June 23, 2022—KB5014665 (OS Build 20348.803) Preview (original) (raw)
Applies ToWindows Server 2022
Version:
OS Build 20348.803
Improvements
This non-security update includes quality improvements. Key changes include:
- New! Adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection.
- New! Adds the ability to call SetCredentialsAttribute in user mode for SECPKG_ATTR_CLIENT_CERT_POLICY.
- New! Adds Server Message Block (SMB) redirector (RDR) specific publicFile System Control (FSCTL)code FSCTL_LMR_QUERY_INFO.
- New! Makes the SMB client and SMB server cipher suite order configurable using PowerShell.
- New! Adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection.
- New! Adds Server Message Block (SMB) redirector (RDR) specific public File System Control (FSCTL) code FSCTL_LMR_QUERY_INFO.
- New! Adds support for Transport Layer Security (TLS) 1.3 in Windows client and server Lightweight Directory Access Protocol (LDAP) implementations.
- Addresses an issue that affects the Cloud Clipboard service and prevents syncing between machines after a period of inactivity.
- Addresses an issue that displays Japanese characters incorrectly in PowerShell.
- Addresses an issue that fails to show Windows Server 2019 and Windows Server 2022 in certain dropdown menu lists in Server Manager.
- Addresses issues that block GPU Paravirtualization.
- Improves GPU usage in scenarios in which multiple users remotely connect to a server that has multiple GPUs installed.
- Enables the InternetExplorerModeEnableSavePageAs Group Policy. For more information, see Microsoft Edge Browser Policy Documentation.
- Addresses an issue that causes the GetDoubleClickTime() API to fail on non-interactive window stations. For more information, see GetDoubleClickTime function (winuser.h) and Window Station and Desktop Creation.
- Addresses an issue that affects the touchpad area that responds to a right-click (the right-click zone). For more information, see Right-click zone.
- Addresses an issue that affects some certificates chains to Root Certification Authorities that are members of the Microsoft Root Certification Program. For these certificates, the certificate chain status can be, “This certificate was revoked by its certification authority”.
- Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection.
- Addresses an issue that causes a domain controller to incorrectly write Key Distribution Center (KDC) event 21 in the System event log. This occurs when the KDC successfully processes a Kerberos Public Key Cryptography for Initial Authentication (PKINIT) authentication request with a self-signed certificate for key trust scenarios (Windows Hello for Business and Device Authentication).
- Addresses an issue in which creating Install from Media (IFM) media for Active Directory fails and generates the error, “-2101 JET_errCallbackFailed”.
- Addresses an issue that occurs when the Active Directory Lightweight Directory Service (LDS) resets the password for userProxy objects. The password reset fails with an error such as, “00000005: SvcErr: DSID-03380C23, problem 5003 (WILL_NOT_PERFORM), data 0”.
- Addresses an issue that causes the LocalUsersAndGroups configuration service provider (CSP) policy to fail when you modify the built-in Administrators group. This issue occurs if the local Administrator account isn't specified in the membership list when you perform a replace operation.
- Addresses an issue in which malformed XML inputs might cause an error in DeviceEnroller.exe. This prevents CSPs from being delivered to the device until you restart the device or correct the XML.
- Addresses an issue that causes Microsoft NTLM authentication using an external trust to fail. This issue occurs when a domain controller that contains the January 11, 2022 or later Windows update services the authentication request, is not in a root domain, and does not hold the Global Catalog role. The affected operations might log the following errors:
- The security database has not been started.
- The domain was in the wrong state to perform the security operation.
- 0xc00000dd (STATUS_INVALID_DOMAIN_STATE).
- Optimizes access to the State Repository database to help reduce Appx deployment delays or black screens that might occur when you sign in to Windows 2019 Server.
- Addresses an issue that fails to show Windows Server 2019 and Windows Server 2022 in certain dropdown menu lists in Server Manager.
- Addresses an issue that causes file copying to be slower because of a wrong calculation of write buffers within cache manager.
- Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.
- Addresses a known issue that prevents Windows servers that use the Routing and Remote Access Service (RRAS) from correctly directing internet traffic. Devices that connect to the server might not connect to the internet, and servers might lose connection to the internet after a client device connects to them.
- Addresses a memory leak issue in IE mode.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
Windows 10 servicing stack update - 20348.793
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. Key changes include:
- Addresses an issue that prevents a pre-installed app from working as expected after you install a Windows update.
Known issues in this update
| Symptom | Workaround |
|---|---|
| After installing this update, IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box. A modal dialog box is a form or dialog box that requires the user to respond before continuing or interacting with other portions of the webpage or app. Developer Note Sites affected by this issue call window.focus. | This issue is addressed in KB5016693. |
| After installing updates released June 14, 2022, or later, PowerShell Desired State Configuration (DSC) using an encrypted the PSCredential property might fail when decrypting the credentials on the target node. This failure will result in a password related error message, similar to, “The password supplied to the Desired State Configuration resource is not valid. The password cannot be null or empty.” Note Environments which use non-encrypted PSCredential properties will not experience the issue. DSC is a management platform in PowerShell that enables administrators to manage IT and development infrastructure with configuration as code. This issue is not likely to be experienced by home users of Windows. | This issue is addressed in KB5015827. |
How to get this update
Before installing this update
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Install this update
| Release Channel | Available | Next Step |
|---|---|---|
| Windows Update and Microsoft Update | Yes | Go to Settings > Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update. |
| Windows Update for Business | No | None. These changes will be included in the next security update to this channel. |
| Microsoft Update Catalog | No | To get the standalone package for this update, go to the Microsoft Update Catalog website. |
| Windows Server Update Services (WSUS) | No | You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions. |
If you want to remove the LCU
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File Information
For a list of the files that are provided in this update, download the file information for cumulative update 5014665.
For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20348.793.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.