Microsoft Known Issue

Known issues in Microsoft Patches:
 
Microsoft often releases patches to address security and reliability issues. Sometimes, patches itself will introduce unprecedented issues after installing them. Here's the updated list of all the known issues in Microsoft patches and possible workaround for them.

Oops! No results for your search.

workaround
Jun 15, 2022
KB5014746
2022-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5014746) (CVE-2022-30190)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. We are working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014741
2022-06 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5014741) (CVE-2022-30190)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. We are working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014742
2022-06 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5014742) (ESU) (CVE-2022-30190)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Jun 15, 2022
KB5014742
2022-06 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5014742) (ESU) (CVE-2022-30190)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. We are working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014743
2022-06 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5014743) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Jun 15, 2022
KB5014743
2022-06 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5014743) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. We are working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014738
2022-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5014738) (CVE-2022-30190)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. We are working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014747
2022-06 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5014747) (CVE-2022-30190)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. We are working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014748
2022-06 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5014748) (ESU) (CVE-2022-30190)
"After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Jun 15, 2022
KB5014748
2022-06 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5014748) (ESU) (CVE-2022-30190)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following:  Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. We are working on a resolution and will provide an update in an upcoming release. 
workaround
Jun 15, 2022
KB5014752
2022-06 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5014752) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Jun 15, 2022
KB5014752
2022-06 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5014752) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. We are working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014699
2022-06 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5014699)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Jun 15, 2022
KB5014699
2022-06 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5014699)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Jun 15, 2022
KB5014699
2022-06 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5014699)
"We are receiving reports that the Snip & Sketch app might fail to capture a screenshot and might fail to open using the keyboard shortcut (Windows key+shift+S). This issue occurs after installing KB5010342 (February 8, 2022) and later updates."
We are presently investigating and will provide an update when more information is available.
workaround
Jun 15, 2022
KB5014692
2022-06 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5014692)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014692
2022-06 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5014692)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service.  After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Jun 15, 2022
KB5014001
2022-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5014001) (CVE-2022-26925)
"After installing this update on your Windows Server 2012 R2 servers used as domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue o"
Install update KB5014986 on Windows Server 2012 R2 servers used as domain controllers and intermediary application servers which authenticate to domain controllers.
workaround
May 11, 2022
KB5014001
2022-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5014001)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5014001
2022-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5014001)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Jun 15, 2022
KB5014018
2022-05 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5014018) (CVE-2022-26925)
"After installing this update on your Windows Server 2012 servers used as domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only"
Install update KB5014991 on Windows Server 2012 servers used as domain controllers and intermediary application servers which authenticate to domain controllers.
workaround
May 11, 2022
KB5014018
2022-05 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5014018)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5014018
2022-05 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5014018)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Jun 15, 2022
KB5013999
2022-05 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5013999) (ESU) (CVE-2022-26925)
"After installing this update on your Windows Server 2008 R2 SP1 servers used as domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This iss"
Install update KB5014987 on Windows Server 2008 R2 SP1 servers used as domain controllers and intermediary application servers which authenticate to domain controllers.
workaround
May 11, 2022
KB5013999
2022-05 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5013999) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
May 11, 2022
KB5013999
2022-05 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5013999) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014006
2022-05 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5014006) (ESU) (CVE-2022-26925)
"After installing this update on your Windows Server 2008 SP2 servers used as domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue "
Install update KB5014990 on Windows Server 2008 SP2 servers used as domain controllers and intermediary application servers which authenticate to domain controllers.
workaround
May 11, 2022
KB5014006
2022-05 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5014006) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
May 11, 2022
KB5014006
2022-05 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5014006) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014011
2022-05 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5014011) (CVE-2022-26925)
"After installing this update on your Windows Server 2012 R2 servers used as domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue o"
Install update KB5014986 on Windows Server 2012 R2 servers used as domain controllers and intermediary application servers which authenticate to domain controllers.
workaround
May 11, 2022
KB5014011
2022-05 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5014011)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5014011
2022-05 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5014011)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Jun 15, 2022
KB5014017
2022-05 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5014017) (CVE-2022-26925)
"After installing this update on your Windows Server 2012 servers used as domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only"
Install update KB5014991 on Windows Server 2012 servers used as domain controllers and intermediary application servers which authenticate to domain controllers.
workaround
May 11, 2022
KB5014017
2022-05 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5014017)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5014017
2022-05 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5014017)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Jun 15, 2022
KB5014012
2022-05 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5014012) (ESU) (CVE-2022-26925)
"After installing this update on your Windows Server 2008 R2 SP1 servers used as domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This iss"
Install update KB5014987 on Windows Server 2008 R2 SP1 servers used as domain controllers and intermediary application servers which authenticate to domain controllers.
