Microsoft releases Windows 10 builds 16299.248, 15063.909 - here's what's new

Today is the second Tuesday of the month, which can only mean one thing: it's Patch Tuesday and all supported versions of Windows are receiving updates, at least on PCs. Interestingly, this month doesn't see any new updates for Windows 10 Mobile, which is still typically supported on Patch Tuesday.

PCs on version 1709 of Windows 10 will see KB4074588, or build 16299.248. You can manually download the update here, and it contains the following fixes:

  • Addresses issue where child accounts are able to access InPrivate mode on ARM devices even though their browsing and search history is sent to their parents. This occurs only on Microsoft accounts belonging to children that are managed using the Microsoft Family service and for which parents have enabled activity reporting. This applies to Microsoft Edge and Internet Explorer.

  • Addresses issue with docking and undocking Internet Explorer windows.

  • Addresses issue in Internet Explorer where pressing the delete key inserted a new line in input boxes in an application.

  • Addresses issue in Internet Explorer where selected elements wouldn't update under certain circumstances.

  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.

  • Updates time zone information.

  • Addresses issue with browser Compatibility View settings that occurs during updates.

  • Addresses issue where, in certain hardware configurations, the frame rates of DirectX Games were unintentionally limited to a factor of the display's vertical synchronization.

  • Addresses issue that causes delays when switching keyboard languages using Alt+Shift.

  • Addresses issue where surround sound audio endpoints reverted to stereo after restarting.

  • Improves and reduces conditions where certain Bluetooth keyboards drop keys during reconnection scenarios.

  • Corrects mouse delays for devices that incorrectly report the battery level status.

  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method".

  • Prevents use of the Pre-production Onesettings endpoint for Windows Setup when test signing is enabled.

  • Addresses issue where installations of Windows Server, version 1709 are not automatically activated using the Automated Virtual Machine Activation (AVMA) feature on Hyper-V hosts that have been activated.

  • Addresses issue with the Auto-register Inbox templates feature for UEV where the Scheduled Task didn't have the proper trigger.

  • Addresses issue where the App-V client didn't read the policy for SyncOnBatteriesEnabled when the policy was set using a Group Policy Object (GPO).

  • Addresses issue where the Supported On field for the Enable App-V Client policy is blank in the Group Policy editor.

  • Addresses issue where the user’s hive data in the registry is not maintained correctly when some App-V packages belong to the connection group.

  • Provides additional logging for administrators to take action, such as picking a proper configuration for their App-V package, when there are multiple configuration files for a single package.

  • Addresses issue with App-V packages that aren't compatible with registry virtualization using kernel containers. To address the issue, we changed the registry virtualization to use the earlier (non-container) method by default. Customers who would like to use the new (kernel container) method for registry virtualization can still switch to it by setting the following registry value to 1:

    • Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Compatibility

    • Setting: ContainerRegistryEnabled

    • DataType: DWORD

  • Security updates to Microsoft Scripting Engine, Microsoft Edge, Internet Explorer, Microsoft Windows Search component, Windows Kernel, Windows Authentication, Device Guard, Common Log File System driver, and the Windows storage and file systems.

There are also a couple of known issues to be aware of.

Symptom Workaround
Windows Update History reports that KB4054517 failed to install because of error 0x80070643.

Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. Select Check for Updates to confirm that there are no additional updates available.

You can also type About your PC in the search box on the taskbar to confirm that your device is using the expected OS build.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.

Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following REGKEY on the computer:

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

Data="0x00000000”


Those on the Windows 10 Creators Update, or version 1703, will see KB4074592, or build 15063.909, and that can be manually downloaded here. Here's what's new:

  • Addresses issue with a fragment identifier contained in links opened using the Enterprise Mode Site List to redirect from Microsoft Edge to Internet Explorer.

  • Addresses issue with scrolling through customer applications in Microsoft Edge.

  • Addresses a script-related issue that caused Internet Explorer to stop working in some cases.

  • Addresses issue with launching files using linked shortcuts in Internet Explorer.

  • Addresses issue with rendering graphics elements in Internet Explorer.

  • Addresses issue in Internet Explorer where pressing the Delete key inserted a new line in input boxes in an application.

  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.

  • Updates time zone information.

  • Addresses issue where telemetry data couldn't be uploaded using UTC because of networking environments that prevent access to the necessary CRL servers.

  • Addresses issue where the certutil.exe -MergePfx feature couldn't produce a merged EPF file for multiple V1 certificates.

  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method."

  • Addresses issue where booting with Unified Write Filter (UWF) turned on may lead to stop error 0xE1 in embedded devices, particularly when using a USB HUB.

  • Improves performance of Intel processors that have Hardware P-States (HWP) enabled.

  • Addresses issue where customers sometimes see the error message "Something went wrong" after completing the out-of-box experience.

  • Security updates to Microsoft Scripting Engine, Microsoft Edge, Internet Explorer, Microsoft Windows Search component, Windows Kernel, Device Guard, Windows storage and file systems, and the Common Log File System driver.

This update only contains one known issue:

Symptom Workaround
Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.

Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following REGKEY on the computer:

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

Data="0x00000000”


Those on version 1607 will get KB4074590, or build 14393.2068. You can manually download it here, and it contains the following fixes:

  • Addresses issue with fragment identifier contained in links opened using the Enterprise Mode Site List to redirect from Microsoft Edge to Internet Explorer.

  • Addresses issue with rendering graphics elements with Internet Explorer.

