Windows 10 Updates KB4093117 und KB4093120 (17.04.2018)

[English]Zum 17. April 2018 hat Microsoft kumulative Updates für Windows 10 (KB4093117, KB4093120) freigegeben. Hier einige Informationen zu diesen Updates.

Update KB4093117 für Windows 10 Version 1703

Das kumulative Update KB4093117 für Windows 10 Version 1703 hebt die OS-Build auf 15063.1058 und adressiert folgende Probleme:

• Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy.

• Addresses an issue where AppLocker publisher rules  applied to MSI files don't match the files correctly.

• Addresses an issue that causes Microsoft and Azure Active Directory accounts to receive the password prompt repeatedly instead of only once.

• Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.

• Addresses an issue that prevents users from unlocking their session and that sometimes displays incorrect user-name@domain-name information on the logon screen when multiple users log on to a machine using fast user switching. Specifically, this happens when users are logging on from several different domains, are using the UPN format for their domain credentials (user-name@domain-name), and are switching between users with fast user switching.

• Addresses an issue related to smart cards that allow PINs or biometric entry. If the user enters an incorrect PIN or biometric input (e.g., a fingerprint), an error appears, and the user must wait up to 30 seconds. With this change, the 30-second delay is no longer required.

• Addresses an issue that causes the browser to prompt for credentials often instead of only once when using the Office Chrome extension.

• Increases the minimum password length in Group Policy to 20 characters.

• Addresses an issue that incorrectly displays name-constraint information when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.

• Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered

NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413

• Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.

• Addresses an issue where the right-click context menu for encrypting and decrypting files using Windows Explorer is missing.

• Addresses an issue that suspends BitLocker or Device Encryption during device unenrollment instead of keeping the drive protected.

• Addresses an issue that might cause Centennial apps to block the ability to set user-level quotas for NTFS.

• Addresses an issue that causes the connection bar to be missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.

• Addresses an issue where using a GPO logon script to map a network drive fails if the user disconnects from the network and restarts. When the user logs in again, the mapped drive isn't available. This issue occurs even though the logon script has the persistence flag set to TRUE.

• Addresses an issue that may cause some files to be skipped and may create duplicate files in the Work Folder locations during full enumeration sync sessions.

• Addresses an issue that occurs when Volume Shadow Copy is enabled on a volume that hosts a file share. If the client accesses the UNC path to view the properties in the Previous Version tab, the Date Modified field is empty.

• Addresses an issue that occurs when a user with a roaming user profile first logs on to a machine running Windows 10, version 1607, and then logs off. Later, if the user tries to log on to a machine running Windows 10, version 1703, and opens Microsoft Edge, Microsoft Edge will stop working.
• Addresses a reliability issue with Internet Explorer when entering text in a RichEditText control.
• Addresses a potential leak caused by opening and closing a new web browser control.
• Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.

Das Update lässt sich über Microsoft Update installieren, kann aber auch über den Microsoft Update Catalog heruntergeladen werden. Probleme mit dem Update sind keine bekannt.

Microsoft hat zudem den Windows Update Client aktualisiert, um dessen Zuverlässigkeit zu erhöhen. Jedem Gerät mit Windows 10, das so konfiguriert ist, dass es automatisch Updates von Windows Update erhält, einschließlich der Enterprise und Pro Edition (nicht aber die LTSC-Versionen), wird das neueste Windows 10 Feature Update, basierend auf der Gerätekompatibilität und den Einstellungen für verzögerte Updates, angeboten.

Update KB4093120 für Windows 10 Version 1607

Das kumulative Update KB4093120 für Windows 10 Version 1607 und Windows Server 2016 hebt die OS-Build auf 14393.2214 und adressiert folgende Probleme:

• Addresses an issue in apps that occurs when using the Japanese IME.

• Addresses an issue where AppLocker publisher rules  applied to MSI files don't match the files correctly.

• Increases the minimum password length in Group Policy to 20 characters.

• Addresses an issue that causes Microsoft and Azure Active Directory accounts to receive the password prompt repeatedly instead of only once.

• Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.

• Addresses an issue that displays name-constraint information incorrectly when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.

• Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered

NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM

• Addresses an issue that generates certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.

• Addresses an issue that prevents ReFS partitions from being expanded if the volume was originally formatted using ReFS v1.

• Addresses an issue that causes the host Hyper-V node to stop working when starting the hosted VM.

• Addresses a Kernel deadlock that affects server availability.

