Third-party UI customization apps might cause Windows to not start up

Status	Originating update	History
Resolved External	OS Build 22000.30000 KB5023774 2023-03-28	Last updated: 2023-05-09, 10:06 PT Opened: 2023-02-28, 09:54 PT

After installing KB5023774 or later updates, Windows devices with some third-party UI customization apps might not start up. These third-party apps might cause errors with explorer.exe that might repeat multiple times in a loop. The known affected third-party UI customization apps are ExplorerPatcher and StartAllBack. These types of apps often use unsupported methods to achieve their customization and as a result can have unintended results on your Windows device.

Workaround: We recommend uninstalling any third-party UI customization app before installing KB5023774 to prevent this issue. If your Windows device is already experiencing this issue, you might need to contact customer support for the developer of the app you are using.

Resolution: ExplorerPatcher and StartAllBack have released a version which lists this issue as resolved. Note: If you are using any third-party UI customization app and encounter this or any other issues, you will need to contact customer support for the developer of the app you are using.

Affected platforms:

• ​Client: Windows 11, version 22H2; Windows 11, version 21H2
• ​Server: None

Back to top

Windows 11 upgrades were offered to ineligible devices

Status	Originating update	History
Resolved	N/A	Resolved: 2023-02-24, 18:01 PT Opened: 2023-02-24, 17:43 PT

Some hardware ineligible Windows 10 and Windows 11, version 21H2 devices were offered an inaccurate upgrade to Windows 11. These ineligible devices did not meet the minimum requirements to run Window 11. Devices that experienced this issue were not able to complete the upgrade installation process.

This issue was detected on February 23, 2023, and resolved on the same day.

Resolution: This issue is resolved. It might take 24 to 48 hours to propagate to all affected devices. Affected users do not need to take any steps.

Affected platforms:

• ​Client: Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 20H2

Back to top

January 2023

Application shortcuts might not work from the Start menu or other locations

Status	Originating update	History
Resolved	N/A	Resolved: 2023-01-18, 19:28 PT Opened: 2023-01-13, 13:40 PT

After installing security intelligence update build 1.381.2140.0 for Microsoft Defender, application shortcuts in the Start menu, pinned to the taskbar, and on the Desktop might be missing or deleted. Additionally, errors might be observed when trying to run executable (.exe) files which have dependencies on shortcut files. Affected devices have the Atack Surface Reduction (ASR) rule "Block Win32 API calls from Office macro" enabled. After installing security intelligence build 1.381.2140.0, detections resulted in the deletion of certain Windows shortcut (.lnk) files that matched the incorrect detection pattern.

Windows devices used by consumers in their home or small offices are not likely to be affected by this issue.

Workaround: Changes to Microsoft Defender can mitigate this issue. The Atack Surface Reduction (ASR) rules in Microsoft Defender are used to regulate software behavior as part of security measures. Changing ASR rules to Audit Mode can help prevent this issue. This can be done through the following options:

• ​Using Intune: Enable attack surface reduction rules | Defender for Endpoint: Microsoft Endpoint Manager
• ​Using Group Policy: Enable attack surface reduction rules | Defender for Endpoint: Group Policy

Microsoft Office applications can be launched through the Microsoft 365 app launcher. More details on the Microsoft 365 app launcher can be found in Meet the Microsoft 365 app launcher

Next steps: This issue is resolved in security intelligence update build 1.381.2164.0. Installing security intelligence update build 1.381.2164.0 or later should prevent the issue, but it will not restore previously deleted shortcuts. You will need to recreate or restore these shortcuts through other methods. For additional information and help recovering missing shortcuts, see Recovering from Attack Surface Reduction rule shortcut deletions (updated on January 17, 2023 to include additional guidance and scripts to help with recovery).

Affected platforms:

• ​Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB
• ​Server: None

Back to top

December 2022

Database connections using Microsoft ODBC SQL Server driver might fail.

Status	Originating update	History
Resolved KB5022287	OS Build 22000.1219 KB5019961 2022-11-08	Resolved: 2023-01-10, 10:00 PT Opened: 2022-12-05, 15:45 PT

After installing KB5019961 , apps which use ODBC connections utilizing the Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might fail to connect. You might receive an error within the app or you might receive an error from SQL Server, such as "The EMS System encountered a problem" with "Message: [Microsoft][ODBC SQL Server Driver] Protocol error in TDS Stream" or "Message: [Microsoft][ODBC SQL Server Driver]Unknown token received from SQL Server". Note for developers: Apps affected by this issue might fail to fetch data, for example when using the SQLFetch function . This issue might occur when calling SQLBindCol function before SQLFetch or calling SQLGetData function after SQLFetch and when a value of 0 (zero) is given for the ‘BufferLength’ argument for fixed datatypes larger than 4 bytes (such as SQL_C_FLOAT).

If you are unsure if you are using any affected apps, open any apps which use a database and then open Command Prompt (select Start then type command prompt and select it) and type the following command:

tasklist /m sqlsrv32.dll

Workaround: To mitigate this issue, you can do one of the following:

• ​If your app is already using or able to use Data Source Name (DSN) to select ODBC connections, install Microsoft ODBC Driver 17 for SQL Server and select it for use with your app using DSN. Note: We recommend the latest version of Microsoft ODBC Driver 17 for SQL Server , as it is more compatible with apps currently using the legacy Microsoft ODBC SQL Server Driver (sqlsrv32.dll) than Microsoft ODBC Driver 18 for SQL Server.
• ​If your app is unable to use DSN, the app will need to be modified to allow for DSN or to use a newer ODBC driver than Microsoft ODBC SQL Server Driver (sqlsrv32.dll).

Resolution: This issue was resolved in KB5022287 . If you have implemented the above workaround, it is recommended to continue using the configuration in the workaround.

Affected platforms:

• ​Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Back to top

November 2022

Direct Access might be unable to reconnect after your device has connectivity issues

Status	Originating update	History
Resolved KB5021234	OS Build 22000.1165 KB5018483 2022-10-25	Resolved: 2022-12-13, 10:00 PT Opened: 2022-11-13, 14:49 PT

After installing KB5018483 or later updates, you might be unable to reconnect to Direct Access after temporarily losing network connectivity or transitioning between Wi-Fi networks or access points. Note: This issue should not affect other remote access solutions such as VPN (sometimes called Remote Access Server or RAS) and Always On VPN (AOVPN) .

Windows devices used at home by consumers or devices in organizations which are not using Direct Access to remotely access the organization's network resources are not affected .

Workaround: You can mitigate this issue by restarting your Windows device.

Resolution: This issue was resolved in updates released December 13, 2022 ( KB5021234 ) and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one. If you install an update released December 13, 2022 ( KB5021234 ) or later, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue. If you are using an update released before December 13, 2022, and have this issue, you can resolve it by installing and configuring the special Group Policy listed below. The special Group Policy can be found in Computer Configuration -> Administrative Templates -> <Group Policy name listed below> .

For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback .

Group Policy downloads with Group Policy name:

• ​ Download for Windows 11, version 22H2 - KB5018427 221029_091533 Known Issue Rollback
• ​ Download for Windows 11, version 21H2 - KB5018483 220927_043051 Known Issue Rollback
• ​ Download for Windows Server 2022 - KB5018485 220927_043049 Known Issue Rollback
• ​ Download for Windows 10, version 22H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2 - KB5018482 220927_043047 Known Issue Rollback

Important: You will need to install and configure the Group Policy for your version of Windows to resolve this issue.

Affected platforms:

• ​Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019
• ​Server: Windows Server 2022; Windows Server 2019

Back to top

Sign in failures and other issues related to Kerberos authentication

Status	Originating update	History
Resolved	OS Build 22000.1219 KB5019961 2022-11-08	Resolved: 2022-11-18, 16:22 PT Opened: 2022-11-13, 15:16 PT

Updated November 18, 2022: Added update information for Windows Server 2008 R2 SP1.

 After installing updates released on November 8, 2022 or later on Windows Servers with the Domain Controller role, you might have issues with Kerberos authentication. This issue might affect any Kerberos authentication in your environment. Some scenarios which might be affected:

• ​Domain user sign in might fail. This also might affect Active Directory Federation Services (AD FS) authentication.
• ​ Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server) might fail to authenticate.
• ​Remote Desktop connections using domain users might fail to connect.
• ​You might be unable to access shared folders on workstations and file shares on servers.
• ​Printing that requires domain user authentication might fail.

When this issue is encountered you might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text. Note: affected events will have " the missing key has an ID of 1 ":

While processing an AS request for target service <service>, the account <account name> did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 18 3. The accounts available etypes : 23 18 17. Changing or resetting the password of <account name> will generate a proper key.

