New cumulative update for all Windows 10 versions released

After releasing Patch Tuesday updates in the month earlier, Microsoft is now shipping a new cumulative update to all Supported versions of Windows 10 which as usual contain bug fixes. As you already know, this is in accordance with the 2 updates per month model. Let us discuss them in detail.

Windows 10 version 1709

The current stable build of Windows has got KB4093105 cumulative update which jumps the Build number to 16299.402. It has a long list of changes as mentioned here:

• Addresses an issue that causes modern applications to reappear after upgrading the OS version even though those applications have beendeprovisioned using remove-AppXProvisionedPackages-Online.
• Addresses an issue in which running an application as an administrator causes the application to stop working when pasting the user name or password into the user elevation prompt (LUA).
• Addresses an issue that causes Skype and Xbox to stop working.
• Addresses an issue that prevents Autodiscover in Microsoft Outlook 2013 from being used to set up email accounts when UE-V is enabled.
• Addresses an issue where AppLocker publisher rules applied to MSI files don’t match the files correctly.
• Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.
• Addresses an issue that prevents users from unlocking their session and sometimes displays incorrect user-name@domain-name information on the logon screen when multiple users log on to a machine using fast user switching. This specifically happens when users are logging on from several different domains, are using the UPN format for their domain credentials (user-name@domain-name), and are switching between users using fast user switching.
• Addresses an issue that causes the browser to prompt for credentials often instead of only once when using the Office Chrome extension.
• Addresses an issue related to smart cards that allow PINs or biometric entry. If the user enters an incorrect PIN or biometric input (e.g., a fingerprint), an error appears, and the user must wait up to 30 seconds. With this change, the 30-second delay is no longer required.
• Increases the minimum password length in Group Policy to 20 characters.
• Addresses an issue that displays name-constraint information incorrectly when displaying certificate properties.
• Instead of presenting properly formatted data, the information is presented in hexadecimal format.
• Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:
  • SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered
    NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
  • SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413
• Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
• Addresses an issue in which resetting the Windows Hello PIN at the logon prompt puts the system in a state that makes resetting the PIN again impossible.
• Addresses an issue where the right-click context menu for encrypting and decrypting files using Windows Explorer is missing.
• Addresses an issue that suspends BitLocker or Device Encryption during deviceunenrollment instead of keeping the drive protected.
• Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy.
• Addresses an issue that may cause a file system mini-filter to fail to unload because of a leak in Filter Manager, which requires a restart.
• Addresses an issue that causes the connection bar to be missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.
• Addresses an issue that prevents certain devices from working on Windows 10, version 1709, machines when the “Disable new DMA devices when this computer is locked” Group Policy is active. The non-working devices are internal, PCI-based peripherals (wireless network drivers and input and audio peripherals). These peripherals can fail on systems whose firmware blocks the peripherals from performing Direct Memory Access (DMA) at boot.
• Addresses an issue that might cause Windows Server 2016 Domain Controllers to log Microsoft Windows Security audit events ID 4625 and ID 4776. The username and domain name in the events may appear truncated, only showing the first character for logons coming from client applications using wldap32.dll.
• Addresses an issue in which users may exist in a domain that is trusted using transitive trust, but are unable to locate a PDC or DC for the Extranet Lockout feature. The following exception occurs: “Microsoft.IdentityServer.Service.AccountPolicy.ADAccountLookupException: MSIS6080: A bind attempt to domain ‘globalivewireless.local’ failed with error code ‘1722’”.
  Also, the following message appears on the IDP page: “Incorrect user ID or password. Type the correct user ID and password, and try again.”
• Addresses an issue that prevents you from modifying or restoring Active Directory objects that have invalid backlink attributes populated in their class. The error you receive is “Error 0x207D An attempt was made to modify an object to include an attribute that is not legal for its class.”
• Addresses an issue that prevents the AdminSDHolder task from running when a protected group contains a member attribute that points to a deleted object. Additionally, Event 1126 is logged as “Active Directory Domain Services was unable to establish a connection with the global catalog. Error value: 8430. The directory service encountered an internal failure. Internal ID: 320130e.”
• Addresses an issue that occurs when Volume Shadow Copy is enabled on a volume that hosts a file share. If the client accesses the UNC path to view the properties in the Previous Version tab, the Date Modified field is empty.
• Addresses an issue that occurs when a user with a roaming user profile first logs on to a machine running Windows 10, version 1607, and then logs off. Later, if the user tries to log on to a machine running Windows 10, version 1703, and opens Microsoft Edge, Microsoft Edge will stop working.
• Addresses an issue that makes a Japanese keyboard unusable in remote assistance sessions.
• Addresses an issue that causes the cursor to unexpectedly move to center of the screen when changing the display mode.
• Addresses a potential leak caused by opening and closing a new web browser control.
• Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.Addresses an issue with the first launch performance of UWP Desktop Bride apps
• Addresses an issue with the Search tab of Microsoft Outlook 2016 during the upgrade from Windows 10, version 1703, to Windows 10, version 1709.Addresses an issue that causes updates for large game apps to fail.
• Addresses an issue that removes user-pinned folders or tiles from the Start menu in some casesAddresses an issue that causes invisible apps to appear in the Start menu.
• Addresses an issue that might cause some users to experience unexpected panning or scrolling in certain apps while using the pen.

