April patch Tuesday for Windows 10 20H2 and 2004 arrives, fixing bugs and permanently wiping Edge Legacy

It is Tuesday and following the monthly custom, Microsoft has launched a new Patch Tuesday. Every second Tuesday of the month we have a new compilation to bring to the teams and this time it comes in the form of Builds 19041.928 and 19042.928 for Windows 10 2004 and 20H2.

Two compilations which put the patch KB5001330 under their arms and which propose interesting things. And it is that with the elimination and correction of errors, the two updates completely and definitively eliminate all traces of the classic Edge, which now sees the version of Edge with the Chromium engine taking its place.

Improvements and fixes

Microsoft has removed the old Microsoft Edge desktop app that is not supported in March 2021. In this April 13, 2021 release, we will be installing the new Microsoft Edge. For more information, see the new Microsoft Edge to replace “Microsoft Edge Legacy” with the Tuesday version of the Windows 10 April Update. Updates to improve security when Windows performs basic operations. It is updated to improve security when using input devices such as a mouse, keyboard, or stylus. Addresses an issue where a principal in an MIT trusted domain does not obtain a Kerberos service ticket from Active Directory domain controllers (DCs). This happens on devices that have installed Windows updates that contain CVE-2020-17049 protections and set PerfromTicketSignature to 1 or later. These updates were released between November 10, 2020 and December 8, 2020. Vouchers also fail, “KRB_GENERIC_ERROR”, if callers submit a ticket granting ticket (TGT) without PAC as proof voucher without providing the USER_NO_AUTH_DATA_REQUIRED entry flag. Addresses an issue with security vulnerabilities identified by a security researcher. Due to these security vulnerabilities, this update and all future Windows updates will no longer contain the RemoteFX vGPU functionality. For more information on the vulnerability and its removal, see CVE-2020-1036 and KB4570006. Secure vGPU alternatives are available with Discrete Device Mapping (DDA) in LTSC versions of Windows Server (Windows Server 2016 and Windows Server 2019) and bag versions of Windows Server (Windows Server, version 1803 and later). Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web login allows arbitrary navigation from third-party endpoints used for federated authentication. Security updates are coming for Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, Windows AI platform, Windows kernel, Windows Virtualization, and Windows Media. There are also improvements in Windows Update. Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to automatically receive updates from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and policy. Windows Update for Business deferral. This does not apply to long term maintenance issues.

Known issues

User and system certificates can be lost when upgrading a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be affected if they have already installed an update latest cumulative (LCU) released September 16, 2020 or later, and then upgrade to a later version of Windows 10 from a media or installation source that does not have an LCU released on October 13, 2020 or later integrated. This mainly occurs when managed devices are updated with outdated packages or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This can also happen when using outdated physical media or ISO images that do not have the latest updates built in. For users experiencing this issue, it can be fixed in the uninstall window by reverting to the previous version of Windows with the instructions here. The uninstall window can last 10 or 30 days depending on how your environment is configured and which version you are updating to. You will then need to upgrade to the latest version of Windows 10 after the issue is resolved in your environment. Note In the uninstall window, you can increase the number of days it takes to revert to the previous version of Windows 10 with the DISM / Set-OSUninstallWindow command. You must make this change before the default uninstall window expires. For more information, see Command-Line Options for Uninstalling the DISM Operating System. Devices with Windows installations created from custom offline media or a custom ISO image may see the old Microsoft Edge removed by this update, but not automatically replaced by the new Microsoft Edge. This issue only occurs when creating custom offline media or ISO images by dragging this update to the image without first installing the Independent Servicing Stack (SSU) update released on March 29 2021 or later. To avoid this problem, be sure to first drag the SSU released on March 29, 2021 or later to the custom offline media or ISO image before dragging the LCU. To do this with the combined SSU and LCU packages now in use for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combo package. Follow the steps below to extract SSU usage: Extract msu cockpit via this command line (using package for KB5000842 as an example): expand Windows10.0-KB5000842-x64.msu / f: Windows10. 0- KB5000842- x64.cab Extract the SSU from the previously extracted array via this command line: expand Windows10.0-KB5000842-x64.cab / f: * 3. Then you will have the SSU array, in this example named SSU -19041.903-x64.cab. Drag this file onto the offline image first, then onto the LCU.

If you have already encountered this problem by installing the operating system with assigned custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to widely deploy the new Microsoft Edge for Business, read Download and Deploy Microsoft Edge for Business.

If you have any of the mentioned versions of Windows 10, you can download the update by going to the usual path i.e. “Settings> Update & Security> Windows Update” or do it manually by downloading the corresponding installer in the 64-bit or 32-bit version.

More information | Microsoft

Back to top button