Windows 10: Second batch of September 2019 updates available

Microsoft released the second batch of updates for most supported versions of the company's Windows operating system on September 24, 2019. The company released security updates for all supported versions of Windows earlier this month.

Cumulative updates are available for Windows 10 versions 1607, 1703, 1709, 1803 and 1809; the Windows 10 version 1903 update has not been released yet and it usually takes a week or more before that happens as it undergoes an extra round of testing before release.

The updates are available via Windows Update, as direct downloads on the Microsoft Update Catalog website, but not via WSUS (Windows Server Update Services) directly.

All updates include the recently released Internet Explorer security patch that fixes an actively exploited security issue of the web browser.

Some defaults change:

Windows 10 version 1607 to 1803:

• Changed the default encryption setting from hardware encryption to software encryption for new encryption tasks.

Windows 10 version 1809:

• Configures Windows 10 Enterprise for Virtual Desktops (EVD) editions in Azure Active Directory (Azure AD) licensing mode by default.

Windows 10 version 1607 and Windows Server 2016

• KB4516061
• Update Catalog

The changes:

• Fixed an issue that caused a black screen to be displayed on Remote Desktop Protocol sessions.
• Fixed a File Explorer stop working issue on devices with personalizations.
• Fixed an issue that delayed logons if at least one service is operated by an account that is not built-in.
• Fixed an issue that prevented web browsers from connecting to Windows Server securely.
• Fixed an authentication issue that caused certificate-based authentications to fail if a cname was part of the pre-authentication request.
• Fixed an issue that selected SHA-1 for secure connections to Windows Servers.
• Fixed an LSASS (Local Security Authority Subsystem Service) issue that threw the error 0xc0000005.
• Fixed an issue that caused lsass.exe to stop working and the system to shut down.
• Fixed an issue with LdapPermissiveModify requests that failed to make Active Directory group membership changes even though Success was returned.
• Fixed an issue that prevented changes in the %HOMESHARE% path to the folder redirection configuration to apply correctly.
• Fixed a file server issue that could cause it to stop working and that might lead to data loss.
• Fixed an Internet Explorer Origin request header issue.
• Fixed a netcfg issue that led to Azure Virtual Filtering Platform (VFP) driver installation failures.
• Fixed a Hyper-V and Hyper-V host connectivity issue.

Known issues:

• Cluster service may fail to start with the error "2245 (NERR_PasswordTooShort)".
• Certain operations may fail on a Cluster Shared Volume.

Workarounds are available.

Windows 10 version 1703

• KB4516059
• Update Catalog

The changes:

• Fixed an unnamed issue in Microsoft Edge that "occurs when browsing certain internal websites".
• Fixed an issue that prevented web browsers from connecting to Windows Server securely.
• Fixed an LSASS (Local Security Authority Subsystem Service) issue that threw the error 0xc0000005.
• Fixed an issue that caused lsass.exe to stop working and the system to shut down.
• Fixed an Internet Explorer Origin request header issue.
• Fixed a Windows Update issue that caused the stop error "0xc000021a" when installing updates and initializing a system restoration from a restore point.

Known issues:

• Certain operations may fail on a Cluster Shared Volume.

Workarounds are available.

Windows 10 version 1709

• KB4516071
• Update Catalog

The changes:

• Fixed a high CPU usage issue when users switched applications or hovered over the taskbar.
• Fixed an App-V issue that prevented applications from opening.
• Fixed an issue that prevented web browsers from connecting to Windows Server securely.
• Fixed a Windows Hello for Business issue that gave users two authentication certificates instead of just one.
• Fixed a "possible" Microsoft Defender Advanced Threat Protection compatibility issue.
• Fixed a rare issue that occurred when mssecflt.sys was taking too much space on the kernel stack. It resulted in the error "STOP 0x7F: UNEXPECTED_KERNEL_MODE_TRAP".
• Fixed a memory consumption issue in Microsoft Defender Advanced Threat Protection.
• Fixed an LSASS (Local Security Authority Subsystem Service) issue that threw the error 0xc0000005.
• Fixed an issue that caused lsass.exe to stop working and the system to shut down.
• Improvements to the accuracy of Microsoft Defender ATP Threat & Vulnerability management.
• Fixed a Windows Update issue that caused the stop error "0xc000021a" when installing updates and initializing a system restoration from a restore point.
• Fixed an Internet Explorer Origin request header issue.

Known issues:

• Certain operations may fail on a Cluster Shared Volume.
• Certain IME may have high CPU usage or may become unresponsive.

Workarounds are available.

Windows 10 version 1803

• KB4516045
• Update Catalog

The changes:

• Fixed an unnamed issue that caused "a browser to stop working on certain architectures".
• Fixed an issue that prevented Microsoft Narrator from opening when the UAC setting was disabled for standard user accounts.
• Fixed a cursor not appearing issue when selecting text input elements using touch.
• Fixed a lock screen image customization issue in Group Policy.
• Fixed a high CPU usage issue when users switched applications or hovered over the taskbar.
• Fixed an App-V issue that prevented applications from opening.
• Fixed an issue that could prevent some modifications to the access control policy from preserving after upgrading to newer versions of Windows 10.
• Fixed an authentication issue that caused certificate-based authentications to fail if a cname was part of the pre-authentication request.
• Fixed an issue that prevented web browsers from connecting to Windows Server securely.
• Fixed an LSASS (Local Security Authority Subsystem Service) issue that threw the error 0xc0000005.
• Fixed an issue that prevented the BitLocker recovery key from being backed up to Azure Active Directory.
• Fixed a "possible" Microsoft Defender Advanced Threat Protection compatibility issue.
• Fixed a rare issue that occurred when mssecflt.sys was taking too much space on the kernel stack. It resulted in the error "STOP 0x7F: UNEXPECTED_KERNEL_MODE_TRAP".
• Fixed a memory consumption issue in Microsoft Defender Advanced Threat Protection.
• Improvements to the accuracy of Microsoft Defender ATP Threat & Vulnerability management.
• Fixed a Windows Hello for Business issue that gave users two authentication certificates instead of just one.
• Fixed an issue that caused lsass.exe to stop working and the system to shut down.
• Fixed an issue that might have given write access to removable USB disks when a "user switches from a privileged user to an unprivileged one".
• Fixed an issue that prevented the running of Active Directory Diagnostics Data Collector Set from the Performance Monitor for Domain Controllers.
• Fixed an issue in GetFinalPathNameByHandleW() that prevented Favorites from opening in IE 11.
• Fixed an Internet Explorer Origin request header issue.
• Allows auditing of security events for clients managed by mobile device management (MDM) for security monitoring and incident response activities.

