Applies ToWindows 10, version 1809, all editions Windows Server version 1809 Windows Server 2019, all editions

Release Date:

20/08/2020

Version:

OS Build 17763.1432

IMPORTANT Starting in July 2020, we will resume non-security releases for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates (also referred to as the "B" release or Update Tuesday release). For more information, see the blog post Resuming optional Windows 10 and Windows Server non-security monthly updates.

IMPORTANT Starting in July 2020, all Windows Updates will disable the RemoteFX vGPU feature because of a security vulnerability. For more information about the vulnerability, seeCVE-2020-1036 and KB4570006. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:

If you re-enable RemoteFX vGPU, a message similar to the following will appear:

  • “The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.”

  • “The virtual machine cannot be started because the server has insufficient GPU resources.”

  • "We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)”

IMPORTANT We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the Home, Pro, Pro Education, Pro for Workstations, and IoT Core editions of Windows 10, version 1809 to November 10, 2020. This means devices will receive monthly security updates only from May to November. The final security update for these editions of Windows 10, version 1809 will be released on November 10, 2020 instead of May 12, 2020.

For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.

Highlights

  • Updates time zone information for the Yukon, Canada.

  • Updates an intermittent issue that causes a touchscreen to stop working after several sleep and wake cycles.

  • Updates an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.

  • Updates an issue that causes applications to take a long time to open.

  • Updates an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.

Improvements and fixes

This non-security update includes quality improvements. Key changes include:

  • Provides the ability to sync the Microsoft Edge IE Mode unidirectional session cookie when an administrator configures the session cookie.

  • Addresses an issue that displays a black screen to Windows Virtual Desktop (WVD) users when they attempt to sign in.

  • Addresses an issue that, in certain scenarios, causes the GetConsoleWindow function to return an unusable value within a process that started with a CREATE_NO_WINDOW flag.

  • Updates time zone information for the Yukon, Canada.

  • Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.

  • Addresses an intermittent issue that causes a touchscreen to stop working after several sleep and wake cycles.

  • Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.

  • Addresses an issue with File Explorer’s preview of .msg files when Microsoft Outlook 64-bit is installed.

  • Addresses an issue that causes all open Universal Windows Platform (UWP) apps to close unexpectedly. This occurs when their installer calls the Restart Manager to restart File Explorer (explorer.exe).

  • Addresses an issue that causes the Settings page to close unexpectedly, which prevents default applications from being set up properly.

  • Addresses an issue that causes user profile folder names to get excessively long, which might lead to MAX_PATH issues.

  • Addresses an issue with unexpected notifications related to changing default applications settings.

  • Addresses an issue that creates random line breaks in PowerShell’s console error output when the output is redirected.

  • Addresses an issue that prevents a delegated user from importing a Group Policy object (GPO) even though the user has the required privilege.

  • Addresses an issue with Windows Management Instrumentation (WMI) queries that contain case insensitive names that affect the Patch Management solution for a customer.

  • Addresses an issue with object performance counters.

  • Addresses an issue that causes an error if you open Microsoft OneDrive files on demand when User Experience Virtualization (UE-V) is enabled. To apply this solution, set the following DWORD to 1: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration\ApplyExplorerCompatFix”

  • Addresses an issue that causes applications to take a long time to open.

  • Addresses an issue that sometimes prevents AppLocker from running an application whose publisher rule allows it to run.

  • Addresses an issue in which AppLocker publisher rules might sometimes prevent applications from loading software modules; this can cause partial application failure.

  • Addresses an issue that causes the memory cache to increase without boundaries when an application calls the CryptCATAdminCalcHashFromFileHandle() function. With this update, cached memory usage is now limited. Cached memory will not be released until the process ends.

  • Addresses an issue that might prevent the cluster service from starting and generates the error “2245 (NERR_PasswordTooShort)”. This occurs if you configure the “Minimum Password Length” Group Policy with more than 14 characters. For more information, see KB4557232.

  • Addresses an issue that causes the configuration of the “Minimum Password Length” Group Policy with more than 14 characters to have no effect. For more information, see KB4557232.

  • Addresses an issue that causes a system to stop working and generates a 7E stop code.

  • Addresses an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device.

  • Addresses classification failures caused by the wrong User Principal Name (UPN).

  • Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer Systems Interface (SCSI) command.

  • Addresses an issue that might display Processor Frequency as zero (0) for certain processors.

  • Addresses an issue with a sleep system call on Glibc-2.31 or later that’s running on a Windows Subsystem for Linux 1 (WSL 1) distribution.

  • Addresses an issue that causes delays during shutdown when running the Microsoft Keyboard Filter Service.

  • Addresses a transient network disconnection issue that may happen when you enable packet capturing using "netsh start trace capture=yes". This issue might also occur when you install third-party Network Driver Interface Specification (NDIS) filter drivers.

  • Addresses an issue in Software Load Balancing scenarios that prevents a connection from being responsive to TCP resets.

  • Introduces support for Direct Server Return (DSR) configuration for container load balancers that are created by the Host Networking Service (HNS).

  • Adds new functionality to the robocopy command.

  • Provides the ability for a Windows Embedded Compact 2013 OS instance and applications to run and interface with Windows CE App Container.

  • Addresses an issue that prevents modern applications from opening because of a race condition during automatic updates. As a result, the appx package has a reduced or zero byte file size.

  • Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.

  • Addresses a Security Assertion Markup Language (SAML) Scoping support issue in the Active Directory Federation Service (AD FS) that is related to entityID and IDPList. For more information, see section 3.4.1.2 of the SAML Core specification.

  • Addresses an issue that logs incorrect IPs in the audit logs for Windows Transport requests because of missing or outdated data.

  • Addresses an issue that prevents Account activity cmdlets from executing when you specify an identity that is not in a UPN format.

  • Addresses an issue with Server Message Block (SMB). This issue incorrectly logs the Microsoft-Windows-SMBClient 31013 event in the Microsoft-Windows-SMBClient/Security event log of an SMB client when an SMB server returns STATUS_USER_SESSION_DELETED. This issue occurs when SMB client users or applications open multiple SMB sessions using the same set of Transmission Control Protocol (TCP) connections on the same SMB Server. This issue most likely occurs on Remote Desktop Servers.

  • Addresses an issue with the CsvFs driver that prevents the Win32 API from accessing SQL Server Filestream data. This occurs when you store that data on a Cluster Shared Volume in a SQL Server failover cluster instance on Azure VMs.

  • Addresses an issue with the Remote Desktop Session Host (RDSH) that fails to open the Start menu for mandatory profile users.

  • Addresses an issue that might cause a stop error (0xC00002E3) at startup. This issue occurs after installing certain Windows Updates that were released on or after April 21, 2020.

  • Addresses a runtime error that causes Visual Basic 6.0 (VB6) to stop working when duplicate windows messages are sent to WindowProc().

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.

Known issues in this update

Symptom

Workaround

After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND."

  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.

  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.

  2. Select Get Started under the Reset this PC recovery option.

  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.

After installing KB4550969 or later, when using Microsoft Edge Legacy, you might receive the error,”0x80704006. Hmmmm…can’t reach this page” when attempting to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue.

This issue is resolved in KB4577069.

How to get this update

Before installing this update

Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

If you are using Windows Update, the latest SSU (KB4566424) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Install this update

Release Channel

Available

Next Step

Windows Update or Microsoft Update

Yes

Go to Settings > Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4571748

Note Some files erroneously have “Not applicable” in the “File version” column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.