workaround
May 11, 2022
KB5014012
2022-05 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5014012) (ESU)
"After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
May 11, 2022
KB5014012
2022-05 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5014012) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following:  Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release. 
workaround
Jun 15, 2022
KB5014010
2022-05 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5014010) (ESU) (CVE-2022-26925)
"After installing this update on your Windows Server 2008 SP2 servers used as domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue "
Install update KB5014990 on Windows Server 2008 SP2 servers used as domain controllers and intermediary application servers which authenticate to domain controllers.
workaround
May 11, 2022
KB5014010
2022-05 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5014010) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
May 11, 2022
KB5014010
2022-05 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5014010) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014023
2022-05 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5014023)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Jun 15, 2022
KB5014023
2022-05 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5014023)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Jun 15, 2022
KB5014023
2022-05 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5014023)
"We are receiving reports that the Snip & Sketch app might fail to capture a screenshot and might fail to open using the keyboard shortcut (Windows key+shift+S). This issue occurs after installing KB5010342 (February 8, 2022) and later updates."
We are presently investigating and will provide an update when more information is available.
workaround
Jun 15, 2022
KB5014022
2022-05 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5014022)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5014022
2022-05 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5014022)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service.  After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Jun 15, 2022
KB5015020
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5015020)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Jun 15, 2022
KB5015020
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5015020)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Jun 15, 2022
KB5015020
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5015020)
"We are receiving reports that the Snip & Sketch app might fail to capture a screenshot and might fail to open using the keyboard shortcut (Windows key+shift+S). This issue occurs after installing KB5010342 (February 8, 2022) and later updates."
We are presently investigating and will provide an update when more information is available.
workaround
Jun 15, 2022
KB5013942
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5013942) (CVE-2022-22713)
"Updated May 27, 2022 After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is bei"
Updated May 27, 2022 The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note Any other mitigation except the preferred mitigations might lower or disable security hardening. This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically. Cumulative updates: Windows Server 2022: KB5015013 Windows Server, version 20H2: KB5015020 Windows Server 2019: KB5015018 Windows Server 2016: KB5015019 Note You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
workaround
Jun 15, 2022
KB5013942
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5013942) (CVE-2022-22713)
"After installing this update, you might receive an error code: 0xC002001B when attempting to install from the Microsoft Store. Some Microsoft Store apps might also fail to open. Affected Windows devices use a processor (CPU) which supports Control-flow Enforcement Technology (CET), such as such as 11th Gen and later Intel® Core™ Processors or later and certain AMD processors."
This issue was addressed in the out-of-band update KB5015020. It is a cumulative update, so you do not need to apply any previous update before installing it. To get the standalone package for KB5015020, search for it in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note KB5015020 is not available from Windows Update and will not install automatically.
workaround
May 11, 2022
KB5013942
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5013942)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
May 11, 2022
KB5013942
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5013942)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
May 11, 2022
KB5013942
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5013942)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5013942
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5013942)
"We are receiving reports that the Snip & Sketch app might fail to capture a screenshot and might fail to open using the keyboard shortcut (Windows key+shift+S). This issue occurs after installing KB5010342 (February 8, 2022) and later updates."
We are presently investigating and will provide an update when more information is available.
workaround
Jun 15, 2022
KB5013942
2022-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5013942)
"After installing this update, Windows devices that use certain GPUs might cause apps to close unexpectedly or cause intermittent issues that affect some apps that use Direct3D 9. You might also receive an error in Event Log in Windows Logs/Applications, and the faulting module is d3d9on12.dll and the exception code is 0xc0000094."
This issue is addressed in KB5014023. If you cant install KB5014023, see the instructions below. This issue is addressed using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the KIR to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the KIR apply to your device faster. For enterprise-managed, devices that have installed an affected update and encountered this issue can address it by installing and configuring the special Group Policy listed below. For information on deploying and configuring these special Group Policies, seeHow to use Group Policy to deploy a Known Issue Rollback. Group Policy download with Group Policy name: Download for Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1, and Windows 10, version 21H2 - Group Policy name: KB5011831 220509_20051 Known Issue Rollback Important You must install and configure the Group Policy to address this issue. Please see, How to use Group Policy to deploy a Known Issue Rollback.
workaround
Jun 15, 2022
KB5013945
2022-05 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB5013945)
"Updated May 27, 2022 After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is bei"
Updated May 27, 2022 The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note Any other mitigation except the preferred mitigations might lower or disable security hardening. This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically. Cumulative updates: Windows Server 2022: KB5015013 Windows Server, version 20H2: KB5015020 Windows Server 2019: KB5015018 Windows Server 2016: KB5015019 Note You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
workaround
Jun 15, 2022
KB5015018
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5015018)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5015018
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5015018)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service.  After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Jun 15, 2022
KB5015018
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5015018)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
This issue is addressed in KB5014022.
