KB4093120 and KB4093117 cumulative Windows 10 updates released
Microsoft released the cumulative updates KB4093120 for Windows 10 version 1703 and KB4093117 for Windows 10 version 1607 yesterday.
The two non-security updates fix various issues in Windows 10. Windows users and administrators can install them using Windows Update, by downloading the updates from Microsoft's Update Catalog website, and through other updating mechanisms that Microsoft operates.
KB4093120 for Windows 10 version 1607
KB4093120 increases the build number of Windows 10 version 1607 and Windows Server 2016 to 14393.2214.
Microsoft lists key changes on the official support page only which suggests that the update may include other changes as well.
You can download the cumulative update for Windows 10 version 1607 and Windows Server 2016 from the Microsoft Update Catalog website.
- Increased the minimum Group Policy password length to 20.
- Fixed an AppLocker publisher rules issue with MSI files.
- Fixed an issue with apps when using Japanese IME.
- Fixed password prompts being shown repeatedly when using Microsoft accounts or Azure Active Directory accounts.
- Fixed a key generation issue in Windows Hello caused by TPM firmware issues.
- Addressed name-constraint information displayed in hexadecimal format in certificate properties.
- Fixed a blocking instead of logging issue for failed NTLM authentications if audit mode is turned on.
- Fixed certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
- Fixed ReFS partition expanding issue if the volume was formatted using ReFS v1.
- Fixed a "stop working" issue when starting hosted VM.
- Addressed a kernel deadlock issue.
- Fixed a Windows Update issue that prevented VMs from being saved correctly.
- Fixed a "stop responding" issue in DTC during an XA recovery.
- Fixed the error "Error 0x207D An attempt was made to modify an object to include an attribute that is not legal for its class".
- Fixed the error "Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidRefreshTokenException: MSIS9312: Received invalid OAuth refresh token. The refresh token was received earlier than the permitted time in the token"
- Addressed the cause of the error "Cannot connect to any domain. Refresh or try again when connection is available"
- Fixed an issue that caused the failover of an NFS server cluster resource to take a long time.
- Fixed cause for the warning "The storage pool does not have the minimum recommended reserve capacity. This may limit your ability to restore data resiliency in the event of drive failure(s)."
- Addressed an issue that caused files to be skipped or the creation of duplicate files during full enumeration sync sessions.
- Fixed the Windows Multipoint Server 2016 error "The MultiPoint service is not responding on this machine. To fix the issue try restarting the machine."
- Fixed an issue that caused user profile disks from loading.
- Fixed high contrast themes being applied incorrectly during RDP sessions.
- Fixed a pairing issue for low-energy Bluetooth devices.
- Addressed a reliability issue in Microsoft Outlook.
- Fixed a reliability issue when using Microsoft Office applications hosted in ActiveX containers and pressing the Alt-key.
Known issues:
After installing the March 13, 2018 or later Cumulative Update for Windows 10 version 1607, only the latest Windows 10 feature update is returned as applicable. This prevents the deployment of previously released feature updates using ConfigMgr (current branch) and Windows 10 servicing plans.
Microsoft's workaround:
Decline all feature updates on the WSUS Server(s) except for the one that you want to deploy using ConfigMgr. Run another software update scan cycle from the ConfigMgr control panel (or wait until the client devices perform their next scan).
KB4093117 for Windows 10 version 1703
KB4093117 increases the build number of Windows 10 version 1703 to 15063.1058. The update shares some fixes with KB4093120.
The update is available via Windows Update but can also be downloaded from Microsoft's Update Catalog website.
- Microsoft Edge stopped working on systems with software restriction policy enabled.
- Fixed an AppLocker publisher rules issue with MSI files.
- Fixed password prompts being shown repeatedly when using Microsoft accounts or Azure Active Directory accounts.
- Fixed a key generation issue in Windows Hello caused by TPM firmware issues.
- Fixed an issue that prevented users from unlocking their sessions which happened when multiple users logged in to a system from different domains, used the UPN format for domain credentials, and used Fast User switching.
- Fixed a smart card related issue that caused a 30-second wait time if the user entered the PIN incorrectly or if biometric authentication failed.
- Fixed an issue in the Chrome Office extension that prompted for authentication multiple times.
- Increased the minimum Group Policy password length to 20.
- Addressed name-constraint information displayed in hexadecimal format in certificate properties.
- Fixed a blocking instead of logging issue for failed NTLM authentications if audit mode is turned on.
- Fixed certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
- The option to encrypt or decrypt files in Windows Explorer was missing.
- Addresses a Bitlocker and Device Encryption suspending issue during device unenrollment.
- Fixed an issue in Centennial apps that blocked the ability to set user-level quotas for NTFS.
- Fixed connection bar missing in VMConnect in full-screen mode on multiple monitors.
- Fixed GPO login script to map a network drive failed if the user disconnects from the network and restarts.
- Addressed an issue that caused files to be skipped or the creation of duplicate files during full enumeration sync sessions.
- Addressed Data Modified field is empty in the properties when Volume Shadow Copy is used on a volume that hosts a file share.
- Fixed Microsoft Edge stopped working issue for roaming profile users who access Windows 10 version 1607 and version 1703 machines.
- Fixed reliability issue in Internet Explorer when entering text in RichEditText controls.
- Addressed a "potential" leak when opening and closing web browser controls.
- Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.
Why are these updates so bloated? Aren’t they able to make a lean and efficient OS instead of this patchy bloated mess named Windows?
Wow, only 20 fixes in these updates, how many of them are really fixes for glitched spyware? “Reliability issues,” “potential leaks,” give me a break!
4074592 from 1 Apr took forever to install and really hosed my laptop, worse than any update ever has. It reset my GP preferences using that evil rempl shell task which I took write permissions away from, gave ownership to me, allowed it to run only once a week, deleted inheritances and blocked from going online.
Couldn’t connect to wifi unless ethernet was first connected for a short time wouldn’t reconnect when airplane mode was deactivated. Turned on all the telemetry settings I turned off but they indicated off in the settings panels. Restored Windows Update to automatic check and install every freaking 6 hours! The laptop became really slow with all the huge spy processes running constantly.
This is Win10 Pro; it shouldn’t be possible for updates to mod GP’s, how many businesses got shut down because of microsoft’s disregard for their customers’ privacy and security? Using System’s and Trusted Installer’s God privileges to change every setting they want is hacking. Leaving firewall settings in place to hide MS’s hacking is a huge security issue. I haven’t seen such malicious modifications in any other update.
Windows itself, the small part of it that is the OS works fine but all the useless and unwanted kiddie garbage that comes with Windows is only for grabbing data, the apps are awful, including edge.
MS sees user devices as something to hijack, they don’t even make up BS anymore about how telemetry info is general, they blatantly say all you do is theirs and they’ll take it without you knowing what was taken. How is this right? “Windows as a service” is nonsense, a paid service should be required by law to tell you all the data they take; their current legal position is moot, no guilt here fighting them like they fight me.
Software has turned into racketeering.
1703 took about an hour on my tablet. See no problems as of yet. See no improvements as of yet. Ill still thank the powers that be for no problems.
Thanks for the heads up Martin.
I wonder if Microsoft will release KB4093117 but for 1709 also. We are having the issue below, but only have the fix for 1703 right now.
â—¾Fixed an issue that prevented users from unlocking their sessions which happened when multiple users logged in to a system from different domains, used the UPN format for domain credentials, and used Fast User switching.
after that update (KB4093120) I cannot connect to the internet.
Given that I followed the instructions here, I wonder whether Microsoft will release a cumulative update which moves me to RTM.