Patchday: Windows 10/Server Updates (August 13, 2024)

Posted on 2024-08-14 by guenni

Windows[German]On August 13, 2024 (second Tuesday of the month, patch day at Microsoft), various cumulative updates were released for the supported Windows 10 builds (from the RTM version to the current version) as well as for the Windows Server counterparts. Here are some details on the respective security updates for Windows 10 and the server counterparts.

Advertising

A list of the updates can be found on this Microsoft website. I have extracted the details below. Since March 2021, Microsoft has been integrating the Servicing Stack Updates (SSUs) for newer Windows 10 builds into the cumulative update.

Updates für Windows 10 Version 21H1-22H2

Für die oben Windows 10 Versionen Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021 und Windows 10 Version 22H2 stellt Microsoft nur ein Update-Paket, welches nachfolgend genannt wird, bereit.

Update KB5041580 for Windows 10 Version 21H1 – 22H2

Cumulative Update KB5041580 raises the OS build for all Windows 10 variants to 1904x.4780. The update only contains security fixes, but no new operating system functions. For the cumulative update, the Bitlocker problem is addressed (see Windows 10/11 updates (e.g. KB5040442) trigger Bitlocker queries (July 2024)). Here are the fixes:

  • [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.
  • [Lock screen] This update addresses CVE-2024-38143. Because of this, the "Use my windows user account" check box is not available on the lock screen to connect to Wi-Fi.
  • [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.
  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.

Microsoft also points out that this update makes quality improvements to the Servicing Stack (responsible for Microsoft updates). This update is automatically downloaded and installed by Windows Update, but is also available in the und per WSUS sowie WUfB erhältlich. Beachtet die im Support- and via WSUS and WUfB. Please note the information on installation and known problems described in the support article.

Updates for Windows 10/Server 2019

The following updates are available for Windows 10 Enterprise 2019 LTSC and Windows Server 2019.

Update KB5041578 for Windows 10 Enterprise 2019 LTSC /Windows Server 2019

Cumulative Update KB5041578 (is sorted under Windows 10 v1809, but refers to the 2019 versions and) and includes quality improvements but no new operating system features. This update is only available for Windows 10 2019 Enterprise LTSC and IoT Enterprise LTSC (the remaining versions will no longer receive security updates on May 11, 2021) and Windows Server 2019. Microsoft lists a number of fixes.

Advertising
  • [Protected Process Light (PPL) protections] You can bypass them.
  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
  • [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.
  • [Lock screen] This update addresses CVE-2024-38143. Because of this, the "Use my windows user account" check box is not available on the lock screen to connect to Wi-Fi.
  • [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.
  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.
  • [Domain Name System (DNS)] This update hardens DNS server security to address CVE-2024-37968. If the configurations of your domains are not up to date, you might get the SERVFAIL error or time out.
  • [Line Printer Daemon (LPD) protocol] Using this deprecated protocol to print might not work as you expect or fail. This issue occurs after you install the July 9, 2024, and later updates.
  • Note When it is no longer available, clients, like UNIX, that use it will not connect to a server to print. UNIX clients should use the Internet Printing Protocol (IPP). Windows clients can connect to shared UNIX printers using the Windows Standard Port Monitor.

The update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog, via WSUS and WUfB. Microsoft has also updated the Service Stack Update (SSU). Please note the installation sequence described in the support article and, if applicable, the notes on further requirements and any existing problems.

Updates for Windows 10 version 1507 to 1607

Updates for the Enterprise LTSC versions are available for Windows 10 RTM up to version 1607. These updates are automatically downloaded and installed by Windows Update, but are available for download in the Microsoft Update Catalog (search for the KB number). The latest Servicing Stack Update (SSU) must be installed before manual installation. Details can be found in the respective KB article.

  • Windows 10 Version 1607: Update KB5041773 is only available for Enterprise LTSC and Windows Server 2016. The update addresses security issues.
  • Windows 10 Version 1507: Update KB504178 is available for the RTM version (LTSC). The update fixes vulnerabilities and any bugs.

There was no update for the remaining Windows 10 versions, as these versions have fallen out of support. If in doubt, details on the above updates can be found in the respective Microsoft KB articles.

Similar articles:
Office Updates from August 6, 2024
Microsoft Security Update Summary (August 13, 2024)
Patchday: Windows 10/Server Updates (August 13, 2024)
Patchday: Windows 11/Server 2022-Updates (August 13, 2024)
Windows Server 2012 / R2 and Windows 7 (August 13, 2024)
Microsoft Office Updates (August 13, 2024)

Advertising
This entry was posted in Security, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).