March 17, 2020—KB4541331 (OS Build 17763.1131)
Applies To
Windows 10, version 1809, all editions Windows Server version 1809 Windows Server 2019, all editionsRelease Date:
3/17/2020
Version:
OS Build 17763.1131
For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.
Highlights
-
Updates an issue that causes an error when printing to a document share.
-
Updates an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
-
Updates an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone.
-
Improves application and device compatibility with Windows updates.
Improvements and fixes
This non-security update includes quality improvements. Key changes include:
-
Addresses an issue that causes an error when printing to a document repository.
-
Addresses a drawing issue with the Microsoft Foundation Class (MFC) toolbar that occurs when dragging in a multi-monitor environment.
-
Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
-
Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
-
Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
-
Addresses an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone.
-
Addresses an issue with reading logs using the OpenEventLogA() function.
-
Addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is "The server's clock is not synchronized with the primary domain controller's clock."
-
Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
-
Addresses an issue that causes authentication to fail when using Azure Active Directory and the user’s security identifier (SID) has changed.
-
Addresses an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS.<forest root domain> DNS zone. This occurs when DC computer names contain one or more uppercase characters.
-
Addresses an issue that causes authentication in an Azure Active Directory environment to fail and no error appears.
-
Addresses an issue that causes high CPU utilization when retrieving a session object.
-
Addresses high latency in Active Directory Federation Services (AD FS) response times for globally distributed datacenters in which SQL might be on a remote datacenter.
-
Improves the performance for all token requests coming to AD FS, including OAuth, Security Assertion Markup Language (SAML), WS-Federation, and WS-Trust.
-
Addresses a high latency issue in acquiring OAuth tokens when AD FS front-end servers and back-end SQL servers are in different datacenters.
-
Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname.
-
Addresses an issue to prevent SAML errors and the loss of access to third-party apps for users who do not have multi-factor authentication (MFA) enabled.
-
Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.
-
Addresses an issue that prevents Microsoft User Experience Virtualization (UE-V) settings from roaming to enable the signature files that are used for new messages, forwarded messages, and replies.
-
Addresses an issue with high CPU usage on AD FS servers that occurs when the backgroundCacheRefreshEnabled feature is enabled.
-
Addresses an issue that creates the Storage Replica administrator group with the incorrect SAM-Account-Type and Group-Type. This makes the Storage Replica administrator group unusable when moving the primary domain controller (PDC) emulator.
-
Addresses an issue that prevents some machines from automatically going into Sleep mode under certain circumstances because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
-
Addresses an issue that prevents some machines from running Microsoft Defender ATP Threat & Vulnerability Management successfully.
-
Improves support for non-ASCII file paths for Microsoft Defender ATP Auto IR.
-
Addresses an issue that, in some scenarios, causes stop error 0xEF while upgrading to Windows 10, version 1809.
-
Improves the performance of the Resilient File System (ReFS) in scenarios that involve many operations on ReFS-cloned files.
-
Addresses an issue that prevents standard user accounts that are configured with the maximum User Account Control (UAC) settings from installing Language Features On Demand (FOD) using the System settings.
-
Addresses an issue that causes attempts to complete the connection to a virtual private network (VPN) to fail; instead, the status remains at “Connecting.”
-
Addresses an issue that breaks the association among the Get-Iscsisession, Get-Iscsiconnection, and Get-Disk PowerShell commandlets when a cluster is created. This causes applications and scripts that rely on this association to fail.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.
Known issues in this update
Symptom |
Workaround |
After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." |
This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest Servicing Stack Update (SSU) before installing the language pack or other optional components. If using the Volume Licensing Service Center (VLSC), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:
Note Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it. Workaround:
Note If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see How to do an in-place upgrade on Windows, and Perform an in-place upgrade of Windows Server. |
Devices using a manual or auto-configured proxy, especially with a virtual private network (VPN), might show limited or no internet connection status in the Network Connectivity Status Indicator (NCSI) in the notification area. This might happen when connected to or disconnected from a VPN or after changing the state between the two. Devices with this issue might also have issues reaching the internet using applications that use WinHTTP or WinInet. Examples of apps that might be affected on devices in this state include, but are not limited to, Microsoft Teams, Microsoft Office, Microsoft Office 365, Microsoft Outlook, Internet Explorer 11, and some versions of Microsoft Edge. |
This issue is resolved in KB4554354. |
Devices on a domain might be unable to install apps published using a Group Policy Object (GPO). This issue only affects app installations that use .msi files. It does not affect any other installation methods, such as from the Microsoft Store. |
This issue is resolved in KB4549949. |
How to get this update
Before installing this update
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
If you are using Windows Update, the latest SSU (KB4539571) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.
Install this update
Release Channel |
Available |
Next Step |
Windows Update or Microsoft Update |
Yes |
Go to Settings > Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update. |
Microsoft Update Catalog |
Yes |
To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) |
No |
You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions. |
File information
For a list of the files that are provided in this update, download the file information for cumulative update 4541331.
Note Some files erroneously have “Not applicable” in the “File version” column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.