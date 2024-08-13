Microsoft has released Patch Tuesday updates for Windows 11 23H2, 22H2, and 21H2. The 23H2 and 22H2 versions' update is delivered via KB5041585, while the 21H2 update is KB5041592. You will be on build versions 22621.4037, 22631.4037, and 22000.3147, respectively, after applying the update.

Here's what's new:

23H2 and 22H2

IMPORTANT Home and Pro editions of Windows 11, version 22H2 will reach end of service on October 8, 2024. Until then, these editions will only receive security updates. They will not receive non-security, preview updates. To continue receiving security and non-security updates after October 8, 2024, we recommend that you update to the latest version of Windows. Note We will continue to support Enterprise and Education editions after October 8, 2024.

Highlights This update addresses security issues for your Windows operating system.

Improvements Windows 11, version 23H2 Important: Use EKB KB5027397 to update to Windows 11, version 23H2. This security update includes quality improvements. Key changes include: This build includes all the improvements in Windows 11, version 22H2.

No additional issues are documented for this release. Windows 11, version 22H2 This security update includes improvements that were a part of update KB5040527 (released July 23, 2024). Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting. [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption . To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.

[Lock screen] This update addresses CVE-2024-38143. Because of this, the “Use my windows user account” check box is not available on the lock screen to connect to Wi-Fi.

[NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.

[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image. If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device. For more information about security vulnerabilities, please refer to the Security Update Guide website and the August 2024 Security Updates. Windows 11 servicing stack update (KB5041584) - 22621.4027 and 22631.4027 This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update Microsoft is not currently aware of any issues with this update.

21H2

IMPORTANT All editions of Windows 11, version 21H2 will reach end of service on October 8, 2024. After that date, these devices will not receive monthly security and non-security updates. These updates contain protections from the latest security threats. To continue receiving these updates, we recommend that you update to the latest version of Windows.

Highlights This update addresses security issues for your Windows operating system.

Improvements This security update includes improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting. [Protected Process Light (PPL) protections] You can bypass them.

[Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

[BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption . To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.

[Lock screen] This update addresses CVE-2024-38143. Because of this, the “Use my windows user account” check box is not available on the lock screen to connect to Wi-Fi.

[NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.

[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image. If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device. For more information about security vulnerabilities, please refer to the Security Update Guide website and the August 2024 Security Updates. Windows 11 servicing stack update (KB5041591) - 22000.3139 This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Applies to Symptom Workaround All users After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520. After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on a Windows 11, version 21H2 device, please contact Windows support for help.

These updates will be available from Windows Update and should install automatically in most cases. If you would like to download these updates for offline installation, you can get them from the Microsoft Catalog website. You can find the updates for 23H2 and 22H2 here and the update for 21H2 here.