Windows 10 21H2 Build 19044.2075 (KB5017380) Disables TLS 1.0 & 1.1

Microsoft has updated the Windows 10 Insider Release Preview channel with L5017380, installing which will upgrade the operating system’s build to 19044.2075. This update brings a lot of fixes and changes to…

Table of contents

Microsoft has released KB5017380 to the Release Preview channel for the Insiders on Windows 10 version 21H2 on Release Preview channel. Installing this update will upgrade the operating system’s build to 19044.2075.

This flight does not include any new features, but a plethora of fixes, improvements, and changes. The highlight of this release is that it disables TLS 1.0 and 1.1 by default. This is probably because this security technology has been outdated and superseded by TLS 1.3 and SSL.

Let us now dig into the other improvements this update brings.

Table of contents

New in Windows 10 Build 19044.2075

The following list of fixes and improvements are included in this flight:

Transport Layer Security (TLS) 1.0 and 1.1 will now be disabled by default in Microsoft browsers and applications.
You can now search for the controls for news and interests on the taskbar and modify them using the Settings app. To change your settings, navigate to Settings >> Personalization >> Taskbar >> News and interests. Alternatively, right-click the taskbar and select Taskbar settings.

All taskbar orientations for news and interests are now supported. A top, left, or right taskbar now has features and settings much like the horizontal taskbar.
Microsoft has introduced WebAuthn redirection. It lets you authenticate in apps and on websites without a password when you use Remote Desktop. Then, you can use Windows Hello or security devices, such as Fast Identity Online 2.0 (FIDO2) keys.
Microsoft has introduced functionality that lets you use Azure Active Directory (AD) authentication to sign in to Windows using Remote Desktop. Then, you can use Windows Hello or security devices, such as Fast Identity Online 2.0 (FIDO2) keys, for remote sign in. It also enables the use of Conditional Access policies.

An issue that requires you to reinstall an app if the Microsoft Store has not signed that app is now fixed. This issue occurs after you upgrade to Windows 10 or a newer OS.
An issue that prevents MSIX updates from installing from the same URL is fixed.
An issue that stops codecs from being updated from the Microsoft Store is fixed.

An issue that affects cached credentials for security keys and Fast Identity Online 2.0 (FIDO2) authentications is fixed. On hybrid domain-joined devices, the system removes these cached credentials.
An issue that affects a network’s static IP is now fixed. The issue causes the configuration of the static IP to be inconsistent. Because of this, NetworkAdapterConfiguration() fails sporadically.
An issue that affects rendering in Desktop Window Manager (DWM) has been addressed. This issue might cause your device to stop responding in a virtual machine setting when you use certain video graphics drivers.

A rare stop error that happens after you change the display mode and more than one display is in use has been addressed.
An issue that affects graphics drivers that use d3d9on12.dll is addressed.
An issue that forces the IE mode tabs in a session to reload has been fixed.

An issue that affects URLs generated by JavaScript: URLs is fixed. These URLs do not work as expected when you add them to the Favorites menu in IE mode.
An issue that affects window.open in IE mode is fixed.
An issue that successfully opens a browser window in IE mode to display a PDF file is addressed. Later, browsing to another IE mode site within the same window fails.

Microsoft has introduced introduced a Group Policy that enables and disables Microsoft HTML Application (MSHTA) files.
An issue that affects the Microsoft Japanese input method editor (IME) has been taken care of. Text reconversion fails when you use some third-party virtual desktops.
An issue that affects the App-V client service is fixed. The service leaks memory when you delete App-V registry nodes.

An issue that might change the default printer if the printer is a network printer has been taken care of.
An issue that affects the ProjectionManager.StartProjectingAsync API is fixed. This issue stops some locales from connecting to Miracast Sinks.
An issue that affects Group Policy Objects has been addressed. Because of this, the system might stop working.

An issue that affects Windows Defender Application Control (WDAC) path rules is fixed. This issue stops .msi and PowerShell scripts from running.
An issue that might bypass MSHTML and ActiveX rules for WDAC has been fixed.
An issue that causes WDAC to log 3091 and 3092 events in audit mode is fixed.

