June 21, 2021—KB5003690 (OS Builds 19041.1081, 19042.1081, and 19043.1081) Preview - EXPIRED
Applies To
Windows 10, version 2004, all editions Windows Server version 2004 Windows 10, version 20H2, all editions Windows Server, version 20H2, all editions Windows 10, version 21H1, all editionsRelease Date:
21/06/2021
Version:
OS Builds 19041.1081, 19042.1081, and 19043.1081
NEW 7/21/21
EXPIRATION NOTICEIMPORTANT As of 7/21/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. The latest security quality update is cumulative and contains all the addressed issues in this update.
NEW 6/21/21 Update on Adobe Flash Player End of Support.
IMPORTANT This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the4/13/21 New Microsoft Edge to replace Microsoft Edge Legacy with April’s Windows 10 Update Tuesday release.
REMINDER Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in March 2021. On April 13, 2021, we installed the new Microsoft Edge. For more information, see11/17/20
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. To view other notes and messages, see the Windows 10, version 2004 update history home page.
@WindowsUpdate to find out when new content is published to the release information dashboard.
Note FollowHighlights
-
Updates an issue in a small subset of users that have lower than expected performance in games after installing KB5000842 or later.
-
Updates an issue that causes the Japanese Input Method Editor (IME) to suddenly stop working while you are typing.
-
Updates an issue in which signing in using a PIN fails. The error message is "Something happened and your PIN isn’t available. Click to set up your PIN again."
-
Updates an issue that, in certain cases, takes you out of the exclusive virtual reality (VR) app and back to Windows Mixed Reality Home when you press the Windows button on the controller.
-
Updates an issue that causes blurry text on the news and interests button on the Windows taskbar for some screen resolutions.
-
Updates an issue with Search box graphics on the Windows taskbar that occurs if you right-click the taskbar and turn off News and interests. This graphics issue is especially visible when using dark mode.
-
Updates an issue that might prevent you from using your fingerprint to sign in after startup or waking up your device from sleep.
-
Updates an issue that might cause a high-pitched noise or squeak in certain apps when you play 5.1 Dolby Digital audio using certain audio devices and Windows settings.
Improvements and fixes
Note: To view the list of addressed issues, click or tap the OS name to expand the collapsible section.
-
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
This non-security update includes quality improvements. Key changes include:
-
This build includes all the improvements from Windows 10, version 2004.
-
No additional issues were documented for this release.
This non-security update includes quality improvements. Key changes include:
-
This build includes all the improvements from Windows 10, version 2004.
-
No additional issues were documented for this release.
This non-security update includes quality improvements. Key changes include:
-
Addresses an issue that causes communication between apps to stop working after you enable the “AppMgmt_COM_SearchForCLSID” policy.
-
Addresses a performance issue in the MultiByteToWideChar() function that occurs when it is used in a non-English locale.
-
Addresses an issue that prevents sorting from working properly when using multiple versions of National Language Support (NLS) sorting.
-
Addresses an issue in a small subset of users that have lower than expected performance in games after installing KB5000842 or later.
-
Addresses an issue that causes the Japanese Input Method Editor (IME) to suddenly stop working while you are typing.
-
Addresses an issue that sometimes prevents the candidate window from appearing while you use the IME for the Chinese and Japanese languages.
-
Addresses an issue that causes WMIMigrationPlugin.dll to return an error when you attempt to migrate in offline mode.
-
Addresses an issue with the Set-RuleOption PowerShell command that fails to provide the option for the Windows Defender Application Control (WDAC) policy to treat files signed with an expired certificate as unsigned.
-
Addresses an issue that causes Windows to stop working when it uses AppLocker to validate a file that has multiple signatures. The error is 0x3B.
-
Addresses an issue that might cause BitLocker to go into recovery mode after updating the Trusted Platform Module (TPM) firmware. This occurs when the "Interactive logon: Machine account lockout Threshold" policy is set and there were incorrect password attempts.
-
Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events in the AppLocker EXE and DLL event channel.
-
Addresses an issue with authenticating for a domain controller when Credential Guard and Remote Credential Guard are enabled.
-
Addresses an issue that prevents certain screen reader apps from running when Hypervisor-protected code integrity (HVCI) is enabled.
-
Addresses an issue in which signing in using a PIN fails. The error message is "Something happened and your PIN isn’t available. Click to set up your PIN again."
-
Adds Windows support for System Management Mode protections (firmware protection version 2.0) for certain processors that support Secure Launch.
