Applies ToAzure Local, version 21H2

Release Date:

4/25/2022

Version:

OS Build 20348.681

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Azure Stack HCI, version 21H2, see its update history page

Improvements

This non-security update includes quality improvements. Key changes include:     

  • New! Adds improvements for servicing the Secure Boot component of Windows.

  • Addresses an issue in which certain Point of Sale terminals experience occasional OS startup delays during restart of up to 40 minutes.

  • Addresses an issue that causes Internet Explorer to stop working when you copy and paste text using an Input Method Editor (IME).

  • Addresses an issue that causes Kerberos authentication to fail, and the error is “0xc0030009 (RPC_NT_NULL_REF_POINTER)”. This occurs when a client machine attempts to use the Remote Desktop Protocol (RDP) to connect to another machine while Remote Credential Guard is enabled.

  • Addresses an issue that might cause Windows to stop working when you apply a Windows Defender Application Control (WDAC) policy that doesn’t require a restart.

  • Addresses an issue that might fail to copy the security portion of a Group Policy to a machine.

  • Addresses an issue that causes the Key Distribution Center (KDC) code to incorrectly return the error message “KDC_ERR_TGT_REVOKED” during domain controller shutdown.

  • Addresses an issue that prevents the instantiation of the Microsoft RDP Client Control, version 11 and higher, inside a Microsoft Foundation Class (MFC) dialog.

  • Addresses an issue that might cause a Microsoft OneDrive file to lose focus after you rename it and press the Enter key.

  • Addresses an issue that fails to pass the Shift KeyUp event to an application when you use the Korean IME.

  • Optimizes the Active Directory Federation Services (AD FS) artifact database by deleting expired artifacts.

  • Addresses an issue that might occur when you use Netdom.exe or the Active Directory Domains and Trusts snap-in to list or modify name suffixes routing. These procedures might fail. The error message is, "Insufficient system resources exist to complete the requested service." This issue occurs after installing the January 2022 security update on the primary domain controller emulator (PDCe).

  • Addresses an issue that causes the primary domain controller (PDC) of the root domain to generate warning and error events in the System log. This issue occurs when the PDC incorrectly tries to scan outgoing-only trusts.

  • Addresses an issue that occurs when you map a network drive to a Server Message Block version 1 (SMBv1) share. After restarting the OS, you cannot access that network drive.

  • Addresses an issue that affects an SMB multichannel connection and might generate a 13A or C2 error.

  • Addresses an issue that causes virtual computer object (VCO) password settings failure on a distributed network name resource.

  • Addresses an issue that damages a pool when a Client-Side Caching (CSC) cleanup method fails to delete a resource that was created.

  • Addresses an issue that might cause the server to lock up because the nonpaged pool grows and uses up all memory. After a restart, the same issue occurs again when you try to repair the damage.

  • Reduces the overhead of resource contention in high input/output operations per second (IOPS) scenarios that have many threads contending on a single file.

To return to the Azure Stack HCI documentation site

Windows 10 servicing stack update - 20348.677

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Symptom

Workaround

After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. 

Note for developers Affected apps use the System.DirectoryServices API.

To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app.

Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog

For instructions on how to install this update for your operating system, see the KB articles listed below:

  • Windows Server 2022: 

  • Windows Server 2019: 

  • Windows Server 2016: 

  • Windows Server 2012 R2: 

  • Windows Server 2012:

How to get this update

Before installing this update

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

To install the LCU on your Azure Stack HCI cluster, see Update Azure Stack HCI clusters.

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

Go to Settings Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Windows Update for Business

No

None. These changes will be included in the next security update to this channel.

Microsoft Update Catalog

No

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

If you want to remove the LCU

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File Information

For a list of the files that are provided in this update, download the file information for cumulative update 5012637.

For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20348.677

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.