What’s New?

Improvements and fixes

---

This update includes quality improvements. Key changes include:

• Addresses an issue that occurs on machines that have multiple audio devices. Applications that provide advanced options for internal or external audio output devices may stop working unexpectedly. This issue occurs for users that select an audio output device different from the “Default Audio Device”. Examples of applications that may stop working include Windows Media Player, Realtek HD Audio Manager, and the Sound Blaster Control Panel.
• Includes a fix for Game Mode that ensures the feature will no longer impact your experiences when using the industry’s top streaming and recording software.
• Enables activation of insider builds of Windows 10 Enterprise for Virtual Desktops in Microsoft Azure. Microsoft Azure is the only tested and supported platform to host Windows 10 Enterprise for Virtual Desktops, which is a key part of Windows Virtual Desktop.
• Addresses an issue that may cause the loss of Favorites or the Reading List in Microsoft Edge after updating the operating system.
• Addresses an issue that causes Internet Explorer to randomly stop working while browsing.
• Addresses an issue with scrolling ActiveX content in a window in Internet Explorer 11 during a user-triggered scroll operation.
• Addresses an issue that prevents the operating system from loading new icon files if it encounters a badly formatted icon file.
• Updates time zone information for São Tomé and Príncipe.
• Updates time zone information for Kazakhstan.
• Updates time zone information for Buenos Aires, Argentina.
• Addresses an issue that prevents the “Turn off app notifications on the lock screen” policy from working. The path is “Computer Configuration\Administrative Templates\System\Logo”.
• Addresses an issue in which the graphics device interface (GDI) DeleteObject() may cause the calling process to stop working when both of the following conditions are true:
  • The calling process is a WOW64 process that handles memory addresses larger than 2 GB.
  • The DeleteObject() is called with a device context that is compatible with a printer device context.
• Addresses an issue that prevents applications and callers from connecting to destination endpoints when they use network interfaces that don’t have a default gateway. This issue affects the following:
  • Internet access fails on devices with DSL modems and PPPoE dial-up Internet connections (commonly used with DSL modems).
  • Modern and Microsoft Store apps behave as if there is no Internet access on devices with DSL modems.

Web browsers and Win32 applications that are connected to the Internet are not affected by this issue.

• Addresses an issue that causes Windows to reuse an expired Dynamic Host Configuration Protocol (DHCP) lease if the lease expired while the OS was shutdown.
• Addresses an issue that causes the RemoteApp window to come to the foreground and to always remain active after closing a window.
• Addresses an issue that prevents the authentication credentials dialog from appearing when an enterprise web server attempts to connect to the Internet.
• Addresses an issue that may prevent Modern apps icons from appearing in the Taskbar and the Task Switcher during a RemoteApps connection.
• Addresses an issue that causes certain Microsoft Store applications to fail to launch or stop working, including WeChat on the Universal Windows Platform (UWP).
• Addresses an issue that fails to register USB cameras correctly for Windows Hello after the out of box experience (OOBE) setup.
• Adds a new Group Policy setting called “Enable Windows to soft-disconnect a computer from a network”. This determines how Windows will disconnect a computer from a network when it determines that the computer should no longer be connected to the network.
  • If enabled, Windows will soft-disconnect (disconnection is not immediate or abrupt) a computer from a network.
  • If disabled, Windows disconnects a computer from a network immediately.
  • If not configured, the default behavior is soft-disconnect. For more information about soft-disconnect, see Understanding and configuring Windows Connection Manager.

Path: Computer Configuration\Policies\Administrative Templates\Network\Windows Connection Manager

• Addresses an issue that prevents a virtual smart card from starting when running in conjunction with Citrix 7.15.2000 Workstation VDA software.
• Addresses an issue that prevents users from configuring their screens for high-dynamic-range (HDR) video playback.
• Addresses an issue with the Windows lock screen that prevents users from unlocking a device after multiple smart card users have used the same device. This issue occurs when you attempt to use a workstation that another user has locked.
• Addresses a memory leak that occurs when a system processes logon sessions.
• Addresses an issue that causes Always-On VPN exclusion routes to only work for link-local exclusions.
• Addresses an issue that causes certificate renewal to fail when using CERT_RENEWAL_PROP_ID with the ICertPropertyRenewal interface.
• Addresses an issue that mutes the sound of single-use applications, typically used in kiosk scenarios, after the system resumes from Sleep.
• Addresses an issue to meet GB18030 certificate requirements.
• Addresses an issue that slows server performance or causes the server to stop responding because of numerous Windows firewall rules. To enable this solution, use regedit to modify the following and set it to 1:
  • Type: “DeleteUserAppContainersOnLogoff” (DWORD)
  • Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
• Addresses an issue that prevents the decryption of data using Windows 10, version 1703 or later versions of Windows. This issue occurs if you encrypted that data using DPAPI-NG or a group-protected PFX file on Windows 10, version 1607, Windows Server 2016, or earlier versions of Windows.
• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
• Addresses minor issues with unknown options (unknown OPT) in the Extension Mechanisms for DNS (EDNS) for the Windows DNS Server role.
• Addresses a timing issue that may result in an access violation when configuring Switch Embedded Teaming (SET).
• Addresses an issue with the Remove-StoragePool PowerShell cmdlet that fails to clear pool metadata on NVDIMM physical disks.
• Enables X2APIC support for AMD platforms to support 256 or more logical processors on Windows Server 2019.
• Addresses an issue that prevents date parsers from converting future and past dates (Gregorian and Japanese) in compound documents (formerly OLE) to a relevant Japanese Era date. For more information, see KB4469068.
• Addresses an issue that prevents users from enabling gan-nen support for the Japanese Era. For more information, see KB4469068.
• Addresses an issue that causes slow screen refresh rates when an application creates and destroys many child windows.
• Address an issue that causes the Start menu layout to reset or reset at every logon after an in-place upgrade to Windows 10, version 1809 from previous versions of Windows.
• Addresses an issue that causes Wdiwifi.SYS to stop working with the error “7E (0xc0000005)”. This issue occurs when a client device is roaming between wireless access points (WAP) that have the same BSSIDs on the 2.4 Ghz and 5 Ghz bands.
• Addresses an issue that causes the Windows Server 2019 Storage Migration Service to skip transferring files that have certain security settings.
• Improves results when provisioning printers in educational environments that include multifunction printers.
• Addresses an issue with Windows Errata Manager that may increase the system restart time or cause BIOS updates on certain servers to fail. This issue occurs when detecting systems that have Unified Extensible Firmware Interface (UEFI) firmware, which may have issues supporting Memory Overwrite Request Control (MOR) LOCK Action during a controlled OS restart.
• Addresses an issue that prevents access to Server Message Block (SMB) shares on or from SMB-enabled physical or virtual network interface cards (NIC) that are configured with a virtual private network (VPN) interface.
• Addresses an issue that may cause devices to display a blank screen after installing a Windows update and restarting. This issue may occur on devices that have the System Guard Secure Launch policy setting (“ConfigureSystemGuardLaunch”) and Unified Extensible Firmware Interface (UEFI) Secure Boot enabled. The set and order of signed components in the boot path, which varies across devices, and the timing of updates to the boot components also affect the occurrence of this issue.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Known issues in this update

---

Symptom	Workaround
After installing this update, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: Cache size and location show zero or empty. Keyboard shortcuts may not work properly. Webpages may intermittently fail to load or render correctly. Issues with credential prompts. Issues when downloading files.	This issue is resolved in KB4493509.
After installing this update, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.	This issue is resolved in KB4493509.
After installing this update, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.	Right-click the URL link to open it in a new window or tab. Or Enable Protected Mode in Internet Explorer for local intranet and trusted sites. Go to Tools > Internet options > Security. Within Select a zone to view or change security settings, select Local intranet and then select Enable Protected Mode. Select Trusted sites and then select Enable Protected Mode. Select OK. You must restart the browser after making these changes. Microsoft is working on a resolution and will provide an update in an upcoming release.
After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.	To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options: Option 1: Open an Administrator Command prompt and type the following: Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No Option 2: Use the Windows Deployment Services UI. Open Windows Deployment Services from Windows Administrative Tools. Expand Servers and right-click a WDS server. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab. Option 3: Set the following registry value to 0: “HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”. Restart the WDSServer service after disabling the Variable Window Extension. Microsoft is working on a resolution and will provide an update in an upcoming release.
If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen will appear at startup. This is not a common setting in non-Asian regions.	This issue is resolved in KB4493509.
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.	This issue is resolved in KB4493509.
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.	Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.

Source: Click Here