-
Addresses an issue that, in certain cases, takes you out of the exclusive virtual reality (VR) app and back to Windows Mixed Reality Home when you press the Windows button on the controller. With this update, when you press the Windows button, the Windows Start menu appears. When you close the Start menu, you will go back to the exclusive VR app.
-
Improves the accuracy and efficiency of sensitive data analysis in the Microsoft 365 Endpoint data loss prevention (DLP) Classification Engine.
-
Addresses an issue with the Internet Key Exchange (IKE) VPN service on remote access server (RAS) servers. Periodically, users cannot connect a VPN to the server over the IKE protocol. This issue might start several hours or days after restarting the server or restarting the IKEEXT service. Some users can connect while many others cannot connect because the service is in DoS Protection mode, which limits incoming connection attempts.
-
Addresses an issue that causes Wi-Fi connections to fail because of an invalid Message Integrity Check (MIC) on a four-way handshake if Management Frame Protection (MFP) is enabled.
-
Addresses an issue that might cause a VPN to fail after renewing a user auto-enrolled certificate. The error message is "There are no more files".
-
Addresses an issue with the Tunnel Extensible Authentication protocol (TEAP) that replaces the outer identity with “anonymous” even though identity privacy is not selected or is disabled.
-
Addresses an issue that causes Remote Desktop sessions to stop responding while the User Datagram Protocol (UDP) is enabled.
-
Adds support for the USB Test and Measurement Class.
-
Addresses an issue in Adamsync.exe that affects the syncing of large Active Directory subtrees.
-
Addresses an issue that occurs when the Lightweight Directory Access Protocol (LDAP) bind cache is full, and the LDAP client library receives a referral.
-
Addresses a redirector stop error that is caused by a race condition that occurs when the system deletes binding objects when connections close.
-
Addresses an issue that prevents users from setting or querying disk quotas on the C drive.
-
Addresses an issue that causes 16-bit apps that run on NT Virtual DOS Machine (NTVDM) to stop working when you open them.
-
Addresses an issue that causes fontdrvhost.exe to stop working when Compact Font Format version 2 (CFF2) fonts are installed.
-
Addresses an issue that might prevent End User Defined Characters (EUDC) from printing correctly because of font fallback settings.
-
Addresses an issue that causes blurry text on the news and interests button on the Windows taskbar for some display configurations.
-
Addresses an issue with Search box graphics on the Windows taskbar that occurs if you use the taskbar’s context menu to turn off News and interests. This graphics issue is especially visible when using dark mode.
-
Addresses an issue that might cause signing in with your fingerprint to fail after the system starts up or resumes from sleep.
-
Addresses an issue that might cause a high-pitched noise or squeak in certain apps when you play 5.1 Dolby Digital audio using certain audio devices and Windows settings.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.Known issues in this update
Symptoms |
Workaround |
---|---|
When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually. Note The affected apps are using the ImmGetCompositionString() function. |
This issue is resolved in KB5005101. |
Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. |
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:
If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business. |
After installing this update, Internet Explorer 11 (IE11) or apps using the 64-bit version of the WebBrowser control might fail to open PDFs or may render as just a gray background using the Adobe Acrobat plug-in. Note Internet Explorer is only affected if Enable 64-bit Processes for Enhanced Protected Mode is enabled in the Advanced tab in Internet Options. |
This issue is resolved in KB5004760. |
After installing this update, you might have issues printing to certain printers. Various brands and models are affected, primarily receipt or label printers that connect via USB. Note This issue is not related to CVE-2021-34527 or CVE-2021-1675. |
This issue is resolved in KB5004237. |
Universal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:
The affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality. |
This issue is addressed in KB5015878 for all releases starting June 21, 2021 and later. |
How to get this update
Before installing this update
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Prerequisite:
For Windows Server Update Services (WSUS) deployment:
-
Install the May 11, 2021 update (KB5003173) before you install the latest cumulative update.
For offline Deployment Image Servicing and Management (DISM.exe) deployment:
-
If an image does not have the February 24, 2021 (KB4601382) or later cumulative update, install the January 12, 2021 SSU (KB4598481) and the May 11, 2021 update (KB5003173).
Install this update
Release Channel |
Available |
Next Step |
---|---|---|
Windows Update or Microsoft Update |
Yes |
Go to Settings > Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update. |
Windows Update for Business |
No |
None. These changes will be included in the next security update to this channel. |
Microsoft Update Catalog |
Yes |
To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) |
No |
You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions. |
If you want to remove the LCU
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File information
For a list of the files that are provided in this update, download the file information for cumulative update 5003690.
For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 19041.1081, 19042.1081, and 19043.1081.