Applies ToWindows 10, version 1607, all editions Windows Server 2016, all editions

Release Date:

11/08/2020

Version:

OS Build 14393.3866

IMPORTANT Windows 10, version 1607 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as "C" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the "B" or Update Tuesday release).

IMPORTANT Starting in July 2020, all Windows Updates will disable the RemoteFX vGPU feature because of a security vulnerability. For more information about the vulnerability, seeCVE-2020-1036 and KB4570006. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:

If you re-enable RemoteFX vGPU, a message similar to the following will appear:

  • “The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.”

  • “The virtual machine cannot be started because the server has insufficient GPU resources.”

  • "We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)”

Reminder The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ended on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.

Reminder March 12, 2019 and April 9, 2019 were the last two Delta updates for Windows 10, version 1607. For Long-Term Servicing Branch (LTSB) customers, security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our blog.

Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.

IMPORTANTWindows 10 Enterprise and Windows 10 Education editions will receive  additional servicing at no cost until April 9, 2019. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the Lifecycle Policy page. Windows 10 Anniversary Update (v. 1607) devices running the Intel “Clovertrail” chipset will continue to receive updates until January 2023 per the Microsoft Community blog.

Windows Server 2016 Standard edition, Nano Server installation option and Windows Server 2016 Datacenter edition, Nano Server installation option reached end of service on October 9, 2018. These editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.

Windows 10 Mobile, version 1607, reached end of service on October 8, 2018. Devices running Windows 10 Mobile and Windows 10 Mobile Enterprise will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.

For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.

Highlights

  • Updates an issue that causes File Explorer to close unexpectedly when creating shortcuts.

  • Updates for verifying usernames and passwords.

  • Updates to improve security when Windows performs basic operations.

  • Updates for storing and managing files.

Improvements and fixes

This security update includes quality improvements. Key changes include:

  • Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.

  • Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.

  • Addresses an issue with loading Browser Helper Objects in Microsoft Edge IE mode.

  • Addresses an issue that causes certain applications to stop responding when under load if they rely on the JScript Scripting Engine.

  • Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.

  • Addresses an issue that causes File Explorer to close unexpectedly when creating shortcuts.

  • Addresses an issue that causes Remote Server Administration Tools (RSAT) to stop working on Windows 10 machines. This occurs when you create or edit a Group Policy Object that contains a Scheduled Task.

  • Addresses a race condition that occurs when you run multiple PowerShell scripts simultaneously.

  • Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of CVE-2020-1509, UWP applications might begin prompting the user for credentials.

  • Addresses an issue in cluster scenarios that causes handles to .vmcx and .vmrs files to become invalid after storage failover. As a result, live migration and other virtual machine (VM) maintenance activities fail with STATUS_UNEXPECTED_NETWORK_ERROR.

  • Updates the message users receive that tells them to check their phone for notifications from the Microsoft Authenticator application. This message only appears when authentication is done using the AD FS Azure Multi-Factor Authentication (MFA) adapter.

  • Addresses an issue that might cause a stop error (0xC00002E3) at startup. This issue occurs after installing certain Windows Updates that were released on or after April 21, 2020.

  • Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the Ports tab of the Print Server Properties dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.

  • Security updates to the Microsoft Scripting Engine, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Storage and Filesystems, Windows File Server and Clustering, Windows App Platform and Frameworks, Windows Hybrid Storage Services, Microsoft JET Database Engine, and Windows Remote Desktop.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.

Known issues in this update

Symptom

Workaround

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

How to get this update

Before installing this update

Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

If you are using Windows Update, the latest SSU (KB4565912) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

Yes

This update will automatically sync with WSUS if you configure Products and Classifications as follows:

Product: Windows 10

Classification: Security Updates

 

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4571694

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.