KB4503267 updates Windows 10 1607 to Build 14393.3025 Jun 11′ 2019

KB4503267 comes out for Windows 10 1607 users and updates the same to Build 14393.3025. With this cumulative update, Microsoft brings a number of security updates for Windows services and Components, Microsoft Edge, and others. This patch contains remarkable fixes such as- Authentication issue on Windows Hello, Bluetooth devices security bugs, Windows Deployment Services, etc.

There are some known issues as well on this patch update of which a few contain temporary solutions. Anyways, keeping OS up to date is a necessity and hence we recommend you to do the same. Today, in this guide, we discuss how to incorporate these features and revive your system functions.

KB4503267

KB4503267 – Improvements and fixes on windows 10 1607

Here, we discuss the key changes that occur on this new cumulative update-

  • Works upon an anomaly that earlier causes authentication issues while using Windows Hello for Business on Windows Server 2016. This appears only when the Server Core option is installed.
  • KB4503267 resolves the security vulnerability issue that is found to prevent connections between Windows 1607 and Bluetooth devices. This occurs when the Bluetooth devices at hand are not secured and try to encrypt connections even security fobs. In case, BTHUSB Event 22 in the Event Viewer displays Your Bluetooth device attempted to establish a debug connection…”, it implies there is a breach on your System. As a workaround, you can contact either Bluetooth manufacturer or simply visitKB4507623.
  • The experts address an underlying bug on Internet Explorer. This bug prevents IE 11 from launching if the Default Search provider is either not specified or malformed.
  • Brings Security Updates for Windows Virtualization, Windows Server, Windows App Platform and Frameworks, Windows Media, Internet Explorer and Microsoft Edge. Some other devices that too receive security updates are – Microsoft Scripting Engine, Internet Information Services, Windows Input and Composition, Windows Shell, Windows Datacenter Networking, Microsoft JET Database Engine, Windows Storage and Filesystems, Windows Authentication and Windows Server.
  • The Company also brings a solution to the issue that earlier restricts Preboot Execution Environment i.e. PXE from enabling a device right from Windows Deployment Services. This occurs only when the WDS server is configured to use Variable Window Extension and thus terminate any connection prematurely if you try to download the images. This bug is specific to devices and clients using Variable Window Extension. Hence, those who are not using such an extension won’t face this trouble.

KB4503267 – Known Issues

SymptomWorkaround

After installing KB4503267 patch, certain functions like renaming files and folders may fail and hence displays the following error message-

“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”

This happens only if you carry some operations on a Cluster Shared Volume or use a non-Admin account to perform such functions on a CSV owner node.

To address this, perform the following-

  • Execute the operation using a process that has administrator privilege.
  • Carry out this operation from a node that doesn’t contain CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

SCVMM can’t enumerate and manage logical switches deployed on the host after installing the update. This occurs only on the hosts that are managed by System Center Virtual Machine Manager (SCVMM)

Alternatively, if you do not follow the best practices, a stop error may also occur in vfpext.sys while being on the hosts.

To solve this, you should do the following-

  1. Run mofcomp on of files inside the affected host, like-
    • Scvmmswitchportsettings.mof
    • VMMDHCPSvr.mof
  2. Follow the best practices while preventing a stop error on vfpext.sys in an SDN v2 environment (NC managed hosts).

If you download KB4467684, the cluster service may not begin, rather display the error- “2245 (NERR_PasswordTooShort)”.

This occurs if one uses more than 14 characters whereas the group policy “Minimum Password Length” is configured to use less than that.

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Recent Issue

Symptom

Workaround

Certain applications may not run as thought on Active Directory Federation Services 2016 clients. This issue comes into effect only after installing server from this cumulative update.

Applications which does exhibit such behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

The Company provides a resolution to this bug as well-

Use the Allow-from value of the header in case the IFRAME is only accessing pages from a single-origin URL.

Again, open a PowerShell window as Admin and run the following command on the affected server-

  • set-AdfsResponseHeaders -SetHeaderName X-Frame-Options -SetHeaderValue "allow-from https://example.com"

The team is currently working on a resolution and will introduce the same in an upcoming release as soon as they found one.

Once you install the KB4503267 patch update then reopening some devices may let Windows Server entering into BitLocker recovery mode. This happens on Hyper-V enabled devices and thus receives an error, “0xC0210000”.

Note Windows 10, version 1607 may also be affected when BitLocker and Hyper-V are enabled.

For a workaround for this issue, please see KB4505821.

Microsoft is working on a resolution and will provide an update in an upcoming release.

How to get KB4503267 update

First and foremost, make sure to download and install the current SSU i.e. (KB4503537) before going to apply this patch update on Windows 10 1607. This is essential for the smooth functioning of the whole upgrading process.

After you apply the above service stack update, do the following to download the latest cumulative update-

  • Press Win+I hotkey together to invoke the Settings app.
  • Here, select Update & Security option.
  • On the next window, choose Windows Update on the left pane.
  • Henceforth, move to the right side and tap Check for updates button.

Alternatively, you can manually download its .msi file.

Here are a few fixes, in case Check For Updates doesn’t work on Windows 10.

Source – Update Catalog