Applies ToWindows Server 2022

Release Date:

9/27/2021

Version:

OS Build 20348.261

Improvements and fixes

This non-security update includes quality improvements. Key changes include: 

  • Addresses an issue that might prevent users from opening phone apps that are pinned to the taskbar. This issue occurs after they update to the current version of Windows 10 and then use the Your Phone app.

  • Addresses an issue that changes the device’s current UI language. This occurs during an unattended out-of-box experience (OOBE) language pack installation scenario on a desktop.

  • Addresses an issue that prevents users from tracking Distributed Component Object Model (DCOM) activation failures.  

  • Addresses an issue with hardcoded fonts used in the PowerShell shortcut file. This issue causes Japanese, Chinese, and Korean language fonts to be unreadable. This update addresses this font issue for newly created users on the machine. For existing users, use the file at C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk to open PowerShell. Alternatively, create a shortcut to PowerShell.lnk on the desktop and use it to open PowerShell.

  • Addresses an issue with forcibly resetting a device when a Group Policy is being updated. As a result, the device stops responding.

  • Provides administrators the option to reset the zoom to the default for HTML dialogs in Microsoft Edge Internet Explorer mode.

  • Addresses an issue with Enterprise Mode Site List redirection from Internet Explorer 11 to Microsoft Edge. In certain circumstances, the redirection opens a site in multiple tabs in Microsoft Edge.

  • Addresses an issue with PropertyGet in JScript9.dll.

  • Addresses an issue with the Microsoft Outlook Add-in that prevents you from providing input after you select Reply.

  • Addresses an issue that might cause your device to stop working during a touch input gesture. This issue occurs if you bring more fingers into contact with the touchpad or screen during the middle of the gesture.

  • Addresses an issue that causes a memory leak in lsass.exe when the pTokenPrivileges buffer is not released.

  • Addresses a Primary Refresh Token (PRT) update issue that occurs if VPN users sign in using Windows Hello for Business when the VPN connection is offline. Users receive unexpected authentication prompts for online resources that are configured for user sign-in frequency (SIF) in Azure Active Directory-Conditional Access.

  • Addresses an issue with a non-paged pool (NPP) leak from the UxSF pool tag. This leak occurs when lsass.exe stops processing asynchronous Security Support Provider Interface (SSPI) calls.

  • Addresses an issue that prevents the xhunter1.sys driver from loading. As a result, some games cannot run when you enable Hypervisor-Protected Code Integrity (HVCI).

  • Addresses an issue that causes Windows to stop working if you deploy a Code Integrity policy without user mode rules.

  • Addresses an issue that might prevent users from signing in to a domain controller with Directory Services Restore Mode (DSRM) over Remote Desktop or Hyper-V Enhanced Session.

  • Addresses an input method editor (IME) mode instability in the RemoteApp scenario. You must install this update on the Remote Desktop server and Remote Desktop client.

  • Addresses a paged pool memory leak of the registry keys for the Virtual Desktop ID that occurs in explorer.exe.

  • Addresses an issue that causes LogonUI.exe to stop working because Direct Manipulation fails to start.

  • Addresses an issue that prevents Cluster-Aware Updating (CAU) from updating the cluster if the cluster runs in mixed mode after you previously attempted to update the cluster.

  • Improves the Windows Server Storage Migration Service by adding support for migration Windows Servers that are configured using Azure File Sync cloud tiering, which addresses multiple issues and improves reliability. For more information, see Storage Migration Service overview.

  • Addresses an issue that prevents access to files that are on a Server Message Block (SMB) share when you enable Access-Based Enumeration (ABE).

  • Implements a Group Policy setting for the following registry value:

    Registry location:  HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

    Value name: RestrictDriverInstallationToAdministrators

    Value data: 1

    For more information, see KB5005652.

  • Adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the following Group Policy settings:

  • Addresses a known issue that might prevent devices from downloading and installing printer drivers when the devices attempt to connect to a network printer for the first time. We have observed this issue on devices that access printers using a print server that uses HTTP connections.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Windows 10 servicing stack update - 20348.260

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

This servicing stack update makes quality improvements including the following:

  • Addresses an issue that might prevent update CVE-2020-0689 from installing and generates a TRUST_E_NOSIGNATURE error in the Windows cbs.log file.

Known issues in this update

Symptom

Workaround

After installing KB5005575, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005575 are unaffected and print operations to that printer will succeed as usual.

Note IPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.

This issue is resolved in KB5006745.

After installing this update on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server – for example, duplex print settings – will not be applied automatically, and clients will print with default settings only.

This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005619 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.

Note The printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.

This issue is resolved in KB5006745.

After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red.

This issue is addressed in KB5007254.

You might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.

Note The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.

This issue is resolved in KB5006745.

Universal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset.

UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:

  • App packages with framework dependencies

  • Apps that are provisioned for the device, not per user account.

The affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.

This issue is addressed in KB5015879 for all releases starting September 14, 2021 and later.

How to get this update

Before installing this update

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

Go to Settings Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Windows Update for Business

No

None. These changes will be included in the next security update to this channel.

Microsoft Update Catalog

No

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

If you want to remove the LCU

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File Information

For a list of the files that are provided in this update, download the file information for cumulative update 5005619.

For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20348.260

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.