Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.
IMPORTANT: Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the Lifecycle Policy page. Windows 10 Anniversary Update (v. 1607) devices running the Intel “Clovertrail” chipset will continue to receive updates until January 2023 per the Microsoft Community blog.
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
- Addresses additional issues with updated time zone information.
- Addresses an issue in which some characters were not rendered correctly using the Meiryo font in vertical writing mode.
- Addresses an issue that makes Microsoft Outlook unresponsive during remote sessions if the system stays locked after the removal of a smart card.
- Addresses a reliability issue when restarting some devices with USB Type-C support.
- Addresses an issue in which the memory usage of LSASS continues to grow until it is necessary to restart the system.
- Addresses an issue that may cause dual-signed files to report a failure when they should report success. This occurs when running Windows Defender Application Control in audit mode.
- Addresses an issue that prevents printing on a 64-bit OS when 32-bit applications impersonate other users (typically by calling LogonUser). This issue occurs after installing monthly updates starting with KB4034681, released in August 2017. To resolve the issue for the affected applications, install this update, and then do one of the following:
- Use Microsoft Application Compatibility Toolkit to globally enable the Splwow64Compat App Compat Shim.
- Use the following registry setting, and then restart the 32-bit application: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print Setting: Splwow64Compat
- Addresses an issue that causes massive pool commit failures (Event ID 2019 and Event ID 2020 in the System Event log from Event Source Srv). This issue occurs when using dedupe and backup on large scale file servers (40 TB+).
- Addresses an issue with DNS Response Rate Limiting that causes a memory leak when enabled with LogOnly mode. 15874519
- Addresses an issue that may cause the expansion process of VM disks that are running with RCT enabled to stop responding and never complete. VMs disks that are not expanded still migrate. However, cancelling the expansion would cause the host to become unmanageable as follows:
- Can’t migrate VMs.
- Can’t expand other disks.
- VMs will be trapped in a stopping or starting state if you try to shut down or start them after the disk expansion has become unresponsive.
- Addresses an issue in which the user may not be able to expand the VHD beyond its original size after shrinking it. You may receive the error, “STATUS_INTERNAL_ERROR.” You would then have to stop the VM to be able to expand the disk beyond its original size.
- Addresses an issue that causes the VM to turn off instead of restarting with or without SLP enabled. This occurs when changing the Smart paging file location for a VM to another drive and then pointing it to an empty folder.
- Addresses an issue in which starting VMs on a host in a Windows Server 2016 Hyper-V cluster may cause another host to receive a Hyper-V host error (0x7E) in vhdmp.sys.
- Addresses a WAP issue related to inactive connections that never end. This leads to system resource leaks (e.g., a memory leak) and to a WAP service that is no longer responsive.
- Addresses an AD FS issue that prevents users from selecting a different login option. This occurs when users choose to log in using Certificate Based Authentication, but it has not been configured. This also occurs if users select Certificate Based Authentication and then try to select another login option. If this happens, users will be redirected to the Certificate Based Authentication page until they close the browser.
- Addresses an issue in which LDAP Modify requests for group membership change. The LDAP_SERVER_PERMISSIVE_MODIFY_OID operator is used, and the membership modification operation is already true (member is already removed or already present). As a result, the SUCCESS status is returned and audit events 4728 and 4729 appear, which indicates that the operation was completed.
- Addresses an issue in AD FS that shows a duplicate Relying Party trust in the AD FS management console when creating or viewing Relying Party Trusts from the console.
- Addresses an issue in ADFS that causes Windows Hello for Business to fail. The issue occurs when there are two claim providers. PIN registration will fail with, "400 Internal Server Error: Unable to obtain device identifier."
- Addresses an issue that causes the Work Folders (SyncShareSvcs) service to get into a circular deadlock condition. The service stops responding to Work Folders operations and starts leaking memory until the system becomes unresponsive.
Addresses an issue in which not all network printers are connected after a user logs on. The HKEY_USERS\User\Printers\Connections Key shows the correct network printers for the affected user. However, the list of network printers from this registry key is not populated in any app, including Microsoft Notepad or Devices and Printers. Printers may disappear or become non-functional.
Addresses an issue that can cause servers that are configured with Distributed Fair-Shared Scheduling (DFSS) to stop responding or stop working. This occurs because of an issue in the group scheduling logic that may occur when DFSS is used.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.
Known issues in this update
After you install any of the July 2018 .NET Framework Security Updates, a COM component fails to load because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors. The most common failure signature is the following:
Exception type: System.UnauthorizedAccessException
Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
This issue is resolved in KB4346877.
How to get this update
To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Prerequisite: The servicing stack update (SSU) (KB4132216) must be installed before installing the latest cumulative update (LCU) (KB4338822). The LCU will not be reported as applicable until the SSU is installed.
For a list of the files that are provided in this update, download the file information for cumulative update 4338822.