Applies ToWindows 10, version 1607, all editions Windows Server 2016, all editions

Release Date:

17/10/2017

Version:

OS Build 14393.1794

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addressed rare issue where fonts may be corrupted after the Out of Box Experience is completed. This issue occurs on images that have multiple language packs installed.

  • Addressed issue where downloading updates using express installation files may fail after installing OS Updates 14393.1670 through 14393.1770.

  • Addressed issue that causes an error when trying to access shares on a file server.

  • Addressed issue that prevents Windows Error Reporting from saving error reports in a temporary folder that is recreated with incorrect permissions. Instead, the temporary folder is inadvertently deleted.

  • Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role. 

  • Addressed issue where restricting the RPC port of the Next Generation Credentials (Windows Hello) service causes the system to stop responding when logging on. 

  • Addressed issue where Personal Identity Verification (PIV) smart card PINs are not cached on a per-application basis. This causes users to see the PIN prompt multiple times in a short time period. Normally, the PIN prompt only displays once. 

  • Improved M.2 NVMe SSD throughput when the queue size increases.

  • Addressed issue where running Event Tracing for Windows with Volsnap may result in error 0x50.

  • Addressed issue where using the Robocopy utility to copy a SharePoint document library, which is mounted as a drive letter, fails to copy files. However, in this scenario, Robocopy copies folders successfully. 

  • Addressed issue where Miniports that make 64-bit DMA requests from a single 4 GB region may fail, preventing the system from booting.

  • Addressed issue where a disk losing communication with its S2D cluster may lead to a stale fault domain descriptor for the enclosure.

  • Addressed issue where, if an update to a pool config header occurs when it’s performing a read function, a stop error may occur in a Windows Server 2016 Storage Spaces Directory (S2D) deployment.

  • Addressed issue to allow UEFI-based customers to pre-stage UEFI-based Gen 2 VMs to run Windows Setup automatically. 

  • Addressed issue that intermittently misdirects AD Authority requests to the wrong Identity Provider because of incorrect caching behavior. This can affect authentication features like Multi-Factor Authentication.

  • Added the ability for AAD Connect Health to report AD FS server health with correct fidelity (using verbose auditing) on mixed WS2012R2 and WS2016 AD FS farms. 

  • Addressed issue where the PowerShell cmdlet that raises the farm behavior level fails with a timeout during the upgrade from the 2012 R2 AD FS farm to AD FS 2016. The failure occurs because there are many relying party trusts.

  • Addressed issue where adding user rights to an RMS template causes the Active Directory RMS management console (mmc.exe) to stop working with an unexpected exception. 

  • Addressed issue where AD FS causes authentication failures by modifying the WCT parameter value while federating the requests to another Security Token Server (STS). 

  • Updated the SPN and UPN uniqueness feature to work within the forest root tree and across other trees in the forest. The updated NTDSAI.DLL won't allow a subtree to add an SPN or a UPN as a duplicate across the entire forest. 

  • Addressed issue where the language bar stays open after closing a RemoteApp application, which prevents sessions from being disconnected. 

  • Addressed issue where the working directory of RemoteApps on Server 2016 is set to %windir%\System32 regardless of the application's directory.

  • Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.

  • Addressed issue where the ServerSecurityDescriptor registry value doesn't migrate when you upgrade to Windows 10 1607. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.

  • Addressed issue where policies are not pushed for servers that have an updated Instance ID. This occurs when synchronizing the removal of the old server resources with the notifications about NICs (port profile changes) from the host.

  • Addressed issue where SD propagation stops working when you manually trigger Security Descriptor propagation (SDPROP) by setting the RootDse attribute FixupInheritance to 1. After setting this attribute, SD propagation and permissions changes made on Active Directory objects don't propagate to child objects. No errors are logged.

  • Added support for LTO8 tape drives into ltotape.sys for Windows Server 2016.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Windows Update Client Improvement

Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed the most recent updates and are not currently managed (e.g., domain joined).

Known issues in this update

Symptom

Workaround

Installing this update may cause applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) to fail when creating or opening Microsoft Excel .xls files. The error message is, “Unexpected error from external database driver (1). (Microsoft JET Database Engine)".

Download and install the Microsoft Access Database Engine 2010 Redistributable, and then modify the DB connection strings in Microsoft Excel to use ACE as a provider. Example: Change Provider=Microsoft.Jet.OLEDB.4.0 to Provider=Microsoft.ACE.OLEDB.12.0.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Universal Windows Platform (UWP) applications that use JavaScript and asm.js may stop working after installing KB4041688.

Uninstall the application. Once this is complete, reinstall it.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Some users who have the text size for icons set to a larger size (using Display Settings in Control Panel) may have issues launching Internet Explorer.

Reducing the text size for icons to a smaller value or using the Change the size of all items setting should alleviate this issue.

Microsoft is working on a resolution and will provide an update in an upcoming release.

After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services (SSRS) may not be able to scroll through a drop-down menu using the scroll bar.

This issue is resolved in KB4053579.

After installing KB4041688, KB4052231, or KB4048953, the error "CDPUserSvc_XXXX has stopped working" appears. Additionally, Event ID 1000 is logged in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX has stopped working and the faulting module name is "cdp.dll".

This issue is resolved in KB4053579.

 

How to get this update

To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4041688.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.