Support Page:

https://support.microsoft.com/en-us/help/4093105

Download:

The cumulative update can be downloaded from here:

Click this link for 32 Bit MSU

Click this link for 64 Bit MSU

Windows 10 version 1703

Although it is a bit late, but it is better to be late than ever. The Creators update to Windows 10 has got KB4093117 cumulative update  that jumps build number to 15063.1058. Here are the changes with the update:

• Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy.
• Addresses an issue where AppLocker publisher rules applied to MSI files don’t match the files correctly.
• Addresses an issue that causes Microsoft and Azure Active Directory accounts to receive the password prompt repeatedly instead of only once.
• Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.
• Addresses an issue that prevents users from unlocking their session and that sometimes displays incorrect user-name@domain-name information on the logon screen when multiple users log on to a machine using fast user switching. Specifically, this happens when users are logging on from several different domains, are using the UPN format for their domain credentials (user-name@domain-name), and are switching between users with fast user switching.
• Addresses an issue related to smart cards that allow PINs or biometric entry. If the user enters an incorrect PIN or biometric input (e.g., a fingerprint), an error appears, and the user must wait up to 30 seconds. With this change, the 30-second delay is no longer required.
• Addresses an issue that causes the browser to prompt for credentials often instead of only once when using the Office Chrome extension.
• Increases the minimum password length in Group Policy to 20 characters.
• Addresses an issue that incorrectly displays name-constraint information when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.
• Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:
• SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered
• NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
• SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413
• Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
• Addresses an issue where the right-click context menu for encrypting and decrypting files using Windows Explorer is missing.
• Addresses an issue that suspends BitLocker or Device Encryption during device unenrollment instead of keeping the drive protected.
• Addresses an issue that might cause Centennial apps to block the ability to set user-level quotas for NTFS.
• Addresses an issue that causes the connection bar to be missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.
• Addresses an issue where using a GPO logon script to map a network drive fails if the user disconnects from the network and restarts. When the user logs in again, the mapped drive isn’t available. This issue occurs even though the logon script has the persistence flag set to TRUE.
• Addresses an issue that may cause some files to be skipped and may create duplicate files in the Work Folder locations during full enumeration sync sessions.
• Addresses an issue that occurs when Volume Shadow Copy is enabled on a volume that hosts a file share. If the client accesses the UNC path to view the properties in the Previous Version tab, the Date Modified field is empty.
• Addresses an issue that occurs when a user with a roaming user profile first logs on to a machine running Windows 10, version 1607, and then logs off. Later, if the user tries to log on to a machine running Windows 10, version 1703, and opens Microsoft Edge, Microsoft Edge will stop working.
• Addresses a reliability issue with Internet Explorer when entering text in a RichEditText control.
• Addresses a potential leak caused by opening and closing a new web browser control.
• Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.

Support Page:

https://support.microsoft.com/en-us/help/4093117

Download:

Click this link for 32 Bit MSU

Click this link for 64 Bit MSU

That is all for now. Please have a look at the following articles if you are having troubles with the updates:

[FIX] Windows update undoing changes after/before restart

Reset Windows update in Windows 10 and earlier versions of Windows