the Settings page to close unexpectedly.
- Updates an issue that might prevent a user’s settings from syncing across devices.
Improvements and fixes
This non-security update includes quality improvements. Key changes include:
- Addresses an issue with Windows Mixed Reality that occurs after upgrading to a new version of Microsoft Edge.
- Addresses an issue with download notifications that have multiple short-duration tabs and redirects.
- Addresses an issue that causes the Microsoft Windows Search Indexer (searchindexer.exe) to add or repair required access control lists (ACLs) without checking if ACLs exist.
- Addresses an issue that causes a device to repeatedly go into the Windows Out Of Box Experience (OOBE) restart loop in certain situations.
- Addresses an issue with syncing settings from the Accounts page when the "Continue experiences on this device" Group Policy is disabled.
- Addresses an issue that prevents software Indirect Display drivers from being signed with more than one certificate.
- Addresses an issue with a memory leak in ctfmon.exe that occurs when you refresh an application that has an editable box.
- Addresses an issue that, in some instances, prevents the Language Bar from appearing when the user signs in to a new session. This occurs even though the Language Bar is configured properly.
- Addresses an issue that causes the touch keyboard to close when you select any key.
- Addresses an issue that prevents users from reducing the size of a window in some cases.
- Addresses an issue that changes the user-customized order of tiles in the Start menu even though the layout is locked or partially locked.
- Addresses an issue with incorrect permissions on a user’s class registry keys that might prevent users that have local or roaming user profiles from opening files, links, and applications.
- Addresses an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set properly.
- Addresses an issue that causes Windows Search to close unexpectedly when a Group Policy applies sub-groups to the Start menu layout.
- Addresses an issue with the multifactor unlock policy of Windows Hello for Business that fails to show the default option to sign in on Windows 10 devices.
- Addresses an issue that prevents a remote PowerShell session job from reporting that the session on the target machine has ended.
- Addresses an issue with a handle leak in the EnableTraceEx2() function.
- Addresses an issue that prevents Internet Explorer from opening when Microsoft User Experience Virtualization (UE-V) is being used to roam many favorites.
- Improves the reliability of the UE-V AppMonitor.
- Addresses an issue that might prevent a user’s settings from syncing across devices.
- Addresses an issue that causes the Local Security Authority Subsystem Service (LSASS) process to stop working when you sign in using an updated user principal name (UPN) (for example, changing UserN@contoso.com to User.Name@contoso.com). The error code is, “0xc0000005 (STATUS_ACCESS_VIOLATION).”
- Addresses an issue with unsigned program files that will not run when Windows Defender Application Control is in Audit Mode, but will allow unsigned images to run.
- Addresses an issue that might cause the Print Management console to display script errors when you enable the Extended View option.
- Addresses an issue with the Always On Virtual Private Network (VPN) that fails to remove the Name Resolution Policy Table (NRPT) rules after you disconnect.
- Addresses an issue with AppContainer firewall rules that leak when guest users or mandatory user profile users sign in and sign out from Windows Server.
- Addresses an issue that causes some systems to stop responding when operating embedded MultiMediaCard (eMMC) storage devices.
- Addresses an issue with ntdsutil.exe that prevents you from moving Active Directory database files. The error is, “Move file failed with source <original_full_db_path> and Destination <new_full_db_path> with error 5 (Access is denied.)”
- Addresses an issue in which netdom.exe fails to correctly identify trust relationships when an unconstrained delegation is explicitly enabled by adding bitmask 0x800 to the trust object. The bitmask setting is required because of security changes to the default behavior of unconstrained delegations in Windows updates released on or after July 8, 2019. For more information, see KB4490425 and 184.108.40.206.9 trustAttributes.
- Addresses an issue that uses an incorrect number of bytes to perform backups across partitions; this causes backups to fail even when there is adequate space.
- Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
- Addresses an issue with the Windows Out of Box Experience (OOBE) phase of setup for a new device. When you use the Input Method Editor (IME) for Chinese, Japanese, or Korean languages, you might not be able to create a local user account.
- Addresses an issue that corrupts a log file when a storage volume is full and data is still being written to the Extensible Storage Engine Technology (ESENT) database.
- Addresses an issue that might cause the Application Virtualization (App-V) Streaming Driver (appvstr.sys) to leak memory when you enable Shared Content Store (SCS) mode.
- Improves the performance of block cloning for the Resilient File System (ReFS) in scenarios that involve a large number of operations on ReFS-cloned files.
- Addresses an issue in which code refactoring breaks optimization for writing metadata, which increases Logical Volume Integrity Descriptors (LVID).
- Addresses an issue related to the I/O request queue.
- Addresses an issue that prevents any peripheral device from functioning correctly when it has I/O Advanced Programmable Interrupt Controller (APIC) interrupts.
- Adds support for modern credentials that don’t require passwords (Fast Identity Online 2 (FIDO2) security keys) in hybrid Azure Active Directory-joined environments.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.
Known issues in this update
|Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.|| |
Do one of the following:
|After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND."|| |
Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
Microsoft is working on a resolution and will provide an update in an upcoming release.
How to get this update
Before installing this update
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Install this update
|Release Channel||Available||Next Step|
|Windows Update or Microsoft Update||Yes||Go to Settings > Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.|
|Microsoft Update Catalog||Yes||To get the standalone package for this update, go to the Microsoft Update Catalog website.|
|Windows Server Update Services (WSUS)||No|| |
You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.
For a list of the files that are provided in this update, download the file information for cumulative update 4534321.
Note Some files erroneously have “Not applicable” in the “File version” column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.