Microsoft has released Patch Tuesday updates for Windows 11 24H2, 23H2, and 22H2. The 24H2 update is provided via KB5055523, while the 23H2 and 22H2 updates are delivered via KB5055528. You will be on build versions 26100.3775, 22631.5189, and 22621.5189, respectively, after applying the update.
Here's what's new:
24H2
Highlights
This update addresses security issues for your Windows operating system.
Improvements
This security update includes improvements that were a part of update KB5053656 (released March 27, 2025). The following summary outlines key issues addressed by the KB update after you install it. Also, included are available new features. The bold text within the brackets indicates the item or area of the change.
[Authentication] This update addresses an issue affecting machine password rotation in the Identity Update Manager certificate/Pre-Bootstrapping Key Initialization path. This issue occurred particularly when Kerberos was used and Credential Guard was enabled, potentially causing user authentication problems. The feature Machine Accounts in Credential Gurad, which is dependent on password rotation via Kerberos, has also been disabled, until a permanent fix is made available.
[Daylight Saving Time (DST)] Update for the Aysen region in Chile to support the government DST change order in 2025. For more info about DST changes, see the Daylight Saving Time & Time Zone Blog.
[PcaUiArm] This update addresses an issue affecting the PcaUiArmUpdate feature, which results in unexpected behavior in specific scenarios.
If you installed earlier updates, your device downloads and installs only the new updates contained in this package.
For more information about security vulnerabilities, see the Security Update Guide and the April 2025 Security Updates.
AI Components
The following AI components have been updated with this release:
AI Component
Version
Image Search
1.7.820.0
Content Extraction
1.7.820.0
Semantic Analysis
1.7.820.0
Windows 11 servicing stack update (KB5058538)- 26100.3764
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. To learn more about SSUs, see Simplifying on-premises deployment of servicing stack updates.
Known issues
| Applies to | Symptom | Workaround | |
| Roblox | All users |
We’re aware of an issue where players on Arm devices are unable to download and play Roblox from the Microsoft Store on Windows. |
Roblox is working on a resolution to address this issue. Please refer to the Roblox support site for updates. Until the resolution is available, players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com. |
| Citrix | All users | Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device. This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue. |
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available. |
| Windows Hello | All users |
We're aware of an edge case of Windows Hello issue affecting devices with specific security features enabled. After installing this update and performing a Push button reset or Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, some users might be unable to login to their Windows services using Windows Hello facial recognition or PIN. Users might observe a Windows Hello Message saying "Something happened and your PIN isn't available. Click to set up your PIN again" or "Sorry something went wrong with face setup". Note: This issue only affects devices where System Guard Secure Launch or Dynamic Root of Trust for Measurement (DRTM) feature is enabled after installing this update. Devices with Secure Launch or DRTM enabled prior to this update, or those with these features disabled, are not impacted by this issue. |
|
23H2 and 22H2
Highlights
This update addresses security issues for your Windows operating system.
Normal rollout
[Daylight Saving Time (DST)] Update for the Aysen region in Chile to support the government DST change order in 2025. For more info about DST changes, see the Daylight Saving Time & Time Zone Blog.
Improvements
Windows 11, version 23H2
Important: Use EKB KB5027397 to update to Windows 11, version 23H2.
This security update includes quality improvements. Key changes include:
This build includes all the improvements in Windows 11, version 22H2.
No additional issues are documented for this release.
Windows 11, version 22H2
This security update includes improvements that were part of update KB5053657(released March 25, 2025). The following summary outlines key issues addressed by the KB after you install it. Also, included are available new features. The bold text within the brackets indicates the item or area of the change.
This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, see the Security Update Guide and the April 2025 Security Update.
Windows 11 servicing stack update (KB5053665) - 22621.5120 and 22631.5120
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. To learn more about SSUs, see Simplifying on-premises deployment of servicing stack updates.
Known issues
| Applies to | Symptoms | Workaround | |
| Citrix |
All users |
Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device. This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue. |
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available. |
These updates will be available from Windows Update and should install automatically in most cases. If you would like to download these updates for offline installation, you can get them from the Microsoft Catalog website. You can find the update for 24H2 here, and 23H2 and 22H2 here.
1 Comment - Add comment