workaround
Jun 15, 2022
KB5015018
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5015018)
"Windows server computers might log Event ID 40 in the System event log each time a Group Policy is updated or refreshed on a server or client. The error is found with the Description, ”The event logging service encountered an error when attempting to apply one or more policy settings.” This issue occurs after installing Windows updates released on or after January 11, 2022. The gpupdate and Group Policy Object (GPO) refresh tasks will trigger this error when they ru"
This issue is addressed in KB5014022.
workaround
May 11, 2022
KB5013941
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5013941)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5013941
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5013941)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service.  After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
May 11, 2022
KB5013941
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5013941)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
May 11, 2022
KB5013941
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5013941)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5013941
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5013941)
"Windows server computers might log Event ID 40 in the System event log each time a Group Policy is updated or refreshed on a server or client. The error is found with the Description, ”The event logging service encountered an error when attempting to apply one or more policy settings.” This issue occurs after installing Windows updates released on or after January 11, 2022. The gpupdate and Group Policy Object (GPO) refresh tasks will trigger this error when they ru"
We are working on a resolution and will provide an update in an upcoming release.
workaround
Jun 15, 2022
KB5013941
2022-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5013941)
"Updated May 27, 2022 After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is bei"
Updated May 27, 2022 The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note Any other mitigation except the preferred mitigations might lower or disable security hardening. This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically. Cumulative updates: Windows Server 2022: KB5015013 Windows Server, version 20H2: KB5015020 Windows Server 2019: KB5015018 Windows Server 2016: KB5015019 Note You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
workaround
May 11, 2022
KB5013952
2022-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5013952)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Jun 15, 2022
KB5013952
2022-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5013952)
"Updated May 27, 2022 After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is bei"
Updated May 27, 2022 The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note Any other mitigation except the preferred mitigations might lower or disable security hardening. This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically. Cumulative updates: Windows Server 2022: KB5015013 Windows Server, version 20H2: KB5015020 Windows Server 2019: KB5015018 Windows Server 2016: KB5015019 Note You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
workaround
Jun 15, 2022
KB5013963
2022-05 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5013963)
"Updated May 27, 2022 After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is bei"
Updated May 27, 2022 The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note Any other mitigation except the preferred mitigations might lower or disable security hardening. This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically. Cumulative updates: Windows Server 2022: KB5015013 Windows Server, version 20H2: KB5015020 Windows Server 2019: KB5015018 Windows Server 2016: KB5015019 Note You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
workaround
May 11, 2022
KB5013944
2022-05 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5013944)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Jun 15, 2022
KB5013944
2022-05 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5013944)
"Updated May 27, 2022 After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is bei"
Updated May 27, 2022 The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note Any other mitigation except the preferred mitigations might lower or disable security hardening. This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically. Cumulative updates: Windows Server 2022: KB5015013 Windows Server, version 20H2: KB5015020 Windows Server 2019: KB5015018 Windows Server 2016: KB5015019 Note You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
workaround
Apr 13, 2022
KB5012639
2022-04 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5012639)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012639
2022-04 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5012639)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Apr 13, 2022
KB5012666
2022-04 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5012666)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012666
2022-04 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5012666)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Apr 13, 2022
KB5012649
2022-04 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5012649) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Apr 13, 2022
KB5012649
2022-04 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5012649) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012632
2022-04 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5012632) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Apr 13, 2022
KB5012632
2022-04 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5012632) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012670
2022-04 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5012670)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012670
2022-04 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5012670)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Apr 13, 2022
KB5012650
2022-04 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5012650)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012650
2022-04 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5012650)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Apr 13, 2022
KB5012626
2022-04 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5012626) (ESU)
"After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Apr 13, 2022
KB5012626
2022-04 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5012626) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following:  Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release. 
workaround
Apr 13, 2022
KB5012658
2022-04 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5012658) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Apr 13, 2022
KB5012658
2022-04 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5012658) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5011831
2022-04 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5011831)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
May 11, 2022
KB5011831
2022-04 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5011831)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
May 11, 2022
KB5011831
2022-04 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5011831)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5011831
2022-04 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5011831)
"We are receiving reports that the Snip & Sketch app might fail to capture a screenshot and might fail to open using the keyboard shortcut (Windows key+shift+S). This issue occurs after installing KB5010342 (February 8, 2022) and later updates."
