Related topics
Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Release Date:



OS Build 14393.2457

Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.

IMPORTANT: Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the Lifecycle Policy page. Windows 10 Anniversary Update (v. 1607) devices running the Intel “Clovertrail” chipset will continue to receive updates until January 2023 per the Microsoft Community blog.

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Updates the music metadata service provider used by Windows Media Player.

  • Addresses an issue from the March 2018 update that prevents the correct lock screen image from appearing when the following GPO policies are enabled:

    • Computer Configuration\Administrative Templates\Control Panel\Personalization\Force a specific default lock screen and logon image

    • Computer Configuration\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image

  • Addresses an issue that prevents users of PIV/CAC smart cards from authenticating to use enterprise resources or prevents Windows Hello for Business from configuring on first logon.

  • Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed.

  • Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed.

  • Addresses an issue that causes PowerShell scripts to stop working when attempting operations such as Get-Credentials.

  • Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication.

  • Addresses a Windows Task Scheduler issue that occurs when setting up an event to start on a specific day of the month. Instead of starting on the specific day of the month you selected, the event starts one week ahead of schedule. For example, if you set an event to start on the third Tuesday of August 2018, instead of starting on 08/21/18, the event starts on 08/14/18.

  • Addresses an issue that prevents Hypervisor from automatically launching on restart when running a nested or non-nested virtualization scenario after enabling Device Guard.

  • Addresses an issue that causes the event viewer for Microsoft-Windows-Hyper-V-VMMS-Admin to receive excessive Event ID 12660 “Cannot open handle to Hyper-V storage provider” messages. This issue occurs when performing migration testing on a Windows Server 2016 S2D Cluster Platform. As a result, events are deleted after three hours when the event log size reaches 1 MB.

  • Addresses an issue that causes virtual functions (VF) to be unintentionally removed when a virtual machine (VM) is saved in Hyper-V Manager. This issue occurs when assigning and loading multiple virtual functions to a single VM during live migration on Windows Server 2016. Saving the VM doesn’t result in a normal shutdown of the virtual functions and doesn’t allow the VF driver to have backchannel communication with the physical function (PF).

  • Addresses an issue that causes an Azure to on-premise failback operation to fail and puts the virtual machine (VM) into an unresponsive state. This issue occurs if the failback is interrupted by an event such as restarting the Virtual Machine Management Service (VMMS) or restarting the host machine. The failback operation then continues to fail even when the VMMS is running.

  • Addresses an Active Directory Federation Services (AD FS) issue where Multi-Factor Authentication does not work correctly with mobile devices that use custom culture definitions.

  • Addresses an issue in Windows Hello for Business that causes a significant delay (15 seconds) in new user enrollment. This issue occurs when a hardware security module is used to store an ADFS Registration Authority (RA) certificate.

  • Addresses an Active Directory Domain Services (AD DS) issue that causes Local Security Authority Subsystem Service (LSASS) to stop working intermittently. This issue occurs when a custom component binds over Transport Layer Security (TLS) to a Domain Controller using Simple Authentication and Security Layer (SASL) EXTERNAL authentication.

  • Addresses an issue that generates Event ID 2006 and prevents the Windows Performance counter from reading Server Message Block (SMB) performance counters. This issue occurs when Hot-Plug is enabled for CPUs on Windows 2016 virtual machines.

  • Addresses an issue that causes users to disconnect from a remote session when the Remote Desktop Gateway service stops working.

  • Addresses an issue that causes svchost.exe to stop working intermittently. This issue occurs when the SessionEnv service is running, which causes a partial load of the user’s configuration during a Remote Desktop session.

  • Addresses an issue that may cause the server to be restarted because the system nonpaged pool consumes too much memory.

  • Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.

  • Addresses an issue that prevents a drive from being made writable even after BitLocker encryption has completed. This issue occurs when using the FDVDenyWriteAccess policy.

  • Addresses an issue that occasionally displays a blue screen instead of the lock screen when a device wakes up from sleep.

  • Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075.

  • Addresses an issue that occurs when performing backup of a Virtual Machine (VM) or removing VM snapshots in a guest OS on Windows Server 2016. A “153 disk error” appears because the I/O takes longer than expected.

  • Addresses an issue that stops Active Directory replication for six hours. The Microsoft-Windows-ActiveDirectory_DomainService displays events 1481 and 1084 with the error code 8409. This issue occurs when you have recently authoritatively restored an object, the Recycle bin is not enabled, and you restart the domain controller. Event 1084 displays the content of the restored object’s domain name.

  • Addresses an issue in which the Resilient File System (ReFS) might consume physical memory during certain intense and sustained metadata operations that some backup solutions request.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.

Known issues in this update



After installing this update, installation and client activation of Windows Server 2019 and 1809 LTSC Key Management Service (KMS) (CSVLK) host keys do not work as expected.

This issue is resolved in KB4467684.

After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:

4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates

This issue is resolved in KB4480977.


How to get this update

To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Prerequisite: The servicing stack update (SSU) (KB4132216) must be installed before installing the latest cumulative update (LCU) (KB4343884). The LCU will not be reported as applicable until the SSU is installed.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4343884.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!