Related topics
Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Release Date:



OS Build 20348.1070

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Azure Stack HCI, version 21H2, see its update history page.  


This non-security update includes quality improvements. Key changes include:        

  • New! Introduces WebAuthn redirection. It lets you authenticate in apps and on websites without a password when you use Remote Desktop. Then, you can use Windows Hello or security devices, such as Fast Identity Online 2.0 (FIDO2) keys.

  • New! Improves storage replication that occurs over low bandwidth or congested wide area networks (WAN).

  • Addresses an issue that requires you to reinstall an app if the Microsoft Store has not signed that app. This issue occurs after you upgrade to Windows 10 or a newer OS.

  • Addresses an issue that affects cached credentials for security keys and FIDO2 authentications. On hybrid domain-joined devices, the system removes these cached credentials.

  • Addresses an issue that stops codecs from being updated from the Microsoft Store.

  • Addresses an issue that affects a network’s static IP. The issue causes the configuration of the static IP to be inconsistent. Because of this, NetworkAdapterConfiguration() fails sporadically.

  • Addresses an issue that affects rendering in Desktop Window Manager (DWM). This issue might cause your device to stop responding in a virtual machine setting when you use certain video graphics drivers.

  • Addresses a rare stop error that happens after you change the display mode and more than one display is in use.

  • Addresses an issue that affects graphics drivers that use d3d9on12.dll.

  • Addresses an issue that affects URLs generated by JavaScript: URLs. These URLs do not work as expected when you add them to the Favorites menu in IE mode.

  • Addresses an issue that affects in IE mode.

  • Addresses an issue that successfully opens a browser window in IE mode to display a PDF file. Later, browsing to another IE mode site within the same window fails.

  • Addresses an issue that forces the IE mode tabs in a session to reload.

  • Introduces a Group Policy that enables and disables Microsoft HTML Application (MSHTA) files.

  • Addresses an issue that occurs when the input queue overflows. This might cause an application to stop responding.

  • Addresses an issue that affects the Microsoft Japanese input method editor (IME). Text reconversion fails when you use some third-party virtual desktops.

  • Addresses an issue that affects the App-V client service. The service leaks memory when you delete App-V registry nodes.

  • Addresses an issue that might change the default printer if the printer is a network printer.

  • Addresses an issue that affects Windows Defender Application Control (WDAC) path rules. This issue stops .msi and PowerShell scripts from running.

  • Addresses an issue that causes WDAC to log 3091 and 3092 events in audit mode.

  • Addresses an issue that affects Group Policy Objects. Because of this, the system might stop working.

  • Addresses an issue that occurs when a WDAC policy fails to load. The system logs that failure as an error, but the system should log the failure as a warning.

  • Addresses an issue that affects non-Windows devices. It stops these devices from authenticating. This issue occurs when they connect to a Windows-based remote desktop and use a smart card to authenticate.

  • Addresses an issue that might bypass MSHTML and ActiveX rules for WDAC.

  • Addresses an issue that affects WDAC policies. These policies will not apply on a system when you enable SecureLaunch.

  • Addresses an issue that affects the Settings app on server domain controllers (DCs). When you access System > Display, the Settings app stops working.

  • Addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop working on a child domain controller (DC). This might occur when you lose the connection to a root DC while you are searching for a name that is in many forests or a security ID (SID).

  • Addresses an issue that affects the FindNextFileNameW() function. It might leak memory.

  • Addresses an issue that affects robocopy. Robocopy fails to set a file to the right modified time when using the /IS option.

  • Addresses an issue that affects cldflt.sys. A stop error occurs when it is used with Microsoft OneDrive.

  • Addresses an issue that affects the Get-SmbServerNetworkInterface cmdlet. It only retrieves a subset of the available network interfaces.

  • Addresses an issue that affects the Get-SmbServerConfiguration cmdlet. It only allows you to run it if you are an administrator.

  • Addresses an issue that affects the LanmanWorkstation service. When you mount a network drive, the service leaks memory.

To return to the Azure Stack HCI documentation site

Windows 10 servicing stack update - 20348.1066

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Microsoft is not currently aware of any issues with this update.

How to get this update

Before installing this update

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

To install the LCU on your Azure Stack HCI cluster, see Update Azure Stack HCI clusters.

Install this update

Release Channel


Next Step

Windows Update and Microsoft Update


Go to Settings Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Windows Update for Business


None. These changes will be included in the next security update to this channel.

Microsoft Update Catalog


To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)


You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

If you want to remove the LCU

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File Information

For a list of the files that are provided in this update, download the file information for cumulative update 5017381.

For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20348.1066

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!