Applies ToWindows 10, version 2004, all editions Windows Server version 2004

Release Date:

01/10/2020

Version:

OS Build 19041.546

IMPORTANT Starting in July 2020, we will resume non-security releases for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates (also referred to as the "B" release or Update Tuesday release). For more information, see the blog post Resuming optional Windows 10 and Windows Server non-security monthly updates.

IMPORTANT Starting in July 2020, all Windows Updates will disable the RemoteFX vGPU feature because of a security vulnerability. For more information about the vulnerability, seeCVE-2020-1036 and KB4570006. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:

If you re-enable RemoteFX vGPU, a message similar to the following will appear:

  • “The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.”

  • “The virtual machine cannot be started because the server has insufficient GPU resources.”

  • "We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)”

For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.

Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.

Highlights

  • Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.

  • Updates an issue that causes games that use spatial audio to stop working.

  • Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).

  • Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate.

  • Adds support for certain new Windows Mixed Reality motion controllers.

  • Updates an issue in the user experience (UX) that prevents you from connecting or reconnecting to a Miracast receiver.

Improvements and fixes

This non-security update includes quality improvements. Key changes include:

  • Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.

  • Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge.

  • Addresses an issue that, in some instances, prevents the Language Bar from appearing when the user signs in to a new session. This occurs even though the Language Bar is configured properly.

  • Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid.

  • Addresses an issue the prevents you from reconnecting to a previously closed session because that session is in an unrecoverable state.

  • Addresses an issue that causes games that use spatial audio to stop working.

  • Addresses an issue with the CleanupProfiles Group Policy object (GPO). After you upgrade the operating system, when you configure the CleanupProfiles GPO, it fails to remove unused user profiles.

  • Addresses an issue in which selecting I forgot my Pin from Settings>Accounts>Sign-in options fails in a Windows Hello for Business On-Premise deployment.

  • Updates 2021 time zone information for Fiji.

  • Addresses an issue that affects the Microsoft’s System Centre Operations Manager’s (SCOM) ability to monitor a customer's workload.

  • Addresses an issue that causes random line breaks when you redirect PowerShell console error output.

  • Addresses an issue with creating HTML reports using tracerpt.

  • Allows the DeviceHealthMonitoring Cloud Service Plan (CSP) to run on Windows 10 Business and Windows 10 Pro editions.

  • Addresses an issue that prevents the content under HKLM\Software\Cryptography from being carried over during Windows feature updates.

  • Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances.

  • Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only.

  • Addresses an issue that displays an error that states that a smart card PIN change was not successful even though the PIN change was successful.

  • Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag.

  • Updates the configuration of Windows Hello Face recognition to work well with 940nm wavelength cameras.

  • Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD).

  • Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate.

  • Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer System Interface (SCSI) command.

  • Addresses an issue that might cause attempts to bind a socket to a shared socket to fail.

  • Addresses an issue that might prevent applications from opening or cause other errors when applications use Windows APIs to check for internet connectivity and the network icon incorrectly displays “No internet access” in the notification area. This issue occurs if you use a group policy or local network configuration to disable active probing for the Network Connectivity Status Indicator (NCSI). This also occurs if active probing fails to use a proxy and passive probes fail to detect internet connectivity.

  • Addresses an issue that prevents Microsoft Intune from syncing on a device using the virtual private network version 2 (VPNv2) configuration service provider (CSP).

  • Suspends uploads and downloads from peers when a VPN connection is detected.

  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.

  • Addresses an issue with ntdsutil.exe that prevents you from moving Active Directory database files. The error is, “Move file failed with source <original_full_db_path> and Destination <new_full_db_path> with error 5 (Access is denied.)”

  • Addresses an issue that incorrectly reports that Lightweight Directory Access Protocol (LDAP) sessions are unsecure in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.

  • Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.

  • Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname.

  • Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.” This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests.

  • Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request.

  • Addresses an issue that displays strange characters before the day, month, and year fields in the output from console commands.

  • Addresses an issue that causes lsass.exe to stop working, which triggers a restart of the system. This issue occurs when invalid restart data is sent with a non-critical paged search control.

  • Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control.

  • Addresses an issue with the Microsoft Cluster Shared Volumes File Systems (CSVFS) driver that prevents Win32 API access to SQL Server Filestream data. This occurs when the data is stored on a Cluster Shared Volume in a SQL Server failover cluster instance, which is on an Azure VM.

  • Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks.

  • Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents().

  • Addresses an issue that causes applications stop working when they use Microsoft’s Remote Desktop sharing APIs. The breakpoint exception code is 0x80000003.

  • Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway.

  • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.

  • Adds support for certain new Windows Mixed Reality motion controllers.

  • Addresses an issue that causes apps that use Dynamic Data Exchange (DDE) to stop responding when you attempt to close the app.

  • Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID.

  • Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the Remote Desktop Protocol (RDP) client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard".

  • Addresses an issue in Windows Subsystem for Linux (WSL) that generates an “Element not found” error when you try to start WSL.

  • Addresses an issue with certain WWAN LTE modems that might show no internet connection in the notification area after waking from sleep or hibernation. Additionally, these modems might not be able to connect to the internet.

  • Addresses an issue in the user experience (UX) that prevents you from connecting or reconnecting to a Miracast receiver.

  • Changes BitLocker behavior by preventing you from using BitLocker on file systems that are on an active master boot record (MBR) drive. When you attempt to use BitLocker on active MBR drives, you might see the following:

    • “ERROR: The volume X: could not be opened by BitLocker. This may be because the volume does not exist, or because it is not a valid BitLocker volume.”

    • “The drive cannot be encrypted because it contains system boot information……”

Additionally, the BitLocker encryption command will be missing from the context menu in File Explorer.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.

Known issues in this update

Symptom

Workaround

Users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text.

All IME issues listed in KB4564002 were resolved in KB4586853.

System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.

Note Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.

 This issue is resolved in KB4592438.

How to get this update

Before installing this update

Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

If you are using Windows Update, the latest SSU (KB4577266) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Install this update

Release Channel

Available

Next Step

Windows Update or Microsoft Update

Yes

Go to Settings > Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4577063

Note Some files erroneously have “Not applicable” in the “File version” column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.