Following up on this month's Patch Tuesday and last week's optional update for Windows 10 versions 1909 and 1809, Microsoft today released another optional Windows 10 cumulative update. This time, the update is for the newer versions of Windows 10 - 2004, 20H2, and 21H1. For Windows Insiders in the Beta and Release Preview channels, this update was released last week.

Today's update brings the build numbers up to 19041.1081, 19042.1081, and 19043.1081, depending on which of the versions you're running. All these versions of Windows 10 get the same updates, because they all have the same files. The newer versions only have toggles to enable specific features. The update itself is KB5003690, and you can download it manually here. It fixes a number of major problems, including the blurry News and interests icon Microsoft had already acknowledged. This issue had also been fixed in last week's cumulative update for Windows 10 version 1909. Here are the highlights of this release:

  • Updates an issue in a small subset of users that have lower than expected performance in games after installing KB5000842 or later.
  • Updates an issue that causes the Japanese Input Method Editor (IME) to suddenly stop working while you are typing.
  • Updates an issue in which signing in using a PIN fails. The error message is "Something happened and your PIN isn’t available. Click to set up your PIN again."
  • Updates an issue that, in certain cases, takes you out of the exclusive virtual reality (VR) app and back to Windows Mixed Reality Home when you press the Windows button on the controller.
  • Updates an issue that causes blurry text on the news and interests button on the Windows taskbar for some screen resolutions.
  • Updates an issue with Search box graphics on the Windows taskbar that occurs if you right-click the taskbar and turn off News and interests. This graphics issue is especially visible when using dark mode.
  • Updates an issue that might prevent you from using your fingerprint to sign in after startup or waking up your device from sleep.
  • Updates an issue that might cause a high-pitched noise or squeak in certain apps when you play 5.1 Dolby Digital audio using certain audio devices and Windows settings.

The full list of fixes is quite long, as it tends to be in these optional updates. Here's everything that's been fixed or updated in this release:

  • Addresses an issue that causes communication between apps to stop working after you enable the “AppMgmt_COM_SearchForCLSID” policy.
  • Addresses a performance issue in the MultiByteToWideChar() function that occurs when it is used in a non-English locale.
  • Addresses an issue that prevents sorting from working properly when using multiple versions of National Language Support (NLS) sorting.
  • Addresses an issue in a small subset of users that have lower than expected performance in games after installing KB5000842 or later.
  • Addresses an issue that causes the Japanese Input Method Editor (IME) to suddenly stop working while you are typing.
  • Addresses an issue that causes WMIMigrationPlugin.dll to return an error when you attempt to migrate in offline mode.
  • Addresses an issue with the Set-RuleOption PowerShell command that fails to provide the option for the Windows Defender Application Control (WDAC) policy to treat files signed with an expired certificate as unsigned.
  • Addresses an issue that causes Windows to stop working when it uses AppLocker to validate a file that has multiple signatures. The error is 0x3B.
  • Addresses an issue that might cause BitLocker to go into recovery mode after updating the Trusted Platform Module (TPM) firmware. This occurs when the "Interactive logon: Machine account lockout Threshold" policy is set and there were incorrect password attempts.
  • Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events.
  • Addresses an issue with authenticating for a domain controller when Credential Guard and Remote Credential Guard are enabled.
  • Addresses an issue that prevents certain screen reader apps from running when Hypervisor-protected code integrity (HVCI) is enabled.
  • Addresses an issue in which signing in using a PIN fails. The error message is "Something happened and your PIN isn’t available. Click to set up your PIN again."
  • Adds Windows support for System Management Mode protections (firmware protection version 2.0) for certain processors that support Secure Launch.
  • Addresses an issue that, in certain cases, takes you out of the exclusive virtual reality (VR) app and back to Windows Mixed Reality Home when you press the Windows button on the controller. With this update, when you press the Windows button, the Windows Start menu appears. When you close the Start menu, you will go back to the exclusive VR app.
  • Improves the accuracy and efficiency of sensitive data analysis in the Microsoft 365 Endpoint data loss prevention (DLP) Classification Engine.
  • Addresses an issue with the Internet Key Exchange (IKE) VPN service on remote access server (RAS) servers. Periodically, users cannot connect a VPN to the server over the IKE protocol. This issue might start several hours or days after restarting the server or restarting the IKEEXT service. Some users can connect while many others cannot connect because the service is in DoS Protection mode, which limits incoming connection attempts.
  • Addresses an issue that causes Wi-Fi connections to fail because of an invalid Message Integrity Check (MIC) on a four-way handshake if Management Frame Protection (MFP) is enabled.
  • Addresses an issue that might cause a VPN to fail after renewing a user auto-enrolled certificate. The error message is "There are no more files".
  • Addresses an issue with the Tunnel Extensible Authentication protocol (TEAP) that replaces the outer identity with “anonymous” even though identity privacy is not selected or is disabled.
  • Addresses an issue that causes Remote Desktop sessions to stop responding while the User Datagram Protocol (UDP) is enabled.
  • Adds support for the USB Test and Measurement Class.
  • Addresses an issue in Adamsync.exe that affects the syncing of large Active Directory subtrees.
  • Addresses an error that occurs when the Lightweight Directory Access Protocol (LDAP) bind cache is full, and the LDAP client library receives a referral.
  • Addresses a redirector stop error that is caused by a race condition that occurs when the system deletes binding objects when connections close.
  • Addresses an issue that prevents users from setting or querying disk quotas on the C drive.
  • Addresses an issue that causes 16-bit apps that run on NT Virtual DOS Machine (NTVDM) to stop working when you open them.
  • Addresses an issue that causes fontdrvhost.exe to stop working when Compact Font Format version 2 (CFF2) fonts are installed.
  • Addresses an issue that might prevent End User Defined Characters (EUDC) from printing correctly because of font fallback settings.
  • Addresses an issue that causes blurry text on the news and interests button on the Windows taskbar for some display configurations.
  • Addresses an issue with Search box graphics on the Windows taskbar that occurs if you use the taskbar’s context menu to turn off News and interests. This graphics issue is especially visible when using dark mode.
  • Addresses an issue that might cause signing in with your fingerprint to fail after the system starts up or resumes from sleep.
  • Addresses an issue that might cause a high-pitched noise or squeak in certain apps when you play 5.1 Dolby Digital audio using certain audio devices and Windows settings.

As usual, there are a couple of known issues with this release, too. Here's what you need to be aware of before installing this update:

Symptoms

Workaround

When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.Note The affected apps are using the ImmGetCompositionString() function.

We are working on a resolution and will provide an update in an upcoming release.

Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.Note Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps.

To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the using SSU:Extract the cab from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab <destination path>Extract the SSU from the previously extracted cab via this command line: expand Windows10.0-KB5000842-x64.cab /f:* <destination path>You will then have the SSU cab, in this example named SSU-19041.903-x64.cab. Slipstream this file into your offline image first, then the LCU.If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business.

In addition to the manual download linked at the top, you can also get this update through Windows Update, under Optional updates. You can always just wait for these changes to be included in next month's Patch Tuesday, which will be mandatory. Windows 10 cumulative updates include all the previous fixes, so you'll get them all if you don't have them already.