Microsoft Known Issue

This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.

This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.

Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl. Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.

Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.

This issue is mitigated using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices and business devices that are not managed by IT departments. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices managed by IT departments that have installed the affected update and encountered this issue, IT administrators can resolve it by applying the KIR mentioned in the resolution section of Windows release health dashboard for this issue.

We are investigating the issue and provide an update where more information is available.

We are working on a resolution and will provide more information when it is available.

Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.

This issue is addressed in KB5045594.

This issue is mitigated using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices and business devices that are not managed by IT departments. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices managed by IT departments that have installed the affected update and encountered this issue, IT administrators can resolve it by applying the KIR mentioned in the resolution section of Windows release health dashboard for this issue.

We are investigating the issue and provide an update where more information is available.

This issue is addressed in KB5045594.

We are investigating the issue and provide an update where more information is available.

This issue is addressed in KB5045594.

We are investigating the issue and provide an update where more information is available.

This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.

This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.

Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.

Please refer to the workaround mentioned in Windows release health site for this issue.

Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.

The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

Microsoft has resolved this issue with update KB5043743.

Microsoft has resolved this issue with update KB5043743.

Microsoft has resolved this issue with update KB5043743.

This issue is addressed in KB5044285.

After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on your device, please contact Windows support for help

This issue is addressed in KB5041592.

This issue is addressed in KB5040527.

We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5040527.

This issue is addressed in KB5039212.

This issue is addressed in KB5039212.

This issue is addressed in KB5040525.

We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5039299.

We are gradually rolling out a new Copilot experience for devices with KB5039299or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.

We are gradually rolling out a new Copilot experience for devices with KB5039299 or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.

This issue is addressed in KB5040527.

This issue is addressed in KB5040525.

This issue is addressed in KB5039299.

We are gradually rolling out a new Copilot experience for devices with KB5039299or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.

We are gradually rolling out a new Copilot experience for devices with KB5039299 or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.

Microsoft has resolved this issue with update KB5043803.

This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.

This issue is fixed in update KB5044343.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5044281.

This issue is addressed in KB5044281.

The Windows update (KB5043138) released in September 2024 does not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later update, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later update.

The Windows update (KB5043125) released in September 2024 does not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later update, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later update.

The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

We are working on a resolution and will provide an update in an upcoming release.

The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5043050.

The September 2024 Windows security update (KB5043050) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

The September 2024 Windows security update (KB5043051) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

The September 2024 Windows security update (KB5043076) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

The September 2024 Windows security update (KB5043067) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

The September 2024 Windows security update (KB5043083) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

The September 2024 Windows security update (KB5042881) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

This issue is addressed in KB5044281.

This issue is resolved in update KB5041838.

This issue is resolved in update KB5041850.

This issue is addressed in KB5041585.

We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5041580.

This issue is addressed in KB5040527.

This issue is addressed in KB5041585.

This issue is addressed in KB5041592.

This issue is addressed in KB5040525.

We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5041580.

This issue is addressed in KB5041578.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5041773.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5041782.

This issue is addressed in KB5041160.

This issue is addressed in KB5041160.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port \pipe\RpcProxy\3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0). In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

This documentation contains information about how to modify the registry. Make sure that you back up the registry before you modify it and that you know how to restore the registry if a problem occurs. For more information, see How to back up and restore the registry in Windows. To mitigate the issue temporarily until a resolution is available, please follow the below steps: a. Add a registry value to disable the changes by running the following command: reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceshnsState /v FwPerfImprovementChange /t REG_DWORD /d 0 /f b. Restart the hns service by running the command: Restart-service hns We are working on a resolution that will be available in a future Windows update.

This issue is addressed in KB5040527.

This issue is addressed in KB5040442.

This issue is addressed in KB5040442 and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one. If you have not deployed the June 2024 Windows non-security update yet, we recommend you apply KB5040442 instead.

This issue is addressed in KB5040525.

We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5040430.

This issue is addressed in KB5040527.

This issue is addressed in KB5040525.

This issue is addressed in KB5039299.

We are gradually rolling out a new Copilot experience for devices with KB5039299or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.

We are gradually rolling out a new Copilot experience for devices with KB5039299 or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.

We are working on a resolution and will provide an update in an upcoming release.

This issue is addressed in KB5041160.

This issue is addressed in KB5041054.

This issue is addressed in KB5041160.

This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

Please refer to the workaround mentioned in Windows release health site for this issue.

After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on a Windows 11, version 21H2 device, please contact Windows support for help.

After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on your device, please contact Windows support for help

Please refer to the workaround mentioned in Windows release health site for this issue.

Please refer to the workaround mentioned in Windows release health site for this issue.

After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on your device, please contact Windows support for help.

This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.

After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on a Windows 11, version 21H2 device, please contact Windows support for help.

After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on your device, please contact Windows support for help

We are working on a resolution and will provide an update in an upcoming release.

To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). We are working on a resolution and will provide an update in an upcoming release.