By David Cano and Azure Security News
A week after Patch Tuesday this month, Microsoft has released a new cumulative version for the penultimate version of its operating system, specifically 17134.677 . In Windows Update we will find it as KB4489894 . Microsoft continues to support the April 2018 Update and release monthly updates to fix bugs and improve security.
Cumulative 17 134.677 fixes and improvements
- Fixed an issue with a Microsoft Access 97 database that stops a requested operation when a table or column has custom properties.
- Fixed an issue that prevents Microsoft Office updates from being downloaded from the Microsoft Store.
- Updated the time zone information for Buenos Aires, Argentina.
- Fixed an issue with Microsoft Office Visual Basic for Applications that cannot use the Japanese Era registry settings for dates in Japanese format.
- Updated time zone information for Kazakhstan.
- Updated the time zone information for São Tomé and Príncipe.
- Fixed an issue that prevented users from enabling gan-nen support for the Japanese Era.
- Fixed an issue that caused a device to periodically stop responding when using an East Asian locale.
- Fixed a reliability issue that could cause the laptop screen to remain black after coming out of sleep if we closed the lid when disconnecting from a docking station.
- Fixed an issue with Group Policy, “Disable app notifications on lock screen”.
- Fixed an issue that could prevent users from logging in and cause account locks when using the App-V client to launch applications. The problem occurred because Kerberos authentication failed when trying to get user information from the domain name server (DNS). Modify the following registry key:
- Configuration: UseDcForGetUserInfo
- Path: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ AppV \ Shared \
- Type: REG_DWORD
- Value: Setting the following DWORD to a non-zero value will enable the solution.
- Fixed an issue with the Windows lock screen that prevented users from unlocking a device after multiple smart card users have used the same device. This problem occurred when trying to use a workstation that had been locked out by another user.
- Fixed an issue that prevented the authentication credentials dialog from appearing when a corporate web server tried to connect to the Internet.
- Fixed an issue that caused a client or server to restart when using a smart card to log in with username hints on an Azure Active Directory (AAD) joined machine using Remote Desktop Services.
- Fixed an issue where multiple device entries exist for a single hybrid domain joined device.
- Fixed an issue that removed the ALLOWCLSIDS policy from the Policy XML file when running Add-SignerRule for Windows Defender Application Control.
- Fixed an issue that prevented a virtual smart card from starting when running alongside Citrix 7.15.2000 workstation VDA software.
- Fixed an issue that prevented a user from authenticating and caused Windows Account Manager (WAM) to crash when using a Trusted Platform Module (TPM).
- Fixed an issue that caused certificate renewal to fail when using CERT_RENEWAL_PROP_ID with the ICertPropertyRenewal interface.
- Added a new Group Policy setting called “Enable Windows to software disconnect a computer from a network.” This determines how Windows will disconnect a computer from a network when it determines that the computer should no longer be connected to the network.
- If enabled, Windows will software disconnect (disconnect is not immediate or abrupt) a computer from a network.
- If disabled, Windows disconnects a computer from a network immediately.
- If not configured, the default behavior is soft disconnect. For more information about automatic disconnection, see Description and Settings of Windows Connection Manager .
Path: Computer Configuration \ Policies \ Administrative Templates \ Network \ Windows Connection Manager
- Fixed an issue that could cause a “Stop 0x133” error in NTFS.sys.
- Fixed an issue that caused Windows to reuse an expired Dynamic Host Configuration Protocol (DHCP) lease if the lease expired while the operating system was shut down.
- Fixed an issue that could cause the Virtual Machine Management Service (VMMS) to stop working. This issue occurred when running a live migration using a Measure-VM cmdlet or any Windows Management Instrumentation (WMI) metric query.
- Fixed an issue where DeleteObject () from the Graphics Device Interface (GDI) could cause the calling process to stop working when both of the following conditions are true:
- The calling process is a WOW64 process that handles memory addresses larger than 2GB.
- DeleteObject () is called with a device context that is compatible with a printer device context.
- Provided seamless integration with Microsoft Cloud App Security (MCAS) to discover cloud application usage inside and outside the corporate network for Windows Defender Advanced Threat Protection (ATP) customers.
- Improved automated investigation and remediation, including forensic memory, for Windows Defender ATP clients.
- Fixed an issue that prevented the “Disable app notifications on lock screen” policy from working. The path is “Computer Configuration \ Administrative Templates \ System \ Logo”.
- Fixed minor issues with Unknown Options (Unknown OPTs) in the Extension Mechanisms for DNS (EDNS) for the Windows DNS server role.
Cumulative 17134.677 Known Errors
- After installing this update, MSXML6 may cause applications to stop responding if an exception is thrown during node operations such as appendChild (), insertBefore (), and moveNode (). The Group Policy editor may also be affected by Edit a Group Policy Object (GPO) that contains a Group Policy preference for Internet settings.
- After installing this security update, custom URI schemes for Application Protocol drivers may not launch the corresponding application for local intranet and trusted sites in Internet Explorer.
- After applying this update, a stop error occurs when trying to start the Secure Shell (SSH) client program from the Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh – A) or a configuration.
- After installing this update, there may be problems using the Preboot Execution Environment (PXE) to boot a device from a Windows Deployment Services (WDS) server configured to use the Variable Window Extension. This can cause the connection to the WDS server to terminate prematurely while the image is downloading. This issue does not affect clients or devices that do not use the Variable Window Extension.
- If you enable End User Defined Characters (EUDC) by font, the system will stop working and a blue screen will appear at startup. This is not a common scenario in non-Asian regions.
To update, you need to go to Settings> Update & Security> Windows Update> Check for updates. In either case, Windows Update will automatically check for updates from time to time.