Applies ToWindows 10, version 1809, all editions Windows Server version 1809 Windows Server 2019, all editions

Release Date:               1/21/2021

Version:                        OS Build17763.1728

12/8/20 Adobe Flash Player went out of support on December 31, 2020. For more information, see Adobe Flash end of support on December 31, 2020. Adobe started blocking Flash content from running in Flash Player on January 12, 2021. For more information, see Adobe Flash Player EOL General Information Page

11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. To view other notes and messages, see the Windows 10, version 1809 update history home page.

 Highlights

  • Updates an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working. 

  • Updates an issue that displays a blank lock screen after a device wakes up from Hibernate.

  • Updates an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.”

  • Corrects historical daylight savings time (DST) information for the Palestinian Authority.

  • Updates an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file.

Improvements and fixes

This non-security update includes quality improvements. Key changes include:

  • Enables administrators to disable standalone Internet Explorer using a Group Policy while continuing to use Microsoft Edge's IE Mode.

  • Addresses an issue that occurs when the Mandatory Profile check box is selected when you copy a user profile.

  • Addresses an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working.

  • Addresses an issue that displays a blank lock screen after a device wakes up from Hibernate.

  • Addresses an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.” This issue occurs after changing the desktop location in the Location tab of the Desktop Properties dialog box (File Explorer > This PC > Desktop).

  • Corrects historical daylight savings time (DST) information for the Palestinian Authority.

  • Addresses an issue with German translations of Central European Time.

  • Adds support for serial number control using the registry.

  • Displays a notification to a user when an administrator signs in to an mobile device management (MDM) service, such as Microsoft Intune, to find the location of a managed device.

  • Addresses an issue that causes an unexpected system restart because of exception code 0xc0000005 (Access Violation) in LSASS.exe; the faulting module is webio.dll.

  • Addresses a memory leak on Windows servers that are configured as Active Directory domain controllers. This issue occurs when the Key Distribution Center (KDC) attempts to fetch the Service for User (S4U) client name during certificate authentication.

  • Addresses an issue that might cause a black screen to appear or delay signing in to Hybrid Azure Active Directory joined machines. Additionally, there is no access to login.microsoftonline.com.

  • Addresses an issue that cause the LSASS.exe process to leak memory on a server that is under a heavy authentication load when Kerberos Armoring (Flexible Authentication Secure Tunneling (FAST)) is enabled.

  • Addresses an issue that causes a device to stop working when deploying Microsoft Endpoint Configuration Manager if AppLocker is enabled on the device.

  • Addresses an issue that causes the silent mode deployment of BitLocker to fail with the error 0x80310001. This issue occurs when deploying BitLocker encryption to Hybrid Azure Active Directory (Azure AD) joined devices.

  • Addresses an issue that causes LSASS.exe to stop working because of a race condition that results in a double free error in Schannel. The exception code is c0000374, and the Event Log displays Schannel event 36888, fatal error code 20, and error state 960. This issue occurs after installing Windows updates from September 2020 and later.

  • Addresses an issue that might cause systems that use BitLocker to stop working with the error 0x120 (BITLOCKER_FATAL_ERROR).

  • Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.

  • Addresses an issue with Task Manager that incorrectly indicates that twice the number of CPUs (socket count) are present in the system.

  • Addresses an issue with HTTP caching that interferes with kiosk mode that targets Azure AD groups.

  • Improves the ability of the WinHTTP Web Proxy Auto-Discovery Service to ignore invalid Web Proxy Auto-Discovery Protocol (WPAD) URLs that the Dynamic Host Configuration Protocol (DHCP) server returns.

  • Addresses an issue with insertion rule flooding in the software-defined networking (SDN) service.

  • Addresses an issue with using Windows Defender Application Control (WDAC) and running a file while Managed Installer (MI) or Intelligent Security Graph (ISG) is enabled. You can now use fsutil to look for the $KERNEL.SMARTLOCKER.ORIGINCLAIM extended-attribute (EA) on a file. If this EA is present, then MI or ISG can run the file. You can use fsutil in conjunction with Enabling ISG and MI diagnostic events.

  • Addresses an issue that occurs when a Volume Shadow Copy Service (VSS) snapshot triggers on virtual machines (VM) that contain Resilient File System (ReFS) volumes. The triggered VSS snapshot fails with a time-out and prevents access to the ReFS volume for 30 minutes.

  • Addresses an issue that allows an app that has been blocked from hydrating files to continue hydrating files in some cases.

  • Addresses an issue with web applications that use cross-origin resource sharing (CORS) pre-flighting against Active Directory Federation Services (AD FS) token endpoints. These web applications might suddenly stop working when they call AD FS from external networks.

  • Addresses an issue with Administrative Template settings you configure using a Group Policy Object (GPO). When you change the value of the policy settings to NOT CONFIGURED, the system continues to apply the previous settings instead of removing them. This issue occurs after installing the June 2020 or later updates and is most noticeable with roaming user profiles.

  • Addresses an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Windows Update Improvements

Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.

Known issues in this update

Symptom

Workaround

After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND."

This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest Servicing Stack Update (SSU) before installing the language pack or other optional components. If using the Volume Licensing Service Center (VLSC), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:

  1. Install the latest prerequisite SSU, currently KB5005112

  2. Install optional components or language packs

  3. Install latest cumulative update

Note Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.

Workaround:

  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.

  2. Click Check for Updates and install the April 2019 Cumulative Update or later. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see How to do an in-place upgrade on Windows, and Perform an in-place upgrade of Windows Server.

How to get this update

Before installing this update

Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

If you are using Windows Update, the latest SSU (KB4598480) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Install this update

Release Channel

Available

Next Step

Windows Update or Microsoft Update

Yes

Go to Settings Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

File information 

For a list of the files that are provided in this update, download the file information for cumulative update 4598296.

Note Some files erroneously have “Not applicable” in the “File version” column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.