We're once again at the second Tuesday of a new month, and that means it's Patch Tuesday. Microsoft is rolling out cumulative updates for all supported versions of Windows, including Windows 11 and Windows 10. While Windows 10 isn't getting any big new features anymore, these updates should improve stability and reliability overall. As a reminder, only Windows 10 versions 21H2, 21H1, and 20H2 are officially supported, and they're getting updated to build number 19044.1586, 19043.1586, 19042.1586, respectively.
These are all the same update, though, and that's because these three versions of Windows 10 are essentially the same under the hood, except newer versions have some extra features enabled. The update is labeled as KB5011487, and you can download it manually here, if you prefer going that route. As for what's new, Microsoft has addressed the issue where OneDrive data may be kept on your PC after resetting it. Here's the full description of the fix:
-
-
Addresses a known issue that occurs when you attempt to reset a Windows device and its apps have folders that contain reparse data, such as Microsoft OneDrive or Microsoft OneDrive for Business. When you select Remove everything, files that have been downloaded or synced locally from Microsoft OneDrive might not be deleted. Some devices might take up to seven (7) days after you install this update to fully address the issue and prevent files from persisting after a reset. For immediate effect, you can manually trigger Windows Update Troubleshooter using the instructions in Windows Update Troubleshooter.
That's all there is to this update, and that's because Microsoft likes to put most of the big changes in an optional update the month prior - in this case, KB5010415. All of those changes have been rolled into Windows 10 build 19044.1586, and they're mandatory now. Here's everything that's been carried over from that optional update:
Fixes for Windows 10 version 21H2, 21H1, and 20H2
-
New! Provides the ability to share cookies between Microsoft Edge Internet Explorer mode and Microsoft Edge.
-
New! Adds support for hot adding and the removal of non-volatile memory (NVMe) namespaces.
-
Addresses an issue that occurs when Windows Server 2016 runs as a terminal server using certain cloud computing virtual desktop infrastructure (VDI). As result, the servers randomly stop responding after running for a period of time. This also addresses a regression that proactively checks to ensure that the CSharedLock in rpcss.exe is set correctly to avoid a deadlock.
-
Addresses an issue that affects the Windows search service and occurs when you query using the proximity operator.
-
Addresses a memory leak in the wmipicmp.dll module that causes a lot of false alarms in the System Center Operations Manager (SCOM) datacenter monitoring system.
-
Addresses an issue that causes the Remote Desktop Service (RDS) server to become unstable when the number of signed in users exceeds 100. This prevents you from accessing published applications using RDS on Windows Server 2019.
-
Addresses an issue that returns an error message when you browse for a domain or organizational unit (OU). This issue occurs because of improper zeroing out of memory.
-
Addresses an issue that causes the Group Policy Management Console to stop working after you close it. The system logs Application Error Event ID 1000 and the error, 0xc0000005 (STATUS_ACCESS_VIOLATION); the failing module is GPOAdmin.dll.
-
Addresses an issue that fails to show the Startup impact values in Task Manager.
-
Addresses an issue that affects OpenGL and GPU reparenting in indirect display scenarios.
-
Addresses an issue that prevents ShellWindows() from returning the InternetExplorer object when iexplore.exe runs in the Microsoft Edge Internet Explorer mode context.
-
Addresses an issue that affects dialog boxes in Microsoft Edge Internet Explorer mode.
-
Addresses an issue that causes Microsoft Edge Internet Explorer mode to stop working when you press the F1 key.
-
Addresses an issue that causes the improper cleanup of Dynamic Data Exchange (DDE) objects. This prevents session teardown and causes a session to stop responding.
-
Addresses an issue that might cause a device to stop working when you use more than 50 window trees.
-
Addresses an issue that prevents printing from operating properly for some low integrity process apps.
-
Addresses an issue that causes certificate enrollment to fail with the error message,” 0x800700a0 (ERROR _BAD_ARGUMENTS)”.
-
Addresses an issue that affects applications that are written to only integrate with Azure Active Directory (AAD). These applications will not work on machines that are joined to Active Directory Federation Services (ADFS).
-
Addresses an issue that might cause BitLocker to damage virtual machine (VM) system files if you expand the BitLocker partition while the VM is offline.
-
Addresses a remaining issue that might cause the Get-TPM PowerShell command to fail when it attempts to report Trusted Platform Module (TPM) information. The command fails with the error, “0x80090011 Microsoft.Tpm.Commands.TpmWmiException,Microsoft.Tpm.Commands.GetTpmCommand”.
-
Addresses an issue that prevents you from unloading and reloading drivers when the drivers are protected Hypervisor-protected Code Integrity (HVCI).
-
Addresses a reliability issue that affects the use of the Remote Desktop app to mount a client’s local drive to a terminal server session.
-
Addresses an issue that causes a mismatch between a Remote Desktop session’s keyboard and the Remote Desktop Protocol (RDP) client when signing in.
-
Addresses an issue that sometimes causes the Chinese Simplified Input Method Editor (IME) to become completely unusable.
-
Addresses an issue that causes screen readers to describe a back button as "button" rather than "back button".
-
Addresses an issue that occurs when you try to write a service principal name (SPN) alias (such as www/FOO) and HOST/FOO already exists on another object. If the RIGHT_DS_WRITE_PROPERTY is on the SPN attribute of the colliding object, you receive an “Access Denied” error.
-
Addresses an issue that prevents administrators and content owners from opening expired Active Directory Rights Management Services (AD RMS) content.
-
Addresses an issue that disconnects Offline Files on the network drive after you restart the OS and sign in. This issue occurs if the Distributed File System (DFS) path is mapped to the network drive.
-
Addresses an issue that causes VM Live Migration to fail because vhdmp.sys receives different file control block (FCB) object pointers for the same file.
-
Addresses an issue that displays the authentication dialog twice when you mount a network drive.
-
Addresses a memory leak in the Redirected Drive Buffering Subsystem (RDBSS) and the mrxsmb.sys drivers.
-
Addresses an issue that causes a deadlock in the WebDav redirector. This issue occurs when you attempt to read a file from the local TfsStore, which causes the system to stop responding.
-
Addresses an issue that prevents Work Folder sync from recovering from the error code 0x80c80003, “Server is currently busy" on the client. This issue occurs even when the HTTP request queue on the server does not indicate a load.
-
Addresses an issue that calls a context function in a page fault path, which causes a 7F error.
In addition to Windows 10 versions 21H2, 21H1, and 20H2, there are other versions of the OS that are only supported for business and education customers. These are also receiving updates today, but you'll have to be on a supported edition or branch to get these updates. You can check them out and download them manually in the table below:
You can download Windows 10 build 19044.1586 or any of today's updates manually but they'll eventually install by themselves if you take too long. These are mandatory updates, and it's best to install them at your earliest convenience so they don't bother you when you're busy.
Now is also a good time to remind users that support for some versions is dropping soon. Starting on May 10th, Windows 10 version 20H2 will no longer be supported for Home and Pro editions, while version 1909 will lose support altogether. It's a good time to start preparing to upgrade in order to continue receiving security updates.