Patchday: Windows 11/Server 2022-Updates (August 13, 2024)

[German]On August 13, 2024 (second Tuesday of the month, patch day at Microsoft), Microsoft also released cumulative updates for Windows 11 23H2 to 21H2. Windows Server 2022 and Windows Server 23H2 also received updates. The updates should, for example, make the Bitlocker query caused by the July 2024 updates disappear. Here are some details about these updates, which are intended to fix vulnerabilities and problems.

Updates for Windows 11 23H2 – 21H2

A list of Windows 11 updates can be found on this Microsoft website. I have extracted the details below. Microsoft is now providing the following updates for the Windows 11 versions mentioned above.

Update KB5041585 for Windows 11 23H2-22H2

Cumulative Update KB55041585 raises the OS build for Windows 11 to 226×1.4037 and includes quality improvements and security patches. Here is the list of fixes:

• [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.
• [Lock screen] This update addresses CVE-2024-38143. Because of this, the "Use my Windows user account" check box is not available on the lock screen to connect to Wi-Fi.
• [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.
• [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.

Details on the improvements can be found in the support article. This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. The Windows 11 Servicing Stack Update is integrated in the patch. Any problems caused by the update are listed in the support article.

Update KB5041592 for Windows 11 21H2

Cumulative Update KB5041592 raises the OS build for Windows 11 to 22000.3147 and includes quality improvements and security fixes, but no new operating system features. It should be noted that support for the Home and Pro editions expired in October 2023 and only the Enterprise versions will be supplied with patches. Support for this Windows 11 version will end in October 2024. Here are the fixes:

• [Protected Process Light (PPL) protections] You can bypass them.
• [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
• [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.
• [Lock screen] This update addresses CVE-2024-38143. Because of this, the "Use my Windows user account" check box is not available on the lock screen to connect to Wi-Fi.
• [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.
• [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.

Microsoft would like to point out that this update makes quality improvements to the Servicing Stack (which is responsible for Microsoft updates). This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. Information on any known problems with the update can be found in the support article.

Windows Server 2022/23H2

For Windows Server, two different update versions are now available for Server 2022 and Server 23H2. The corrections made by these updates can be found in the respective support article.

• For Windows Server 2022, according to this Microsoft site, cumulative update KB5041160 has been released, which raises the OS build to 20348.2655.
• For Windows Server 23H2, according to this Microsoft site, cumulative update KB5041573 has been released, which raises the OS build to 25398.1085.

Microsoft points out that these updates make quality improvements to the Servicing Stack (which is responsible for Microsoft updates). The updates are automatically downloaded and installed by Windows Update, but are also available in the Microsoft Update Catalog and via WSUS and WUfB. Information on known problems with the update can be found in the support article.

Similar articles:
Office Updates from August 6, 2024
Microsoft Security Update Summary (August 13, 2024)
Patchday: Windows 10/Server Updates (August 13, 2024)
Patchday: Windows 11/Server 2022-Updates (August 13, 2024)
Windows Server 2012 / R2 and Windows 7 (August 13, 2024)
Microsoft Office Updates (August 13, 2024)