An issue that affects Windows Defender Application Control (WDAC) has been addressed. It stops WDAC from logging .NET Dynamic Code trust verification failures.
An issue that affects WDAC policies is fixed. If you enable SecureLaunch on a device, WDAC policies will not apply to that device.
An issue that occurs when a WDAC policy fails to load is fixed. The system logs that failure as an error, but the system should log the failure as a warning.

An issue that affects non-Windows devices has been addressed. It stops these devices from authenticating. This issue occurs when they connect to a Windows-based remote desktop and use a smart card to authenticate.
An issue that occasionally causes explorer.exe to stop working when explorer.exe opens has been addressed.
An issue that affects the Microsoft Japanese IME when it is active and the IME mode is on, is now fixed. When you use the numeric keypad to insert a dash (-) character, the IME inserts the wrong one.

An issue that affects the rendering of the search box has been fixed. It does not render properly if you sign in using Table mode.
An issue that affects the FindNextFileNameW() function is fixed. It might leak memory.
An issue that affects robocopy is fixed. Robocopy fails to set a file to the right modified time when using the /IS option.

An issue that affects cldflt.sys has been addressed. A stop error occurs when it is used with Microsoft OneDrive.
An issue that affects the LanmanWorkstation service is fixed. It leaks memory when you mount a network drive. 40366335 Risk Pending
An issue that affects Roaming User Profiles has been taken care of. After you sign in or sign out, some of your settings are not restored.

An issue that affects XML Paper Specification (XPS) viewers is fixed. This might stop you from opening XPS files in some non-English languages. These include some Japanese and Chinese character encodings. This issue affects XPS and Open XPS (OXPS) files.
An issue that affects daylight saving time in Chile is fixed. This issue might affect the time and dates used for meetings, apps, tasks, services, transactions, and more.

With these fixes, Microsoft has not addressed any known issues.

How to Install Windows 10 KB5017380 (Build 19044.2075)

To install this update, you need to be running Windows 10 and subscribed to the Release Preview channel. If you have enabled Windows Updates, you will automatically get a “New features are ready to install” prompt.

If not, follow these steps to install this update:

Open the Settings app, and then click Update & Security.
On the right side, click Check for updates.

The app will then scan for pending updates. When scanned, you will then see the following update downloading and installing automatically:
```
2022-09 Cumulative Update Preview for Windows 10 Version 21H2 for x64-based Systems (KB5017380)
```
When done, click Restart now to finalize the installation.

Once the computer reboots, you can check that it has been updated to build 19044.1947 by typing in winver in the Run Command box.

Rollback/Uninstall Windows 10 Insider Preview Update

If you do not wish to keep the installed preview update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update.

To roll back after 10 days, you will need to apply this trick. Note that this needs to be applied before the 10 days are over.

You can also resort to uninstalling the update using the method below.

Uninstall KB5017380 Using Command Prompt

Since we have installed this update using Windows Update, it will not be listed in the list of updates but you can see it in the command line, and thus uninstall it. Here is how:

Launch the Command Prompt with elevated privileges.
Run the following command:
```
wmic qfe list brief /format:table
```
This will show all the updates installed on the computer. Make sure that the update(s) you want to uninstall is in this list.
Now run the following command to uninstall the update while entering the KB number of the update you want to remove:
```
wusa /uninstall /kb:5017380
```

Now click Yes from the popup to confirm the action.
The update will now begin uninstalling. When it completes, restart the computer for the changes to fully take effect.

Cleanup After Installing Windows Updates

If you want to save space after installing Windows updates, you can run the following commands in Command Prompt:

DISM.exe /Online /Cleanup-Image /AnalyzeComponentStore

DISM.exe /Online /Cleanup-Image /StartComponentCleanup

Tags: Windows 10 Insider Updates, Windows 10 Updates, Windows Release Preview Updates, Windows Updates

Subhan Zafar

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

See all posts from Subhan Zafar