Like every month, this April 13, Microsoft released Patch Tuesday, that is to say all the bug fixes and security updates they have been working on throughout the month. The strong point of this version (KB5001330) is the total elimination of the old Microsoft Edge and its permanent and forced replacement by the new one. The new Edge is a hit and we have already talked about its main advantages over Google Chrome.
Improvements and fixes (KB5001330)
This update improves the quality of the servicing stack, which is the component that installs Windows updates. Stack Update Maintenance (SSU) ensures that you have a robust and reliable maintenance stack so that your devices can receive and install updates from Microsoft. Addresses an issue where a principal in an MIT trusted domain does not obtain a Kerberos service ticket from Active Directory domain controllers (DCs). This happens on devices that have installed Windows updates that contain CVE-2020-17049 protections and set PerfromTicketSignature to 1 or later. These updates were released between November 10, 2020 and December 8, 2020. The purchase of the correct product also results in an error, “KRB_GENERIC_ERROR”, if callers submit a Ticket Granting Ticket (TGT) without PAC as a voucher proof without providing the USER_NO_AUTH_DATA_REQUIRED entry flag. Addresses an issue with security vulnerabilities identified by a security researcher. Due to these security vulnerabilities, this update and all future Windows updates will no longer contain the RemoteFX vGPU functionality. For more information on the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available with Discrete Device Mapping (DDA) in LTSC versions of Windows Server (Windows Server 2016 and Windows Server 2019) and bag versions of Windows Server (Windows Server, version 1803 and later). Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web login allows arbitrary navigation from third-party endpoints used for federated authentication. For more information, see CVE-2021-27092 and Policy CSP: Authentication. Security updates for Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, Windows AI platform, Windows kernel, Windows Virtualization, and Windows Media. Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to automatically receive updates from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and policy. Windows Update for Business deferral. This does not apply to long term maintenance issues.
User and system certificates can be lost when upgrading a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be affected if they have already installed an update latest cumulative (LCU) released September 16, 2020 or later, and then upgrade to a later version of Windows 10 from a media or installation source that does not have an LCU released on October 13, 2020 or later integrated. This mainly occurs when managed devices are updated with outdated packages or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This can also happen when using outdated physical media or ISO images that do not have the latest updates built in.
Note: Devices that use Windows Update for Business or connect directly to Windows Update will not be affected. Any device that connects to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any additional steps.
If you have already encountered this problem on your device, you can alleviate it in the uninstall window by reverting to the previous version of Windows with the instructions here. The uninstall window can last 10 or 30 days depending on how your environment is configured and which version you are updating to. You will then need to upgrade to the latest version of Windows 10 after the issue is resolved in your environment. Note In the uninstall window, you can increase the number of days it takes to revert to the previous version of Windows 10 with the DISM / Set-OSUninstallWindow command. You must make this change before the default uninstall window expires. For more information, see Command-Line Options for Uninstalling the DISM Operating System.
We are working on a resolution and will be providing updated packages and updated media in the coming weeks.
Devices with Windows installations created from custom offline media or a custom ISO image may see the old Microsoft Edge removed by this update, but not automatically replaced by the new Microsoft Edge. This issue only occurs when creating custom offline media or ISO images by dragging this update to the image without first installing the Independent Servicing Stack (SSU) update released on March 29 2021 or later.
Note: Devices that connect directly to Windows Update to receive updates are not affected. This includes devices that use Windows Update for Business. Any device that connects to Windows Update should always receive the latest versions of the SSU and the latest cumulative update (LCU) without any additional steps.
To avoid this problem, be sure to first drag the SSU released on March 29, 2021 or later to the custom offline media or ISO image before dragging the LCU. To do this with the combined SSU and LCU packages now in use for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combo package. Follow the steps below to extract SSU usage:
Extract the cockpit from the msu via this command line (using the package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab
3. You will then have the SSU table, in this example named SSU-19041.903-x64.cab. Drag this file onto the offline image first, then onto the LCU.
If you have already encountered this problem by installing the operating system with the affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to widely deploy the new Microsoft Edge for Business, see Download and Deploy Microsoft Edge for Business.
How to install update KB5001330
To install this update (KB5001330), simply click on “Check for updates” in the “Windows Update” section of the “Settings” application of Windows 10.
You can also download it manually: