Microsoft today pushed Windows 10 Build 17134.191 (10.0.17134.191) as cumulative update KB4340917 to those on the latest April 2018 update or on Windows 10 version 1803. This update addresses an issue that causes devices within Active Directory or Hybrid AADJ++ domains to unexpectedly unenroll from Microsoft Intune or third-party MDM services after installing provisioning package updates (PPKG).
The changelog for the Build 17134.191 mentions many more fixes, improvements, and security updates.
Windows 10 Build 17134.191 Changelog:
Improvements and fixes
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
Addresses an issue that causes devices within Active Directory or Hybrid AADJ++ domains to unexpectedly unenroll from Microsoft Intune or third-party MDM services after installing provisioning package updates (PPKG). This issue occurs on devices that are subject to the Auto MDM Enrollment with AAD Token Group Policy. If you ran the script Disable-AutoEnrollMDMCSE.PS1 as a workaround for this issue, run Enable-AutoEnrollMDMCSE.PS1 from a PowerShell window in Administrator mode after installing this update.
- Addresses additional issues with updated time zone information.
- Improves the ability of the Universal CRT Ctype family of functions to handle EOF as valid input.
- Addresses an issue with registration in the “Push to Install” service.
- Addresses an issue with Roaming User Profiles where the AppData\Local and AppData\Locallow folders are incorrectly synchronized at user logon and logoff. For more information, see KB4340390.
- Addresses issues related to peripherals that use Quality of Service (QoS) parameters for Bluetooth connections.
- Addresses an issue that causes SQL Server memory usage to grow over time when encrypting data using a symmetric key that has a certificate. Then, you execute queries that open and close the symmetric key in a recursive loop.
- Addresses an issue where using an invalid password in a wireless PEAP environment that has SSO enabled submits two authentication requests with the invalid password. The excess authentication request may cause premature account lockouts in environments with low account lockout thresholds. To enable the changes, add the new registry key DisableAuthRetry (Dword) on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\26 using regedit, and set it to 1.
- Addresses an issue that prevents OpenType fonts from printing in Win32 applications.
- Addresses an issue with DNS Response Rate Limiting that causes a memory leak when enabled with LogOnly mode.
- Addresses an issue in a RemoteApp session that may result in a black screen when maximizing an app window on a secondary monitor.
- Addresses an issue in IME that causes unexpected finalization of strings during Japanese input in applications such as Microsoft Outlook.
If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.
Known issues in this update
Symptom | Workaround |
After you install any of the July 2018 .NET Framework Security Updates, a COM component fails to load because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors. The most common failure signature is the following: Exception type: System.UnauthorizedAccessException Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) | For more information, see KB4345913. Microsoft is working on a resolution and will provide an update in an upcoming release. |