For those of you that don’t know, Patch Tuesday updates are an important part of the Windows update experience, since they bring tones of fixes and enhancements to the OS, along with security improvements. Well, this month’s updates are no different, and not only will we be including detailed changelogs for each cumulative update, but we will also be providing you with direct download links to the Windows Update Catalog. This is so that you can get the updates as soon as they become available, even if they aren’t yet available in your region.
Changes included in the April Patch Tuesday Updates
Table of content
Windows 10, version 20H2
As of the writing of this article, Windows 10 v20H2 is the latest major version of Windows 10, and as such has the most experimental features on it. Fortunately, most bugs that were first present when it was first made available have been weeded out, and this version of Windows 10 is far more stable. That being said, you should upgrade to this version as soon as possible if your hardware allows it (the system requirements are the same as with Windows 10 v2004). If you haven’t updated to Windows 10 v20H2, know that it is easiest to update if you already have Windows 10 v2004. Check out this in-depth guide on how to get Windows 10 v20H2 as fast as possible. Cumulative update name:
KB5001330
Improvements and fixes:
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag. Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions). Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP – Authentication. Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, and Windows Media.
Known Issues:
System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.
When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.
Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.
[DIRECT DOWNLOAD LINK]
Windows 10, version 2004
Windows 10 v2004 shares the same core system as Windows 10 v20H2, so all updates, fixes, and improvements applied to one are the same as the other. Cumulative update name:
Same as Windows 10 V20H2
Improvements and fixes:
Same as Windows 10 V20H2
Known Issues:
Same as Windows 10 V20H2
[DIRECT DOWNLOAD LINK]
Windows 10, version 1909
Windows 10 v1909 shares a core structure, core operating system, and an identical set of system files with Windows 10 v1903. Because of this, all cumulative updates that apply to one version are available to the other as well. Cumulative update name:
KB5001337
Improvements and fixes:
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag. Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions). Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP – Authentication. Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.
Known Issues:
System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.
[DIRECT DOWNLOAD LINK]
Windows 10, version 1809
According to Microsoft, users that still have the Home, Pro, Pro for Workstation, and IoT Core editions of Windows 10 V1809 should know that it reached End of Service back in November 2020. That is why it is advised that you update your OS to a newer, supported version. Cumulative update name:
KB5001342
Improvements and fixes:
Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag. Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions). Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP – Authentication. Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.
Known Issues:
After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”
[DIRECT DOWNLOAD LINK]
Windows 10, version 1803
Microsoft first announced that Windows 10 v1803 will reach the end of mainstream support, and starting with July there wouldn’t be any more optional, non-security releases for this version of Windows 10. Because of the current global pandemic, as well as user feedback, Microsoft decided to extend the support for Windows 10 v1803 up until 2021. SPONSORED Cumulative update name:
KB5001339
Improvements and fixes: This security update includes quality improvements. Key changes include:
Updates the default values for the following Internet Explorer registry keys: svcKBFWLink = “” (empty string) svcKBNumber = “” (empty string) svcUpdateVersion = 11.0.1000.
In addition, these values will no longer be updated automatically.
Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.
Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan. Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions). Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format. Security updates to the Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, Windows Kernel, and Windows Media.
Known Issues:
Microsoft is not currently aware of any issues with this update.
[DIRECT DOWNLOAD LINK]
Windows 10, version 1607
Note: Windows 10, version 1607 has reached the end of service for all of its available editions. Update to the latest version of Windows 10 in order to keep your system protected. Cumulative update name:
KB5001347
Improvements and fixes: This security update includes quality improvements. Key changes include:
Updates the default values for the following Internet Explorer registry keys: svcKBFWLink = “ ” (string with one empty space) svcKBNumber = “ ” (string with one empty space) svcUpdateVersion = 11.0.1000.
In addition, these values will no longer be updated automatically.
Address an issue that causes a system to stop working occasionally when users sign out or disconnect from remote sessions. Addresses an issue with a heap leak that might cause explorer.exe to consume high amounts of memory. Updates the Volgograd, Russia time zone from UTC+4 to UTC+3. Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan. Addresses a race condition that causes PowerShell to stop working periodically and generates an Access Violation error. This issue occurs when you enable transcription on the system and run multiple PowerShell scripts simultaneously. Addresses an issue that causes the sleep time defined in HKLM\Software\Microsoft\AppV\MAV\Configuration\MaxAttachWaitTimeInMilliseconds to be shorter than intended. Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag. Addresses an issue with high memory usage when performing XSLT transforms using MSXLM6. Addresses an issue in spaceport.sys that might cause stop error 0x7E. Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions). Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format. Security updates to Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, and Windows Media.
Known Issues:
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.
[DIRECT DOWNLOAD LINK]
Windows 10, version 1507
Note: Windows 10, version 1507 is the oldest version of Windows 10 still active, and it has reached the end of service for some time now. If your hardware allows it, update to a much newer version of Windows 10. Cumulative update name:
KB5001340
Improvements and fixes: This security update includes quality improvements. Key changes include:
Updates the default values for the following Internet Explorer registry keys: svcKBFWLink = “ ” (string with one empty space) svcKBNumber = “ ” (string with one empty space) svcUpdateVersion = 11.0.1000.
In addition, these values will no longer be updated automatically.
Updates the Volgograd, Russia time zone from UTC+4 to UTC+3. Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan. Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions). Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format. Security updates to Windows Apps, Windows Input and Composition, Windows Office Media, the Windows AI Platform, Windows Fundamentals, Windows Hybrid Cloud Networking, Windows Kernel, and Windows Media.
Known Issues:
Microsoft is not currently aware of any issues with this update.
[DIRECT DOWNLOAD LINK]
This completes our articles covering the latest changes to come this Patch Tuesday. Depeinding on what version of Windows 10 you’re running, applying the latest cumulative updates may seem more or less appealing. However, if you value your PC’s security and don’t want to fall victim to things like Exploit Wednesday or Uninstall Thursday, you should get the latest updates as soon as possible. Speaking of getting the updates, manually installing the cumulative updates via the Windows Update Catalog isn’t the only means of updating your PC. Remember that you can update your Windows 10 Pc by using the following methods:
The Windows Update menu on your OS The WSUS (Windows Server Update Service) Group Policies set up by your admins if you’re part of a larger network.
Alternatively, there’s also the option of postponing the updates until you see more promising changelogs. During this time, you can opt to protect your system using third-party antivirus tools. What do you think about this month’s Patch Tuesday updates? Share your thoughts with us in the comments section below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