KB4586853 – Windows 10 2004 19041.661 & 20H2 19042.661

Microsoft releases a new patch i.e. KB4586853 for Windows 10 2004 and 20H2 users updating the existing builds to 19041.661 and 19042.661 respectively. This is an optional update bringing several fixes and quality improvements to your device. 

You may see the complete changelog at Windows Blog Site. Or, read the primary changes as discussed below. For now, you may get this update for insider channels or simply download the below CAB files.


KB4586853 Changelog

A patch is out for windows 10 20H2 and 2004 to fix the in-place upgrade. This is an optional update taking the version to 19042.661 and 19041.661 respectively.

The fixes and improvements that came with this insider update are listed below –

  • This new build updated about dialog of internet explorer to use the modern standard dialog.
  • Fixed the local account groups in the localized language which didn’t use to appear even, after you deployed the language pack.
  • Also fixed certain Microsoft Xbox consoles that couldn’t be found on a windows device.
  • This update fixed an issue for the narrator to stop responding after you unlock a device if the  Narrator was in use before you locked the device.
  • Fixed an issue with a certain COM API that causes a memory leak.
  • Fixed an issue that prevents the touch keyboard from opening in UWP (Universal Window Platform) apps when a USB device is connected.
  • This build fixed jump list items that can’t function. The problem occurs when you create them using WinRT UL. SmartScreen API for desktop apps that are packaged in the MSIX format.
  • This update fixed such applications that can’t receive the ctrl and shift keystroke events when the Bopomofo, Changjie, or Quick IME are in use.
  • Microsoft fixed the setting of desktop wallpaper which does not work when you configure the local background as a solid color in GPO.
  • Fixed an issue that prevents AD (Azure Active) Directory using the Google Chrome browser because of a conditional access policy error.
  • Improved the visual quality of windows mixed reality that run in lower resolution mode.
  • Extended Microsoft Defender for Endpoint support to new regions.
  • Extended a new hardware-enforced stack protection feature called shadow stack on supported hardware. This update allows applications to opt into user-mode shadow stack protection, which helps harden backward-edge control flow integrity and prevents return-oriented programming-based attacks.
  • Fixed an issue that prevents PDF24 app, version 9.1.1 from opening .txt files.
  • Fixed Kaomoji that is inc0rrectly rendered on the emoji panel.
  • Resolved touch keyboard instability in the Mail app.
  • Fixed certain MIDI devices that connect using Bluetooth Low Energy (LE) might fail to pair.
  • The current build fixed an issue that causes a 0x57 error when the wecutil ss/c: command is used as an event forwarding subscription.
  • Fixed an issue that might cause a memory leak in bindft.sys, when copying files in a container scenario.
  • Fixed an issue in which cluster validation tests internal switches that are not for cluster use and re-communication.
  • Worked upon an issue that causes a device to continually restart after installing an app.
  • Added the touch keyboard to the allowed apps list, and it now works in multi-app assigned access mode.
  • The latest update also fixed the input focus of edit controls that randomly changes when using the Chinese traditional or Japanese IME.
  • The build fixer E_UNEXPECTED error that appears when installing the update.
  • LCU fixed a non-paged pool of a system that can’t be freed and requires a restart of the system. This arises when running a 32-bit application with the FIPS mode enabled.
  • Fixed “I forgot my pin” functionality that fails to work on the lock screen. This occurs in the condition when the user has signed in using Username and Password.
  • Fixed MMC group policy that stops working when editing the group policy security setting. The error is like “MMC cannot initialize the snap-in”.
  • Resolved an issue that displays a black screen to windows virtual desktop (WVD) users whenever they attempt to sign-in.
  • KB4586853 fixed an issue that crops the touch keyboard when you use a remote desktop connection on a different screen resolution.
  • Fixed an issue that prevents you from signing in to certain servers. 
  • Worked upon an issue in which loading a code integrity policy causes the power shell to leak a large amount of memory.
  • KB4586853 fixed an issue that causes stop error 0x27 when you attempt to sign in to a device that is not in a domain using credentials for a device that is in the domain.
  • From now onward, no apps remain blocked to hydrate files.
  • KB4586853 fixed cluster validation that tests internal switches that are not for cluster re-communication.
  • Fixed an issue that fails to send the shift key up event to an application when you use the Japanese IME.
  • Fixed an issue that enters unexpected characters, such as half-width Hiragana, when you type a password in Kana input mode inside the IME editor.
  • Solved a runtime error that causes visual Basic 6.0 (VB6) to stop working when duplicate windows messages are sent to WindowProc ().
  • Added the OSK to the allowed apps list, and it now functions in multi-app assigned access code.
  • Fixed memory leak in the system that occurs when copying files in a container scenario.
  • Fixed RPC runtime that leads the DFSR service to stop responding. This problem renders log events for no reconnection (5004), RPC(1726), and DFS replication (5014) for a default timeout of 24 hours with no replication.
  • The package fixed the system to stop working during startup. The problem takes place when you put “1” under the crashonAuditFail policy and turn On the command-line argument auditing.
  • Fixed power shell leaking a large amount of memory due to loading code integrity policy.
  • Enabled new hardware-enforced a new Hardware enforced stack Protection feature called shadow stacks on supported hardware.
  • Finally fixed Kerberos authentication in Windows 10 which is related to the PerformTicketSignature registry subkey value. The following problems might arise on writable and read-only domain controllers (DC)-
    • Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).

    • Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.

    •  S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.