Note: This issue is not an expected part of the security hardening for Netlogon and Kerberos starting with November 2022 security update . You will still need to follow the guidance in these articles even after this issue is resolved.

Windows devices used at home by consumers or devices which are not part of a on premises domain are not affected by this issue. Azure Active Directory environments that are not hybrid and do not have any on premises Active Directory servers are not affected.

Resolution: This issue was resolved in out-of-band updates released November 17, 2022 and November 18, 2022 for installation on all the Domain Controllers (DCs) in your environment. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.

To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog . You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site . For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog . Note The below updates are not available from Windows Update and will not install automatically.

Cumulative updates:

• ​Windows Server 2022: KB5021656
• ​Windows Server 2019: KB5021655
• ​Windows Server 2016: KB5021654

Note: You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.

Standalone Updates:

• ​Windows Server 2012 R2: KB5021653
• ​Windows Server 2012: KB5021652
• ​Windows Server 2008 R2 SP1: KB5021651 (released November 18, 2022)
• ​Windows Server 2008 SP2: KB5021657

Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of November 2022. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Monthly rollup updates are cumulative and include security and all quality updates. If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released November 8, 2022 to receive the quality updates for November 2022. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.

Affected platforms:

• ​Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Back to top

October 2022

Possible issues caused by Daylight Savings Time change in Jordan

Status	Originating update	History
Resolved KB5018483	N/A	Resolved: 2022-10-25, 14:00 PT Opened: 2022-10-21, 14:34 PT

On October 5, 2022, the Jordanian government made an official announcement ending the winter-time Daylight Saving Time (DST) time zone change. Starting at 12:00 a.m. Friday, October 28, 2022, the official time will not advance by an hour and will permanently shift to the UTC + 3 time zone.

The impact of this change is as follows:

1. ​Clocks will not be advanced by an hour at 12:00 a.m. on October 28, 2022 for the Jordan time zone.
2. ​The Jordan time zone will permanently shift to the UTC + 3 time zone.

Symptoms if no update is installed and the workaround is not used on devices in the Jordan time zone on October 28, 2022 or later:

• ​Time shown in Windows and apps will not be correct.
• ​Apps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.
• ​Automation using date and time, such as Scheduled tasks, might not run at the expected time.
• ​Timestamp on transactions, files, and logs will be 60 minutes off.
• ​Operations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.
• ​Windows devices and apps outside of Jordan might also be affected if they are connecting to servers or devices in Jordan or if they are scheduling or attending meetings taking place in Jordan from another location or time zone. Windows devices outside of Jordan should not use the workaround, as it would change their local time on the device.

Workaround: You can mitigate this issue on devices in Jordan by doing either of the following on October 28, 2022, if an update is not available to resolve this issue for your version of Windows:

• ​Select the Windows logo key , type "Date and time", and select Date and time settings . From the Date & time settings page, toggle Adjust for daylight saving time automatically to Off .
• ​Go to Control Panel > Clock and Region > Date and Time > Change time zone and uncheck the option for “Automatically adjust clock for Daylight Saving Time”.

Important: We recommend using ONLY the above workaround to mitigate the issue with time created by the new Daylight Savings Time in Jordan. We do NOT recommend using any other workaround, as they can create inconsistent results and might create serious issues if done incorrectly.

Resolution: This issue was resolved in KB5018483 . Note: KB5018483 will not install automatically. To apply this update, you can check for updates and select the optional preview to download and install.

Affected platforms:

• ​Client: Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Back to top

Printer drivers installed during connectivity issues might only have default features

Status	Originating update	History
Resolved KB5016691	N/A	Resolved: 2022-08-25, 14:00 PT Opened: 2022-10-21, 17:53 PT

Microsoft has found an issue when an installed printer uses Microsoft IPP Class Driver or Universal Print Class Driver and is installed on a Windows device with connectivity issues to the printer. Windows needs connectivity to the printer to identify all the features of the printer. Without connectivity, the printer is set up with default settings and in some scenarios might not get updated once connectivity to the printer is restored. You might be affected by this issue if your printer is unable to use printer specific features such as color, two-sided/duplex printing, paper size or type settings, or resolutions higher than 300x300dpi.

Workaround: If you have an installed printer which only allows default settings, you can mitigate this issue by removing and reinstalling the printer. For instructions, please see Download printer drivers in Windows .