  • Addresses a script-related issue that caused Internet Explorer to stop working in some cases.

  • Addresses issue in Internet Explorer where pressing the Delete key inserted a new line in input boxes in an application.

  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.

  • Addresses issue with browser Compatibility View settings that occured during updates.

  • Updates time zone information.

  • Addresses issue where telemetry data couldn't be uploaded using UTC because of networking environments that prevent access to the necessary CRL servers.

  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method."

  • Addresses issue where a failover in MPIO while throttling input and output requests may cause all available paths to fail.

  • Addresses issue where the application pool CPU throttles when running IIS.

  • Updates Microsoft HoloLens CPU Microcode to address vulnerability CVE-2017-5715 - Branch target injection. Installing this KB for HoloLens applies all relevant OS and Microcode updates. See Advisory 180002 for more details.

  • Addresses issue where, after installing KB4057142 or KB4056890 on an SMB server, accessing files in directory junction points or volume mount points hosted on the server may fail. The error is “ERROR_INVALID_REPARSE_DATA”. For example, this symptom may be observed:

  • Editing some group policies using GPMC or AGPM 4.0 may fail with the error "The data present in the reparse point buffer is invalid. (Exception from HRESULT: 0x80071128)".

  • Security updates to Microsoft Edge, Internet Explorer, Adobe Flash Player, Microsoft Windows Search Component, Windows Kernel, Device Guard, Common Log File System Driver, and Windows storage and file systems.

It also contains a couple of known issues:

Symptom Workaround
Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.

Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following REGKEY on the computer:

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

Data="0x00000000”

After installing this update, servers where Credential Guard is enabled may experience an unexpected restart with the error "The system process lsass.exe terminated unexpectedly with status code -1073740791. The system will now shut down and restart."

Event ID 1000 in the application log shows:

'C:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073740791

Faulting application: lsass.exe, Version: 10.0.14393.1770, Time Stamp: 0x59bf2fb2

Faulting module: ntdll.dll, Version: 10.0.14393.1715, Time Stamp: 0x59b0d03e

Exception: 0xc0000409

Disable Credential Guard. See Disable Windows Defender Credential Guard for more information.

Microsoft is working on a resolution and will provide an update in an upcoming release.


While no new updates were released for Windows 10 Mobile, phones on version 1607 did get an update today to build 14393.2007, which was last month's patch for PCs.

If your PC is still on version 1511, you'll get KB4074591, or build 10586.1417, which can be manually downloaded here. Here's what's been fixed:

  • Updates time zone information.

  • Addresses issue that causes services.exe to stop working after applying the "Obtain an impersonation token for another user in the same session” privilege to Windows Server 2012 R2 computers. These computers then enter a restart loop. The system may report the SceCli event ID 1202 with error 0x4b8. It may also report the Application Error event ID 1000 with the faulting module name scesrv.dll and the exception code 0xc0000409. This privilege was first introduced in Windows Server 2016.

  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method."

  • Addresses issue with URL redirects in Internet Explorer.

  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.

  • Addresses issue with browser Compatibility View settings that occur during updates.

  • Security updates to Microsoft Edge, Internet Explorer, Microsoft Windows Search component, Windows Kernel, Device Guard, Windows storage and file systems, Common Log File System driver, and the Microsoft Scripting Engine.

There's one known issue with this update:

Symptom Workaround
Because of an issue that affects some versions of antivirus software, this fix applies only to computers on which the antivirus ISV updated the ALLOW REGKEY.

Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following REGKEY on the computer:

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

Data="0x00000000”


Finally, if you've still got a device that's on the original version of Windows 10, which is now called version 1507, you'll get KB4074596, or build 10240.17770. That can be manually downloaded here, and it contains the following fixes:

  • Addresses a script-related issue that caused Internet Explorer to stop working in some cases.

  • Addresses issue in Internet Explorer where pressing the delete key inserted a new line in input boxes in an application.

  • Addresses issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge.

  • Updates time zone information.

  • Addresses issue where custom credential providers sometimes didn't correctly display the password text box.

  • Addresses issue that causes services.exe to stop working after applying the "Obtain an impersonation token for another user in the same session” privilege to Windows Server 2012 R2 computers. These computers then enter a restart loop. The system may report the SceCli event ID 1202 with error 0x4b8. It may also report the Application Error event ID 1000 with the faulting module name scesrv.dll and the exception code 0xc0000409. This privilege was first introduced in Windows Server 2016.

  • Addresses issue where the certutil.exe -MergePfx feature couldn't produce a merged EPF file for multiple V1 certificates.

  • Addresses issue where MMC application snap-ins—such as Services, Local Policy Admin, and Printer Management—fail to run when Windows Defender Application Control (Device Guard) is turned on. The error is "Object doesn't support this property or method."

  • Security updates to Windows Kernel, the Microsoft Scripting Engine, Microsoft Edge, Internet Explorer, Microsoft Windows Search component, Device Guard, Windows storage and file systems, and the Common Log File System driver.

It contains the same known issue as the update for version 1511.

Of course, you shouldn't need to manually install any of these. By going to Settings -> Update & security -> Windows Update -> Check for updates, your PC will automatically download and install the update that corresponds to your version of Windows 10.

Report a problem with article
Previous Story

Arm unveils its latest machine learning platform, codename Project Trillium

Next Story

Here's what's new in Windows 7 and 8.1 for Patch Tuesday

16 Comments - Add comment

Advertisement