Fresh cumulative patches available for Anniversary and Creators Update PCs

Microsoft's official Patch Tuesday for May was just last week, but the company is shipping out another pair of cumulative updates for older versions of Windows 10. This time, updates are available for PCs that are still running the Creators Update and the Anniversary Update (via Neowin).

If you're on the Creators Update (version 1703), update KB4103722 (build 15063.1112) is available with the following list of fixes:

  • Addresses additional issues with updated time zone information.
  • Addresses an issue that causes Internet Explorer dialogs on a second monitor to also appear on the primary monitor when using extended display.
  • Addresses a reliability issue in .NET applications when using a Japanese IME in a text box.
  • Addresses an issue with the connection status of some Bluetooth devices.
  • Addresses an issue that prevents Autodiscover in Microsoft Outlook 2013 from being used to set up email accounts when UE-V is enabled.
  • Addresses an issue that prevents adding performance counters to the Performance Monitor on systems with many processors.
  • Addresses an issue that generates an error when attempting to change the smart card service's startup type from Disabled to Manual or Automatic. The error is "Cannot create a file when that file already exists."
  • Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
  • Addresses an issue that causes client applications that use Windows Authentication Manager to stop working when making a request to the server.
  • Addresses an issue that causes BitLocker to go into recovery mode when updates are applied.
  • Enables the Visual Studio IntelliTrace step-back feature to take snapshots of an application whose debug platform target is set to x86.
  • Addresses an issue where the connection bar is missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.
  • Addresses an issue where Windows 10 clients that authenticate to 802.1x WLAN access points fail to apply Group Policy permissions, run scripts, or retrieve roaming profiles at user logon. This occurs because Kerberos authentication fails for \domain\sysvol, \domain\netlogon, and other DFS paths.
  • Addresses an issue that causes UWP applications to stop working when they use the XAML Map Control.

For PCs still on the Anniversary Update (version 1607), you'll see KB41003720 (build 14393.2273) with the following fixes and one known issue:

  • Addresses additional issues with updated time zone information.
  • Addresses an issue that causes Internet Explorer dialogs on a second monitor to also appear on the primary monitor when using extended display.
  • Addresses an issue that prevents adding performance counters to the Performance Monitor on systems with many processors.
  • Addresses an issue that causes sporadic authentication issues when using Windows Authentication Manager.
  • Addresses an issue that causes BitLocker to go into recovery mode when updates are applied.
  • Addresses an issue that can cause excessive memory usage when using smart cards on a Windows Terminal Server system.
  • Addresses an issue that makes it impossible to revert to a virtual machine checkpoint. Reapplying the checkpoint fails with an error.
  • Enables the Visual Studio IntelliTrace step-back feature to take snapshots of an application whose debug platform target is set to x86.
  • Ensures that CPU Groups function properly.
  • Addresses an issue where querying the Hyper-V Dynamic Memory Integration Service\Maximum Memory, Mbytes performance counter always returns 0 instead of returning the maximum configured RAM for a VM.
  • Addresses an issue that causes a VM to throw an error after creating the VM with static memory. This occurs when you enable HYPER-V and disable NUMA in the BIOS on a physical machine that has more than 64 logical processors. The error is "The data is invalid. (0x8007000D)", and the VM fails to start.
  • Addresses an issue with ADFS that causes an IdP-initiated login to a SAML relying party to fail when PreventTokenReplays is enabled.
  • Addresses an issue where PolicySOM (WMI policy provider) consumes all available dynamic ports on UDP, which causes affected machines to become unresponsive. The component that doesn't close the sockets properly is the LDAP client.
  • Addresses an issue where an NDES server connection to ADCS sometimes doesn't automatically reconnect after the ADCS server restarts. If this occurs, new devices won't be issued certificates without restarting the NDES server.
  • Addresses an ADFS issue that occurs when OAUTH authenticates from a device or browser application. A user password change generates a failure and requires the user to exit the app or browser to log in.
  • Addresses an issue where enabling Extranet Smart Lockout in UTC +1 and higher (Europe and Asia) did not work. Additionally, it causes normal Extranet Lockout to fail with the following error:
    • Get-AdfsAccountActivity: DateTime values that are greater than DateTime.MaxValue or smaller than DateTime.MinValue when converted to UTC cannot be serialized to JSON.
  • Addresses an issue where disks that have been blacklisted or marked as bad will be ignored and not be repaired when a user invokes S2D Repair. The Repair-S2D cmdlet will now work on a single node when the -RecoverUnboundDrives parameter isn't passed.
  • Addresses an issue that causes docker builds to fail with the error message "hcsshim::ImportLayer failed in Win32: The system cannot find the path specified."
  • Addresses an issue where Windows 10 clients that authenticate to 802.1x WLAN access points fail to apply Group Policy permissions, run scripts, or retrieve roaming profiles at user logon. This occurs because Kerberos authentication fails for \domain\sysvol, \domain\netlogon, and other DFS paths.
  • Addresses an issue with default applications that reset for browsers on server platforms.
  • Known Issues: Reliability issues have been observed during the creation of shielded VMs and the required artifacts for their deployment. There are also reliability issues for the Shielding File Wizard with or without the SCVMM interface. Microsoft is working on a resolution and will provide an update in an upcoming release.

Both updates should install automatically via Windows Update. If you'd rather install them manually, the Anniversary Update patch is available from Microsoft here, while the Creators Update patch is available here.

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl