Oops! No results for your search.
workaround
Dec 11, 2024
KB5048661
2024-12 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5048661)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Dec 11, 2024
KB5048654
2024-12 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5048654)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Nov 14, 2024
KB5046615
2024-11 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5046615) (CVE-2024-43451) (CVE-2024-49039) (CVE-2024-49019)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Nove 14, 2024
KB5046616
2024-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5046616) (CVE-2024-43451) (CVE-2024-49039) (CVE-2024-49019)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Nov 14, 2024
KB5046639
2024-11 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5046639) (ESU) (CVE-2024-43451) (CVE-2024-49019)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Nov 13, 2024
KB5046661
2024-11 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5046661) (ESU) (CVE-2024-43451) (CVE-2024-49019)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Nov 13, 2024
KB5046633
2024-11 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5046633) (CVE-2024-43451) (CVE-2024-49039)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl. Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Nov 13, 2024
KB5046617
2024-11 Cumulative Update for Microsoft server operating system version 24H2 for x64-based Systems (KB5046617) (CVE-2024-43451) (CVE-2024-49039) (CVE-2024-49019)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows."
Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Nov 4, 2024
KB5045594
2024-10 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5045594)
"After installing this update or later, you might observe that apps such as Quick Assist, Microsoft Teams, Windows Narrator, etc. might fail to start if you are a non-admin user. You might experience this issue on any app that sets UIAccess=true while trying to run the app as a non-admin user. The uiAccess=true attribute in an applications manifest file is used to request that the application be granted higher privileges. Apps using this attribute launch from a secur"
This issue is mitigated using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices and business devices that are not managed by IT departments. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices managed by IT departments that have installed the affected update and encountered this issue, IT administrators can resolve it by applying the KIR mentioned in the resolution section of Windows release health dashboard for this issue.
workaround
Nov 4, 2024
KB5045594
2024-10 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5045594)
"After installing this update, or subsequent updates, you might experience an extended black screen that stays between 10 to 30 mins when you login to Azure Virtual Desktop (AVD). Additional symptoms you might experience include: Failures related to single sign-on (SSO) experience on Office applications such as Outlook and Teams, which could prevent you from connecting to backend services or synchronizing data. Office apps display losing network connectivity even tho"
We are investigating the issue and provide an update where more information is available.
workaround
Nov 4, 2024
KB5044384
2024-10 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5044384)
"After installing this update, users will encounter an issue where the number of Apps, Background Processes, and Windows Processes in Task Manager display a count of zero, despite having active applications running. This issue appears specifically on the Processes page when the "Group by Type" view is enabled. Normally, Task Manager displays the count of processes next to each group name (e.g., Apps, Background processes), providing users with a quick view of active "
We are working on a resolution and will provide more information when it is available.
workaround
Nov 4, 2024
KB5044384
2024-10 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5044384)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows."
Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Nov 4, 2024
KB5043131
2024-09 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5043131)
"After installing this update, you might experience a black screen when you login to Azure Virtual Desktop (AVD). You might also notice that you are unable to log out of your account and the black screen persists even after disconnecting and reconnecting to AVD. Resulting from this issue, the application event log in Event viewer will show an application error with Event ID:1000 indicating a fault with the application ‘svchost.exe_AppXSvc’. Please note that AppX Depl"
This issue is addressed in KB5045594.
workaround
Nov 4, 2024
KB5043131
2024-09 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5043131)
"After installing this update or later, you might observe that apps such as Quick Assist, Microsoft Teams, Windows Narrator, etc. might fail to start if you are a non-admin user. You might experience this issue on any app that sets UIAccess=true while trying to run the app as a non-admin user. The uiAccess=true attribute in an applications manifest file is used to request that the application be granted higher privileges. Apps using this attribute launch from a secur"
This issue is mitigated using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices and business devices that are not managed by IT departments. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices managed by IT departments that have installed the affected update and encountered this issue, IT administrators can resolve it by applying the KIR mentioned in the resolution section of Windows release health dashboard for this issue.
workaround
Nov 4, 2024
KB5043131
2024-09 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5043131)
"After installing this update, or subsequent updates, you might experience an extended black screen that stays between 10 to 30 mins when you login to Azure Virtual Desktop (AVD). Additional symptoms you might experience include: Failures related to single sign-on (SSO) experience on Office applications such as Outlook and Teams, which could prevent you from connecting to backend services or synchronizing data. Office apps display losing network connectivity even tho"
We are investigating the issue and provide an update where more information is available.
workaround
Nov 4, 2024
KB5043064
2024-09 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5043064) (CVE-2024-38217) (CVE-2024-38014)
"After installing this update, you might experience a black screen when you login to Azure Virtual Desktop (AVD). You might also notice that you are unable to log out of your account and the black screen persists even after disconnecting and reconnecting to AVD. Resulting from this issue, the application event log in Event viewer will show an application error with Event ID:1000 indicating a fault with the application ‘svchost.exe_AppXSvc’. Please note that AppX Depl"
This issue is addressed in KB5045594.
workaround
Nov 4, 2024
KB5043064
2024-09 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5043064) (CVE-2024-38217) (CVE-2024-38014)
"After installing this update, or subsequent updates, you might experience an extended black screen that stays between 10 to 30 mins when you login to Azure Virtual Desktop (AVD). Additional symptoms you might experience include: Failures related to single sign-on (SSO) experience on Office applications such as Outlook and Teams, which could prevent you from connecting to backend services or synchronizing data. Office apps display losing network connectivity even tho"
We are investigating the issue and provide an update where more information is available.
workaround
Nov 4, 2024
KB5041580
2024-08 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5041580) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this update, you might experience a black screen when you login to Azure Virtual Desktop (AVD). You might also notice that you are unable to log out of your account and the black screen persists even after disconnecting and reconnecting to AVD. Resulting from this issue, the application event log in Event viewer will show an application error with Event ID:1000 indicating a fault with the application ‘svchost.exe_AppXSvc’. Please note that AppX Depl"
This issue is addressed in KB5045594.
workaround
Nov 4, 2024
KB5041580
2024-08 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5041580) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this update, or subsequent updates, you might experience an extended black screen that stays between 10 to 30 mins when you login to Azure Virtual Desktop (AVD). Additional symptoms you might experience include: Failures related to single sign-on (SSO) experience on Office applications such as Outlook and Teams, which could prevent you from connecting to backend services or synchronizing data. Office apps display losing network connectivity even tho"
We are investigating the issue and provide an update where more information is available.
workaround
Oct 9, 2024
KB5044306
2024-10 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5044306) (ESU) (CVE-2024-43572) (CVE-2024-43583)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Oct 9, 2024
KB5044320
2024-10 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5044320) (ESU) (CVE-2024-43572) (CVE-2024-43583)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Oct 9, 2024
KB5044284
2024-10 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5044284) (CVE-2024-43573) (CVE-2024-43572) (CVE-2024-6197) (CVE-2024-20659) (CVE-2024-43583)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows."
Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Oct 9, 2024
KB5044281
2024-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5044281) (CVE-2024-43573) (CVE-2024-43572) (CVE-2024-6197) (CVE-2024-20659) (CVE-2024-43583)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
Please refer to the workaround mentioned in Windows release health site for this issue.
workaround
Oct 9, 2024
KB5043080
2024-09 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5043080)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows."
Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Oct 9, 2024
KB5041592
2024-08 Cumulative Update for Windows 11 for ARM64-based Systems (KB5041592) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Ve... The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can se"
The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 30, 2024
KB5037933
KB5038283, 2024-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 for x64 (KB5037933)
"Microsoft received reports about .NET Framework May cumulative update causing customers to observe runtime exceptions in certain SQL CLR hosted scenarios. These exceptions will manifest with the error message"
Microsoft has resolved this issue with update KB5043743.
workaround
Sept 30, 2024
KB5037929
KB5038282, 2024-05 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5037929)
"Microsoft received reports about .NET Framework May cumulative update causing customers to observe runtime exceptions in certain SQL CLR hosted scenarios. These exceptions will manifest with the error message"
Microsoft has resolved this issue with update KB5043743.
workaround
Sept 30, 2024
KB5037930
KB5038282, 2024-05 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5037930)
"Microsoft received reports about .NET Framework May cumulative update causing customers to observe runtime exceptions in certain SQL CLR hosted scenarios. These exceptions will manifest with the error message"
Microsoft has resolved this issue with update KB5043743.
workaround
Sept 30, 2024
KB5043145
2024-09 Cumulative Update Preview for Windows 11 Version 22H2 for x64-based Systems (KB5043145)
"After installing this update, some customers have reported that their device restarts multiple times or becomes unresponsive with blue or green screens. According to the reports, some devices automatically open the Automatic Repair tool after repeated restart attempts. In some cases, BitLocker recovery can also be triggered."
This issue is addressed in KB5044285.
workaround
Sept 30, 2024
KB5043131
2024-09 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5043131)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on your device, please contact Windows support for help
workaround
Sept 30, 2024
KB5040431
2024-07 Cumulative Update for Windows 11 for ARM64-based Systems (KB5040431) (CVE-2024-38080) (CVE-2024-38112)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive"
This issue is addressed in KB5041592.
workaround
Sept 30, 2024
KB5039302
2024-06 Cumulative Update Preview for Windows 11 Version 22H2 for arm64-based Systems (KB5039302)
"After installing this update or later updates, you might face issues while upgrading from Windows Pro to a valid Windows Enterprise subscription. Resulting from this operation, you might observe the following symptoms: - OS upgrade operations may fail, and this might be shown in the LicenseAcquisition scheduled task in Task Scheduler -> Task Scheduler Library -> Microsoft -> Windows -> Subscription as ‘Access denied error (error code 0x80070005)’ under ‘Last Run Res"
This issue is addressed in KB5040527.
workaround
Sept 30, 2024
KB5039227
2024-06 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5039227) (CVE-2023-50868) (CVE-2024-38213)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 30, 2024
KB5037853
2024-05 Cumulative Update Preview for Windows 11 Version 22H2 for arm64-based Systems (KB5037853)
"After installing this update or later updates, you might face issues while upgrading from Windows Pro to a valid Windows Enterprise subscription. Resulting from this operation, you might observe the following symptoms: - OS upgrade operations may fail, and this might be shown in the LicenseAcquisition scheduled task in Task Scheduler -> Task Scheduler Library -> Microsoft -> Windows -> Subscription as ‘Access denied error (error code 0x80070005)’ under ‘Last Run Res"
This issue is addressed in KB5040527.
workaround
Sept 30, 2024
KB5037853
2024-05 Cumulative Update Preview for Windows 11 Version 22H2 for arm64-based Systems (KB5037853)
"After installing this update, you might face issues using the taskbar. You might notice the taskbar temporarily glitching, not responding, disappearing, and reappearing automatically. Additionally, this issue might be reflected in the Event Viewer with Application Error ‘Event ID 1000’ under Windows Logs, listing Explorer.EXE as the Faulting application name and Taskbar.View.dll as the Faulting module name."
This issue is addressed in KB5039212.
workaround
Sept 30, 2024
KB5037853
2024-05 Cumulative Update Preview for Windows 11 Version 22H2 for arm64-based Systems (KB5037853)
"After installing this update, you might face issues during the install process. This issue is mainly observed on Windows virtual machine (Parallels Desktop) running on Arm based Mac devices. After installing this update, you might encounter an error during the system restart and the device might roll back to the previous update installed. Resulting from this error, you might see this message in the Windows update settings: 2024-05 Cumulative Update for Windows 11 Ve"
This issue is addressed in KB5039212.
workaround
Sept 30, 2024
KB5037849
2024-05 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5037849)
"After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Instead, these Windows devices will download updates and apps from the public internet. IT administrators also see increased download traffic on their internet routes. Those of you who use the Home edition of Windows are not likely to experience this i"
This issue is addressed in KB5040525.
workaround
Sept 30, 2024
KB5037849
2024-05 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5037849)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 30, 2024
KB5037849
2024-05 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5037849)
"Certain apps might display an "Open With" dialog box asking, "How do you want to open this file?". You might experience this issue when you place your mouse on an app icon shown in your Taskbar or Start menu and right-click on the app to execute a task in that app. Resulting from this, you might see the “Open With” dialog box instead of the execution of the selected task. This issue was reported by Teams, new Outlook for Windows, and Snip & Sketch users. This issue "
This issue is addressed in KB5039299.
workaround
Sept 30, 2024
KB5037849
2024-05 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5037849)
"Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview)."
We are gradually rolling out a new Copilot experience for devices with KB5039299or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.
workaround
Sept 30, 2024
KB5037849
2024-05 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5037849)
"Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen."
We are gradually rolling out a new Copilot experience for devices with KB5039299 or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.
workaround
Sept 30, 2024
KB5037771
2024-05 Cumulative Update for Windows 11 Version 23H2 for arm64-based Systems (KB5037771) (CVE-2024-30040) (CVE-2024-30051)
"After installing this update or later updates, you might face issues while upgrading from Windows Pro to a valid Windows Enterprise subscription. Resulting from this operation, you might observe the following symptoms: - OS upgrade operations may fail, and this might be shown in the LicenseAcquisition scheduled task in Task Scheduler -> Task Scheduler Library -> Microsoft -> Windows -> Subscription as ‘Access denied error (error code 0x80070005)’ under ‘Last Run Res"
This issue is addressed in KB5040527.
workaround
Sept 30, 2024
KB5037768
2024-05 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5037768) (CVE-2024-30040) (CVE-2024-30051)
"After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Instead, these Windows devices will download updates and apps from the public internet. IT administrators also see increased download traffic on their internet routes. Those of you who use the Home edition of Windows are not likely to experience this i"
This issue is addressed in KB5040525.
workaround
Sept 30, 2024
KB5037768
2024-05 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5037768) (CVE-2024-30040) (CVE-2024-30051)
"Certain apps might display an "Open With" dialog box asking, "How do you want to open this file?". You might experience this issue when you place your mouse on an app icon shown in your Taskbar or Start menu and right-click on the app to execute a task in that app. Resulting from this, you might see the “Open With” dialog box instead of the execution of the selected task. This issue was reported by Teams, new Outlook for Windows, and Snip & Sketch users. This issue "
This issue is addressed in KB5039299.
workaround
Sept 30, 2024
KB5037768
2024-05 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5037768)
"Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview)."
We are gradually rolling out a new Copilot experience for devices with KB5039299or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.
workaround
Sept 30, 2024
KB5037768
2024-05 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5037768)
"Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen."
We are gradually rolling out a new Copilot experience for devices with KB5039299 or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.
workaround
Sept 30, 2024
KB5037926
2024-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5037926)
"Microsoft received reports about .NET Framework May cumulative update causing customers to observe runtime exceptions in certain SQL CLR hosted scenarios. These exceptions will manifest with the error message"
Microsoft has resolved this issue with update KB5043803.
workaround
Sept 23, 2024
KB5043087
2024-09 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5043087) (ESU) (CVE-2024-38217) (CVE-2024-38014)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Sept 23, 2024
KB5043138
2024-09 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5043138) (ESU) (CVE-2024-38217) (CVE-2024-38014)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need "
This issue is fixed in update KB5044343.
workaround
Sept 23, 2024
KB5043125
2024-09 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5043125) (ESU) (CVE-2024-38217) (CVE-2024-38014)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need "
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5042881
2024-09 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5042881) (CVE-2024-38217) (CVE-2024-38014)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need "
This issue is addressed in KB5044281.
workaround
Sept 23, 2024
KB5042881
2024-09 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5042881) (CVE-2024-38217) (CVE-2024-38014)
"After installing this update, container networking on Kubernetes might not operate as expected, preventing containers from reaching external networks or communicating between pods. It potentially impacts users setting up container networking on dev or production instances using Calico on Server 2022. Affected containers will not connect to the internet, and traffic will be blocked in host devices’ Firewall. Users may observe errors such as ‘General failure’ when pin"
This issue is addressed in KB5044281.
workaround
Sept 23, 2024
KB5041828
2024-08 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5041828) (ESU) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38107) (CVE-2024-38199)
"After installing this security update, you might face issues with starting Linux if you have enabled the dual-boot setup for Windows and Linux on your device. Resulting from this issue, your device might fail to start Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” This August 2024 Windows security update applies a Secure Boot Advance"
The Windows update (KB5043138) released in September 2024 does not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later update, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later update.
workaround
Sept 23, 2024
KB5041851
2024-08 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5041851) (ESU) (CVE-2024-38193) (CVE-2024-38107) (CVE-2024-38199)
"After installing this security update, you might face issues with starting Linux if you have enabled the dual-boot setup for Windows and Linux on your device. Resulting from this issue, your device might fail to start Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” This August 2024 Windows security update applies a Secure Boot Advance"
The Windows update (KB5043125) released in September 2024 does not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later update, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later update.
workaround
Sept 23, 2024
KB5041587
2024-08 Cumulative Update Preview for Windows 11 Version 23H2 for arm64-based Systems (KB5041587)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041582
2024-08 Cumulative Update Preview for Windows 10 Version 22H2 for x86-based Systems (KB5041582)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5041582
2024-08 Cumulative Update Preview for Windows 10 Version 22H2 for x86-based Systems (KB5041582)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041578
2024-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5041578) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need to reconnect to the server. IT administrators can track this as a termination of the TSGateway service which becomes unresponsive with exception code 0xc0000005."
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5041578
2024-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5041578) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this security update, you might observe that some Windows Server 2019 devices experience system slowdowns, unresponsiveness, and high CPU usage particularly with Cryptographic Services. A limited number of organizations reported that the issue was observed when the device was running an Antivirus software which performs scans against the ‘%systemroot%system32catroot2’ folder for Windows updates, due to an error with catalog enumeration. Our investig"
This issue is addressed in KB5043050.
workaround
Sept 23, 2024
KB5041578
2024-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5041578) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5043050) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041773
2024-08 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5041773) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5043051) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041585
2024-08 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5041585) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5043076) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041592
2024-08 Cumulative Update for Windows 11 for ARM64-based Systems (KB5041592) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5043067) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041580
2024-08 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5041580) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5043064) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041782
2024-08 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5041782) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5043083) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041160
2024-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5041160) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced T"
The September 2024 Windows security update (KB5042881) and later updates do not contain the settings that caused this issue. On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
workaround
Sept 23, 2024
KB5041160
2024-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5041160) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this update, container networking on Kubernetes might not operate as expected, preventing containers from reaching external networks or communicating between pods. It potentially impacts users setting up container networking on dev or production instances using Calico on Server 2022. Affected containers will not connect to the internet, and traffic will be blocked in host devices’ Firewall. Users may observe errors such as ‘General failure’ when pin"
This issue is addressed in KB5044281.
workaround
Sept 23, 2024
KB5040497
2024-07 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5040497) (ESU)
"After installing this update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is resolved in update KB5041838.
workaround
Sept 23, 2024
KB5040499
2024-07 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5040499) (ESU) (CVE-2024-38112)
"After installing this update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is resolved in update KB5041850.
workaround
Sept 23, 2024
KB5040527
2024-07 Cumulative Update Preview for Windows 11 Version 23H2 for x64-based Systems (KB5040527)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041585.
workaround
Sept 23, 2024
KB5040525
2024-07 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5040525)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5040525
2024-07 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5040525)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041580.
workaround
Sept 23, 2024
KB5040442
2024-07 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5040442) (CVE-2024-38080) (CVE-2024-38112)
"After installing this update, you might face issues using Windows Update Agent API (WUA) from your script (PowerShell, VBScript, etc.) while searching for Windows updates. Due to this issue, you might get an empty result when querying the properties of IUpdate objects present in the IUpdateCollection and error code 0x8002802B (TYPE_E_ELEMENTNOTFOUND) when calling methods on the object from your script."
This issue is addressed in KB5040527.
workaround
Sept 23, 2024
KB5040442
2024-07 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5040442) (CVE-2024-38080) (CVE-2024-38112)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041585.
workaround
Sept 23, 2024
KB5040431
2024-07 Cumulative Update for Windows 11 for ARM64-based Systems (KB5040431) (CVE-2024-38080) (CVE-2024-38112)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041592.
workaround
Sept 23, 2024
KB5040427
2024-07 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5040427) (CVE-2024-38112)
"After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Instead, these Windows devices will download updates and apps from the public internet. IT administrators also see increased download traffic on their internet routes. Those of you who use the Home edition of Windows are not likely to experience this i"
This issue is addressed in KB5040525.
workaround
Sept 23, 2024
KB5040427
2024-07 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5040427) (CVE-2024-38112)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5040427
2024-07 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5040427) (CVE-2024-38112)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041580.
workaround
Sept 23, 2024
KB5040430
2024-07 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5040430) (CVE-2024-38112)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041578.
workaround
Sept 23, 2024
KB5040430
2024-07 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5040430) (CVE-2024-38112)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need "
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5040434
2024-07 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5040434) (CVE-2024-38112)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041773.
workaround
Sept 23, 2024
KB5040434
2024-07 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5040434) (CVE-2024-38112)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need "
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5040448
2024-07 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5040448) (CVE-2024-38112) (CVE-2024-21302)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041782.
workaround
Sept 23, 2024
KB5040437
2024-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5040437) (CVE-2024-38080) (CVE-2024-38112)
"Devices might experience problems with Microsoft 365 Defender. The Network Detection and Response (NDR) service might encounter issues, resulting in an interruption of network data reporting. IT administrators may confirm they’re affected by this issue with a notification that appears in the service health page, located in the Microsoft 365 admin center. The status of NDR can also be seen in the service health page."
This issue is addressed in KB5041160.
workaround
Sept 23, 2024
KB5040437
2024-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5040437) (CVE-2024-38080) (CVE-2024-38112)
"After installing the July 9, 2024, Windows security update, you might see a BitLocker recovery screen upon starting up your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security > Device encryption. Because of this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive."
This issue is addressed in KB5041160.
workaround
Sept 23, 2024
KB5040437
2024-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5040437) (CVE-2024-38080) (CVE-2024-38112)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need to reconnect to the server. IT administrators can track this as a termination of the TSGateway service which becomes unresponsive with exception code 0xc0000005."
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port \pipe\RpcProxy\3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0). In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5040437
2024-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5040437) (CVE-2024-38080) (CVE-2024-38112)
"After installing this update, container networking on Kubernetes might not operate as expected, preventing containers from reaching external networks or communicating between pods. It potentially impacts users setting up container networking on dev or production instances using Calico on Server 2022. Affected containers will not connect to the internet, and traffic will be blocked in host devices’ Firewall. Users may observe errors such as ‘General failure’ when pin"
This documentation contains information about how to modify the registry. Make sure that you back up the registry before you modify it and that you know how to restore the registry if a problem occurs. For more information, see How to back up and restore the registry in Windows. To mitigate the issue temporarily until a resolution is available, please follow the below steps: a. Add a registry value to disable the changes by running the following command: reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceshnsState /v FwPerfImprovementChange /t REG_DWORD /d 0 /f b. Restart the hns service by running the command: Restart-service hns We are working on a resolution that will be available in a future Windows update.
workaround
Sept 23, 2024
KB5039302
2024-06 Cumulative Update Preview for Windows 11 Version 22H2 for arm64-based Systems (KB5039302)
"After installing this update, you might face issues using Windows Update Agent API (WUA) from your script (PowerShell, VBScript, etc.) while searching for Windows updates. Due to this issue, you might get an empty result when querying the properties of IUpdate objects present in the IUpdateCollection and error code 0x8002802B (TYPE_E_ELEMENTNOTFOUND) when calling methods on the object from your script."
This issue is addressed in KB5040527.
workaround
Sept 23, 2024
KB5039302
2024-06 Cumulative Update Preview for Windows 11 Version 22H2 for arm64-based Systems (KB5039302)
"After installing this update, you are likely to face issues with the taskbar. This issue is only expected to occur if you are using a Windows N edition device or if you turn off the ‘Media Features’ via Control Panel->Programs-> Programs and Features -> Turn Windows features on or off. N editions of Windows include the same functionality as other editions of Windows, except for media-related technologies, Windows Media Player, and certain preinstalled media apps. Yo"
This issue is addressed in KB5040442.
workaround
Sept 23, 2024
KB5039302
2024-06 Cumulative Update Preview for Windows 11 Version 22H2 for arm64-based Systems (KB5039302)
"After installing this update, some devices might fail to start. Affected systems might restart repeatedly and require recovery operations in order to restore normal use. This issue is more likely to affect devices utilizing virtual machines tools and nested virtualization features, such as CloudPC, DevBox, Azure Virtual Desktop. As a result, this update might not be offered to Hyper-V virtual machines running on hosts that utilize certain processor types."
This issue is addressed in KB5040442 and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one. If you have not deployed the June 2024 Windows non-security update yet, we recommend you apply KB5040442 instead.
workaround
Sept 23, 2024
KB5039299
2024-06 Cumulative Update Preview for Windows 10 Version 22H2 for x86-based Systems (KB5039299)
"After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Instead, these Windows devices will download updates and apps from the public internet. IT administrators also see increased download traffic on their internet routes. Those of you who use the Home edition of Windows are not likely to experience this i"
This issue is addressed in KB5040525.
workaround
Sept 23, 2024
KB5039299
2024-06 Cumulative Update Preview for Windows 10 Version 22H2 for x86-based Systems (KB5039299)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5039217
2024-06 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5039217) (CVE-2023-50868) (CVE-2024-38213)
"After installing KB5039217, released June 11, 2024, you might observe a change in language for context menus and dialog buttons in Windows applications. Parts of the UI might display in English when English is not set as the Windows display language. In addition, font size might change for the names of tabs and buttons. For instance, you might see the language change when you right click on a Windows application such as Notepad or Explorer. You might observe that th"
This issue is addressed in KB5040430.
workaround
Sept 23, 2024
KB5039212
2024-06 Cumulative Update for Windows 11 Version 23H2 for arm64-based Systems (KB5039212) (CVE-2024-38213)
"After installing this update or later updates, you might face issues while upgrading from Windows Pro to a valid Windows Enterprise subscription. Resulting from this operation, you might observe the following symptoms: - OS upgrade operations may fail, and this might be shown in the LicenseAcquisition scheduled task in Task Scheduler -> Task Scheduler Library -> Microsoft -> Windows -> Subscription as ‘Access denied error (error code 0x80070005)’ under ‘Last Run Res"
This issue is addressed in KB5040527.
workaround
Sept 23, 2024
KB5039211
2024-06 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5039211) (CVE-2024-38213)
"After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Instead, these Windows devices will download updates and apps from the public internet. IT administrators also see increased download traffic on their internet routes. Those of you who use the Home edition of Windows are not likely to experience this i"
This issue is addressed in KB5040525.
workaround
Sept 23, 2024
KB5039211
2024-06 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5039211) (CVE-2024-38213)
"Certain apps might display an "Open With" dialog box asking, "How do you want to open this file?". You might experience this issue when you place your mouse on an app icon shown in your Taskbar or Start menu and right-click on the app to execute a task in that app. Resulting from this, you might see the “Open With” dialog box instead of the execution of the selected task. This issue was reported by Teams, new Outlook for Windows, and Snip & Sketch users. This issue "
This issue is addressed in KB5039299.
workaround
Sept 23, 2024
KB5039211
2024-06 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5039211)
"Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview)."
We are gradually rolling out a new Copilot experience for devices with KB5039299or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.
workaround
Sept 23, 2024
KB5039211
2024-06 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5039211)
"Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen."
We are gradually rolling out a new Copilot experience for devices with KB5039299 or later updates installed. This new experience will address this issue. KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.
workaround
Sept 23, 2024
KB5041054
2024-06 Cumulative Update for Microsoft server operating system, version 22H2 for x64-based Systems (KB5041054)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 23, 2024
KB5041054
2024-06 Cumulative Update for Microsoft server operating system, version 22H2 for x64-based Systems (KB5041054)
"Devices might experience problems with Microsoft 365 Defender. The Network Detection and Response (NDR) service might encounter issues, resulting in an interruption of network data reporting. IT administrators may confirm they’re affected by this issue with a notification that appears in the service health page, located in the Microsoft 365 admin center. The status of NDR can also be seen in the service health page."
This issue is addressed in KB5041160.
workaround
Sept 23, 2024
KB5039227
2024-06 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5039227) (CVE-2023-50868) (CVE-2024-38213)
"After installing this update, you might see an issue on cloud-based SQL servers where Azure Synapse SQL Serverless Pool databases go on “Recovery pending” state. This issue is more likely to affect environments utilizing Customer-Managed Key (CMK) and Azure Synapse dedicated SQL pool."
This issue is addressed in KB5041054.
workaround
Sept 23, 2024
KB5039227
2024-06 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5039227) (CVE-2023-50868) (CVE-2024-38213)
"Devices might experience problems with Microsoft 365 Defender. The Network Detection and Response (NDR) service might encounter issues, resulting in an interruption of network data reporting. IT administrators may confirm they’re affected by this issue with a notification that appears in the service health page, located in the Microsoft 365 admin center. The status of NDR can also be seen in the service health page."
This issue is addressed in KB5041160.
workaround
Sept 11, 2024
KB5043135
2024-09 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5043135) (ESU) (CVE-2024-38217) (CVE-2024-38014)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Sept 11, 2024
KB5043050
2024-09 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5043050) (CVE-2024-38217) (CVE-2024-38014)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied."
