New cumulative update rolling out to Fall Creators Update PCs

A fresh cumulative update is now available for PCs on the Fall Creators Update. Taking place two weeks since Microsoft's last Patch Tuesday, and just a week after a pair of new cumulative updates went out to Anniversary and Creators Update PCs, today's update is labeled as KB4093105 (opens in new tab) and pushed the build number up to 16299.402 (via Neowin).

The update packs a rather large list of bug fixes across the board. Here's a look at what's included:

  • Addresses an issue that causes modern applications to reappear after upgrading the OS version even though those applications have been deprovisioned using remove-AppXProvisionedPackages-Online.
  • Addresses an issue in which running an application as an administrator causes the application to stop working when pasting the user name or password into the user elevation prompt (LUA).
  • Addresses an issue that causes Skype and Xbox to stop working.
  • Addresses an issue that prevents Autodiscover in Microsoft Outlook 2013 from being used to set up email accounts when UE-V is enabled.
  • Addresses an issue where AppLocker publisher rules applied to MSI files don't match the files correctly.
  • Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured.
  • Addresses an issue that prevents users from unlocking their session and sometimes displays incorrect user-name@domain-name information on the logon screen when multiple users log on to a machine using fast user switching. This specifically happens when users are logging on from several different domains, are using the UPN format for their domain credentials (user-name@domain-name), and are switching between users using fast user switching.
  • Addresses an issue that causes the browser to prompt for credentials often instead of only once when using the Office Chrome extension.
  • Addresses an issue related to smart cards that allow PINs or biometric entry. If the user enters an incorrect PIN or biometric input (e.g., a fingerprint), an error appears, and the user must wait up to 30 seconds. With this change, the 30-second delay is no longer required.
  • Increases the minimum password length in Group Policy to 20 characters.
  • Addresses an issue that displays name-constraint information incorrectly when displaying certificate properties. Instead of presenting properly formatted data, the information is presented in hexadecimal format.
  • Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:
    • SamLogon: Transitive Network logon of [[ domain ]] \ [[ user ]] from [[ machine2 ]] (via [[ machine1 ]] ) Entered
    • NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM
    • SamLogon: Transitive Network logon of [[ domain ]] \ [[ user ]] from [[ machine2 ]] (via [[ machine1 ]] ) Returns 0xC0000413
  • Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.
  • Addresses an issue in which resetting the Windows Hello PIN at the logon prompt puts the system in a state that makes resetting the PIN again impossible.
  • Addresses an issue where the right-click context menu for encrypting and decrypting files using Windows Explorer is missing.
  • Addresses an issue that suspends BitLocker or Device Encryption during device unenrollment instead of keeping the drive protected.
  • Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy.
  • Addresses an issue that may cause a file system mini-filter to fail to unload because of a leak in Filter Manager, which requires a restart.
  • Addresses an issue that causes the connection bar to be missing in Virtual Machine Connection (VMConnect) when using full-screen mode on multiple monitors.
  • Addresses an issue that prevents certain devices from working on Windows 10, version 1709, machines when the "Disable new DMA devices when this computer is locked" Group Policy is active. The non-working devices are internal, PCI-based peripherals (wireless network drivers and input and audio peripherals). These peripherals can fail on systems whose firmware blocks the peripherals from performing Direct Memory Access (DMA) at boot.
  • Addresses an issue that might cause Windows Server 2016 Domain Controllers to log Microsoft Windows Security audit events ID 4625 and ID 4776. The username and domain name in the events may appear truncated, only showing the first character for logons coming from client applications using wldap32.dll.
  • Addresses an issue in which users may exist in a domain that is trusted using transitive trust, but are unable to locate a PDC or DC for the Extranet Lockout feature. The following exception occurs: "Microsoft.IdentityServer.Service.AccountPolicy.ADAccountLookupException: MSIS6080: A bind attempt to domain 'globalivewireless.local' failed with error code '1722'". Also, the following message appears on the IDP page: "Incorrect user ID or password. Type the correct user ID and password, and try again."
  • Addresses an issue that prevents you from modifying or restoring Active Directory objects that have invalid backlink attributes populated in their class. The error you receive is "Error 0x207D An attempt was made to modify an object to include an attribute that is not legal for its class."
  • Addresses an issue that prevents the AdminSDHolder task from running when a protected group contains a member attribute that points to a deleted object. Additionally, Event 1126 is logged as "Active Directory Domain Services was unable to establish a connection with the global catalog. Error value: 8430. The directory service encountered an internal failure. Internal ID: 320130e."
  • Addresses an issue that occurs when Volume Shadow Copy is enabled on a volume that hosts a file share. If the client accesses the UNC path to view the properties in the Previous Version tab, the Date Modified field is empty.
  • Addresses an issue that occurs when a user with a roaming user profile first logs on to a machine running Windows 10, version 1607, and then logs off. Later, if the user tries to log on to a machine running Windows 10, version 1703, and opens Microsoft Edge, Microsoft Edge will stop working.
  • Addresses an issue that makes a Japanese keyboard unusable in remote assistance sessions.
  • Addresses an issue that causes the cursor to unexpectedly move to center of the screen when changing the display mode.
  • Addresses a potential leak caused by opening and closing a new web browser control.
  • Addresses an issue that causes the ContentIndexter.AddAsync API to throw an unnecessary exception.
  • Addresses an issue with the first launch performance of UWP Desktop Bride apps.
  • Addresses an issue with the Search tab of Microsoft Outlook 2016 during the upgrade from Windows 10, version 1703, to Windows 10, version 1709.
  • Addresses an issue that causes updates for large game apps to fail.
  • Addresses an issue that removes user-pinned folders or tiles from the Start menu in some cases
  • Addresses an issue that causes invisible apps to appear in the Start menu.
  • Addresses an issue that might cause some users to experience unexpected panning or scrolling in certain apps while using the pen.

