KB4489888 and KB4489890 roll out with new features

Microsoft rolls out KB4489888 and KB4489890 cumulative update in its third Tuesday’ March update. They belong to Windows 10 1703 and 1709 receptively. Both of them come with similar fixes, changes and known issues, hence they are written altogether here.

March 12 and April 9 updates are the last two delta updates for them, out of which one is already published on its official website. Though, no new Operating System features will appear afterward, a few patches containing Security and quality updates will continue to come along with cumulative updates similar to this one. Let’s explore them in detail-

  1. Windows 10 1703- KB4489888
  2. Windows 10 1709- KB4489890

KB4489888 and KB4489890

What’s new in KB4489888 and KB4489890

Most of the changes, features and known issues as well are the same in both i.e. KB4489888 and KB4489890. Having said so, we here present you the common improvements and fixes-

General Improvements and fixes

The Key changes of these updates are as follow-

  1. They update the time zone information for Argentina, Kazakhstan, São Tomé, Príncipe and Buenos Aires.
  2. They solve the Microsoft Office Visual Basic issue which is known to create a nuisance while applying registry settings on Japanese era dates. To know more, have a look at KB4469068.
  3. They also solve the issue which restricts users from enabling gan-nen support on the Japanese era calendar.
  4. The Company resolves an error that primarily occurs in the Microsoft Access 97 database. It basically stops a requested operation when there are custom properties on Table or Column.
  5. Microsoft solves the issue which doesn’t allow users to authenticate and thus causes WAM (short for Windows Account Manager) to fail while using a TPM (short for Trusted Platform Module).
  6. They address an error that results in failing of certificates during the use of CERT_RENEWAL_PROP_ID on the ICertPropertyRenewal interface.
  7. They also address the bug which generates the Error code “Stop ox133” in NTFS.sys.
  8. Earlier users were not receiving all the available Windows updates using Unified Write Filter (UWF) servicing mode despite the same section is enabled. They resolve this bug as well.
  9. They fix a bug in which authentication dialog doesn’t appear when an Enterprise Web tries connecting to the net.
  10. The Company addresses the issue in which a smart card sign in with credentials simply fails on Azure Active Directory i.e. AAD. using Remote Desktop Services.

Some other changes

  1. They fix an error which removes the ALLOWCLSIDS policy from the policy XML file whenever users try to run Add-SignerRule for Windows Defender Application Control.
  2. They resolve the bug which restricts users from login while using App-V client to open different apps. It also leads to account lockouts in several situations. The sole reason behind this is failing of Kerberos authentication while working to get Users information from Domain name server. You can solve this issue using the following key changes under its registry-
    • Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Shared\
    • Setting: UseDcForGetUserInfo
    • Type: REG_DWORD
    • Value: Setting the following DWORD to nonzero will enable the solution.
  3. Microsoft addresses an issue that prevents App-V applications from starting and generates error “0xc0000225”. Setting the following DWORD to a non-zero number will enable the solution: “HKLM\Software\Microsoft\AppV\\MAV\Configuration\MaxAttachWaitTimeInMilliseconds”. The default is zero, the maximum is 10,000, and it limits the maximum wait time for a driver when the error occurs. For more information, see KB4494206.
  4. They resolve an issue in which the graphics device interface (GDI) DeleteObject() may cause the calling process to stop working when both of the following conditions are true:
    • The calling process is a WOW64 process that handles memory addresses larger than 2 GB.
    • The DeleteObject() is called with a device context that is compatible with a printer device context.

If you have installed any early updates on your System, this release will bring only new fixes that it contains. Thus, only new fixes will be downloaded and installed on your System.

Known issues- KB4489888 and KB4489890

Issue #1

After updating your System with this release, some apps may stop responding due to MSXML6. This occurs only if an exception is thrown out during node operations like- moveNode(), insertBefore() and appendChild().

If there is a group policy preference for IE 10 (internet explorer) settings and you edit this particular GPO (group policy object), it may cause Group Policy Editor to stop responding as well.

Sol– The Company is working on a fix to this issue and if found, they will bring the same in an upcoming release.

Issue #2

Custom URI schemes for Application Protocol handlers are now not starting the corresponding apps for local intranet as well as trusted sites on internet Explorer. This too occurs after applying this update on your System.

Sol- You should enable Protected mode in IE for a local intranet and trusted sites. Follow below-written steps to overcome this issue on your PC-

  1. At first navigate to, Tools > Internet options > Security.
  2. Thereafter, select Local intranet followed by Enable Protected mode under “Select a zone to view or change security settings”.
  3. Henceforth, choose Trusted sites then Enable Protected Mode again.
  4. Lastly, tap OK and reboot your system so that changes made so far come into effect.

They are currently working to resolve this issue asap.

Issue #3

In case, you enable per font EUDC, your system may stop working or turn Blue like BSOD right from the startup.

Sol- Follow the thumb rule i.e. don’t enable per font EUDC on your System. They are working on a resolution and will provide the same if found one.

Issue #4- (Only on KB4489890- Windows 10 1709)

After applying KB4489890 cumulative on Windows 10 1709 Machine, a stop error appears whenever users try to open the SSH client program on Windows Subsystem for Linux. In general, this occurs only when agent forwarding is enabled on WSL with a command-line switch-like – (ssh -A) or a configuration setting.

Sol- The best thing to get rid of this error is to disable forwarding of the authentication agent connection with the help of a configuration switch or a command line switch like (ssh -a). The company is working on a resolution and might bring the same in an upcoming release.

How to get the Update- KB4489888 and KB4489890

Before proceeding to launch either of LCUs on your System, make sure to install the latest SSU. Servicing stack update, in general, improves the reliability of the update process, thus minimize the potential issue that may appear while applying your PC with the latest cumulative update.

KB4487327 is the latest SSU for KB4489888 -1703 while KB4485448 for KB4489890 -1709. To get the standalone package, visit Update Catalog and type the respective knowledge base number as per your choice.

By default, you will receive the Windows Update on your System automatically. However, if it doesn’t appear on your system for whatsoever reasons, you can have them manually as well. Here is the procedure-

At first, navigate to the following path-

Settings > Update & Security > Windows Update

Here, select Check for updates option. The concerned update file should be there, else get the same from below.

KB4489888- Download file

KB4489890- Download file


Here, we have pinpointed the general improvements brought under KB4489888 and KB4489890 cumulative updates along with some minor known issues. If you have any queries related to this article, do ask us in the comment section below.