Windows 10 updates: KB4489894, KB4489890, KB4489888 and KB4489889

Martin Brinkmann
Mar 20, 2019
Updated • Mar 20, 2019
Windows, Windows 10

Yesterday was the third Tuesday of the month and that means, usually, that Microsoft releases another batch of cumulative updates for various versions of Windows 10.

Microsoft released the updates KB4489894, KB4489890, KB4489888 and KB4489889 yesterday for Windows 10 version 1803, 1709, 1703, and 1607 respectively. The update for the current version of Windows 10, Windows 10 version 1809, is delayed as usually.

The updates share most of the improvements and fixes. The updates can be downloaded manually from the Microsoft Update Catalog website or installed by running a manual check for updates.  It is recommended to sit them out unless you are affected by the issues that they fix.

Windows 10 version 1803 -- KB4489894

  • New version: OS Build 17134.677
  • Support link: KB4489894
  • Windows Update Catalog link: KB4489894

The update includes the following fixes and improvements:

  • Time zone information update for Kazakhstan, Buenos Aires, Argentina,  São Tomé and Príncipe.
  • Fixed an issue that prevented Microsoft Office updates from downloading from the Microsoft Store.
  • Additional Japan New Era fixes.
  • Fixed an Access 97 database issue if tables or columns have custom properties (stops the operation).
  • Addressed an issue that caused devices to stop sporadically if East Asian languages were used.
  • Fixed an issue that caused laptop screens to remain black when resuming from sleep.
  • Fixed the Group Policy "Turn off app notifications on the lock screen".
  • Addresses an issue that may prevent users from signing in and cause account lockouts when using the App-V client to start applications. Fix involves changing a Registry Key:
    • Setting: UseDcForGetUserInfo
    • Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Shared\
    • Type: REG_DWORD
    • Value: Setting the following DWORD to nonzero will enable the solution.
  • Fixed an unlocking issue using smart cards that prevented users from unlocking the device under certain circumstances.
  • Fixed an issue that caused the authentication credentials dialog from appearing in Enterprise environments.
  • Fixed a server or client restart issue when attempting to log in using a smart card.
  • Addressed an issue that listed multiple device entries for a single hybrid domain joined device.
  • Addresses an issue that removes the ALLOWCLSIDS policy from the policy XML file when you run the Add-SignerRule for Windows Defender Application Control.
  • Fixed an issue that prevented smart cards from working properly in conjunction with Citrix 7.15.2000 Workstation VDA software.
  • Fixed an authentication issue  that caused Windows Account Manager to fail.
  • Fixed an issue that caused certification renewals to fail.
  • Added new Group Policy "Enable Windows to soft-disconnect a computer from a network" which determines how Windows should disconnect from a network when it determines that the computer should not be connected to the network anymore.
    • Path: Computer Configuration\Policies\Administrative Templates\Network\Windows Connection Manager
    • Enabled: Windows will soft-disconnect.
    • Disabled: Windows disconnects immediately.
    • Not configured: Same as Enabled.
  • Fixed issue for "Stop 0x133" in NTFS.sys.
  • Fixed an issue that made Windows reuse an expired Dynamic Host Configuration Protocol (DHCP) lease if the lease expired during shutdown.
  • Fixed an issue with Virtual Machine Management Service to stop working.
  • Fixed an issue in which the graphics device interface (GDI) DeleteObject() caused the calling process to stop working.
  • "Seamless" integration with Microsoft Cloud App Security (MCAS) for Windows Defender Advanced Threat Protection customers.
  • Enhances automated investigation and remediation, including memory forensics, for Windows Defender ATP customers.
  • Addresses minor issues with unknown options (unknown OPT) in the Extension Mechanisms for DNS (EDNS) for the Windows DNS Server role.

Known issues:

  1. MSXML6 may cause applications to stop responding if "an exception was thrown during node operations".
    1. Microsoft is working on a solution.
  2. Custom URI Schemes for Application Protocol handlers may not start the corresponding application.
    1. Enable Protected Mode in Internet Explorer for local Intranet and trusted sites.
    2. Go to Tools > Internet Options > Security.
    3. Select "Local Intranet" and "Trusted Sites"
    4. Enable Protected Mode.
  3. Stop error may be thrown when using Secure Shell from Windows Subsystem for Linux with agent forwarding using -A or configuration settings.
    1. Disable forwarding of the authentication agent connection.
  4. After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.
    1. Run from an elevated command prompt: Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
    2. Open Windows Deployment Services, expand servers, right-click WDS server and open properties, clear Enable Variable Windows Extension on TFTP tab.
    3. Set the Registry key HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension to 0.
    4. Restart.
  5. If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen will appear at startup

Windows 10 version 1709 -- KB4489890

The improvements, fixes and known issues match those of  KB4489894 for the most part.

The following improvements are unique to this update:

  • Addressed an issue that causes the “Windows created a temporary warning.” message to appear if you create a page file on a drive with FILE_PORTABLE_DEVICE characteristics.
  • Addressed an issue that causes the user interface (UI) to stop responding for several seconds when you scroll a window while many child windows are open.
  • Addressed an issue with Microsoft Outlook profiles on devices that are domain joined and workplace joined. Creation of new Microsoft Outlook profile may fail, or created Microsoft Outlook profiles may fail to work later.

The update shares known issues with KB4489894. Issue 3 is not listed, the rest are.

Windows 10 version 1703 -- KB4489888

  • New version: OS Build 15063.1716
  • Support link: KB4489888
  • Windows Update Catalog link: KB4489888

Improvements are shared for the most part (but fewer). Microsoft lists three known issues for this update (MSXML6, Custom URI Schemes, and EUDC).