We are presently investigating and will provide an update when more information is available.
workaround
Jun 15, 2022
KB5011831
2022-04 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5011831)
"After installing this update, Windows devices that use certain GPUs might cause apps to close unexpectedly or cause intermittent issues that affect some apps that use Direct3D 9. You might also receive an error in Event Log in Windows Logs/Applications, and the faulting module is d3d9on12.dll and the exception code is 0xc0000094."
This issue is addressed in KB5014023. If you cant install KB5014023, see the instructions below. This issue is addressed using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the KIR to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the KIR apply to your device faster. For enterprise-managed, devices that have installed an affected update and encountered this issue can address it by installing and configuring the special Group Policy listed below. For information on deploying and configuring these special Group Policies, seeHow to use Group Policy to deploy a Known Issue Rollback. Group Policy download with Group Policy name: Download for Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1, and Windows 10, version 21H2 - Group Policy name: KB5011831 220509_20051 Known Issue Rollback Important You must install and configure the Group Policy to address this issue. Please see, How to use Group Policy to deploy a Known Issue Rollback.
workaround
Jun 15, 2022
KB5011831
2022-04 Cumulative Update Preview for Windows 10 Version 20H2 for x64-based Systems (KB5011831)
"After installing this update, you might receive an error code: 0xC002001B when attempting to install from the Microsoft Store. Some Microsoft Store apps might also fail to open. Affected Windows devices use a processor (CPU) which supports Control-flow Enforcement Technology (CET), such as such as 11th Gen and later Intel® Core™ Processors or later and certain AMD processors."
This issue was addressed in the out-of-band update KB5015020. It is a cumulative update, so you do not need to apply any previous update before installing it. To get the standalone package for KB5015020, search for it in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note KB5015020 is not available from Windows Update and will not install automatically.
workaround
May 11, 2022
KB5012636
2022-04 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5012636)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5012636
2022-04 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5012636)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service.  After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
May 11, 2022
KB5012636
2022-04 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5012636)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
May 11, 2022
KB5012636
2022-04 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5012636)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5012636
2022-04 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5012636)
"Windows server computers might log Event ID 40 in the System event log each time a Group Policy is updated or refreshed on a server or client. The error is found with the Description, ”The event logging service encountered an error when attempting to apply one or more policy settings.” This issue occurs after installing Windows updates released on or after January 11, 2022. The gpupdate and Group Policy Object (GPO) refresh tasks will trigger this error when they ru"
We are working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5012637
2022-04 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5012637)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
May 11, 2022
KB5012599
2022-04 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5012599) (CVE-2022-26904) (CVE-2022-24521)
"We are receiving reports that the Snip & Sketch app might fail to capture a screenshot and might fail to open using the keyboard shortcut (Windows key+shift+S). This issue occurs after installing KB5010342 (February 8, 2022) and later updates."
We are presently investigating and will provide an update when more information is available.
workaround
Apr 13, 2022
KB5012599
2022-04 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5012599)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Apr 13, 2022
KB5012599
2022-04 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5012599)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Apr 13, 2022
KB5012599
2022-04 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5012599)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1, and Windows 10, version 21H2 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Apr 13, 2022
KB5012599
2022-04 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5012599)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012591
2022-04 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB5012591)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
May 11, 2022
KB5012647
2022-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5012647) (CVE-2022-26904) (CVE-2022-24521)
"Windows server computers might log Event ID 40 in the System event log each time a Group Policy is updated or refreshed on a server or client. The error is found with the Description, ”The event logging service encountered an error when attempting to apply one or more policy settings.” This issue occurs after installing Windows updates released on or after January 11, 2022. The gpupdate and Group Policy Object (GPO) refresh tasks will trigger this error when they ru"
We are working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012647
2022-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5012647)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012647
2022-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5012647)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service.  After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Apr 13, 2022
KB5012647
2022-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5012647)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Apr 13, 2022
KB5012647
2022-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5012647)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012596
2022-04 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5012596)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Apr 13, 2022
KB5012596
2022-04 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5012596)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012653
2022-04 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5012653)
"After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start. Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expecte"
We are working on a resolution and will provide an update in an upcoming release.
