September 16, 2020—KB4577069 (OS Build 17763.1490) Preview
Applies To
Release Date:
9/16/2020
Version:
OS Build 17763.1490
IMPORTANT Starting in July 2020, we will resume non-security releases for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates (also referred to as the "B" release or Update Tuesday release). For more information, see the blog post Resuming optional Windows 10 and Windows Server non-security monthly updates.
IMPORTANT Starting in July 2020, all Windows Updates will disable the RemoteFX vGPU feature because of a security vulnerability. For more information about the vulnerability, seeCVE-2020-1036 and KB4570006. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:
If you re-enable RemoteFX vGPU, a message similar to the following will appear:
- 
              “The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.” 
- 
              “The virtual machine cannot be started because the server has insufficient GPU resources.” 
- 
              "We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)” 
IMPORTANT We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the Home, Pro, Pro Education, Pro for Workstations, and IoT Core editions of Windows 10, version 1809 to November 10, 2020. This means devices will receive monthly security updates only from May to November. The final security update for these editions of Windows 10, version 1809 will be released on November 10, 2020 instead of May 12, 2020.
For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.
Highlights
- 
              Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051. 
- 
              Updates an issue to reduce the likelihood of missing fonts. 
- 
              Updates an issue that causes applications to close unexpectedly when a user inputs East Asian characters after changing the keyboard layout. 
- 
              Updates an issue that causes Microsoft Office applications to close unexpectedly when using a Korean Input Method Editor (IME). 
- 
              Updates an issue on some dual graphics processing unit (GPU) devices that prevent connections to a Miracast receiver. 
Improvements and fixes
This non-security update includes quality improvements. Key changes include:
- 
              Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051. 
- 
              Addresses an issue with using Group Policy Preferences to configure the homepage in Internet Explorer. 
- 
              Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge. 
- 
              Addresses an issue that might generate the error ”0x80704006. Hmmmm…can’t reach this page” when using Microsoft Edge Legacy. This issue occurs when you attempt to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue. 
- 
              Addresses an issue that displays nothing on the screen for 5 minutes or more during the Remote Desktop Protocol (RDP) session. 
- 
              Addresses an issue that, in certain scenarios, causes applications to stop working if they are created using Visual Basic for Applications (VBA). The error is, “Class not registered” error. 
- 
              Addresses an issue that might display an empty black screen when a device is connecting to a Windows Virtual Desktop (WVD) machine. 
- 
              Addresses an issue that causes Cortana to stop working on multiuser devices when you install, uninstall, and reinstall the same update. 
- 
              Addresses an issue that causes a stop error when the initialization of the graphics adapter fails. 
- 
              Addresses an issue to reduce the likelihood of missing fonts. 
- 
              Addresses an issue that displays a black screen momentarily when an application calls the Desktop Window Manager (DWM) Thumbnail API. 
- 
              Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid. 
- 
              Addresses an issue that causes File Explorer to close unexpectedly when you use a Ribbon shell extension under specific circumstances. 
- 
              Addresses an issue that generates a "No features to install" message when you add a feature, even if you provide administrative credentials. 
- 
              Provides the ability to set a Group Policy that displays only the domain and username when you sign in. 
- 
              Addresses an issue that affects default application associations during certain upgrade scenarios. This might cause numerous toast notifications to appear when you first sign in after the upgrade. 
- 
              Addresses an issue that causes applications to close unexpectedly when a user inputs East Asian characters after changing the keyboard layout. 
- 
              Updates 2021 time zone information for Fiji. 
- 
              Addresses an issue that affects the Microsoft’s System Centre Operations Manager’s (SCOM) ability to monitor a customer's workload. 
- 
              Addresses a performance issue that occurs when PowerShell reads the registry to check if the ScriptBlockLogging registry key is in the registry. 
- 
              Addresses an issue with creating HTML reports using tracerpt. 
- 
              Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances. 
- 
              Addresses an issue that prevents the content under HKLM\Software\Cryptography from being carried over during Windows feature updates. 
- 
              Addresses an issue that prevents you from enabling BitLocker after installing the Server Core App Compatibility Feature on Demand (FOD). 
- 
              Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag. 
- 
              Addresses an issue that prevents a call to NCryptGetProperty() from returning the correct pbOutput value when pszProperty is set to "Algorithm Group" and you are using a Trusted Platform Module (TPM) 1.2 device. 
- 
              Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only. 
- 
              Addresses an issue in which the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically. 
- 
              Addresses an issue that might redirect Software Load Balancing (SLB) traffic to a different host when that traffic goes through a multiplexer. This causes the connection to an application to fail. 
- 
              Adds new functionality to the robocopy command. 
- 
              Adds Secure Sockets Layer (SSL) certificate authentication over HTTP/2. 
- 
              Addresses an issue that prevents Always On VPN (AOVPN) from automatically reconnecting when resuming from Sleep or Hibernate. 
- 
              Addresses an issue that causes Microsoft Office applications to close unexpectedly when using a Korean Input Method Editor (IME). 
- 
              Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID. 
- 
              Addresses an issue that fails to log events 5136 for group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control. 
- 
              Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks. 
- 
              Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents(). 
- 
              Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway. 
- 
              Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. 
- 
              Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the RDP client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard". 
- 
              Addresses an issue on some dual graphics processing unit (GPU) devices that prevent connections to a Miracast receiver. 
- 
              Changes BitLocker behavior by preventing you from using BitLocker on file systems that are on an active master boot record (MBR) drive. When you attempt to use BitLocker on active MBR drives, you might see the following: - 
                  “ERROR: The volume X: could not be opened by BitLocker. This may be because the volume does not exist, or because it is not a valid BitLocker volume.” 
- 
                  “The drive cannot be encrypted because it contains system boot information……” 
 
- 
                  
Additionally, the BitLocker encryption command will be missing from the context menu in File Explorer.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
Windows Update Improvements
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.
Known issues in this update
| Symptom | Workaround | 
| After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." | This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest Servicing Stack Update (SSU) before installing the language pack or other optional components. If using the Volume Licensing Service Center (VLSC), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows: 
 Note Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it. Workaround: 
 Note If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see How to do an in-place upgrade on Windows, and Perform an in-place upgrade of Windows Server. | 
How to get this update
Before installing this update
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
If you are using Windows Update, the latest SSU (KB4570332) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.
Install this update
| Release Channel | Available | Next Step | 
| Windows Update or Microsoft Update | Yes | Go to Settings > Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update. | 
| Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. | 
| Windows Server Update Services (WSUS) | No | You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions. | 
File information
For a list of the files that are provided in this update, download the file information for cumulative update 4577069.
Note Some files erroneously have “Not applicable” in the “File version” column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.
 
                         
				 
				