Microsoft releases Windows 10 builds 18363.1350, 17763.1728 - here's what's new

After taking December off from releasing optional Windows 10 cumulative updates, Microsoft is back. Today, the team is releasing its preview updates for Windows 10 versions 1909 and 1809. There was also one released for version 20H2, but that"s just for Windows Insiders right now.

If you"re on Windows 10 version 1909, you"re going to get KB4598298, bringing the build number to 18363.1350. Normally, this update would be for version 1903 as well, but that version is unsupported. You can manually download it here, and these are the highlights:

  • Updates an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working.
  • Updates an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.”
  • Updates an issue that displays a blank lock screen after a device wakes up from Hibernate.
  • Corrects historical daylight savings time (DST) information for the Palestinian Authority.
  • Adds a notification that tells you when your device is close to end of service (EOS). At EOS, your device will stop receiving important quality and security updates.
  • Updates an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file.

Here"s the full list of fixes:

  • Enables administrators to disable standalone Internet Explorer using a Group Policy while continuing to use Microsoft Edge"s IE Mode.
  • Enables you to configure certain policies that support Microsoft Edge IE Mode using mobile device management (MDM).
  • Addresses an issue that displays a User Account Control (UAC) dialog box unexpectedly when you turn on speech recognition.
  • Addresses an issue that fails to notify the target application when you select the Copy link command on the Share menu.
  • Changes the way DirectX 12 runtime components load by splitting the d3d12.dll binary into two pieces: d3d12.dll and d3d12core.dll. This change improves versioning and updating for these components.
  • Addresses an issue that prevents JumpList items from functioning. This occurs when you create them using the Windows Runtime (WinRT) Windows.UI.StartScreen API for desktop applications that are packaged in the MSIX format.
  • Addresses an issue that occurs when the Mandatory Profile check box is selected when you copy a user profile.
  • Addresses an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working.
  • Addresses an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.” This issue occurs after changing the desktop location in the Location tab of the Desktop Properties dialog box (File Explorer > This PC > Desktop).
  • Addresses an issue that displays a blank lock screen after a device wakes up from Hibernate.
  • Corrects historical daylight savings time (DST) information for the Palestinian Authority.
  • Addresses an issue with German translations of Central European Time.
  • Adds support for serial number control using the registry.
  • Addresses an issue that causes the upload of diagnostic logs to a management service, such as Microsoft Intune, to fail. The failure occurs because of a network time-out on a slow network.
  • Displays a notification to a user when an administrator signs in to an MDM service, such as Microsoft Intune, to find the location of a managed device.
  • Addresses an issue that causes the silent mode deployment of BitLocker to fail with the error 0x80310001. This issue occurs when deploying BitLocker encryption to Hybrid Azure Active Directory (Azure AD) joined devices.
  • Addresses an issue that causes an unexpected system restart because of exception code 0xc0000005 (Access Violation) in LSASS.exe; the faulting module is webio.dll.
  • Addresses an issue that might cause systems that use BitLocker to stop working with the error 0x120 (BITLOCKER_FATAL_ERROR).
  • Addresses an issue that causes a device to stop working when deploying Microsoft Endpoint Configuration Manager if AppLocker is enabled on the device.
  • Addresses an issue that might cause a black screen to appear or delay signing in to Hybrid Azure Active Directory joined machines. Additionally, there is no access to login.microsoftonline.com.
  • Addresses an issue that cause the LSASS.exe process to leak memory on a server that is under a heavy authentication load when Kerberos Armoring (Flexible Authentication Secure Tunneling (FAST)) is enabled.
  • Addresses a memory leak on Windows servers that are configured as Active Directory domain controllers. This issue occurs when the Key Distribution Center (KDC) attempts to fetch the Service for User (S4U) client name during certificate authentication.
  • Addresses an issue that causes LSASS.exe to stop working because of a race condition that results in a double free error in Schannel. The exception code is c0000374, and the Event Log displays Schannel event 36888, fatal error code 20, and error state 960. This issue occurs after installing Windows updates from September 2020 and later.
  • Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
  • Addresses an issue with HTTP caching that interferes with kiosk mode that targets Azure AD groups.
  • Addresses an issue with using Windows Defender Application Control (WDAC) and running a file while Managed Installer (MI) or Intelligent Security Graph (ISG) is enabled. You can now use fsutil to look for the $KERNEL.SMARTLOCKER.ORIGINCLAIM extended-attribute (EA) on a file. If this EA is present, then MI or ISG can run the file. You can use fsutil in conjunction with Enabling ISG and MI diagnostic events.
  • Addresses an issue that allows an app that has been blocked from hydrating files to continue hydrating files in some cases.
  • Addresses an issue that prevents access to a Volume Shadow Copy Service (VSS) snapshot of Resilient File System (ReFS) volumes for 30 minutes. This occurs when the ReFS volumes contain 100,000 or more concurrently open files. As a result, a time-out occurs, which causes backups of the first and third applications to fail.
  • Adds a notification that tells you when your device is close to end of service (EOS). At EOS, your device will stop receiving important quality and security updates.
  • Addresses an issue with Administrative Template settings you configure using a Group Policy Object (GPO). When you change the value of the policy settings to NOT CONFIGURED, the system fails to remove the previous settings. This issue is most noticeable with roaming user profiles.
  • Addresses an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file.
  • Updates the process for enrolling in online speech recognition. If you are already enrolled, you will see a message that asks you to review the new settings. If you choose not to contribute your speech data for human review, you can still use online speech recognition. The new settings contain one button to turn on online speech recognition and another button that turns on the collection of your voice clips. If you turn on the collection of your voice clips, you can turn it off at any time using the same button in the new settings page.

There"s also one known issue to be aware of:

Symptom Workaround

System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.

Note Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.