workaround
Apr 13, 2022
KB5012604
2022-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5012604)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1, and Windows 10, version 21H2 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Apr 13, 2022
KB5012604
2022-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5012604)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Mar 9, 2022
KB5011560
2022-03 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5011560)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011560
2022-03 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5011560)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022: .NET Framework 4.8 KB5011258 Windows Server 2019: .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016: .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2: .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Mar 9, 2022
KB5011527
2022-03 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5011527)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011527
2022-03 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5011527)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022: .NET Framework 4.8 KB5011258 Windows Server 2019: .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016: .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2: .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Mar 9, 2022
KB5011529
2022-03 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5011529) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Mar 9, 2022
KB5011529
2022-03 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5011529) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011525
2022-03 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5011525) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Mar 9, 2022
KB5011525
2022-03 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5011525) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011564
2022-03 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5011564)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011564
2022-03 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5011564)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022: .NET Framework 4.8 KB5011258 Windows Server 2019: .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016: .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2: .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Mar 9, 2022
KB5011535
2022-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5011535)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011535
2022-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5011535)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022: .NET Framework 4.8 KB5011258 Windows Server 2019: .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016: .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2: .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Mar 9, 2022
KB5011552
2022-03 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5011552) (ESU)
"After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Mar 9, 2022
KB5011552
2022-03 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5011552) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011534
2022-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5011534) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Mar 9, 2022
KB5011534
2022-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5011534) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011487
2022-03 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5011487)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Mar 9, 2022
KB5011487
2022-03 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5011487)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Mar 9, 2022
KB5011487
2022-03 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5011487)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1, and Windows 10, version 21H2 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Mar 9, 2022
KB5011503
2022-03 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5011503)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Mar 9, 2022
KB5011503
2022-03 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5011503)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Mar 9, 2022
KB5011503
2022-03 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5011503)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022: .NET Framework 4.8 KB5011258 Windows Server 2019: .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016: .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2: .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Mar 9, 2022
KB5011495
2022-03 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5011495)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022: .NET Framework 4.8 KB5011258 Windows Server 2019: .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016: .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2: .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Mar 9, 2022
KB5011497
2022-03 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5011497)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1, and Windows 10, version 21H2 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Mar 9, 2022
KB5011497
2022-03 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5011497)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022: .NET Framework 4.8 KB5011258 Windows Server 2019: .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016: .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2: .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Feb 9, 2022
KB5010395
2022-02 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5010395) (CVE-2022-21989)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Feb 9, 2022
KB5010395
2022-02 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5010395) (CVE-2022-21989)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Feb 9, 2022
KB5010412
2022-02 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5010412) (CVE-2022-21989)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Feb 9, 2022
KB5010412
2022-02 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5010412) (CVE-2022-21989)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Feb 9, 2022
KB5010422
2022-02 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5010422) (ESU) (CVE-2022-21989)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Feb 9, 2022
KB5010422
2022-02 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5010422) (ESU) (CVE-2022-21989)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Feb 9, 2022
KB5010403
2022-02 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5010403) (ESU) (CVE-2022-21989)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Feb 9, 2022
KB5010403
2022-02 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5010403) (ESU) (CVE-2022-21989)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Feb 9, 2022
KB5010419
2022-02 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5010419) (CVE-2022-21989)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Feb 9, 2022
KB5010419
2022-02 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5010419) (CVE-2022-21989)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Feb 9, 2022
KB5010392
2022-02 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5010392)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Feb 9, 2022
KB5010392
2022-02 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5010392)
"After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Feb 9, 2022
KB5010404
2022-02 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5010404) (ESU) (CVE-2022-21989)
"After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Feb 9, 2022
KB5010404
2022-02 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5010404) (ESU) (CVE-2022-21989)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following:  Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release. 
workaround
Feb 9, 2022
KB5010384
2022-02 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5010384) (ESU) (CVE-2022-21989)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Feb 9, 2022
KB5010384
2022-02 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5010384) (ESU) (CVE-2022-21989)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Feb 9, 2022
KB5010342
2022-02 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5010342) (CVE-2022-21989)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the using SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Feb 9, 2022
KB5010342
2022-02 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5010342) (CVE-2022-21989)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Feb 9, 2022
KB5010342
2022-02 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5010342) (CVE-2022-21989)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Feb 9, 2022
KB5010351
2022-02 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5010351) (CVE-2022-21989)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Feb 9, 2022
KB5010351
2022-02 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5010351) (CVE-2022-21989)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service.  After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Feb 9, 2022
KB5010351
2022-02 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5010351) (CVE-2022-21989)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Feb 9, 2022
KB5010359
2022-02 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5010359) (CVE-2022-21989)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Feb 9, 2022
KB5010354
2022-02 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5010354) (CVE-2022-21989)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Feb 9, 2022
KB5010354
2022-02 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5010354) (CVE-2022-21989)
"After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.  Note for developers Affected apps use the System.DirectoryServices API."
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app. Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.  For instructions on how to install this update for your operating system, see the KB articles listed below: Windows Server 2022:  .NET Framework 4.8 KB5011258 Windows Server 2019:  .NET Framework 4.8 KB5011257 .NET Framework 4.7.2 KB5011259 Windows Server 2016:  .NET Framework 4.8 KB5011264 .NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329 Windows Server 2012 R2:  .NET Framework 4.8 KB5011266 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263 .NET Framework 4.5.2 KB5011261 Windows Server 2012: .NET Framework 4.8 KB5011265 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262 .NET Framework 4.5.2 KB5011260
workaround
Jan 12, 2022
KB5009595
2022-01 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5009595) (CVE-2022-21919) (CVE-2022-21836)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009619
2022-01 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5009619) (CVE-2022-21919) (CVE-2022-21836)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009621
2022-01 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5009621) (ESU) (CVE-2022-21919) (CVE-2022-21836)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Jan 12, 2022
KB5009621
2022-01 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5009621) (ESU) (CVE-2022-21919) (CVE-2022-21836)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009601
2022-01 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5009601) (ESU) (CVE-2022-21919) (CVE-2022-21836)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Jan 12, 2022
KB5009601
2022-01 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5009601) (ESU) (CVE-2022-21919) (CVE-2022-21836)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009624
2022-01 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5009624) (CVE-2022-21919) (CVE-2022-21836)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009586
2022-01 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5009586) (CVE-2022-21919) (CVE-2022-21836)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009610
2022-01 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5009610) (ESU) (CVE-2022-21919) (CVE-2022-21836)
"After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Jan 12, 2022
KB5009610
2022-01 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5009610) (ESU) (CVE-2022-21919) (CVE-2022-21836)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009627
2022-01 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5009627) (ESU) (CVE-2022-21919) (CVE-2022-21836)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Jan 12, 2022
KB5009627
2022-01 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5009627) (ESU) (CVE-2022-21919) (CVE-2022-21836)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5010197
2022-01 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5010197)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Jan 12, 2022
KB5010197
2022-01 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5010197)
"After installing this update, text input using a Japanese IME might be entered out of order or the text cursor might move unexpectedly in apps that use the multibyte character set (MBCS). This issue affects both the Microsoft Japanese IME and third-party Japanese IMEs."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy (preferred). Important Verify that you are using the correct Group Policy for your version of Windows: Windows Sever 2022.
workaround
Jan 12, 2022
KB5009566
2022-01 Cumulative Update for Windows 11 for x64-based Systems (KB5009566) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
"All users"
After installing Windows 11, some image editing programs might not render colors correctly on certain high dynamic range (HDR) displays. This is frequently observed with white colors, which could display in bright yellow or other colors. This issue occurs when certain color-rendering Win32 APIs return unexpected information or errors under specific conditions. Not all color profile management programs are affected, and color profile options available in the Windows 11 Settings page, including Microsoft Color Control Panel, are expected to function correctly.
workaround
Jan 12, 2022
KB5009543
2022-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the using SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Jan 12, 2022
KB5009543
2022-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Jan 12, 2022
KB5009543
2022-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Jan 12, 2022
KB5010196
2022-01 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5010196)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5010196
2022-01 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5010196)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Jan 12, 2022
KB5010196
2022-01 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5010196)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009557
2022-01 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5009557) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21839) (CVE-2022-21874)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009557
2022-01 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5009557) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21839) (CVE-2022-21874)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Jan 12, 2022
KB5009557
2022-01 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5009557) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21839) (CVE-2022-21874)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5010195
2022-01 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5010195)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009546
2022-01 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5009546) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Jan 12, 2022
KB5009555
2022-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5009555) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Dec 15, 2021
KB5008285
2021-12 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5008285) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008255
2021-12 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5008255) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008282
2021-12 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5008282) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Dec 15, 2021
KB5008282
2021-12 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5008282) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008271
2021-12 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5008271) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Dec 15, 2021
KB5008271
2021-12 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5008271) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008263
2021-12 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5008263) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008277
2021-12 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5008277) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008244
2021-12 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5008244) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Dec 15, 2021
KB5008244
2021-12 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5008244) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008274
2021-12 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5008274) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Dec 15, 2021
KB5008274
2021-12 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5008274) (ESU) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008212
2021-12 Cumulative Update for Windows Server, version 2004 for x64-based Systems (KB5008212) (CVE-2021-43240) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the using SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Dec 15, 2021
KB5008212
2021-12 Cumulative Update for Windows Server, version 2004 for x64-based Systems (KB5008212) (CVE-2021-43240) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Dec 15, 2021
KB5008212
2021-12 Cumulative Update for Windows Server, version 2004 for x64-based Systems (KB5008212) (CVE-2021-43240) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Dec 15, 2021
KB5008218
2021-12 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008218) (CVE-2021-43883) (CVE-2021-43893)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008218
2021-12 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008218) (CVE-2021-43883) (CVE-2021-43893)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Dec 15, 2021
KB5008218
2021-12 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008218) (CVE-2021-43883) (CVE-2021-43893)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008207
2021-12 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5008207) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008223
2021-12 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5008223) (CVE-2021-43240) (CVE-2021-41333) (CVE-2021-43883) (CVE-2021-43893)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Dec 15, 2021
KB5007253
2021-11 Cumulative Update Preview for Windows Server, version 2004 for x64-based Systems (KB5007253)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the using SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Dec 15, 2021
KB5007253
2021-11 Cumulative Update Preview for Windows Server, version 2004 for x64-based Systems (KB5007253)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Dec 15, 2021
KB5007253
2021-11 Cumulative Update Preview for Windows Server, version 2004 for x64-based Systems (KB5007253)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Dec 15, 2021
KB5007266
2021-11 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5007266)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5007266
2021-11 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5007266)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Dec 15, 2021
KB5007266
2021-11 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5007266)
"After installing this or later updates, Microsoft Defender for Endpoint might fail to start or run on devices with a Windows Server Core installation. Note This issue does not affect Microsoft Defender for Endpoint on Windows 10."