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 11, 2024
KB5043051
2024-09 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5043051) (CVE-2024-38217) (CVE-2024-38014)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied."
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Sept 11, 2024
KB5043076
2024-09 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5043076) (CVE-2024-38217) (CVE-2024-38014)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied."
Please refer to the workaround mentioned in Windows release health site for this issue.
workaround
Sept 11, 2024
KB5043067
2024-09 Cumulative Update for Windows 11 for ARM64-based Systems (KB5043067) (CVE-2024-38217) (CVE-2024-38014)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520."
After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on a Windows 11, version 21H2 device, please contact Windows support for help.
workaround
Sept 11, 2024
KB5043064
2024-09 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5043064) (CVE-2024-38217) (CVE-2024-38014)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on your device, please contact Windows support for help
workaround
Sept 11, 2024
KB5043064
2024-09 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5043064) (CVE-2024-38217) (CVE-2024-38014)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied."
Please refer to the workaround mentioned in Windows release health site for this issue.
workaround
Sept 11, 2024
KB5043083
2024-09 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5043083) (CVE-2024-43491) (CVE-2024-38217) (CVE-2024-38014)
"After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied."
Please refer to the workaround mentioned in Windows release health site for this issue.
workaround
Sept 11, 2024
KB5042881
2024-09 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5042881) (CVE-2024-38217) (CVE-2024-38014)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on your device, please contact Windows support for help.
workaround
Aug 14, 2024
KB5041847
2024-08 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5041847) (ESU) (CVE-2024-38193) (CVE-2024-38199)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Aug 14, 2024
KB5041828
2024-08 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5041828) (ESU) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38107) (CVE-2024-38199)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need "
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Aug 14, 2024
KB5041851
2024-08 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5041851) (ESU) (CVE-2024-38193) (CVE-2024-38107) (CVE-2024-38199)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need "
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Aug 14, 2024
KB5041850
2024-08 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5041850) (ESU) (CVE-2024-38193) (CVE-2024-38199)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Aug 14, 2024
KB5041773
2024-08 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5041773) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need to reconnect to the server. IT administrators can track this as a termination of the TSGateway service which becomes unresponsive with exception code 0xc0000005."
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). Next step: We are working on a resolution and will provide an update in an upcoming release.
workaround
Aug 14, 2024
KB5041592
2024-08 Cumulative Update for Windows 11 for ARM64-based Systems (KB5041592) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520."
After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on a Windows 11, version 21H2 device, please contact Windows support for help.
workaround
Aug 14, 2024
KB5041580
2024-08 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5041580) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
After further investigation, we concluded this issue has very limited or no impact for this Windows version. If you encounter this issue on your device, please contact Windows support for help
workaround
Aug 14, 2024
KB5041160
2024-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5041160) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing this update, you might be unable to change your user account profile picture. When attempting to change a profile picture by selecting the button Start> Settings > Account > Your info and, under Create your picture, clicking on Browse for one, you might receive an error message with error code 0x80070520."
We are working on a resolution and will provide an update in an upcoming release.
workaround
Aug 14, 2024
KB5041160
2024-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5041160) (CVE-2024-38178) (CVE-2024-38193) (CVE-2024-38106) (CVE-2024-38107) (CVE-2024-38199) (CVE-2024-21302)
"After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization. This issue might occur if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted. This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need to reconnect to the server. IT administrators can track this as a termination of the TSGateway service which becomes unresponsive with exception code 0xc0000005."
To work around this issue, use one of the following options: Option 1: Disallow connections over pipe, and port pipeRpcProxy3388 through the RD Gateway. This process will require the use of connection applications, such as firewall software. Consult the documentation for your connection and firewall software for guidance on disallowing and porting connections. Option 2: Edit the registry of client devices and set the value of RDGClientTransport to 0x00000000 (0) In Windows Registry Editor, navigate to the following registry location: HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client Find RDGClientTransport and set its value to 0 (zero). This changes the value of RDGClientTransport to 0x00000000 (0). We are working on a resolution and will provide an update in an upcoming release.
Disclaimer:This webpage is intended to provide you information about patch announcement for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors websites. You can get more information by clicking the links to visit the relevant pages on the vendors website.