KB4093111

Addresses an issue that generates an access violation on certain pages in Internet Explorer when it renders SVGs under a high load.

Addresses an issue with printing content generated by ActiveX in Internet Explorer.

Addresses additional issues with updated time zone information.

Addresses an issue where AppLocker publisher rules that are applied to MSI files don’t match the files correctly.

Addresses an issue that prevents the system from booting when you enable LSA (lsass.exe) to run as a protected process by setting the “RunAsPPL” registry entry. Additionally, the Automatic Repair screen may appear.

Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with Audit mode turned on. Netlogon.log may show the following:

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered

NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413

Addresses an issue that generates a certificate validation error (0x800B0109 (CERT_E_UNTRUSTEDROOT)) from http.sys.

Addresses an issue that prevents PIV smart cards from being recognized.

Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.

Security updates to Internet Explorer, Windows app platform and frameworks, Microsoft scripting engine, Windows kernel, Windows graphics, Windows Server, Windows datacenter networking, Windows wireless hetworking, and Windows Hyper-V.