Windows 10, version 1607 and Windows Server 2016

Find information on known issues and the servicing status for Windows 10, version 1607 and Windows Server 2016. For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X (formerly Twitter) for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.

• 

  How to get Windows 11 2023 Update

• 

  Get Windows known issues data in Graph API

See all messages >

---

Known issues

See open issues, content updated in the last 30 days, and information on safeguard holds. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge).

Summary	Originating update	Status	Last updated
August 2024 security update might impact Linux boot in dual-boot setup devices This issue might impact devices with dual-boot setup for Windows and Linux when SBAT setting is applied	OS Build 14393.7259 KB5041773 2024-08-13	Mitigated	2024-09-20 12:41 PT
Apps that acquire or set Active Directory Forest Trust Information might have issues Apps using Microsoft .NET to acquire or set Forest Trust Information might fail, close, or you might receive an error.	OS Build 14393.4886 KB5009546 2022-01-11	Mitigated	2022-02-07 15:36 PT
Windows Presentation Foundation (WPF) apps might close, or you may receive an error Microsoft and third-party applications which use the .Net UI framework called WPF might have issues.	OS Build 14393.4225 KB4601318 2021-02-09	Mitigated	2021-02-11 20:41 PT

Issue details

August 2024

August 2024 security update might impact Linux boot in dual-boot setup devices

Status	Originating update	History
Mitigated	OS Build 14393.7259 KB5041773 2024-08-13	Last updated: 2024-09-20, 12:41 PT Opened: 2024-08-21, 18:33 PT

After installing the August 2024 Windows security update, (KB5041773) or the August 2024 preview update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”

The August 2024 Windows security and preview updates apply a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.

IMPORTANT: This known issue only occurs with the installation of the August 2024 security and preview updates. The September 2024 security update (KB5043051) and later updates do not contain the settings that caused this issue. If you install the September 2024 update, you don’t need to apply the workaround below.

Workaround:

If your Linux becomes unbootable after installing the August 2024 security or preview updates, you can recover your Linux system by following these instructions.

Important: This documentation contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows. Also, note that modifying firmware settings incorrectly might prevent your device from starting correctly. Follow these instructions carefully and only proceed if you are confident in your ability to do so.

        a) Disable Secure Boot:

• ​Boot into your device’s firmware settings.
• ​Disable Secure Boot (steps vary by manufacturer).

        b) Delete SBAT Update:

• ​Boot into Linux.
• ​Open the terminal and run the below command:

sudo mokutil --set-sbat-policy delete

• ​Enter your root password if prompted.
• ​Boot into Linux once more.

        c) Verify SBAT Revocations:

• ​In the terminal, run the below command:

mokutil --list-sbat-revocations

• ​Ensure the list shows no revocations.

        d) Re-enable Secure Boot:

• ​Reboot into the firmware settings.
• ​Re-enable Secure Boot.

        e) Check Secure Boot Status:

• ​Boot into Linux. Run the below command:

 mokutil --sb-state

• ​The output should be “SecureBoot enabled”. If not, retry step d).

        f) Prevent Future SBAT Updates in Windows:

• ​Boot into Windows.
• ​Open Command Prompt as Administrator and run:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD

At this point, you should now be able to boot into Linux or Windows as before. It’s a good time to install any pending Linux updates to ensure your system is secure.

NOTE: On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

Next Steps: We are working on a final resolution that will be available in a future Windows update. We recommend you install the September 2024 update or later Windows updates to avoid this issue.

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise 2015 LTSB
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

Back to top

February 2022

Apps that acquire or set Active Directory Forest Trust Information might have issues

Status	Originating update	History
Mitigated	OS Build 14393.4886 KB5009546 2022-01-11	Last updated: 2022-02-07, 15:36 PT Opened: 2022-02-04, 16:57 PT

After installing updates released January 11, 2022 or later, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API.

Next Steps: This issue was resolved in the out-of-band update for the version of .NET Framework used by the app. Note: These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.

For instructions on how to install this update for your operating system, see the KB articles listed below:

• ​Windows Server 2022: 
  • ​.NET Framework 4.8 KB5011258
• ​Windows Server 2019: 
  • ​.NET Framework 4.8 KB5011257
  • ​.NET Framework 4.7.2 KB5011259
• ​Windows Server 2016: 
  • ​.NET Framework 4.8 KB5011264
  • ​.NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329
• ​Windows Server 2012 R2: 
  • ​.NET Framework 4.8 KB5011266
  • ​.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263
  • ​.NET Framework 4.5.2 KB5011261
• ​Windows Server 2012:
  • ​.NET Framework 4.8 KB5011265
  • ​.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262
  • ​.NET Framework 4.5.2 KB5011260

Affected platforms:

• ​Client: None
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

Back to top

February 2021

Windows Presentation Foundation (WPF) apps might close, or you may receive an error

Status	Originating update	History
Mitigated	OS Build 14393.4225 KB4601318 2021-02-09	Last updated: 2021-02-11, 20:41 PT Opened: 2021-02-11, 17:49 PT

After installing KB4601318, Windows Presentation Foundation (WPF) apps might close, or you may receive an error similar to:

        Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef)

        at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)

        at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)

        at System.Windows.Interop.HwndMouseInputProvider.Dispose()

This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps.

Affected platforms:

• ​Client: Windows 10, version 1803; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
• ​Server: Windows Server, version 1803; Windows Server 2016

Workaround: To mitigate this issue when using Microsoft Visual Studio, update to the latest version. This issue is resolved starting with the following releases:

• ​Visual Studio 2019 version 16.9 Preview 4
• ​Visual Studio 2019 version 16.8.5
• ​Visual Studio 2019 version 16.7.12
• ​Visual Studio 2017 version 15.9.33

Developers can mitigate this issue in their own apps by setting two AppContext switches using one of the methods described in AppContext Class (System) under the heading “AppContext for library consumers”. The switches are named Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix and Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix; both should be set to “true”. The first switch avoids the crash, but re-introduces the issue addressed in this update. The second switch is currently ignored, but will be recognized in a future .NET update that addresses the issue for the null-reference crash; it restores the behavior originally intended to be addressed in this update.

For example, using the app.config file method to apply the workaround at application scope:

        <AppContextSwitchOverrides value="Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix=true; Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix=true " />

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top

Report a problem with Windows updates

To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.

Need help with Windows updates?

Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.

For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.

View this site in your language

This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.