When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Windows 11 Patch Tuesday update out now for 23H2, 22H2 (KB5041585), and 21H2 (KB5041592)

Neowin · · Hot! with 3 comments

Patch Tuesday

Microsoft has released Patch Tuesday updates for Windows 11 23H2, 22H2, and 21H2. The 23H2 and 22H2 versions' update is delivered via KB5041585, while the 21H2 update is KB5041592. You will be on build versions 22621.4037, 22631.4037, and 22000.3147, respectively, after applying the update.

Here's what's new:

23H2 and 22H2

IMPORTANT Home and Pro editions of Windows 11, version 22H2 will reach end of service on October 8, 2024. Until then, these editions will only receive security updates. They will not receive non-security, preview updates. To continue receiving security and non-security updates after October 8, 2024, we recommend that you update to the latest version of Windows.

Note We will continue to support Enterprise and Education editions after October 8, 2024.

Highlights

  • This update addresses security issues for your Windows operating system.

Improvements

Windows 11, version 23H2

Important: Use EKB KB5027397 to update to Windows 11, version 23H2.

This security update includes quality improvements. Key changes include:

  • This build includes all the improvements in Windows 11, version 22H2.

  • No additional issues are documented for this release.

Windows 11, version 22H2

This security update includes improvements that were a part of update KB5040527 (released July 23, 2024). Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

  • [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.

  • [Lock screen] This update addresses CVE-2024-38143. Because of this, the “Use my windows user account” check box is not available on the lock screen to connect to Wi-Fi.

  • [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.

  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

For more information about security vulnerabilities, please refer to the Security Update Guide website and the August 2024 Security Updates.

Windows 11 servicing stack update (KB5041584) - 22621.4027 and 22631.4027

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Microsoft is not currently aware of any issues with this update.

21H2

IMPORTANT All editions of Windows 11, version 21H2 will reach end of service on October 8, 2024. After that date, these devices will not receive monthly security and non-security updates. These updates contain protections from the latest security threats. To continue receiving these updates, we recommend that you update to the latest version of Windows.

Highlights

  • This update addresses security issues for your Windows operating system.

Improvements

This security update includes improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

  • [Protected Process Light (PPL) protections] You can bypass them.

  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

  • [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.

  • [Lock screen] This update addresses CVE-2024-38143. Because of this, the “Use my windows user account” check box is not available on the lock screen to connect to Wi-Fi.

  • [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.

  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

For more information about security vulnerabilities, please refer to the Security Update Guide website and the August 2024 Security Updates.

Windows 11 servicing stack update (KB5041591) - 22000.3139

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Applies to

Symptom

Workaround

All users

After installing this update, you might be unable to change your user account profile picture.

When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520.

After further investigation, we concluded this issue has very limited or no impact for this Windows version.

If you encounter this issue on a Windows 11, version 21H2 device, please contact Windows support for help.

These updates will be available from Windows Update and should install automatically in most cases. If you would like to download these updates for offline installation, you can get them from the Microsoft Catalog website. You can find the updates for 23H2 and 22H2 here and the update for 21H2 here.

Report a problem with article
Patch Tuesday
Next Article

Patch Tuesday update (KB5041571) hits Copilot+ PCs running Windows 11 24H2

Windows 10 Patch Tuesday
Previous Article

Windows 10 (KB5041580 / KB5041578 / KB5041773 / KB5041782) August 2024 Patch Tuesday out

Join the conversation!

Login or Sign Up to read and post a comment.

3 Comments - Add comment