Builds 16299.201, 10586.1358 - here's what's new

Status
Not open for further replies.

BoraMurdar

Super Moderator
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Those on version 1703 will receive KB4057144, or build 15063.877, which can be manually downloaded here. It contains the following fixes:

  • Addresses issue with printing PDFs in Microsoft Edge.
  • Addresses issue with the App-V package folder access that cause the access control list to be handled incorrectly.
  • Addresses issue where backwards compatibility for managing Microsoft User Experience Virtualization (UE-V) with group policy is lost. Windows 10 version 1607 group policy isn't compatible with Windows 10 version 1703 or higher group policy. Because of this bug, the new Windows 10 Administrative Templates (.admx) cannot be deployed to the Group Policy Central Store. This means that some of the new, additional settings for Windows 10 aren't available.
  • Addresses issue where some Microsoft-signed ActiveX controls don't work when Windows Defender Application Control (Device Guard) is enabled. Specifically, class IDs related to XMLHTTP in msxml6.dll don't work.
  • Addresses issue where, when attempting to change the Smart Card for Windows service start type from Disabled to Manual or Automatic, the system reports an error: “Cannot create a file when that file already exists.”
  • Addresses issue where some applications are blocked from running by Windows Defender Device Guard or Windows Defender Application Control when the application runs in Audit only enforcement mode.
  • Addresses issue where the virtual TPM self-test isn't run as part of virtual TPM initialization.
  • Addresses issue with NoToastApplicationNotificationOnLockScreen GPO that causes Toast notifications to appear on the lock screen.
  • Addresses issue originally called out in KB4056891 where calling CoInitializeSecurity with the authentication parameter set to RPC_C_AUTHN_LEVEL_NONE resulted in the error STATUS_BAD_IMPERSONATION_LEVEL.
  • Addresses issue where some customers with AMD devices get into an unbootable state.
There's also a known issue to be aware of:

Symptom Workaround
Due to an issue with some versions of antivirus software, this fix only applies to the machines where the antivirus ISV has updated the ALLOW REGKEY.
Contact your antivirus AV to confirm that its software is compatible and have set the following REGKEY on the machine

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”

Those that are still on the Anniversary Update, or version 1607, will see KB4057142, or build 14393.2034, which can be manually downloaded here. Here's what's new:

  • Addresses issue where some Microsoft-signed ActiveX controls don't work when the Windows Defender Application Control (Device Guard) is enabled. Specifically, class IDs related to XML HTTP in msxml6.dll don't work.
  • Addresses issue where using smart cards on a Windows Terminal Server system may cause excessive memory use.
  • Addresses issue where the virtual TPM self-test isn't run as part of virtual TPM initialization.
  • Improves compatibility with U.2 NVMe devices, specifically in hot-add/removal cases.
  • Addresses issue where the iSCSI Initiator Properties Devices list doesn't display certain targets.
  • Adds compatibility for NGUID and EUI64 ID formats for NVMe devices.
  • Addresses synchronization issue where backing up large Resilient File System (ReFS) volumes may lead to errors 0xc2 and 7E.
  • Addresses issue where the UWF file commit adds old data to files in certain scenarios.
  • Addresses issue where access-based enumeration may not work as expected in some scenarios after you install KB4015217 or later. For example, a user may be able to view another user's folder to which they don't have access rights.
  • Addresses issue where AD FS incorrectly displays the Home Realm Discovery (HRD) page when an identity provider (IDP) is associated with a relying party (RP) in an OAuth Group. Unless multiple IDPs are associated with the RP in the OAuth Group, the user isn't shown the HRD page. Instead, the user is navigated directly to an associated IDP for authentication.
  • Addresses issue where PKeyAuth-based device authentication sometimes fails in Internet Explorer and Microsoft Edge when AD FS returns a context that exceeds the request limits for URL length. Event 364 is logged in the AD FS 2.0 Admin log with the following exception details: “System.Security.Cryptography.CryptographicException: The signature is not valid. The data may have been tampered with….”
  • Addresses issue in AD FS where MSISConext cookies in request headers can eventually overflow the headers’ size limit. This causes authentication failure with the HTTP status code 400: “Bad Request - Header Too Long."
  • Addresses issue where AD FS produces an MFA Event 1200 log that doesn't contain UserID information.
  • Addresses issue where retrieving the Certificate Revocation List (CRL) from the Certification Authority (CA) using the Simple Certificate Enrollment Protocol (SCEP) fails. Users see event ID 45, which says, "NDES cannot match issuer and serial number in the device request with any Certification Authority (CA) Certificate”.
  • Enables IT administrators to scientifically troubleshoot I/O failures using a comprehensive event log for the resiliency state transition.
  • Provides transparency about replication health. It represents the state of replication by indicating when:
    • The free disk space is running low.
    • The Hyper-V Replica Log (HRL) size is growing to its maximum limit.
    • The Recovery Point Objectives (RPO) threshold has been violated.
  • Addresses issue where, if the Online Certificate Status Protocol (OCSP) renewal date comes after the certificate expiration date, the OCSP-stapled response is used until the renewal date even though the certificate has expired.
  • Addresses issue where backwards compatibility for managing Microsoft User Experience Virtualization (UE-V) with group policy is lost. Windows 10 version 1607 group policy isn't compatible with Windows 10 version 1703 or higher group policy. Because of this bug, the new Windows 10 Administrative Templates (.admx) cannot be deployed to the Group Policy Central Store. This means that some of the new, additional settings for Windows 10 aren't available.
  • Addresses issue with the App-V package folder access that causes the access control list to be handled incorrectly.
  • Addresses issue that causes a delay when searching for new printers to add.
  • Addresses issue where users may not be able to change passwords on the remote logon screen if the password has expired.
  • Addresses issue where custom application defaults are sometimes not imported when using the DISM command.
  • Addresses issue originally called out in KB4056890 where calling CoInitializeSecurity with the authentication parameter set to RPC_C_AUTHN_LEVEL_NONE resulted in the error STATUS_BAD_IMPERSONATION_LEVEL.
  • Addresses issue where some customers with AMD devices get into an unbootable state.
There are a couple of known issues to be aware of on this one:

Symptom Workaround
Due to an issue with some versions of antivirus software, this fix only applies to the machines where the antivirus ISV has updated the ALLOW REGKEY.
Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
After installing this update, servers where Credential Guard is enabled may experience an unexpected restart with the error, "The system process lsass.exe terminated unexpectedly with status code -1073740791. The system will now shut down and restart."

Event ID 1000 in the application log shows:
"C:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073740791
Faulting application: lsass.exe, Version: 10.0.14393.1770, Time Stamp: 0x59bf2fb2
Faulting module: ntdll.dll, Version: 10.0.14393.1715, Time Stamp: 0x59b0d03e
Exception: 0xc0000409
Disable Credential Guard; see Disable Windows Defender Credential Guard.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Of course, you shouldn't need to manually install either of these updates. By going to Settings -> Update & security -> Windows Update, you should automatically receive the update that corresponds to your version of Windows 10. The Windows 10 Fall Creators Update should be available to all users by now though, so you might see that in your updates instead.

Now, it's time to patch the other versions of Windows 10, and oddly enough, there's another update for the Fall Creators Update. KB4073291, or build 16299.201, is only available for PCs with x86 processors, and you can manually download it here. The list of fixes and improvements is not very specific:

This update provides additional protections for 32-Bit (x86) version of Windows 10 1709 after you install January 3, 2018—KB4056892 (OS Build 16299.192).

There are also a few known issues to be aware of:

Symptom Workaround
Windows Update History reports that KB4054517 failed to install because of Error 0x80070643.
Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select Check for Updates to confirm that there are no additional updates available.

You can also type About your PC in the Search box on your taskbar to confirm that your device is using the expected OS build.

Microsoft is working on a resolution and will provide an update in an upcoming release.

When calling CoInitializeSecurity, the call will fail if passing RPC_C_IMP_LEVEL_NONE under certain conditions.
When calling CoInitializeSecurity, the call may fail when passing RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on failure is STATUS_BAD_IMPERSONATION_LEVEL.
Change the authentication level parameter to RPC_C_AUTHN_LEVEL_CALL.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Due to compatibility issues with some versions of antivirus software, this update causes stop errors or abrupt reboots. Contact your antivirus (AV) vendor and follow their guidance.

The other two updates that were released are for the two oldest versions of Windows 10. If you're on version 1511, you'll get KB4075200, or build 10586.1358, which can be manually downloaded here. It contains the following fixes:
  • Addresses issue where some customers with AMD devices get into an unbootable state.
  • Addresses issue where a part of the system does not log off correctly, which leads to repeated queries for user credentials.
There are two known issues, which are the same as in the update for version 1507.

Symptom Workaround
When calling CoInitializeSecurity, the call will fail if passing RPC_C_IMP_LEVEL_NONE under certain conditions.

When calling CoInitializeSecurity, the call may fail when passing RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error returned on failure is STATUS_BAD_IMPERSONATION_LEVEL.
Change the authentication level parameter to RPC_C_AUTHN_LEVEL_CALL.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Due to an issue with some versions of antivirus software, this fix only applies to the machines where the antivirus ISV has updated the ALLOW REGKEY.
Contact your antivirus AV to confirm that their software is compatible and have set the following REGKEY on the machine

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”

Finally, those on the original version of Windows 10, or version 1507, will see KB4075199, or build 10240.17741. You can manually download it here. This update only contains the fix for PCs with AMD processors that may be rendered unbootable by the previous update.

Of course, you can install these updates by going to Settings -> Update & security -> Windows Update, where it will automatically download and install the build that's appropriate for your device. Note that 16299.201 will not appear unless you're running the x86 flavor of Windows 10.
 

BoraMurdar

Super Moderator
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
No update available yet on my end. I guess Emsisoft didn't patch the registry yet.

Still i'm confused, i thought this registry fix was only for last update (KB4056892) ? Or this a new trend with Windows 10 updates ?

Anyway thanks for the info (y)
If you are under 64bit OS there is no update for it yet, counting that you installed the one released on 3. January
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top