If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows using the instructions here. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. You will then need to update to the later version of Windows 10 after the issue is resolved in your environment.

Note Within the uninstall window, you can increase the number of days you have to go back to your previous version of Windows 10 by using the DISM command /Set-OSUninstallWindow. You must make this change before the default uninstall window has lapsed. For more information, see DISM operating system uninstall command-line options.

We are working on a resolution and will provide updated bundles and refreshed media in the coming weeks.


If you"re on Windows 10 version 1809, you"ll get KB4598296, bringing the build number to 17763.1728. Naturally, this is only available for Windows 10 Education ansd Enterprise SKUs. You can manually download it here, and these are the highlights:

  • Updates an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working.
  • Updates an issue that displays a blank lock screen after a device wakes up from Hibernate.
  • Updates an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.”
  • Corrects historical daylight savings time (DST) information for the Palestinian Authority.
  • Updates an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file.

Here"s the full list of fixes:

  • Enables administrators to disable standalone Internet Explorer using a Group Policy while continuing to use Microsoft Edge"s IE Mode.
  • Addresses an issue that occurs when the Mandatory Profile check box is selected when you copy a user profile.
  • Addresses an issue with some special key combinations used in DaYi, Yi, and Array IMEs that might cause an application to stop working.
  • Addresses an issue that displays a blank lock screen after a device wakes up from Hibernate.
  • Addresses an issue that prevents you from opening a document that is on the Windows desktop and generates the error, “The directory name is invalid.” This issue occurs after changing the desktop location in the Location tab of the Desktop Properties dialog box (File Explorer > This PC > Desktop).
  • Corrects historical daylight savings time (DST) information for the Palestinian Authority.
  • Addresses an issue with German translations of Central European Time.
  • Adds support for serial number control using the registry.
  • Displays a notification to a user when an administrator signs in to an mobile device management (MDM) service, such as Microsoft Intune, to find the location of a managed device.
  • Addresses an issue that causes an unexpected system restart because of exception code 0xc0000005 (Access Violation) in LSASS.exe; the faulting module is webio.dll.
  • Addresses a memory leak on Windows servers that are configured as Active Directory domain controllers. This issue occurs when the Key Distribution Center (KDC) attempts to fetch the Service for User (S4U) client name during certificate authentication.
  • Addresses an issue that might cause a black screen to appear or delay signing in to Hybrid Azure Active Directory joined machines. Additionally, there is no access to login.microsoftonline.com.
  • Addresses an issue that cause the LSASS.exe process to leak memory on a server that is under a heavy authentication load when Kerberos Armoring (Flexible Authentication Secure Tunneling (FAST)) is enabled.
  • Addresses an issue that causes a device to stop working when deploying Microsoft Endpoint Configuration Manager if AppLocker is enabled on the device.
  • Addresses an issue that causes the silent mode deployment of BitLocker to fail with the error 0x80310001. This issue occurs when deploying BitLocker encryption to Hybrid Azure Active Directory (Azure AD) joined devices.
  • Addresses an issue that causes LSASS.exe to stop working because of a race condition that results in a double free error in Schannel. The exception code is c0000374, and the Event Log displays Schannel event 36888, fatal error code 20, and error state 960. This issue occurs after installing Windows updates from September 2020 and later.
  • Addresses an issue that might cause systems that use BitLocker to stop working with the error 0x120 (BITLOCKER_FATAL_ERROR).
  • Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.
  • Addresses an issue with Task Manager that incorrectly indicates that twice the number of CPUs (socket count) are present in the system.
  • Addresses an issue with HTTP caching that interferes with kiosk mode that targets Azure AD groups.
  • Improves the ability of the WinHTTP Web Proxy Auto-Discovery Service to ignore invalid Web Proxy Auto-Discovery Protocol (WPAD) URLs that the Dynamic Host Configuration Protocol (DHCP) server returns.
  • Addresses an issue with insertion rule flooding in the software-defined networking (SDN) service.
  • Addresses an issue with using Windows Defender Application Control (WDAC) and running a file while Managed Installer (MI) or Intelligent Security Graph (ISG) is enabled. You can now use fsutil to look for the $KERNEL.SMARTLOCKER.ORIGINCLAIM extended-attribute (EA) on a file. If this EA is present, then MI or ISG can run the file. You can use fsutil in conjunction with Enabling ISG and MI diagnostic events.
  • Addresses an issue that occurs when a Volume Shadow Copy Service (VSS) snapshot triggers on virtual machines (VM) that contain Resilient File System (ReFS) volumes. The triggered VSS snapshot fails with a time-out and prevents access to the ReFS volume for 30 minutes.
  • Addresses an issue that allows an app that has been blocked from hydrating files to continue hydrating files in some cases.
  • Addresses an issue with web applications that use cross-origin resource sharing (CORS) pre-flighting against Active Directory Federation Services (AD FS) token endpoints. These web applications might suddenly stop working when they call AD FS from external networks.
  • Addresses an issue with Administrative Template settings you configure using a Group Policy Object (GPO). When you change the value of the policy settings to NOT CONFIGURED, the system fails to remove the previous settings. This issue is most noticeable with roaming user profiles.
  • Addresses an issue that fails to show Extract all on the shortcut menu when you right-click an online-only ZIP file.

This one also has one known issue:

Symptom Workaround
After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND."
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  • Go to the Settings app > Recovery.
  • Select Get Started under the Reset this PC recovery option.
  • Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.


As usual, you can grab this update through Windows Update. It"s an optional update though, so you don"t have to take it. If you don"t, these fixes will be rolled into next month"s Patch Tuesday update.

Report a problem with article
Next Article

Google Duo might soon stop working on unsupported Android devices

Previous Article

Nvidia's cloud gaming service GeForce Now is coming to three more countries