This issue is resolved in KB5008218.
workaround
Dec 15, 2021
KB5007266
2021-11 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5007266)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5007254
2021-11 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5007254)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Server 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Dec 15, 2021
KB5007254
2021-11 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5007254)
"After installing this or later updates, Microsoft Defender for Endpoint might fail to start or run on devices with a Windows Server Core installation. Note This issue does not affect Microsoft Defender for Endpoint on Windows 10."
This issue is resolved in KB5008223.
workaround
Dec 15, 2021
KB5008602
2021-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008602)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008602
2021-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008602)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Dec 15, 2021
KB5008602
2021-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008602)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
This issue is resolved in KB5007266.
workaround
Dec 15, 2021
KB5008602
2021-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008602)
"After installing this update, Microsoft Installer (MSI) might have issues repairing or updating apps. Apps that are known to be affected include some apps from Kaspersky. Affected apps might fail to open after an update or repair has been attempted."
This issue is resolved in KB5007266.
workaround
Dec 15, 2021
KB5008602
2021-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008602)
"After installing this or later updates, Microsoft Defender for Endpoint might fail to start or run on devices with a Windows Server Core installation. Note This issue does not affect Microsoft Defender for Endpoint on Windows 10."
This issue is resolved in KB5008218.
workaround
Dec 15, 2021
KB5008602
2021-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5008602)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008601
2021-11 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5008601)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008601
2021-11 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5008601)
"After installing this update, Microsoft Installer (MSI) might have issues repairing or updating apps. Apps that are known to be affected include some apps from Kaspersky. Affected apps might fail to open after an update or repair has been attempted."
To mitigate this issue, you will need to uninstall the affected app, then install the latest version of the app. We are working on a resolution and will provide an update in an upcoming release.
workaround
Dec 15, 2021
KB5008601
2021-11 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5008601)
"After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices "
We are working on a resolution and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006674
2021-10 Cumulative Update for Windows 11 for x64-based Systems (KB5006674) (CVE-2021-40449)
"Devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. This issue has been observed in devices which access printers via a print server, using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download. Note: The printer connection metho"
This issue is resolved in KB5006746.
workaround
Nov 10, 2021
KB5006674
2021-10 Cumulative Update for Windows 11 for x64-based Systems (KB5006674) (CVE-2021-40449)
"Installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Note IPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations."
This issue is resolved in KB5006746.
workaround
Nov 10, 2021
KB5006674
2021-10 Cumulative Update for Windows 11 for x64-based Systems (KB5006674) (CVE-2021-40449)
"Printing properties defined on a server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server – for example, duplex print settings – will not be applied automatically, and clients will print with default settings only. This issue results from an improper building of the data file which"
This issue is resolved in KB5006746.
workaround
Nov 10, 2021
KB5006674
2021-10 Cumulative Update for Windows 11 for x64-based Systems (KB5006674) (CVE-2021-40449)
"You might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones. Note The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations."
This issue is resolved in KB5006746.
workaround
Nov 10, 2021
KB5006674
2021-10 Cumulative Update for Windows 11 for x64-based Systems (KB5006674) (CVE-2021-40449)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006675
2021-10 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5006675) (CVE-2021-40449) (CVE-2021-41335) (CVE-2021-41338)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006699
2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699) (CVE-2021-40449) (CVE-2021-40469)
"After installing KB5005575, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005575 are unaffected and print operations to that printer will succeed as usual. Note IPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations."