Windows 10 version 1607 -- KB4489889

The update shares fixes with the other updates. There are some unique ones, however:

  • Addressed a reliability issue in dxgkrnl.sys.
  • Addressed an issue that caused a yellow exclamation mark to appear in Windows Device Manager on human interface devices (HID).
  • Addressed an issue that caused the touch screen to stop working after a restart.
  • Addressed an issue that prevented App-V applications from starting and generated the error "0xc0000225".
    • Setting the value of HKLM\Software\Microsoft\AppV\\MAV\Configuration\MaxAttachWaitTimeInMilliseconds to a non-zero value resolves the issue. The max is 10,000.
  • Addressed an issue that caused certificate renewal to fail when using CERT_RENEWAL_PROP_ID with the ICertPropertyRenewal interface.
  • Addressed an issue that prevented users from receiving all the available Windows updates using the Unified Write Filter (UWF) servicing mode while UWF is enabled.
  • Addressed an issue in the Microsoft Service Control Manager (SCM) component that caused a system to stop responding at startup.
  • Addressed an issue in Active Directory Federation Services (AD FS) that caused a duplicate relying party trust to appear in the AD FS management console.
  • Fixed an issue with previous versions of files becoming unavailable.
  • Fixed an issue that caused a long delay when resuming from hybrid sleep.
  • Addressed an issue in a Storage Spaces Direct environment that led to an error at shutdown during a "restart in a loop" scenario.
  • Addressed an issue that caused a cluster to stop working when a file share witness became read-only.
  • Addressed an issue that occured when updating cluster nodes one by one. If you restarted a node at a lower patched level, the node at a higher patched level became unexpectedly quarantined.
  • Addressed a high Active Directory Federation Services (ADFS) Web Application Proxy (WAP) latency issue (over 10,000ms) that occured while Extranet Smart Lockout (ESL) was enabled on ADFS.
  • Enables activation of insider builds of Windows 10 Enterprise for Virtual Desktops in Microsoft Azure.
  • Addressed an issue in which the Policy Replication Status report in the Group Policy Management Console (GPMC) consistently displayed one less domain controller than was present in the entire domain or a specific Group Policy.
  • Addressed a character limit issue in the “Settings Page Visibility” Group Policy in the following policy path: "User Configuration\Administrative Templates\Control Panel".

The update shares the known issues MSXML6, CustomURI Schemes, Preboot Execution Environment (PXE), and EUDC. Microsoft lists the following unique issues:

  • For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update.
    • Run mofcomp on Scvmmswitchportsettings.mof and VMMDHCPSvr.mof.Follow the best practices while patching to avoid a stop error in vfpext.sys in an SDN v2 environment (NC managed hosts).
  • Cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.
  • Internet Explorer 11 may have authentication issues.

Now You: Did you install any of these updates?

Windows 10 updates: KB4489894, KB4489890, KB4489888 and KB4489889
Article Name
Windows 10 updates: KB4489894, KB4489890, KB4489888 and KB4489889
Microsoft released the updates KB4489894, KB4489890, KB4489888 and KB4489889 yesterday for Windows 10 version 1803, 1709, 1703, and 1607 respectively.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Ashley B said on April 30, 2019 at 10:13 pm

    We are definitely having URI/Application Protocol handler issues since this update; specifically with InfoPath form publishing (we use it to customize list forms in SharePoint). On first click, IE launches the protocol handler with parameters to InfoPath but then fails. On second click it bypasses the protocol handler and changes the listid to no longer be url encoded (throws a SOAP error).

    The problem is more apparent for our users when they actually publish back to the list – their forms get messed up.

    I updated my site zones and verified that the site came up protected but it still throws the error when I launch InfoPath designer from the browser.

    A work-around was to updated the HKEY_CLASSES_ROOT\ms-infopath UseOriginalUrlEncoding to enabled for the users that do the most InfoPath form publishing to SharePoint, but I am betting there are going to be other issues associated with this.

  2. Investoram.Org said on April 6, 2019 at 12:48 pm

    News, tips, advice, support for Windows, Office, PCs more. Tech help. No bull. We re community supported by donations from our Plus Members, and proud of it

  3. Dave said on March 20, 2019 at 5:42 pm

    “Enable Windows to soft-disconnect a computer from a network”

    How does this one work? M$ already decided to disconnect me from my network when I installed 1803, it took a lot of time to figure out how to repair that.

  4. Thorky said on March 20, 2019 at 2:11 pm

    I will wait till April-Patchday. 👴

  5. oki said on March 20, 2019 at 2:03 pm

    My WSUS (windows update server) does not download the KB4489889 update. I would have to click on Check Online for updates. Any ideas?

  6. ilev said on March 20, 2019 at 11:43 am

    KB4489889 is Windows 10 1607.

  7. Johnny said on March 20, 2019 at 9:02 am

    So, are these the test updates microsoft releases every month?

    1. ilev said on March 20, 2019 at 11:27 am

      BTW, Microsoft issued KB4493132 the nagging Windows 7 reminder to upgrade to Windows 10.

      “After 10 years of servicing, January 14, 2020, is the last day Microsoft will offer security updates for computers running Windows 7 SP1. This update enables reminders about Windows 7 end of support. ”

    2. Martin Brinkmann said on March 20, 2019 at 9:09 am

      Yes they are.

  8. ilev said on March 20, 2019 at 8:29 am

    This is interesting reading:

    “Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1803. Security and quality updates will continue to be available via the express and full cumulative update packages.”

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.