Today is Patch Tuesday, and you know what that means. All supported versions of Windows are getting updated today. In the arena of Windows 10, that means every version except for version 1511. Yes, Microsoft still supports nine versions of Windows 10, plus there's an update that Insiders are getting today for version 20H2.

Let's start with the newest version. If you're on Windows 10 version 2004 or an Insider on version 20H2, you'll get KB4579311, bringing the build number to 19041.572 or 19042.572, respectively. You can manually download it here, and these are the highlights:

  • Updates to improve security when using Microsoft Office products.
  • Updates for verifying usernames and passwords.
  • Updates to improve security when Windows performs basic operations.

Here's the full list of fixes:

  • Addresses an issue with a possible elevation of privilege in win32k.
  • Addresses an issue with the Group Policy service that might recursively delete critical files in alphabetic order from %systemroot%\systm32. This issue occurs when a policy has been configured to delete cached profiles. These file deletions might cause stop error “0x5A (CRITICAL_SERVICE_FAILED)” boot failures.
  • Addresses an issue with creating null ports using the user interface.
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Fundamentals, Windows Authentication, Windows Virtualization, and Windows Kernel.

There are also two known issues:

Symptom Workaround
Users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text. For more information about the issues, workaround steps, and the currently resolved issues, please see KB4564002
When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer.

This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.

If this happens you should contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue.

Next up, if you're still on Windows 10 version 1909 or 1903, you'll get KB4577671, bringing the build number to 18363.1139 or 18362.1139, respectively. You can manually download it here, and these are the highlights:

  • Updates to improve security when using Microsoft Office products.
  • Updates for verifying usernames and passwords.
  • Updates to improve security when Windows performs basic operations.
  • Updates for storing and managing files.

Here's the full list of fixes:

  • Addresses an issue with a possible elevation of privilege in win32k.
  • Addresses an issue with the Group Policy service that might recursively delete critical files in alphabetic order from %systemroot%\systm32. This issue occurs when a policy has been configured to delete cached profiles. These file deletions might cause stop error “0x5A (CRITICAL_SERVICE_FAILED)” boot failures.
  • Addresses an issue with creating null ports using the user interface.
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Fundamentals, Windows Authentication, Windows Virtualization, Windows Kernel, and Windows Storage and Filesystems.

This one also has two known issues:

Symptom Workaround
When updating to Windows 10, version 1903 or Windows 10, version 1909 from any previous version of Windows 10, you might receive a compatibility report dialog with "What needs your attention" at the top and the error, "Continuing with the installation of Windows will remove some optional features. You may need to add them back in Settings after the installation completes." You might receive this compatibility warning when LOCAL SYSTEM accounts are blocked in a firewall from accessing the internet via HTTP. This is caused by the Windows 10 Setup Dynamic Update (DU) being unable to download required packages.

If your device has access to HTTP blocked for LOCAL SYSTEM accounts, to mitigate this issue you can enable HTTP access for the Windows 10 Setup Dynamic Update (DU) using the LOCAL SYSTEM account. After you have allowed access, you can restart installation of the update and you should not see the warning. You can also continue by clicking the OK button or use the /compat IgnoreWarning command to ignore compatibility warnings but this might also ignore other warnings that your device might be affected by.

We are working on a resolution and will provide an update in an upcoming release.

When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer.

This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.

If this happens you should contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue.

Windows 10 version 1809 is only supported for another month, but if you're on that version, you'll get KB4577668, bringing the build number to 17763.1518. You can manually download it here, and these are the highlights:

  • Updates to improve security when using Microsoft Office products.
  • Updates for verifying usernames and passwords.
  • Updates to improve security when Windows performs basic operations.
  • Updates for storing and managing files.

Here's the full list of fixes:

  • Addresses an issue with a possible elevation of privilege in win32k.
  • Addresses an issue that causes apps that use Dynamic Data Exchange (DDE) to stop responding when you attempt to close the app.
  • Addresses an issue with the Group Policy service that might recursively delete critical files in alphabetic order from %systemroot%\systm32. This issue occurs when a policy has been configured to delete cached profiles. These file deletions might cause stop error “0x5A (CRITICAL_SERVICE_FAILED)” boot failures.
  • Addresses an issue with creating null ports using the user interface.
  • Security updates to Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Fundamentals, Windows Authentication, Windows Virtualization, Windows Kernel, and Windows Storage and Filesystems.

This one also has two known issues:

Symptom Workaround
After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 – PSFX_E_MATCHING _COMPONENT_NOT_FOUND."
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.
  2. Select Get Started under the Reset this PC recovery option.
  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.

When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer.

This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.

If this happens you should contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue.

Finally, there are a bunch of versions that aren't supported for regular consumers, but are supported under certain conditions. Here are those updates.

Version KB Build Download Support
1803

KB4580330

17134.1792 Update Catalog Enterprise and Education SKUs
1709

KB4580328

16299.2166 Update Catalog
1703

KB4580370

15063.572 Update Catalog Surface Hub only
1607

KB4580346

14393.3986 Update Catalog Long-Term Servicing Branch
1507

KB4580327

10240.18725 Update Catalog

All of these updates are mandatory. You can install them through Windows update, or they'll install in the background at some point.