This issue is resolved in KB5006745.
workaround
Nov 10, 2021
KB5006699
2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699) (CVE-2021-40449) (CVE-2021-40469)
"After installing KB5005619 on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server – for example, duplex print settings – will not be applied automatically, and clients will print with default settings only. This issue results"
This issue is resolved in KB5006745.
workaround
Nov 10, 2021
KB5006699
2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699) (CVE-2021-40449) (CVE-2021-40469)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Sever 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Nov 10, 2021
KB5006699
2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699) (CVE-2021-40449) (CVE-2021-40469)
"You might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones. Note The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations."
This issue is resolved in KB5006745.
workaround
Nov 10, 2021
KB5006699
2021-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5006699) (CVE-2021-40449) (CVE-2021-40469)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006667
2021-10 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB5006667) (CVE-2021-40449) (CVE-2021-41335) (CVE-2021-41338)
"After installing KB5005566, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005566 are unaffected and print operations to that printer will succeed as usual. Note IPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations."
Microsoft is working on a resolution and targeting its release in a future update.
workaround
Nov 10, 2021
KB5006667
2021-10 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB5006667) (CVE-2021-40449) (CVE-2021-41335) (CVE-2021-41338)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006669
2021-10 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5006669) (CVE-2021-40449) (CVE-2021-40469) (CVE-2021-41335) (CVE-2021-41338)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006744
2021-10 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5006744)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006744
2021-10 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5006744)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
workaround
Nov 10, 2021
KB5006744
2021-10 Cumulative Update Preview for Windows 10 Version 1809 for x64-based Systems (KB5006744)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006746
2021-10 Cumulative Update Preview for Windows 11 for x64-based Systems (KB5006746)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006746
2021-10 Cumulative Update Preview for Windows 11 for x64-based Systems (KB5006746)
"Starting on November 1, 2021, some users might be unable to open or use certain built-in Windows apps or parts of some built-in apps. This is caused by an issue with a Microsoft digital certificate, which expired October 31, 2021. The following might be affected: Snipping Tool Accounts page and landing page in the Settings app (S mode only) Start menu (S Mode only) Touch Keyboard, Voice Typing, and Emoji Panel Input Method Editor user interface (IME UI) Getting star"
This issue is resolved in KB5008295.
workaround
Nov 10, 2021
KB5006738
2021-10 Cumulative Update Preview for Windows Server, version 2004 for x64-based Systems (KB5006738)
"Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later. Note Devices that connect dire"
To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the using SSU: Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cabExtract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:*You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.
workaround
Nov 10, 2021
KB5006738
2021-10 Cumulative Update Preview for Windows Server, version 2004 for x64-based Systems (KB5006738)
"After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING"."
For more information and a workaround, see KB5005322.
workaround
Nov 10, 2021
KB5006738
2021-10 Cumulative Update Preview for Windows Server, version 2004 for x64-based Systems (KB5006738)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Sever 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Nov 10, 2021
KB5006738
2021-10 Cumulative Update Preview for Windows Server, version 2004 for x64-based Systems (KB5006738)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health: OS Build 19041.1288 OS Build 19042.1288 OS Build 19043.1288 We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5006745
2021-10 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5006745)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Sever 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Nov 10, 2021
KB5006745
2021-10 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5006745)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5007205
2021-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5007205)
"After installing this update, when connecting to devices in an untrusted domain using Remote Desktop, connections might fail to authenticate when using smart card authentication. You might receive the prompt, "Your credentials did not work. The credentials that were used to connect to [device name] did not work. Please enter new credentials." and "The login attempt failed" in red."
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to non-managed personal devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy linked below. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview. Group Policy installation files: Windows Sever 2022 Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 Important Verify that you are using the correct Group Policy for your version of Windows.
workaround
Nov 10, 2021
KB5007205
2021-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5007205)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5007233
2021-11 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5007233) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Nov 10, 2021
KB5007233
2021-11 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5007233) (ESU)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5007233
2021-11 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5007233) (ESU)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5007247
2021-11 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5007247)
"Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege."
Do one of the following: Perform the operation from a process that has administrator privilege. Perform the operation from a node that doesn’t have CSV ownership. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5007247
2021-11 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5007247)
"After installing this update, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT) 0x0000007c (ERROR_INVALID_LEVEL) 0x00000709 (ERROR_INVALID_PRINTER_NAME) Note The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are mo"
For workarounds and the latest status for this issue, please see Windows release health. We are presently investigating and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5007206
2021-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5007206)
"After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.""
Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10. Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows: Go to the Settings app > Recovery. Select Get Started under the Reset this PC recovery option. Select Keep my Files. Microsoft is working on a resolution and will provide an update in an upcoming release.
workaround
Nov 10, 2021
KB5007206
2021-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5007206)
"After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found."
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.

Disclaimer:This webpage is intended to provide you information about patch announcement for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors websites. You can get more information by clicking the links to visit the relevant pages on the vendors website.