KB4503288

• Addresses an issue that prevents the operating system from loading new icon files if it encounters an icon file that has a bad format.

• Addresses an issue that prevents Microsoft Edge from opening properly in certain scenarios when you select a link within an application.

• Addresses an issue that prevents the Calculator application from following the Gannen setting when it is enabled. For more information, see KB4469068.

• Addresses an issue that may cause a mouse press and release event to sometimes produce an extra mouse move event.

• Addresses an issue that may cause the user interface to stop responding for several seconds when scrolling in windows that have many child windows.

• Addresses an issue that allows users to disable the sign-in background image when the "Computer\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image" policy is enabled.

• Addresses an issue that may cause Microsoft Outlook to stop working when closing a mail item.

• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.

• Addresses an issue that fails to update a user hive when you publish an optional package in a Connection Group after the Connection Group was previously published.

• Addresses an issue that removes UserRights policies from all users in a security group when you remove a device from a mobile device management (MDM) server or Microsoft Intune deletes a UserRights policy.

• Addresses an issue that may prevent a provisioning package from being applied correctly in some situations when it’s used to invoke the CleanPC configuration service provider (CSP).

• Adds support for a customer configurable safe list for ActiveX controls when using Windows Defender Application Control. For more information, see Allow COM object registration in a Windows Defender Application Control policy.

• Addresses an issue with using Data Protection Application Programming Interface NG (DPAPI-NG) or a group-protected Personal Information Exchange Format (PFX) file. Data you protected using one of these mechanisms on Windows 10, version 1607 and Windows Server 2016 or earlier cannot be decrypted using Windows 10, version 1703 or later.

• Addresses an issue that prevents a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.

• Addresses an issue that may prevent Windows Information Protection (WIP) from enforcing encryption on a removable USB drive.

• Addresses an issue that causes Windows Account Manager (WAM) to fail when using a Trusted Platform Module (TPM) and prevents the user from authenticating.

• Addresses an issue that causes Disk Management and DiskPart to stop responding when presenting some removable disks to Windows.

• Addresses an issue with a system that has preboot kernel Direct Memory Access (DMA) protection enabled. When the system starts Windows in safe mode, the system stops working with the error, “DRIVER_VERIFIER_DMA_VIOLATION.”

• Addresses an issue that causes Office 365 applications to stop working after opening when they are deployed as App-V packages.

• Disables Microsoft Visual Basic Script (VBScript) by default in the Internet and Restricted sites zones in Internet Explorer and the WebBrowser control.

• Addresses an issue with programmatic scrolling in Internet Explorer 11.

• Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.