Resolution: This issue was resolved in KB5016691 . Important: KB5016691 prevents this issue but will not affect already installed printer drivers. If you have an affected installed printer, you can use the above workaround or wait for your device to be mitigated automatically. A troubleshooter has been released which will automatically download and resolve this issue on affected devices. Restarting your device and checking for updates might help the troubleshooter apply sooner. For more information, see keeping your device running smoothly with recommended troubleshooting .

Affected platforms:

• ​Client: Windows 11, version 21H2
• ​Server: None

Back to top

SSL/TLS handshake might fail

Status	Originating update	History
Resolved KB5020387	OS Build 22000.1098 KB5018418 2022-10-11	Resolved: 2022-10-17, 14:00 PT Opened: 2022-10-11, 19:31 PT

Microsoft has received reports that after installing KB5018418 , some types of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) connections might have handshake failures. Note for developers: Affected connections are likely to be sending multiple frames within a single input buffer, specifically one or more complete records with a partial record that is less than 5 bytes all sent in a single buffer. When this issue is encountered, your app will receive SEC_E_ILLEGAL_MESSAGE when the connection fails.

If you are experiencing issues, please use feedback hub to file a report following the below steps:

1. ​Launch Feedback Hub by opening the Start menu and typing "Feedback hub", or pressing the Windows key + F
2. ​Fill in the "Summarize your feedback" and "Explain in more detail" boxes, then click Next.
3. ​Under the "Choose a category" section, ensure the "Problem" button , "Devices and Drivers" category, and "Print" subcategory are all selected. Click Next.
4. ​Under the "Find similar feedback" section, select the "Make new bug" radio button and click Next.
5. ​Under the "Add more details" section, supply any relevant detail (Note this is not critical to addressing your issue).
6. ​Expand the "Recreate my problem" box and press "Start recording". Reproduce the issue on your device.
7. ​Press "Stop recording" once finished. Click the "Submit" button.

For additional information, see Send feedback to Microsoft with the Feedback Hub app .

Resolution: This issue was resolved in the out-of-band update KB5020387 . It is a cumulative update, so you do not need to apply any previous update before installing it. To get the standalone package for KB5020387 , search for it in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site . For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog . Note KB5020387 is not available from Windows Update and will not install automatically.

Affected platforms:

• ​Client: Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1

Back to top

September 2022

The September 2022 preview release is listed in Windows Server Update Services

Status	Originating update	History
Resolved KB5018418	N/A	Resolved: 2022-10-11, 10:00 PT Opened: 2022-09-22, 10:51 PT

IT administrators who utilize Windows Server Update Services (WSUS) might notice that the Windows September 2022 preview update , known as the 'C' release, is listed among the updates available from WSUS. This listing is an error. Preview updates are generally available for manual importing via the Microsoft Update Catalog and Windows Updates .

This issue might also affect the installation of the September 2022 Cumulative Update Preview for .NET Framework, which is also generally available via Windows Update and Microsoft Update Catalog. For more information on .NET Framework September 2022 Cumulative Update Preview updates, see the KB articles listed on the .NET blog for the September 2022 Cumulative Update Preview .

Home users of Windows are unlikely to experience this issue. WSUS is commonly utilized by technology administrators to deploy Microsoft product updates in managed environments.

Workaround: The Windows September 2022 preview release was made available via Microsoft Update Catalog. We recommend IT administrators to use this release channel moving forward.

Please note: In environments where WSUS is configured to auto-approve updates and also auto-decline superseded content, the Windows September 2022 Security update may subsequently be auto-declined and auto-expired from the client view. If this occurs, see the guidance for reinstating declined updates . Then run an update synchronization within Microsoft Endpoint Configuration Manager, or update management environments. Environments configured to only take security updates should not reflect these symptoms.

Resolution: The Windows September 2022 preview release was removed from WSUS. We recommend IT administrators use the Microsoft Update Catalog to download and install updates in their environments. As always, we recommend the installation of the latest Windows security updates for all devices (the October 2022 security monthly release, KB5018418 , or later).

Affected platforms:

• ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 11, version 21H1; Windows 10, version 20H2; Windows 10, version 1809
• ​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1809

Back to top

Copying files/shortcuts using Group Policy Preferences might not work as expected

Status	Originating update	History
Resolved KB5018418	OS Build 22000.978 KB5017328 2022-09-13	Resolved: 2022-10-11, 10:00 PT Opened: 2022-09-22, 15:23 PT

After installing KB5017328 , file copies using Group Policy Preferences might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in User Configuration -> Preferences -> Windows Settings in Group Policy Editor.