• Addresses an issue with Windows Update that prevents VMs from being saved after restarting or shutting down a computer after applying an update. vmms.exe doesn't wait for vmwp.exe to finish copying VM memory data.

• Addresses an issue in which DTC stops responding in msdtcprx!CIConnSink::SendReceive during an XA recovery. During this failure, IXaMapper objects with identical RMIDs become corrupted.

• Addresses an issue that prevents you from modifying or restoring Active Directory objects that have invalid backlink attributes populated in their class. The error you receive is, "Error 0x207D An attempt was made to modify an object to include an attribute that is not legal for its class."

• Addresses an unhandled refresh token validation issue. It generates the following error: "Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidRefreshTokenException: MSIS9312: Received invalid OAuth refresh token. The refresh token was received earlier than the permitted time in the token."

• Addresses an issue that prevents ADDS DSAC from running on a client that has PowerShell Transcripting enabled. The following error appears: "Cannot connect to any domain. Refresh or try again when connection is available."

• Addresses an issue that causes the failover of an NFS server cluster resource to take a long time if the communication from the NFS server to the NFS client is blocked. If the failover takes more than 20 minutes, stop error 0x9E (USER_MODE_HEALTH_MONITOR) occurs.

• Addresses an issue that may generate a capacity reserve fault warning during cluster validation or while running the Debug-StorageSubSystem cmdlet even though enough capacity is actually reserved. The warning is "The storage pool does not have the minimum recommended reserve capacity. This may limit your ability to restore data resiliency in the event of drive failure(s)."

• Addresses an issue that may cause some files to be skipped and may create duplicate files in the Work Folder locations during full enumeration sync sessions.

• Addresses an issue in Windows Multipoint Server 2016 that may generate the error "The MultiPoint service is not responding on this machine. To fix the issue try restarting the machine."

• Addresses an issue that prevents a UDP profile from loading. This loading failure generates the error "We can't sign into your account", and users receive a temporary profile.

• Addresses an issue that causes the high contrast theme setting to be applied incorrectly when a user logs in using RDP.
• Addresses an issue that causes a pairing problem for low-energy Bluetooth devices.
• Addresses a reliability issue with Microsoft Outlook.
• Addresses a reliability issue that occurs while pressing the Alt key when using a Microsoft Office application hosted in an ActiveX container.

Das Update lässt sich über Microsoft Update installieren, kann aber auch über den Microsoft Update Catalog heruntergeladen werden.

Microsoft hat zudem den Windows Update Client aktualisiert, um dessen Zuverlässigkeit zu erhöhen. Jedem Gerät mit Windows 10, das so konfiguriert ist, dass es automatisch Updates von Windows Update erhält, einschließlich der Enterprise und Pro Edition (nicht aber die LTSC-Versionen), wird das neueste Windows 10 Feature Update, basierend auf der Gerätekompatibilität und den Einstellungen für verzögerte Updates, angeboten.

Bekannte Probleme mit dem Update

Nach der Installation des kumulativen Updates für Windows 10 Version 1607 vom 13. März 2018 oder später wird unter WSUS nur das neueste Feature-Update für Windows 10 als anwendbar zurückgegeben. Dies verhindert, dass zuvor veröffentlichte Feature-Updates über den ConfigMgr (aktueller Zweig) und Windows 10-Servicepläne bereitgestellt werden können.

Microsoft arbeitet an diesem Problem und empfiehlt als Workaround, alle Feature-Updates unter WSUS abzulehnen. Nur das Update, welches mit dem ConfigMgr bereitgestellt werden soll, muss dann genehmigt werden. Danach ist ein weiterer Software-Update-Scan-Zyklus über das ConfigMgr-Control Panel zu starten (oder man wartet, bis die Client-Geräte ihren nächsten Scan durchführen).

Ähnliche Artikel:
Microsoft Office Patchday (3. April 2018)
Adobe Flash Player Update auf Version 29.0.0.140
Microsoft Patchday Summary 10. April 2018
Patchday: Windows 10-Updates 10. April 2018
Patchday: Updates für Windows 7/8.1/Server April 2018
Patchday Microsoft Office Updates (10. April 2018)
Patchday: Weitere Microsoft Updates zum 10. April 2018

Windows 7/8.1 Updates KB2952664/KB2976978 (10.04.2018)
Windows 7/8.1 Preview Rollup Updates (17.04.2018)
Windows Updates KB4093117 und KB4093120 (17.04.2018)