KB5041587 is out for Windows 11 22H2 and 23H2 with File Explorer improvements and more

A Windows 11 logo

This month's non-security update for Windows 11 versions 22H2 and 23H2 is now out under KB5041587 with build versions 22621.4112 and 22631.4112. As usual, it is an optional update (and technically a preview), so feel free to skip it unless you need a specific bug fix or a new feature from the changelog below.

KB5041587 contains some changes that are gradually rolling out, so you might not have right after installing the update:

[Windows Share] New! You can now share content to your Android device from the Windows Share window. To do this, you must pair your Android device to your Windows PC. Use the Link to Windows app on your Android device and Phone Link on your PC.

[Narrator] This update makes scan mode respond quicker. This is especially helpful when you use Microsoft Edge and read large documents. To use scan mode, you must turn on Narrator first (Windows logo key + Ctrl + Enter). Then, turn on scan mode by pressing Caps lock + Spacebar during a Narrator session.

[Voice access] You can now dictate the characters that you spell at a faster speed. You also have more editing options for the commands that select, delete, and move within text.

[File Explorer]

When you press Windows logo key + E, a screen reader might say a pane has focus, or the focus might not be set at all.

When you press Ctrl + F, sometimes the search does not start.

Keyboard focus sometimes might get lost when you press Shift + Tab.

Screen readers do not announce when you open or browse items that are in a breadcrumb of the Open or Save dialog.

Screen readers do not announce when you open or browse items in the column header.

[Widgets Board] We are rolling out an update to the Widgets Board to improve security and the APIs for creating widgets and feeds for users in EEA regions. As part of this update, the Microsoft Start Experiences app will power the Microsoft Start widget and feed experiences. Also, as part of this update, some existing widgets will be removed and others will be modified, temporarily affecting their functionality. This update sets the foundation for new widgets and other features in development, set to roll out soon.

Other changes that are available to all users include the following:

[Input Method Editor (IME)] When a combo box has input focus, a memory leak might occur when you close that window.

[Country and Operator Settings Asset] This update brings COSA profiles up to date for certain mobile operators.

[Bluetooth] External devices lose their connection when you deploy certain Bluetooth policies.

[Bind Filter Driver] Your system might stop responding when it accesses symbolic links.

[Unified Write Filter (UWF) and Microsoft System Center Configuration Manager (SCCM)] An SCCM task to re-enable UWF fails because of a deadlock in UWF. This stops the device from restarting when you expect it.

[Hibernate stop error] Your laptop stops responding after you resume it from hibernate. This occurs if you have closed and opened the lid many times.

[File Explorer] The navigation pane does not update when you browse folders that are in a shell namespace extension.

[Microsoft Entra single sign-on (SSO)] The SSO notice that the European Digital Markets Act (DMA) requires prompts too often. This occurs when you authenticate using a certificate. To learn more, see Upcoming changes to Windows single sign-on.

[Windows Hello for Business] PIN reset does not work when you select the “I forgot my PIN’ link on the credentials screen.

As for known bugs, there is just one about broken dual-boot Windows-Linux configurations:

Symptom	Workaround
After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.	Please refer to the workaround mentioned in the Windows release health site for this issue.

Symptom

Workaround

After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”

The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.

Please refer to the workaround mentioned in the Windows release health site for this issue.

You can download the latest non-security update for Windows 11 versions 22H2 and 23H2 by heading to Settings > Windows Update and toggling on the "Get the latest updates as soon as they're available" option. Alternatively, download KB5041587 directly from the Microsoft Update Catalog using this link.