Workaround: To mitigate this issue, you can do ONE of the following:

• ​Uncheck the "Run in logged-on user's security context (user policy option)". Note: This might not mitigate the issue for items using a wildcard (*).
• ​Within the affected Group Policy, change "Action" from "Replace" to "Update".
• ​If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotes) from the destination might allow the copy to be successful.

Resolution: This issue was resolved in KB5018418 . Installation of KB5018418 prevents and resolves this issue but if any workaround was used to mitigate this issue, it will need to be changed back to your original configuration.

Affected platforms:

• ​Client: Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Back to top

Possible issues caused by new Daylight Savings Time in Chile

Status	Originating update	History
Resolved KB5017383	N/A	Resolved: 2022-09-20, 10:00 PT Opened: 2022-09-02, 13:17 PT

Starting at 12:00 a.m. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by Chilean government about a Daylight Saving Time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.

Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:

• ​Time shown in Windows and apps will not be correct.
• ​Apps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.
• ​Automation using date and time, such as Scheduled tasks, might not run at the expected time.
• ​Timestamp on transactions, files, and logs will be 60 minutes off.
• ​Operations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.
• ​Windows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.

Workaround: This issue is now resolved in KB5017383 but you should undo the workaround, if it is still being used.

You can mitigate this issue on devices in Chile by doing either of the following on September 4, 2022 and undoing on September 11, 2022:

• ​Select the Windows logo key , type "Date and time", and select Date and time settings . From the Date & time settings page, toggle Adjust for daylight saving time automatically to Off .
• ​Go to Control Panel > Clock and Region > Date and Time > Change time zone and uncheck the option for “Automatically adjust clock for Daylight Saving Time”.

To mitigate this issue in the Santiago time zone, after 12:00 a.m. on September 11, 2022, and for those in the Easter Islands time zone, after 10:00 p.m. on September 10, 2022, follow the steps below to re-enable automatic DST adjustments and ensure accurate time switching with future DST transitions. This can be done by doing either of the following:

• ​Select the Windows logo key , type "Date and time", and select Date and time settings . From the Date & time settings page, toggle Adjust for daylight saving time automatically to On .
• ​Go to Control Panel > Clock and Region > Date and Time > Change time zone and check the option for “Automatically adjust clock for Daylight Saving Time”.

Important: We recommend using ONLY the above workaround to mitigate the issue with time created by the new Daylight Savings Time in Chile. We do NOT recommend using any other workaround, as they can create inconsistent results and might create serious issues if not done correctly.

Resolution: This issue was resolved in KB5017383 . Note: If the workaround above was used, it should have been undone on September 11, 2022. Installation of KB5017383 will not change the "Automatically adjust clock for Daylight Saving Time" setting.

Affected platforms:

• ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Back to top

Voice typing might fail to open

Status	Originating update	History
Resolved	N/A	Resolved: 2022-09-13, 16:52 PT Opened: 2022-09-13, 16:38 PT

When attempting to open voice typing by using the keyboard shortcut of Windows key + h, you might receive the error "Something went wrong." If this error is received, voice typing will not open.

Resolution: This issue has been resolved with a server-side change. Voice typing should now open and function as expected.

Affected platforms:

• ​Client: Windows 11, version 21H2
• ​Server: None

Back to top

Unable to sign in after adding a new Microsoft Account user in Windows

Status	Originating update	History
Resolved	OS Build 22000.918 KB5016691 2022-08-25	Resolved: 2022-09-07, 13:57 PT Opened: 2022-09-07, 13:42 PT

After installing KB5016691 and adding a new Microsoft account user in Windows, you might be unable to sign in for a brief time after the first restart or sign out. The issue only affects the newly added Microsoft account user and only for the first sign in.

This issue only affects devices after adding a Microsoft account. It does not affect Active Directory domain users accounts or Azure Active Directory accounts.

Workaround: If you encounter this issue, it will automatically resolve itself after a brief time. You will need to wait for the lock screen to appear again, you should be able to login as expected.

Resolution: This issue is resolved using Known Issue Rollback (KIR) . Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue can resolve it by installing and configuring a special Group Policy. The special Group Policy can be found in Computer Configuration -> Administrative Templates -> KB5016691 220722_051525 Known Issue Rollback -> Windows 11 (original release) .

For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback .

Group Policy downloads with Group Policy name:

• ​ Download for Windows 11, version 21H2 - KB5016691 220722_051525 Known Issue Rollback

Important: You will need to install and configure the Group Policy for your version of Windows to resolve this issue.

Affected platforms:

• ​Client: Windows 11, version 21H2
• ​Server: None

Back to top

August 2022

XPS documents with non-English language characters might not open

Status	Originating update	History
Resolved KB5017383	OS Build 22000.778 KB5014668 2022-06-23	Resolved: 2022-09-20, 10:00 PT Opened: 2022-08-08, 17:58 PT

After installing KB5014668 or later updates, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. When encountering this issue, you may receive an error, "This page cannot be displayed" within XPS Viewer or it might stop responding and have high CPU usage with continually increasing memory usage. When the error is encountered, if XPS Viewer is not closed it might reach up to 2.5GB of memory usage before closing unexpectedly.

This issue does not affect most home users. The XPS Viewer is no longer installed by default as of Windows 10, version 1803 and must be manually installed .

Resolution: This issue was resolved in KB5017383 .

Affected platforms:

• ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2
• ​Server: Windows Server, version 20H2

Back to top

July 2022

Start menu might not open

Status	Originating update	History
Resolved KB5016629	OS Build 22000.778 KB5014668 2022-06-23	Resolved: 2022-08-09, 10:00 PT Opened: 2022-07-22, 15:33 PT

After installing KB5014668 or later updates, we have received reports that a small number of devices might be unable to open the Start menu. On affected devices, clicking or selecting the Start button, or using the Windows key on your keyboard might have no effect.

Resolution: This issue was resolved in updates released August 9, 2022 ( KB5016629 ) and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one. If you install an update released August 9, 2022 ( KB5016629 ) or later, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue. If you are using an update released before August 9, 2022, and have this issue, you can resolve it by installing and configuring the special Group Policy listed below. The special Group Policy can be found in Computer Configuration -> Administrative Templates -> KB5014668 220721_04201 Known Issue Rollback -> Windows 11 (original release) . For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback .

Group Policy downloads with Group Policy name:

• ​ Download for Windows 11, version 21H2 - KB5014668 220721_04201 Known Issue Rollback

Important: You will need to install and configure the Group Policy for your version of Windows to resolve this issue.

Affected platforms:

• ​Client: Windows 11, version 21H2
• ​Server: None

Back to top

PowerShell Desired State Configuration resources might fail to apply successfully

Status	Originating update	History
Resolved KB5015814	OS Build 22000.739 KB5014697 2022-06-14	Resolved: 2022-07-12, 10:00 PT Opened: 2022-07-19, 17:55 PT

After installing updates released June 14, 2022, or later ( KB5014697 ), PowerShell Desired State Configuration (DSC) using an encrypted the PSCredential property might fail when decrypting the credentials on the target node. This failure will result in a password related error message, similar to: “The password supplied to the Desired State Configuration resource <resource name> is not valid. The password cannot be null or empty.”. Note: Environments which use non-encrypted PSCredential properties will not experience the issue.

DSC is a management platform in PowerShell that enables administrators to manage IT and development infrastructure with configuration as code. This issue is not likely to be experienced by home users of Windows.

Resolution: This issue was resolved in KB5015814 .

Affected platforms:

• ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016
• ​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1809; Windows Server 2019; Windows Server 2016

Back to top

June 2022

IE mode tabs in Microsoft Edge might stop responding

Status	Originating update	History
Resolved KB5016691	OS Build 22000.708 KB5014019 2022-05-24	Resolved: 2022-08-25, 14:00 PT Opened: 2022-06-24, 19:21 PT

After installing KB5014019 and later updates, IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box. A modal dialog box is a form or dialog box which requires the user to respond before continuing or interacting with other portions of the webpage or app. Developer Note: Sites affected by this issue call window.focus .

Resolution: This issue was resolved in updates released August 25, 2022 ( KB5016691 ) and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one. If you install an update released August 25, 2022 ( KB5016691 ) or later, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue. If you are using an update released before August 25, 2022, and have this issue, you can resolve it by installing and configuring the special Group Policy listed below. The special Group Policy can be found in Computer Configuration -> Administrative Templates -> <Group policy name in below list> . For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback .

Group Policy downloads with Group Policy name:

• ​ Download for Windows 11, version 21H2 - KB5014019 220624_22553 Known Issue Rollback
• ​ Download for Windows 10, version 20H2 and Windows 10, version 21H1 - KB5014023 220624_22551 Known Issue Rollback

Important: You will need to install and configure the Group Policy for your version of Windows to resolve this issue.

Affected platforms:

• ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2
• ​Server: Windows Server 2022

Back to top

Unable to connect to internet when using Wi-Fi hotspot feature

Status	Originating update	History
Resolved KB5014668	OS Build 22000.739 KB5014697 2022-06-14	Resolved: 2022-06-23, 14:00 PT Opened: 2022-06-16, 14:12 PT

After installing KB5014697 , Windows devices might be unable to use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.

Workaround: To mitigate the issue and restore internet access on the host device, you can disable the Wi-Fi hotspot feature. For instructions, please see Use your Windows PC as a mobile hotspot .

Resolution: This issue was resolved in KB5014668 .

Affected platforms:

• ​​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• ​​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Back to top

Azure Active Directory and Microsoft 365 services might be unable to sign in

Status	Originating update	History
Resolved KB5016138	OS Build 22000.739 KB5014697 2022-06-14	Resolved: 2022-06-20, 14:00 PT Opened: 2022-06-17, 09:56 PT

After installing KB5014697 on a Windows Arm-based devices, you might be unable to sign in using Azure Active Directory (AAD). Apps and services which use Azure Active Directory to sign in, might also be affected. Some scenarios which might be affected are VPN connections, Microsoft Teams, OneDrive, and Outlook. Note: This issue only affects Windows devices which are using Arm processors.

Workaround: To mitigate the issue, you can use the web versions of the affected apps, such as OneDrive , Microsoft Teams and Outlook.com .

Resolution: This issue was resolved in the out-of-band security update KB5016138 , released June 20, 2022. This update is available only for Arm-based Windows devices. This update is not needed for x86-based or x64-based devices using AMD or Intel CPUs, so it is not available for those architectures. It is available via Windows Update , Windows Update for Business , Windows Server Update Services (WSUS) and Microsoft Update Catalog . It is a cumulative update, so you do not need to apply any previous update before installing it. If you would like to install the update before it is installed automatically, you will need to Check for updates . To get the standalone package for KB5016138 , search for it in the Microsoft Update Catalog .

Affected platforms:

• ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2
• ​Server: None

Back to top

May 2022

Some .NET Framework 3.5 apps might have issues

Status	Originating update	History
Resolved	OS Build 22000.652 KB5012643 2022-04-25	Resolved: 2022-07-19, 13:54 PT Opened: 2022-05-03, 13:20 PT

After installing KB5012643 , some .NET Framework 3.5 apps might have issues or might fail to open. Affected apps are using certain optional components in .NET Framework 3.5, such as Windows Communication Foundation (WCF) and Windows Workflow (WWF) components.

Workaround: You can mitigate this issue by re-enabling .NET Framework 3.5 and the Windows Communication Foundation in Windows Features . For instructions, please see Enable the .NET Framework 3.5 in Control Panel . Advanced users or IT admins can do this programmatically using an elevated Command Prompt (run as administrator) and running the following commands:

dism /online /enable-feature /featurename:netfx3 /all
dism /online /enable-feature /featurename:WCF-HTTP-Activation
dism /online /enable-feature /featurename:WCF-NonHTTP-Activation

Resolution: This issue should be resolved automatically via a Troubleshooter on affected unmanaged devices. If your device is managed by an IT department or with enterprise management tools, you might not get the troubleshooter automatically and might require the above workaround to resolve the issue. For more information on this troubleshooter, please see Windows Update Troubleshooter for repairing .NET Framework components .

Affected platforms:

• ​Client: Windows 11, version 21H2
• ​Server: None

Back to top

You might see authentication failures on the server or client for services

Status	Originating update	History
Resolved	OS Build 22000.675 KB5013943 2022-05-10	Resolved: 2022-05-27, 14:24 PT Opened: 2022-05-11, 18:38 PT

Resolution guidance updated May 27, 2022

After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS) , Routing and Remote access Service (RRAS) , Radius , Extensible Authentication Protocol (EAP) , and Protected Extensible Authentication Protocol (PEAP) . An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.

