Microsoft releases Win11 August cumulative update: improving security, optimizing lock screen, etc.

News from this site on August 14. During today’s August Patch Tuesday event, Microsoft released cumulative updates for Windows 11 systems, including the KB5041585 update for 22H2 and 23H2, and the KB5041592 update for 21H2.

1. 21H2 equipment After installation, the version number has been increased to Build 22000.3147
2. 22H2 equipment, after installation, the version number has been increased to Build 22621.4037
3. 23H2 equipment After installation, the version number was raised to Build 22631.4037

The main contents of the KB5041585 update for Windows 11 21H2 are as follows:

Improvements:

• Improved the security of Windows systems.

[PPL Protection]

• Users can bypass related settings.

[Windows Kernel Vulnerable Driver Block List File (DriverSiPolicy.p7b)]

• Updated the driver list and added a list of files that are at risk of Bring Your Own Vulnerable Driver (BYOVD) attacks.

[BitLocker (Known Issue)]

• The BitLocker recovery screen is displayed when booting the device. This occurs after installing the July 9, 2024 update. This issue is more likely to occur if device encryption is turned on.

[Lockscreen]

• This update resolves CVE-2024-38143: The "Use my Windows user account" checkbox is not available when connected to Wi-Fi from the lock screen.

[NetJoinLegacyAccountReuse]

• This update removes this registry key.

[SBAT and EFI]

• This update applies Secure Boot Advanced Targeting (SBAT) to systems running Windows. This will prevent the vulnerable Linux EFI (Shim bootloader) from running.

This SBAT update is not applicable to Windows and Linux dual-boot systems. Older Linux ISO images may not boot after applying SBAT updates. If this happens, users need to contact the Linux vendor to obtain the latest ISO image.

Windows 11 22H2 and 23H2 update main content:

[BitLocker (Known Issues)]

• The BitLocker recovery screen is displayed when booting the device. This occurs after installing the July 9, 2024 update. This issue is more likely to occur if device encryption is turned on.

[Lockscreen]

• This update resolves CVE-2024-38143: The "Use my Windows user account" checkbox is not available when connected to Wi-Fi from the lock screen.

[NetJoinLegacyAccountReuse]

• This update removes this registry key.

[SBAT and EFI]

• This update applies Secure Boot Advanced Targeting (SBAT) to systems running Windows. This will prevent the vulnerable Linux EFI (Shim bootloader) from running.

This SBAT update is not applicable to Windows and Linux dual-boot systems. Older Linux ISO images may not boot after applying SBAT updates. If this happens, users need to contact the Linux vendor to obtain the latest ISO image.

The above is the detailed content of Microsoft releases Win11 August cumulative update: improving security, optimizing lock screen, etc.. For more information, please follow other related articles on the PHP Chinese website!