KB4516071 and KB4516059 came for Windows 10 1709 & 1703 – 24 Sept

Microsoft rolls KB4516071 and KB4516059 cumulative updates for Windows 10 1709 and 1703 respectively.  KB4516071 upgrades the existing 1709 OS to Build 16299.1420 whereas KB4516059 updates 1703 version OS to Build 15063.2078. These patch updates bring several new enhancements for BitLocker, Windows Defender, Outlook, and others. Along with updating Windows components, they address different errors like- “0xc000021a”, mssecflt.sys, LSASS, etc.

Furthermore, there may appear some issues after installing them to which the company has already provided the essential workaround. You may download KB4516071 and KB4516059 as .msi files as well by clicking upon the link provided in this guide. Additionally, here is the complete list of Windows 10 cumulative updates.

KB4516071 and KB4516059

General Fixes and Improvements 

This non-security update includes quality improvements. Key changes include:

Windows 10, version 1709 – KB4516071

  • Works upon an issue that restricts a web browser from connecting securely to Windows Server. This anomaly arises when you use a client authentication certificate like SHA512; however, the particular browser doesn’t support a signature algorithm matching the above certificate.
  • The team improves the anomaly that lets the lsass.exe service stop working which in turn used to shut down the operating system unnecessarily. This issue appears only during the migration of Data Protection of API credentials with the help of the dpapimig.exe bearing domain. 
  • KB4516071 resolves the issue that leads to the fatal error “0xc000021a”. It arises primarily during a Windows Update or initializing a system restoration with prior restore points. 
  • Build 16299.1420 enhances the Local Security Authority Subsystem Service (LSASS) so as to stop the occurrence of error “0xc0000005”.
  • The team resolves the excessive CPU usage issue that begins when users hover the mouse over Taskbar or simply switch between apps. 
  • Earlier, App-V applications used to display network failure under situations like low system battery or sudden Power failure. Microsoft has addressed this issue as well.
  • Windows Hello users were recently getting two separate certificates to authenticate their previous expired single certificate. This leads to some trouble, which the company has resolved in this patch.
  • The team resolves the compatibility issue when the Windows Security app tries to access case-sensitive Server Message Block (SMB) shares. In addition to this, they improve the detection accuracy of Microsoft Defender ATP Threat & Vulnerability Management.
  • KB4516071 brings new changes to the settings of BitLocker. This is useful when you try to encrypt self-encrypting drives. From now onward, you have to use software encryption for newer drives as well. No changes come for the existing drives.
  • Resolves a rare issue that arises when the mssecflt.sys driver takes too much space on the kernel stack. This causes the error, “STOP 0x7F: UNEXPECTED_KERNEL_MODE_TRAP”, & Parameter 1 is set to “EXCEPTION_DOUBLE_FAULT.” 
  • Build 16299.1420 fixes the issue owing to which, Microsoft Defender Advanced Threat Protection (ATP) starts doing excessive memory utilization.  
  • KB4516071 resolves a bug that lets virtual desktop infrastructure (VDI) environments to show black rectangles on the display screen. This occurs while using either Microsoft Outlook or Microsoft Office.
  • The team rectifies the cross-origin resources sharing (CORS) request bug in the Internet Explorer. This issue arises when users perform origin requests that redirect resources to internal subnets.

Windows 10, version 1703 – KB4516059 

  • The Company resolves the Microsoft Edge issue on KB4516059 that appears while opening a few internal webpages. 
  • Works upon an issue that restricts a web browser from connecting securely to Windows Server. This anomaly arises when you use a client authentication certificate like SHA512; however, the particular browser doesn’t support a signature algorithm matching the above certificate.
  • KB4516059 brings new changes to the settings of BitLocker. This is useful when you try to encrypt self-encrypting drives. From now onward, you have to use software encryption for newer drives as well. No changes come for the existing drives.
  • Build 15063.2078 enhances the Local Security Authority Subsystem Service (LSASS) so as to stop the occurrence of error “0xc0000005”.
  • The team improves the anomaly that lets the lsass.exe service stop working which in turn used to shut down the operating system unnecessarily. This issue appears only during the migration of Data Protection of API credentials with the help of the dpapimig.exe bearing domain. 
  • KB4516059 resolves the issue that leads to the stop error “0xc000021a”. It occurs primarily during a Windows Update or initializing a system restoration with prior restore points. 
  • The team rectifies the Origin request header behavior bug in the Internet Explorer. This issue arises when users make cross-origin resources sharing (CORS) requests which bring redirected resources in internal subnets.

Known Issues on KB4516071 and KB4516059

Here are the known bugs that may appear after installing KB4516071 and KB4516059 on your PC-

[su_table]

Cumulative Update Symptom Workaround
KB4516071 & KB4516059

If you execute certain operations like renaming of files and folders, this may pop the following error message-

“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”

This bug arises primarily when you don’t have administrative privileges to perform these actions on a Cluster Shared Volume.

To resolve this bug, perform the operation using-

  • A procedure that has admin rights.
  • A node that doesn’t require CSV ownership.

The Company may release a permanent solution to this very soon as they are currently working on a resolution.

KB4516071

After installing this patch update, some of the IMEs may become unresponsive or even start accessing huge data over CPU. The affected IMEs are as follows-

  • Chinese Simplified (ChsIME.EXE
  • Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.

This bug often arises due to changes in security while installing updates. Or, when either Touch Keyboard or Handwriting Panel Service is not configured to its default startup type of Manual. However, you may solve this issue following the below steps-

  1. Hit the Start button and type “services” in the search field.
  2. Start the Services app then locate and launch Touch Keyboard and Handwriting Panel Service.
  3. Once it starts, select Properties.
  4. Here, find Startup type: and switch it to Manual.
  5. Lastly, press OK.

The TabletInputService service is at present in the default configuration, hence IME should work as expected.

[/su_table]

How to get KB4516071 and KB4516059

Before proceeding further, make sure to install the following Servicing stack updates on your PC-

1. Through Windows Update

You will auto receive the new patch update KB4516071 and KB4516059 on your respective Windows 10 1700 series PCs through Windows Update. Besides, you can manually download the patch update as well by visiting the following address-

Settings (Win+I) > Update & Security > Windows Update

After you reach the above location, press Check for updates option.

2. Through the Update Catalog

Download Standalone Package for Windows 10 version: 17091703.

3. Via Windows Server Update Services (WSUS)

If you configure Products and Classifications as described below, KB4516071 and KB4516059 will auto-synchronize with WSUS.

  • Product: Windows 10
  • Classification: Security Updates

Source: KB4516071 and KB4516059