[German]On July 11, 2023 (second Tuesday of the month, Patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds (from RTM version to current version) as well as for the Windows Server counterparts. Here are some details on the respective security updates for Windows 10.
Advertising
A list of the updates can be found on this Microsoft website. I've pulled out the details below. Since March 2021, Microsoft has been integrating Servicing Stack Updates (SSUs) for newer Windows 10 builds into the cumulative update. March 2023 is the last time Preview Updates will be available for older Windows 10 builds. Windows 10 version 20H2 Enterprise/Education will receive a security update for the last time and will then be removed from support.
Updates for Windows 10 Version 21H1-22H2
For the Windows 10 versions mentioned above, Microsoft provides only one update package, which is mentioned below.
Update KB5028166 for Windows 10 Version 21H1 – 22H2
Cumulative Update KB5028166 raises the OS build on all Windows 10 variants from 21H2-22H2 to 1904x.3208. The update only contains security fixes, but no new operating system features. A list of fixes can be read in the article Windows 10 22H2 Preview Update KB5027293 – (June 27 2023), these fixes have been adopted in the July 2023 update. For the cumulative update, it simply states:
This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
Microsoft also notes that this update makes quality improvements to the servicing stack (is responsible for Microsoft updates). This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog and via WSUS and WUfB. Note the installation instructions and known issues described in the support post.
On June 13, 2023, support for Windows 10 21H2 Home and Professional will end2 – in the future, only Windows 10 22H2 will then be supported with updates in unmanaged environments. This version will be enabled by the enablement update KB5003791.
Updates for Windows 10/Server 1909
The following updates are available for Windows 10 Enterprise 2019 LTSC and Windows Server 2019.
Update KB5028168 for Windows 10 Enterprise 2019 LTSC /Windows Server 2019
Cumulative Update KB5028168 raises the OS build (according to MS) to 17763.4645 and includes quality improvements but no new OS features. This update is only available for Windows 10 2019 Enterprise LTSC and IoT Enterprise LTSC (the remaining variants are out of the security update supply on May 11, 2021) and Windows Server 2019. Microsoft lists the following highlights:
Advertising
- The update addresses an issue that affects a site that is in Microsoft Edge IE mode. The site does not transition out of IE mode when it is expected.
- This update addresses an issue that affects Microsoft Edge IE mode. The text on the status bar is not always visible.
- The update addresses an intermittent issue that affects an audio stream. The issue disrupts the stream.
as well as subsequent improvements:
- New! This update improves several simplified Chinese fonts and the Microsoft Pinyin Input Method Editor (IME). They now support GB18030-2022. Characters in the Standard Chinese Characters List (GB18030-2022 implementation level 2) are available in Microsoft Yahei (regular, light, and bold), Dengxian (optional font: regular, light, and bold), and Simsun. The Simsun Ext-B font (GB18030-2022 implementation level 3) now supports Unicode CJK Unified Ideographs Extensions E and F.
- New! This update adds many new features and improvements to Microsoft Defender for Endpoint. For more information, see Microsoft Defender for Endpoint.
- This update adds the ability to share cookies between Microsoft Edge IE mode and Microsoft Edge. To learn more, see Cookie sharing between Microsoft Edge and Internet Explorer.
- This update addresses an issue that affects dot sourcing. It fails for files that contain a class definition in Windows PowerShell.
- This update addresses an issue that affects all the registry settings under the Policies paths. They might be deleted. This occurs when you do not rename the local temporary user policy file during Group Policy processing.
- This update affects the Desktop Window Manager (DWM). It improves its reliability.
- The update addresses a memory leak in MSCTF.dll. The leak occurs when focus is changed in edit controls.
- This update addresses an issue that affects NCryptGetProperty(). When you call it with NCRYPT_KEY_TYPE_PROPERTY, the system returns 0x1 instead of 0x20. This occurs when the key is a machine key.
- The update addresses a random issue that affects svchost.exe. There is significant memory growth in a system. This occurs when svchost.exe contains the User Access Logging Service (UALSVC).
- The update addresses an issue that affects win32kfull.sys. It dereferences an already freed queue entry. This causes a stop error.
- This update addresses an issue that affects a tib.sys driver. It does not load. This occurs when HyperVisor-protected Code Integrity (HVCI) is enabled.
- This update addresses an issue that affects Active Directory Users & Computers. It stops responding. This occurs when you use TaskPad view to enable or disable many objects at the same time.
- This update addresses an issue that affects MySQL commands. The commands fail on Windows Xenon containers.
- This update addresses an issue that affects cluster name object of failover clustering. You cannot repair it on Azure Virtual Machines.
- This update addresses a known issue that affects kiosk device profiles. If you have enabled automatic logon, it might not work. After Autopilot completes provisioning, these devices stay on the credential screen. This issue occurs after you install updates dated January 10, 2023, and later.
The update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog, via WSUS and WUfB. Microsoft has also updated the Service Stack Update (SSU). Note the installation sequence described in the support article and also the notes on additional requirements. Microsoft states known issues for the update in the support article.
Updates for Windows 10 Version 1507 – 1607
Updates for the Enterprise LTSC versions are available for Windows 10 RTM up to version 1607. These updates are automatically downloaded and installed by Windows Update, but are available for download from the Microsoft Update Catalog (search by KB number). Before manual installation, the latest Servicing Stack Update (SSU) must be installed. Details can be found in the respective KB article.
- Windows 10 Version 1607: Update KB5028169 is now only available for Enterprise LTSC and Windows Server 2016. The update upgrades the OS build to 14393.6085 and addresses security and other issues.
- Windows 10 Version 1507: Update KB5028186 is available for the RTM version (LTSC). The update raises the OS build to 10240.200348 and fixes vulnerabilities and bugs.
There was no update for the remaining Windows 10 versions, as these versions are no longer supported. Details about the above updates can be found in the respective Microsoft KB articles.
Similar articles:
Microsoft Security Update Summary (July 11, 2023)
Patchday: Windows 10-Updates (July 11, 2023)
Patchday: Windows 11/Server 2022-Updates (July 11, 2023)
Windows 7/Server 2008 R2; Server 2012 R2: Updates (July 11, 2023)
Advertising
uh-oh guenni
KB5028166 for Win10 21h2/22h2 appears to be causing a bunch of problems as recently reported by Neowin:
https://www.neowin.net/news/kb5028166-is-causing-system-issues-break-secure-channel-forces-synology-to-release-a-patch/
Thanks, need to check – had a power failure this morning within our street … desktop pc was running, but no light, no internet ….
PS: The blog post will be there in English on Friday – it's today available in German.