Note: Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue. This issue only affects installation of May 10, 2022, updates installed on servers used as domain controllers.

Workaround: The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping . Note: The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note: Any other mitigation except the preferred mitigations might lower or disable security hardening.

Resolution: This issue was resolved in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754 . There is no action needed on the client side to resolve this authentication issue.

To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog . You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site . For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog . Note The below updates are not available from Windows Update and will not install automatically.

Cumulative updates:

• ​Windows Server 2022: KB5015013
• ​Windows Server, version 20H2: KB5015020
• ​Windows Server 2019: KB5015018
• ​Windows Server 2016: KB5015019

Note: You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.

Standalone Updates:

• ​Windows Server 2012 R2: KB5014986
• ​Windows Server 2012: KB5014991
• ​Windows Server 2008 R2 SP1: KB5014987
• ​Windows Server 2008 SP2: KB5014990

Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of May 2022. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Monthly rollup updates are cumulative and include security and all quality updates. If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released May 10, 2022 to receive the quality updates for May 2022. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.

Affected platforms:

• ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• ​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Back to top

Some apps using Direct3D 9 might have issues on certain GPUs

Status	Originating update	History
Resolved KB5014019	OS Build 22000.652 KB5012643 2022-04-25	Resolved: 2022-05-24, 14:00 PT Opened: 2022-05-10, 09:41 PT

After installing KB5012643 , Windows devices using certain GPUs might have apps close unexpectedly or intermittent issues with some apps which use Direct3D 9. You might also receive an error in Event Log in Windows Logs/Applications with faulting module d3d9on12.dll and exception code 0xc0000094.

Resolution: This issue was resolved in updates released May 24, 2022 ( KB5014019 ) and later. We recommend you install the latest security update for your device. It contains important improvements and issues resolutions, including this one. If you install an update released May 24, 2022 ( KB5014019 ) or later, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue. If you are using an update released before May 24, 2022 and have this issue, you can resolve it by installing and configuring the special Group Policy listed below. For information on deploying and configuring these special Group Policies, please see How to use Group Policy to deploy a Known Issue Rollback .

Group Policy downloads with Group Policy name:

• ​ Download for Windows 11, version 21H2 - Group Policy name: KB5012643 220509_20053 Known Issue Rollback
• ​ Download for Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 - Group Policy name: KB5011831 220509_20051 Known Issue Rollback

Important: You will need to install and configure Group Policies to resolve this issue. Please see, How to use Group Policy to deploy a Known Issue Rollback .

Affected platforms:

• ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2
• ​Server: None

Back to top

April 2022

Devices might experience display issues when entering Safe Mode

Status	Originating update	History
Resolved KB5013943	OS Build 22000.652 KB5012643 2022-04-25	Resolved: 2022-05-10, 10:00 PT Opened: 2022-04-29, 15:07 PT

After installing KB5012643 , devices starting in Safe Mode might show a flickering screen. Components that rely on Explorer.exe, such as File Explorer, Start Menu, and Taskbar, can be affected and appear unstable.

Devices experiencing this issue can log a System error on the Windows Event Log, with Source “Winlogon” and the following description: “The shell stopped unexpectedly and explorer.exe was restarted”.

Workaround: This issue happens when the device is started using the “Safe Mode without Networking” option. If Safe Mode needs to be engaged, please select “Safe Mode with Networking” option as a workaround. Please refer to this document for more details on how to start your device in Safe Mode with Networking: Start your PC in safe mode in Windows (microsoft.com)

Resolution: This issue was resolved in updates released May 10, 2022, and later. We recommend you install the latest security update for your device as it contains important improvements and issues resolutions, including this one. If you install an update released May 10, 2022 or later, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue.

If you are using an update released before May 10, 2022, you can resolve this issue using KIR. Enterprise-managed devices that have installed an affected update and encountered this issue can resolve it by installing and configuring the special Group Policy listed below.

• ​ Windows 11, version 21H2 - Microsoft Windows Installer (.msi) file

For information on deploying and configuring these special Group Policies, please see How to use Group Policy to deploy a Known Issue Rollback .

Affected platforms:

• ​Client: Windows 11, version 21H2
• ​Server: None

Back to top

Report a problem with Windows updates

To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app

Need help with Windows updates?

Search, browse, or ask a question on the Microsoft Support Community . If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.

For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support . Organizations can request immediate support through Support for business .

View this site in your language

This site is available in 11 languages : English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.