Microsoft releases 24 optional Windows patches

The official Windows Update list says 24 patches were released on April 19. But  it seems only two of them — KB 3138378 and 3140245 — were released that day, and the rest came out on April 20. The list itself wasn’t updated until April 20. Documentation is kind of an afterthought for Microsoft these days.

Three of the patches fix problems with earlier security patches.

Here’s what’s on tap with this latest batch of fixes:

KB3103616 fixes a memory leak in the Wmiprvse.exe process that causes WMI queries not to work in Windows Server 2012 R2 or Windows Server 2012, for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB3103709 fixes several issues with Windows Server 2012 R2-based domain controller, for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB3125424 fixes Local Security Authority Subsystem Service (LSASS) deadlocks on Windows Server 2012 R2 or Windows Server 2012 that cause the server to stop responding to login requests from Exchange email clients such as Outlook, ActiveSync, and Outlook Web App as well as Remote Desktop connections, remote administrative commands through PowerShell, and local console logins. Issued for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012.

KB3134179 adds performance counters for Remote Desktop (RD) Connection Broker in Windows Server 2012 R2.

KB3138378 is an update for Windows Journal. It’s one of the mystery patches released without documentation on April 19. Intended for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista

KB3139921 fixes a problem that affects operating systems using the “Windows Kerberos Security Feature Bypass.” After you install security update 3126041, when you try to change your password through an untrusted domain, you may receive an error message that looks something like this: The security database on the server does not have a computer account for the workstation trust relationship. Intended for Windows Server 2008 and Windows Vista.

KB3140245 is the other mystery patch that was released without documentation on April 19. It adds a DefaultSecureProtocols registry key in Windows that allows users to change system-wide default protocols for WinHTTP and hardcodes Webio default protocols to include TLS 1.1 and TLS 1.2. Once the key is enabled, you have to set it manually. Intended for Windows Embedded 8 Standard, Windows Server 2012, Windows 7, and Windows Server 2008 R2.

KB3143777 addresses two issues, firstly when a critical error occurs when you shut down the cluster service. For example, the “[Shutdown] Groups failed to terminate in a timely manner. Cluster service will exit.” error message is logged when you shut down the cluster service. And secondly, when data deduplication doesn’t work on a BitLocker-encrypted cluster shared volume (CSV) provisioned by using a tiered storage space. It fails even if the drive is unlocked, and the following error message is logged: “This drive is locked by BitLocker Drive Encryption. You must unlock this drive from Control Panel.” Intended for Windows Server 2012 R2.

KB3144474 addresses a problem that occurs after you install  security update 3081320 and the Team Foundation Server (TFS) application pool and the Certreq.exe process crashes when you run customized scripts with NcryptOpenStorageProvider involved. This issue occurs if the CNG key isolation service is disabled. Intended for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB3144850 enables downgrade rights between Windows 10 IoT and Windows Embedded 8.1 Industry. The operating system is not activated when it downgrades from Windows 10 IoT to Windows Embedded 8.1 Industry. This update provides the required Product Keys that bridges Windows 10 IoT Enterprise and Windows Embedded 8.1 Industry. The change is made to the Windows Embedded 8.1 license file to accept the Product Keys that has been issued to the Windows 10 IoT Enterprise edition. Intended for Windows 8.1 and Windows Server 2012 R2.

KB3145126 addresses an issue in which a Windows Server 2008 R2 Service Pack 1 (SP1)-based DNS server that has Active Directory-integrated zones takes a long time to load DNS zones. The problem occurs after installing security update 3100465 or hotfix 3022780. Intended for Windows Server 2008 R2 x64 Edition.

KB3145384 increases the MinDiffAreaFileSize registry key value limit from 3GB to 50GB. You may encounter the event ID 25 error because of heavy I/O. To fix this issue, install the update and then set the MinDiffAreaFileSize registry to an appropriate size depending on the I/O amount. Intended for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB3145432 fixes an issue where cluster nodes or virtual machines (VMs) go into failed state on a Windows Server 2012 R2 host and may not be migrated automatically to other cluster nodes.

KB3146600 fixes problems that occur when a backup is taken on a GUID partition table (GPT) formatted drive in Windows Server 2012. Wbengine.exe crashes when you run a backup on a GPT formatted drive in Windows Server 2012. Intended for Windows Embedded 8 Standard and Windows Server 2012.

KB3146601 addresses issues when you use Group Policy Management Console (GPMC) to import a backed up GPO. The import may fail if a file is held open in one of the temporary directories that is created during the import process. When this issue occurs, you receive the following error message: “The process cannot access the file because it is being used by another process” and the GPMC will then roll back the import process, which may result in the target policy being deleted. Intended for Windows 8.1 and Windows Server 2012 R2.

KB3146604 fixes Windows Management Instrumentation (WMI) service crashes. When this issue occurs, users may find that every functionality that uses the WMI interface will fail. For example, Virtual Machine Manager (VMM) uses the WMI interface to show the status of virtual machines (VMs) on a Hyper-V host. If the WMI service on that Hyper-V host crashes, VMM can’t show the status of the VMs on that host. In addition, all services that share the same service host process with the WMI service will also become unavailable, and users may experience other problems that are not related to WMI service itself. Intended for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, and Windows Server 2012.

KB3146621 fixes an issue where the iSCSI target service crashes randomly. This occurs when the Windows Server 2012 R2-based computer has the iSCSI Target Server role installed and the iSCSI target server encounters random I/O error. Intended for Windows Server 2012 R2

KB3146627 addresses a problem where mapped network drives to a DFS share don’t work for subsequent users. This issue occurs when User Account Control (UAC) is enabled and the EnableLinkedConnections registry value is set to 1. Intended for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB3146751 fixes a problem that occurs with  App-V logon in Windows Server 2012 R2. When you log on to App-V and then log off, the next time you try to log on using Mandatory User Profiles (Ntuser.man), you can’t log on and receive a “Logon is not possible” error message. When you use Roaming User Profiles (NTuser.dat), a temporary profile will be created on the next logon. Intended for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB3146978  fixes issues when connecting with Remote Desktop Services (RDS) and working on any redirected resources (drives, printers, and ports) becomes very slow. Intended for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB3148146 fixes a problem that occurs when not all the printer queues settings are restored correctly after you restore a backup by using the Printbrm.exe command-line tool. To be specific, the settings that are not restored are in the PrinterDriverData structure. The corresponding settings are not in the backup file itself, meaning that it never even got backed up in the first place. Intended for Windows Server 2012 R2.

KB3148217 fixes a problem that occurs on a Windows Server 2012 R2-based Work Folders sync server. High network usage may occur when the File Server Resource Manager (FSRM) file screening is implemented on the Work Folders sync server to block certain file types. For example, audio or video files, image files, executables, system files, and Outlook data files. The FSRM file screening blocks the files when they are transferred to the Work Folders sync server. The Work Folders service then tries to re-sync the files, which causes increased network usage. Intended for Windows Server 2012 R2.

KB3148812 enables Windows Server Update Services (WSUS) to natively decrypt Electronic Software Distribution (ESD). See “Known issues with KB 3148812” for important details. Intended for Windows 8.1, Windows Server 2012 R2, and Windows Server 2012.

KB3149157 fixes various network and computer issues that occur when TCP ephemeral ports are exhausted in Windows 8.1 or Windows Server 2012 R2. The update includes additional reliability improvements. Intended for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.