June 12, 2018—KB4284880 (OS Build 14393.2312)
OS Build 14393.2312
Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.
IMPORTANT: Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the Lifecycle Policy page. Windows 10 Anniversary Update (v. 1607) devices running the Intel “Clovertrail” chipset will continue to receive updates until January 2023 per the Microsoft Community blog.
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
Addresses an issue in which booting with Unified Write Filter and a connected USB hub may lead to stop error E1.
Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
Temporarily suspending BitLocker.
Immediately installing firmware updates before the next OS startup.
Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
Permits a band-capable disk that has only one partition, which is an MSR partition, to convert to a dynamic disk.
Increased the Internet Explorer cookie limit from 50 to better align with industry standards.
Addresses an issue that blocked the creation of shielded VMs and the creation of the required artifacts necessary to deploy shielded VMs. We also address the fact that the Shielding Data file wizard stops working and that the System Center Virtual Machine Manager didn’t work with Shielded VMs.
Addresses a binary serialization compatibility issue for the CultureAwareComparer class.
Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows datacenter networking, Windows wireless networking, Windows Server, Windows virtualization and kernel, and Windows app platform and frameworks.
Note This update is not available with express installation files for Windows Server 2016.
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, see the Security Update Guide.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
How to get this update
This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.
Prerequisite: The servicing stack update (SSU) (KB4132216) must be installed before installing the latest cumulative update (LCU) (KB4284880). The LCU will not be reported as applicable until the SSU is installed.
For a list of the files that are provided in this update, download the file information for cumulative update 4284880.