Known issues:

• Certain operations may fail on a Cluster Shared Volume.
• Certain IME may have high CPU usage or may become unresponsive.
• Black screen issue on first startup after update installation.
• Windows Mixed Reality Portal users may receive the error code "15-5".

Workarounds are available.

Windows 10 version 1809

• KB4516077
• Update Catalog

The changes:

• Fixed an issue that prevented the discovery of remote systems associated with a user.
• Fixed an issue that prevented Microsoft Narrator from opening when the UAC setting was disabled for standard user accounts.
• Fixed a PDF printing issue in Microsoft Edge so that documents with landscape and portrait-oriented pages print correctly.
• Fixed an issue that prevented users from changing the display brightness after Sleep or Hibernation.
• Fixed a MSCTF.dll issue that caused applications to stop working.
• Fixed an issue that prevented interactions with certain minimized windows on systems with custom shells.
• Fixed a cursor not appearing issue when selecting text input elements using touch.
• Fixed an issue that caused icons in message boxes to appear too large.
• Fixed a Save and Save As not working issue in Microsoft Office on devices with high contrast mode set to on.
• Fixed a File Explorer reporting files and folder sizes incorrectly if they used long paths.
• Fixed an issue that caused unnecessary restart requests on servers.
• Fixed a diagnostic data processing issue during Windows Out of Box Experience.
• Fixed an App-V issue that prevented applications from opening.
• Fixed an issue that prevented web browsers from connecting to Windows Server securely.
• Fixed an LSASS (Local Security Authority Subsystem Service) issue that threw the error 0xc0000005.
• Fixed an issue that prevented the BitLocker recovery key from being backed up to Azure Active Directory.
• Fixed a memory consumption issue in Microsoft Defender Advanced Threat Protection.
• Fixed a "possible" Microsoft Defender Advanced Threat Protection compatibility issue.
• Fixed a rare issue that occurred when mssecflt.sys was taking too much space on the kernel stack. It resulted in the error "STOP 0x7F: UNEXPECTED_KERNEL_MODE_TRAP".
• Improvements to the accuracy of Microsoft Defender ATP Threat & Vulnerability management.
• Fixed a Windows Hello for Business issue that gave users two authentication certificates instead of just one.
• Fixed an issue that caused lsass.exe to stop working and the system to shut down.
• Fixed an issue that caused Direct Access servers to use a large amount of non-paged pool memory.
• Fixed a PostScript printer issue that caused vertical fonts to be larger when printing.
• Addressed an issue that prevented Windows from sending a shutdown notification to a Non-Volatile Memory Express (NVMe) drive when the driver unloads using Disable Device in Device Manager.
• Fixed an issue that prevented the running of Active Directory Diagnostics Data Collector Set from the Performance Monitor for Domain Controllers.
• Fixed an issue in GetFinalPathNameByHandleW() that prevented Favorites from opening in IE 11.
• Fixed an issue that returned an incorrect product description for Windows Server 2019 when using slmgr /dlv.
•  Fixed an authentication issue that caused certificate-based authentications to fail if a cname was part of the pre-authentication request.
• Addressed a Lightweight Directory Access Protocol (LDAP) runtime issue for Domain Controller Locator-style LDAP requests
• Addressed an issue that causes LDAP queries that contain LDAP_MATCHING_RULE_IN_CHAIN (memberof:1.2.840.113556.1.4.1941) to intermittently fail on Windows Server 2019 domain controllers.
• Fixed an issue that caused group membership changes in Active Directory groups to fail.
• Fixed an issue with the Set-AdfsSslCertificate script being successful but throwing an exception.
• Fixed a File Explorer display issue for files marked as offline.
• Fixed an error that caused the Calculator app to close when selecting the Converter.
• Fixed a high CPU usage issue when users switched applications or hovered over the taskbar.
• Addressed an issue with applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent.
• Fixed an Internet Explorer Origin request header issue.
• Fixed an issue that caused the brightness of the display to appear as 50% or less after completing the out of box experience or waking from Sleep.
• Allows auditing of security events for clients managed by mobile device management (MDM) for security monitoring and incident response activities.
• Fixed a Microsoft App-V issue that caused it to handle a "parameter of the CreateProcess API" improperly.
• Addressed an issue that causes a device to stop working when opening files from a network drive that has client-side caching enabled

Known issues:

• Same as Windows 10 version 1803
• Devices with "some Asian language packs installed" may throw the error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND".

Workarounds are available.

Summary

Article Name

Windows 10: Second batch of September 2019 updates available

Description

Microsoft released the second batch of updates for most supported versions of the company's Windows operating system on September 24, 2019.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo