KB4038801 brings a bevy of bug fixes making Windows 10 more stable

Reading time icon 5 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more


Microsoft recently rolled out one major cumulative update for Windows 10 Anniversary UpdateKB4038801 doesn’t bring any new operating system features, but it does include a long list of bug fixes that will definitely make the OS more stable and reliable.

Without further ado, we’ll list the complete update changelog below.

KB4038801 fixes and improvements

  • Updated the BitLocker.psm1 PowerShell script to not log passwords when logging is enabled.
  • Addressed issue with the Lock Workstation setting for smart cards where, in some cases, the system doesn’t lock when the smart card is removed.
  • Addressed issue where saving a credential with an empty password to Credential Manager causes the system to stop working when attempting to use the credential.
  • Addressed issue where an access token is improperly closed from a WMI query.
  • Addressed issue where the size of a cloned file was improperly calculated by ReFS.
  • Addressed error STOP 0x44 in Npfs!NpFsdDirectoryControl.
  • Addressed error 0x1_SysCallNum_71_nt!KiSystemServiceExitPico.
  • Addressed issue where a computer loses access to its domain each time a Managed Service Account (MSA) automatically renews its password. 
  • Addressed RemoteApp display issues that occur when you minimize and restore a RemoteApp to full-screen mode.
  • Addressed issue with delays when accessing Office documents from a remote network drive. Files open, but file access and file saves are affected.
  • Access delays increase dramatically with increased file size.
  • Addressed issue to prevent user logon delays. 
  • Addressed issue where the Get-AuthenticodeSignature cmdlet does not list TimeStamperCertificate even though the file is time stamped.
  • Addressed issue that may occur when you inspect a corrupted VHDX file on a Hyper-V host; the error is “Multiple Bugcheck BAD_POOL_CALLER (c2) 0000000000000007; Attempt to free pool which was already freed”. 
  • Addressed issue where the Remote Desktop’s idle timeout warning doesn’t appear after the idle time elapsed.
  • Addressed issue where revoking a certificate associated with a disabled user account in the CA management console fails. The error is “The user name or password is incorrect. 0x8007052e (WIN32: 1326 ERROR_LOGON_FAILURE)”.
  • Addressed issue where Multi-Factor Authentication doesn’t work correctly with mobile devices that use custom culture definitions.
  • •Addressed issue where the cluster node stops working when using async replication on very high-speed disks.
  • Addressed issue where ksecdd.sys causes LSASS to leak kernel memory in paged pool. This most commonly affects servers that host an HTTPS service and handle a heavy load of TLS handshakes from clients.
  • Addressed issue with excessive memory usage in LSASS when it evaluates an LDAP filter over a large record set on domain controllers.
  • Addressed issue where LSASS consumes large amounts of memory on 2012 R2 domain controllers during a security descriptor propagation operation. 
  • Addressed issue where console and RDP logons permanently stop responding at “Applying user profile settings” because of a deadlock between DPAPI/LSASS and RDR. Once the deadlock occurs, new logons fail until the logon computer is restarted.
  • Addressed issue where performing TPM-related operations using PowerShell commands on a virtual machine causes the TPM support to fail. For example, performing a Get-TPM operation produces the following error: “get-tpm : An internal error was detected. (Exception from HRESULT: 0x80290107). At line:1 char:1”.
  • Added support for OIDC logout using federated LDPs. This will allow kiosk scenarios where multiple users may be serially logged into a single device that has federation with an LDP.
  • Addressed issue with WinHello where CEP- and CES-based certificates don’t work with gMSA accounts.
  • Improved RPC reliability when sending large data blobs.
  • Addressed issue where using a smart card to log on to a Remote Desktop Server sometimes causes the server to stop responding.
  • Addressed issue where “Hibernate Once/Resume Many ” (HORM) could not be enabled on Windows Server 2016 IoT with Unified Write Filter.
  • Addressed issue where deleting an object that has many links in Active Directory causes replication to stop with Event 1084, error 8409: “A database error has occurred”. For additional information, read KB3149779.
  • Addressed issue where Windows Server 2016 domain controllers (DC) may log audit events with ID 4625 and 4776. 
  • Addressed access violation in LSASS that occurs during the startup of the domain controller role conditions. 
  • Addressed issue where Windows Server Essentials Storage Service stops working if a tiered virtual disk is created on a storage pool that has HDD and SSD.
  • Addressed issue where attempting to extend a Clustered Shared Volume (the source disk) beyond 2 TB using Disk Management in the Storage Replica feature of Windows Server 2016 Datacenter Edition fails.
  • Addressed issue where the Windows Internal Database (WID) on Windows Server 2016 AD FS servers fails to synchronize some settings because of a foreign key constraint. 

For the time being, there are no known issues for KB4038801. If you encountered various bugs after installing this update, use the comment section below to tell us more about your experience.


More about the topics: windows 10 updates