KB4457141

• Addresses an issue that causes Internet Explorer security and certificate dialogs to display prompts in the background instead of the foreground in certain circumstances.

• Addresses an issue that may cause the system to become unresponsive when applications call the EnableEUDC API.

• Addresses an issue in which the “EnterpriseAssignedAccess” policy on mobile devices cannot configure some Settings pages, including Language, Region, Keyboard, and Airplane Mode.

• Addresses an issue with the diagnostic pipeline for devices enrolled in Windows Analytics when the CommercialID registry key, "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" is present.

• Addresses an issue that prevents the App-V client’s scheduled task from synching if the Device Guard lockdown policy is enabled.

• Addresses an issue that occurs when using encrypted email. If the customer selects Cancel when first prompted for a PIN, multiple PIN prompts appear before the prompt finally goes away.

• Addresses an issue that causes logon to fail when using a smart card to log in to a Remote Desktop Server. The error is “STATUS_LOGON_FAILURE”.

• Addresses an issue that causes a Direct Access connection to fail when the client authentication certificate is stored in the TPM device.

• Addresses an issue that causes a third-party VPN provider's user interface to stop working after dynamically unloading Cryptui.dll.

• Addresses an issue that causes the system to log negative events for drivers that are valid and should be trusted. The issue occurs when running Windows Defender Application Control (Device Guard) in audit mode.

• Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) process to stop working when attempting to process a malformed security identifier (SID).

• Addresses an issue that causes logging on to a Remote Desktop Session Host Server to occasionally stop responding.

• Addresses an issue that may cause Service Control Manager (SCM) and Netlogon to stop working when one or more services are configured to run with domain credentials (service accounts).

• Addresses an issue that causes the OS to stop responding during startup under certain circumstances.

• Addresses an issue that occurs when using the “X509HintsNeeded” group policy to prepopulate the Username hint field. The Username hint field is unexpectedly empty when unlocking a machine after a successful logon. Username hint caching is expected to only work for lock and unlock scenarios and is not designed for logoff and logon scenarios.

• Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.

• Addresses an issue in which all Guest Virtual Machines running Unicast NLB fail to respond to NLB requests after the Virtual Machines restart.