Release Date:

2/25/2020

Version:

OS Build 17134.1345

Windows 10, version 1803 (the April 2018 Update) Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update (with users having the ability to choose a convenient time). This keeps those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.

Highlights

  • Improves the accuracy of Windows Hello face authentication.

  • Updates an issue that might prevent ActiveX content from loading.

  • Updates an issue that adds an unwanted keyboard layout as the default after an upgrade even if you have already removed it.

  • Updates an issue that prevents some applications from printing to network printers.

Improvements and fixes

This non-security update includes quality improvements. Key changes include:

  • Improves the accuracy of Windows Hello face authentication.

  • Improves Urlmon resiliency when receiving incorrect Content-Length for a PeerDist response.

  • Addresses an issue that might prevent ActiveX content from loading.

  • Addresses an issue that might cause Microsoft browsers to bypass proxy servers.

  • Addresses an issue that adds an unwanted keyboard layout as the default after an upgrade or migration even if you have already removed it.

  • Addresses an issue that causes an error if you open Microsoft OneDrive files on demand when User Experience Virtualization (UE-V) is enabled. To apply this solution, set the following DWORD to 1: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\ApplyExplorerCompatFix.”

  • Addresses an issue that generates an “unknown username or bad password” error when attempting to sign in. This occurs in an environment that has a Windows Server 2003 domain controller (DC) and a Windows Server 2016 or later DC.

  • Addresses an issue with sign in scripts that fail to run when a user signs in or signs out.

  • Addresses an issue that continues to collect IsTouchCapable and GetSystemSku data when they should no longer be collected.

  • Provides live response capability that gives Security Operations (SecOps) immediate access to compromised machines using the Microsoft Defender Advanced Threat Protection (ATP) console (Microsoft Defender Security Center).

  • Improves the accuracy of detection in Microsoft Defender ATP Threat & Vulnerability Management.

  • Addresses an issue that might cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd).

  • Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically.

  • Addresses an issue that prevents some applications from printing to network printers.

  • Addresses an issue that prevents the Background Intelligent Transfer Service (BITS) from downloading files; the error is “0x80190191.”

  • Addresses an issue that causes the Windows firewall to drop network traffic from Modern apps, such as Microsoft Edge, when you connect to a corporate network using a virtual private network (VPN).

  • Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request.

  • Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.” This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests.

  • Addresses an issue that damages a log file when a storage volume is full and data is still being written to the Extensible Storage Engine Technology (ESENT) database.

  • Addresses an issue with certificate validation that causes Internet Explorer mode in Microsoft Edge to fail.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Known issues in this update

Symptom

Workaround

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

After investigation, we have found that this issue does not affect this version of Windows.

Devices using a manual or auto-configured proxy, especially with a virtual private network (VPN), might show limited or no internet connection status in the Network Connectivity Status Indicator (NCSI) in the notification area. This might happen when connected to or disconnected from a VPN or after changing the state between the two. Devices with this issue might also have issues reaching the internet using applications that use WinHTTP or WinInet. Examples of apps that might be affected on devices in this state include, but are not limited to, Microsoft Teams, Microsoft Office, Microsoft Office 365, Microsoft Outlook, Internet Explorer 11, and some versions of Microsoft Edge.

This issue is resolved in KB4554349.

How to get this update

Before installing this update

Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

If you are using Windows Update, the latest SSU (KB4523203) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.  

Install this update

Release Channel

Available

Next Step

Windows Update or Microsoft Update

Yes

Go to Settings > Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

 

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4537795

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.