In addition to the above fixes, this update includes a single known issue in which Windows Update History may show that "KB4054517 failed to install because of error 0x80070643" even though it was successfully installed.

For PC users on the Fall Creators Update, you should be able to grab this update via Windows Update now. Alternatively, the update is also available to manually download and install on the Microsoft Update catalog (opens in new tab).

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

  • Well, that's a quite long changelog :)
  • I wish Sony had an OS computer system. Over the past few years Microsoft has been letting me down tremendously.
  • Are you nuts?
  • how so?
  • So now you want your data to go to Asia? Facebook, Google and Microsoft are not enough eh?
  • Sony also disappointed many people I suppose... VAIO brand is gone (I had one when I was a student, hated the build in bloats, bad UI, bad UX and bad CP), PSV is dead, other experimental stuffs... are catching no one's eye... ps4 is about the only product that sell. Walkman and Xperia... I imported a pink Xperia SL-xxx for my gf as a present. It's cute. Camera cannot focus. Physical button's hard to trigger. Slow. Audio playback lag (happens in many models, infamous between programmers). My girl had a hard time with it. Then I took it over and played with it for like a week. Yep, a 800usd paper weight. It's now my alarm clock. TV... Koreans are doing the better job. Xbox's supporting 4k gaming, HDR and Freesync? Guess who's spitting out a product next day? ps: Sony's not a SW company.
  • "Addresses an issue that prevents Windows Hello from generating good keys when it detects weak cryptographic keys because of TPM firmware issues. This issue only occurs if the policy to require the TPM is configured"
    Wasn't this in the previous one already? :)
    EDIT: I might have read it in the changelog of some Insider Builds, but then it is surprising, how few of those security fixes came through here.
  • I am a bit surprised though not to see Google disclosed Device Guard issue being fixed here.
  • Google who?
  • Wow What a long list of fixes
  • Telemetry ;-)
  • I am on 17604, should I be getting the update?
  • I got a problem with this update. After rebooting, it uninstalled itself. Then it tried to install again, and rebooted, uninstalled ...
  • No problems here on my Lenovo Y700. Hope you get it sorted.
  • Same problem here too, but only on my main desktop. Downloading the update directly from the Update Catalog did not help either.
  • Same here. Uninstalled itself a few times now. Annoying. Direct download did not work either. Windows update troubleshooter also not working. Anyone found a fix for this?
  • I have not been able to update since February, I hope I will be able to get the next feature update.
  • Same here. As of Thursday morning, I still can't install this on my SB 2.
  • has anyone experienced laggy fullscreen video in x86 applications on the april update insider fast ring?
  • That's why I stopped using my budget windows tablet, but with this update I should be able to use it again 😁