KB4093120 and KB4093117 cumulative Windows 10 updates released

Microsoft released the cumulative updates KB4093120 for Windows 10 version 1703 and KB4093117 for Windows 10 version 1607 yesterday.

The two non-security updates fix various issues in Windows 10. Windows users and administrators can install them using Windows Update, by downloading the updates from Microsoft's Update Catalog website, and through other updating mechanisms that Microsoft operates.

KB4093120 for Windows 10 version 1607

KB4093120 increases the build number of Windows 10 version 1607 and Windows Server 2016 to 14393.2214.

Microsoft lists key changes on the official support page only which suggests that the update may include other changes as well.

You can download the cumulative update for Windows 10 version 1607 and Windows Server 2016 from the Microsoft Update Catalog website.

• Increased the minimum Group Policy password length to 20.
• Fixed an AppLocker publisher rules issue with MSI files.
• Fixed an issue with apps when using Japanese IME.
• Fixed password prompts being shown repeatedly when using Microsoft accounts or Azure Active Directory accounts.
• Fixed a key generation issue in Windows Hello caused by TPM firmware issues.
• Addressed name-constraint information displayed in hexadecimal format in certificate properties.
• Fixed a blocking instead of logging issue for failed NTLM authentications if audit mode is turned on.
• Fixed certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
• Fixed ReFS partition expanding issue if the volume was formatted using ReFS v1.
• Fixed a "stop working" issue when starting hosted VM.
• Addressed a kernel deadlock issue.
• Fixed a Windows Update issue that prevented VMs from being saved correctly.
• Fixed a "stop responding" issue in DTC during an XA recovery.
• Fixed the error "Error 0x207D An attempt was made to modify an object to include an attribute that is not legal for its class".
• Fixed the error "Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidRefreshTokenException: MSIS9312: Received invalid OAuth refresh token. The refresh token was received earlier than the permitted time in the token"
• Addressed the cause of the error "Cannot connect to any domain. Refresh or try again when connection is available"
• Fixed an issue that caused the failover of an NFS server cluster resource to take a long time.
• Fixed cause for the warning "The storage pool does not have the minimum recommended reserve capacity. This may limit your ability to restore data resiliency in the event of drive failure(s)."
• Addressed an issue that caused files to be skipped or the creation of duplicate files during full enumeration sync sessions.
• Fixed the Windows Multipoint Server 2016 error "The MultiPoint service is not responding on this machine. To fix the issue try restarting the machine."
• Fixed an issue that caused user profile disks from loading.
• Fixed high contrast themes being applied incorrectly during RDP sessions.
• Fixed a pairing issue for low-energy Bluetooth devices.
• Addressed a reliability issue in Microsoft Outlook.
• Fixed a reliability issue when using Microsoft Office applications hosted in ActiveX containers and pressing the Alt-key.

Known issues:

After installing the March 13, 2018 or later Cumulative Update for Windows 10 version 1607, only the latest Windows 10 feature update is returned as applicable. This prevents the deployment of previously released feature updates using ConfigMgr (current branch) and Windows 10 servicing plans.

Microsoft's workaround:

Decline all feature updates on the WSUS Server(s) except for the one that you want to deploy using ConfigMgr. Run another software update scan cycle from the ConfigMgr control panel (or wait until the client devices perform their next scan).

KB4093117 for Windows 10 version 1703

KB4093117 increases the build number of Windows 10 version 1703 to 15063.1058. The update shares some fixes with KB4093120.

The update is available via Windows Update but can also be downloaded from Microsoft's Update Catalog website.

• Microsoft Edge stopped working on systems with software restriction policy enabled.
• Fixed an AppLocker publisher rules issue with MSI files.
• Fixed password prompts being shown repeatedly when using Microsoft accounts or Azure Active Directory accounts.
• Fixed a key generation issue in Windows Hello caused by TPM firmware issues.
• Fixed an issue that prevented users from unlocking their sessions which happened when multiple users logged in to a system from different domains, used the UPN format for domain credentials, and used Fast User switching.
• Fixed a smart card related issue that caused a 30-second wait time if the user entered the PIN incorrectly or if biometric authentication failed.
• Fixed an issue in the Chrome Office extension that prompted for authentication multiple times.
• Increased the minimum Group Policy password length to 20.
• Addressed name-constraint information displayed in hexadecimal format in certificate properties.
• Fixed a blocking instead of logging issue for failed NTLM authentications if audit mode is turned on.
• Fixed certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
• The option to encrypt or decrypt files in Windows Explorer was missing.
• Addresses a Bitlocker and Device Encryption suspending issue during device unenrollment.
• Fixed an issue in Centennial apps that blocked the ability to set user-level quotas for NTFS.
• Fixed connection bar missing in VMConnect in full-screen mode on multiple monitors.
• Fixed GPO login script to map a network drive failed if the user disconnects from the network and restarts.
• Addressed an issue that caused files to be skipped or the creation of duplicate files during full enumeration sync sessions.
• Addressed Data Modified field is empty in the properties when Volume Shadow Copy is used on a volume that hosts a file share.
• Fixed Microsoft Edge stopped working issue for roaming profile users who access Windows 10 version 1607 and version 1703 machines.
• Fixed reliability issue in Internet Explorer when entering text in RichEditText controls.
• Addressed a "potential" leak when opening and closing web browser controls.
• Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.