Microsoft has released the Patch Tuesday updates for Windows 11 22H2 (KB5029263) and 21H2 (KB5029253). The updates bump 22H2 to Build 22621.2134 and 21H2 to Build 22000.2295. Please be aware that many of the highlights and improvements below are from the updates pushed at the end of July.
Windows 11 22H2
Highlights
This update addresses security issues for your Windows operating system.
- This update makes brightness settings more accurate.
- This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.
- This update addresses an issue that affects Widgets. They unpin from the taskbar when you do not expect it.
- This update addresses an issue that affects virtual private networks (VPN). There might be excessive Address Resolution Protocol (ARP) requests to the network gateway. This occurs when the VPN is on a wireless mesh network that uses an aggressive throttling algorithm. Because of this, network performance is poor.
Improvements
This security update includes improvements that were a part of update KB5028254 (released July 26, 2023). When you install this KB:
This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
- New! This update affects the Handwriting Software Input Panel (SIP), the Handwriting Engine, and the Handwriting Embedded Inking Control. They now support GB18030-2022 conformance level 2. Because of this, they meet the level 3 requirements.
- This update addresses an issue in the Windows Notification Platform. The issue affects how much power your device uses.
- This update affects the Windows Push Notification Services (WNS). It makes the connection between the client and the WNS server more reliable.
- This update addresses an issue that affects hybrid joined devices. You cannot sign in to them if they are not connected to the internet. This occurs when you use a Windows Hello for Business PIN or biometric credentials. This issue applies to a cloud trust deployment.
- This update affects Windows Autopilot profiles. The process to download the Windows Autopilot policy is more resilient. This helps when a network connection might not be fully initialized. This update increases the retry attempts when you try to download the Windows Autopilot profile.
- This update addresses an issue that affects Event Forwarding Subscriptions. When you add an Event Channel to the subscription, it forwards events you do not need.
- This update addresses an issue that affects the Windows Management Instrumentation (WMI) repository. This causes an installation error. The issue occurs when a device does not shut down properly.
- This update addresses an issue that affects certain CPUs. There is inconsistent reporting of the L2 cache.
- This update enhances hinting for some of the letters of the Verdana Pro font family.
- This update affects user mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
- This update affects text edit controls in XAML and browser controls. You cannot make text edit controls editable again after they become read only. This occurs when you use the new Microsoft Input Method Editor for Japanese, Chinese, and Korean.
- This update makes Narrator announce the “Change product key” label.
- This update addresses an issue that affects the Defender Firewall Profile. It fails to automatically switch from a LAN that is trusted to a public network.
- This update makes Country and Operator Settings Asset (COSA) profiles up to date.
- This update addresses an issue that affects a printing job. An unexpected Internet Printing Protocol (IPP) mode switch can cause the print job to abruptly stop. This occurs when there is an independent hardware vendor (IHV) driver.
- This update addresses an issue that affects certain wireless wide area network (WWAN) devices. After every restart, a dialog reappears. It asks you to switch to embedded SIM (eSIM) even when you choose "No."
- This update addresses a deadlock in Internet Protocol Security (IPsec). When you configure servers with IPsec rules, they stop responding. This issue affects virtual and physical servers.
- This update addresses an issue that affects the MPSSV service. The issues causes your system to restart repeatedly. The stop error code is 0xEF.
- This update affects the Windows Kernel Vulnerable Driver Blocklist, DriverSiPolicy.p7b. It adds drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- This update addresses an issue that affects Windows Defender Application Control (WDAC). The issue copies unsigned WDAC policies to the Extensible Firmware Interface (EFI) disk partition. This partition is reserved for signed policies.
- This update addresses an issue that affects WDAC. The “Disabled: Script Enforcement” option might create audit events you do not need.
- This update addresses an issue that affects the fastfat file system driver. It stops responding because of a race condition.
- This update addresses an issue that affects I/O over Server Message Block (SMB). It might fail when you use the LZ77+Huffman compression algorithm.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the Security Update Guide website and the August 2023 Security Updates.
Windows 11 servicing stack update - 22621.2061
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Known issues
Applies to
Symptom
Workaround
IT admins
Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Provisioning packages are .PPKG files which are used to help configure new devices for use on business or school networks. Provisioning packages which are applied during initial setup are most likely to be impacted by this issue. For more information on provisioning packages, please see Provisioning packages for Windows.
Note Provisioning Windows devices using Windows Autopilot is not affected by this issue.
Windows devices used by consumers in their home or small offices are not likely to be affected by this issue.
If you can provision the Windows device before upgrading to Windows 11, version 22H2, this will prevent the issue.
We are presently investigating and will provide an update in an upcoming release.
Windows 11 21H2
Highlights
This update addresses security issues for your Windows operating system.
- This update addresses an issue that affects virtual private networks (VPN). There might be excessive Address Resolution Protocol (ARP) requests to the network gateway. This occurs when the VPN is on a wireless mesh network that uses an aggressive throttling algorithm. Because of this, network performance is poor.
- This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.
Improvements
This security update includes improvements that were a part of update KB5028245 (released July 25, 2023). When you install this KB:
This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
- New! This update affects the Handwriting Software Input Panel (SIP), the Handwriting Engine, and the Handwriting Embedded Inking Control. They now support GB18030-2022 conformance level 2. Because of this, they meet the level 3 requirements.
- This update affects the Windows Push Notification Services (WNS). It makes the connection between the client and the WNS server more reliable.
- This update addresses an issue that affects UI Automation and caching mode.
- This update addresses an issue that affects the Windows Notification Platform. It fails to send notifications from applications to you.
- This update addresses an issue that affects hybrid joined devices. You cannot sign in to them if they are not connected to the internet. This occurs when you use a Windows Hello for Business PIN or biometric credentials. This issue applies to a cloud trust deployment.
- This update affects Windows Autopilot profiles. The process to download the Windows Autopilot policy is more resilient. This helps when a network connection might not be fully initialized. This update increases the retry attempts when you try to download the Windows Autopilot profile.
- This update addresses an issue that might affect Win32 and Universal Windows Platform (UWP) apps. They might close when devices enter Modern Standby. Modern Standby is an expansion of the Connected Standby power model. This issue occurs if certain Bluetooth Phone Link features are turned on.
- This update addresses an issue that affects the Windows Management Instrumentation (WMI) repository. This causes an installation error. The issue occurs when a device does not shut down properly.
- This update addresses an issue that affects certain CPUs. There is inconsistent reporting of the L2 cache.
- This update addresses an issue that affects Event Forwarding Subscriptions. When you add an Event Channel to the subscription, it forwards events you do not need.
- This update enhances hinting for some of the letters of the Verdana Pro font family.
- This update affects user mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
- This update addresses an issue that might affect your computer when you are playing a game. Timeout Detection and Recovery (TDR) errors might occur.
- This update affects text edit controls in XAML and browser controls. You cannot make text edit controls editable again after they become read only. This occurs when you use the new Microsoft Input Method Editor for Japanese, Chinese, and Korean.
- This update makes Narrator announce the “Change product key” label.
- This update addresses an issue that affects the Defender Firewall Profile. It fails to automatically switch from a LAN that is trusted to a public network.
- This update makes Country and Operator Settings Asset (COSA) profiles up to date.
- This update addresses a deadlock in Internet Protocol Security (IPsec). When you configure servers with IPsec rules, they stop responding. This issue affects virtual and physical servers.
- This update addresses an issue that affects the MPSSV service. The issues causes your system to restart repeatedly. The stop error code is 0xEF.
- This update addresses an issue that affects a Clustered Shared Volume (CSV). The CSV fails to come online. This occurs if you enable BitLocker and local CSV managed protectors, and the system recently rotated the BitLocker keys.
- This update addresses an issue that causes Windows to fail. This occurs when you use BitLocker on a storage medium that has a large sector size.
- This update affects the Windows Kernel Vulnerable Driver Blocklist, DriverSiPolicy.p7b. It adds drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- This update addresses an issue that affects the fastfat file system driver. It stops responding because of a race condition.
- This update addresses an issue that affects refsutil.exe. Options, like salvage and leak, do not work properly on Resilient File System (ReFS) volumes.
- This update addresses an issue that affects I/O over Server Message Block (SMB). It might fail when you use the LZ77+Huffman compression algorithm.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the Security Update Guide website and the August 2023 Security Updates.
Windows 11 servicing stack update - 22000.2237
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
Both of these updates are available through Windows Update and should install automatically in time, however, if you need to download them for offline installation, get them from the Microsoft Update Catalog (22H2, 21H2).
1 Comment - Add comment