Patchday: Windows 11/Server 2022-Updates (March 14, 2023)

Windows[German]On March 14, 2023 (second Tuesday of the month, patchday at Microsoft), Microsoft also released cumulative updates for Windows 11 22H1 and 22H2. In addition, Windows Server 2022 received an update. Here are some details about these updates, which are supposed to fix vulnerabilities as well as issues.


Advertising

Updates for Windows 11 21H1 – 22H2

A list of Windows 11 updates can be found on this Microsoft web site. I have pulled out the details below. Microsoft now provides the following updates for the Windows 11 versions mentioned above.

Update KB5023706 for Windows 11 22H2

Cumulative update KB5023706 raises the OS build for Windows 11 to 22621.1413 and includes quality improvements as well as security patches. This update also includes the Moments 2 changes mentioned in the previous month's preview update (see Windows 11 22H2: Moments 2 update KB5022913 brings many new features). In managed environments, it is recommended to defer the installation of this update. In support article KB5023706, Microsoft states the following new features:

  • This update addresses security issues for your Windows operating system.
  • This update implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442 – und den Blog-Beitrag DCOM hardening (CVE-2021-26414) on March 14, 2023 patchday for Windows 10/11 and Server). After you install this update, you cannot turn off the changes using the registry key.
  • This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, "Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: 'An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.'" For more information, see KB5020276.

This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog and via WSUS and WUfB. The patch includes the Windows 11 Servicing Stack Update, which raises its build to 22621.1190. The update causes various problems, which are listed in the support article.

The fix for the performance problems when copying, see Windows 11 22H2: Fix for performance issue when copying files available, does not seem to work completely – see the comment here.

Update KB5023698 for Windows 11 21H2

Cumulative update KB5023698 raises the OS build on Windows 11 to 22000.1696 and includes quality improvements as well as security patches, but no new operating system features. Regarding the implemented improvements, Microsoft mentions the following:

  • This update addresses security issues for your Windows operating system.
  • This update implements phase three of Distributed Component Object Model (DCOM) hardening (siehe KB5004442  – und den Blog-Beitrag DCOM-Härtung (CVE-2021-26414) zum 14. März 2023-Patchday für Windows 10/11 und Server. After you install this update, you cannot turn off the changes using the registry key.
  • This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, "Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: 'An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.'" For more information, see KB5020276.

Microsoft is keeping quiet about the details of the other fixes. These were already documented with the previous month's preview update, see Windows 11 21H2 Preview Update KB5022905 (Feb. 21, 2023). Microsoft notes that this update makes quality improvements to the servicing stack (is responsible for Microsoft updates). This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog and via WSUS and WUfB. No known issues are indicated in the support article.

Windows Server 2022

For Windows Server 2022, according to this Microsoft page, cumulative update KB5023705 (Windows Server 2022) has been released, raising the OS build to 20348.1607. Among the fixes this update makes, Microsoft writes:


Advertising

  • This update addresses an issue that stops hyperlinks from working in Microsoft Excel.
  • This update implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.
  • This update addresses an issue that affects the registry size. It grows very large. This occurs because the registry entries are not removed when users sign out of an Azure Virtual Desktop (AVD) environment that uses FSlogix.
  • This update affects the United Mexican States. This update supports the government's daylight saving time change order for 2023.
  • This update addresses an issue that affects the Get-WinEvent cmdlet. It fails. The system throws InvalidOperationException.
  • This update addresses an issue that affects Azure Active Directory (Azure AD). Using a provisioning package for bulk provisioning fails.
  • This update addresses an issue that affects the Routing and Remote Access Service (RRAS). RRAS cannot accept any new incoming virtual private network (VPN) connections.
  • This update addresses an issue that occurs when an access control policy denies you access to a resource. When you sign out, the system does not delete the POST Security Assertion Markup Language (SAML) Request cookie. This stops you from choosing other resources the next time you sign in.
  • This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This occurs after you run Sysprep on a domain-joined machine.
  • This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, "Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: 'An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.'" For more information, see KB5020276.
  • This update addresses an issue that affects Storage Replication setup. Setup might fail on machines that use non En-US locales.
  • This update addresses an issue that affects cluster name object (CNO) repairs. This issue stops you from using Failover Clustering to repair a CNO on an Azure virtual machine (VM).

Microsoft notes that this update makes quality improvements to the servicing stack (which is responsible for Microsoft updates). This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog and via WSUS and WUfB. Notes on known issues with the update can be found in the support article. It is interesting that the ESXi boot problem from the previous month is still listed, i.e. not fixed.

Similar articles:
Microsoft Security Update Summary (March 14, 2023)
Patchday: Windows 10-Updates (March 14, 2023)
Patchday: Windows 11/Server 2022-Updates (March 14, 2023)
Windows 7/Server 2008 R2; Server 2012 R2: Updates (March 14, 2023)
Patchday: Microsoft Office Updates (March 14, 2023)
Exchange Server Security Updates (March 14, 2023)
Windows 11 21H2 Preview Update KB5022905 (Feb. 21, 2023)
Windows 11 21H2 Preview Update KB5022905 (Feb. 21, 2023)

Windows 11 22H2: Moments 2 update KB5022913 brings many new features
Windows 11 22H2: Preview Update KB5022913 (Feb. 28, 2023)
Windows 11 22H2: Moments 2 update KB5022913 causes startup problems with third-party GUI tools
Windows 11: "Defender trouble" due to updates KB5022845 and KB5022913 (app startup hangs)
Windows 11 22H2: Fix for performance issue when copying files available


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *