Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities

August patch Tuesday comes with 2 Zero-Day vulnerabilities. Microsoft released Windows 10 KB5016616 & Windows 11 KB5016629 on August 2022 Patch Tuesday. Let’s check the details of the August 2022 Patch Tuesday.

Last month’s updates were pretty good quality, and I didn’t hear big issues with a huge impact. Of course, there were some minor issues, such as Start Menu might not open and XPS documents with non-English language characters might not open.

August months updates come with long-lasting Windows Autopilot hardware refresh related improvements. Also, there are a lot of fixes, such as – the troubleshooting page, not opening, available in the August month’s cumulative update. More details are available below sections.

Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. If they do not comply, Active Directory domain controllers will not authenticate them.

Patch My PC

More Details Print and Scan Failures after Aug 9th Patch Updates On Domain Controllers. Another known issue with the July update Duplicate Copies of USB Printers Installed Printing Issues.

2 Zero-Day Vulnerabilities – Details

As per Microsoft, there are 2 zero-day vulnerabilities. CVE-2022-34713 and CVE-2022-30134 (An attacker who successfully exploited the vulnerability could read targeted email messages) are the two zero-day vulnerabilities

  • CVE-2022-34713 (Actively Exploited) – In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • CVE-2022-34713 (Actively Exploited) – In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.
  • CVE-2022-30134 – This vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically through an enticement in an email or chat message.

I have shared the list of Aug 2022 CVE Vulnerability Details with Exploitation More Likely in the below section of this post. Microsoft has not released any fix for this vulnerability yet. Watch this space for more updates on this.

Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 2
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 1

Improvements and Fixes with August CU KB5016616 and KB5016629

The following is the list of fixes and enhancements documented only for Windows 11 operating systems with August 2022 Cumulative Update KB5016616 and KB5016629.

Adaptiva

The August 2022 cumulative update Provides the ability for you to consent to receive important notifications when focus assist is on. This is very good, and it improves the end-user experience! This update has added Windows functionality that improves the OS upgrade experience.

Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 2
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 2

The August 2022 cumulative update allows eligible devices to update to a newer Windows 11 version during the out-of-box experience (OOBE) when you first sign in. If you choose to update to a more recent version, the update process will begin shortly after the update is installed on the device.

  • This update helps to restore functionality for Windows Autopilot deployment scenarios that are affected by the security mitigation for hardware reuse.
  • This update removes the one-time use restriction for self-deploying mode (SDM) and pre-provisioning (PP).
  • This update also re-enables any User Principal Name (UPN) display in user-driven mode (UDM) deployments for approved manufacturers.

The August 2022 Cumulative Update improves the reliability of a push-button reset after an OS upgrade. This Deploys search highlights on a device that has installed the June 2022 CU Preview or July 2022 monthly quality update.

Fixes with August 2022 Cumulative Update KB5016616 and KB5016629

Most of the items in this list apply to Windows 10 (KB5016616 ) and Windows 11 (KB5016629) because Windows 11 uses the same code base as Windows 10. Some fixes only apply to Windows 11 because new features are only available for Windows 11.

August months cumulative updates fixes a couple of issues with explorer.exe and Taskbar. Also comes with some fixes related to IOPS and Windows profile related fixes such as “gpsvc service failed to sign in. Access denied.”

This months patch addresses two issues with File Explorer and slowness in index rebuilding. The first issue that causes File Explorer to stop working when you use the play and pause keyboard buttons on certain devices.

The second issue that causes File Explorer to stop working when you use the Start menu’s context menu (Win+X) and an external monitor is connected to your device is also fixed with Aug 2022 CU.

Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 3
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 3

The Search box alignment issue is fixed with August 2022 Cumulative Updates. This affects the height of the Search box when you use multiple monitors that have different resolutions.

Another search icon issue is resolved with Aug patches. The blank window is displayed and you cannot close that window when you hover over the search icon on the taskbar.

There was an issue with opening the troubleshooting page in Windows 10 and this month’s patch addresses that issue. This issue prevents certain troubleshooting tools from opening.

  • The August 2022 update fixes an issue that might cause consecutive video clip playback to fail in games that use DX12.
  • The August 2022 CU fixes an issue that affects certain games that use the XAudio API to play sound effects.
  • Fixes the issue that causes certificate-based machine account authentication to fail in some circumstances after you install the May 10, 2022 security updates on domain controllers.
  • Fixes an issue that causes port mapping conflicts for containers.
  • Fixes an issue that causes Code Integrity to continue trusting a file after the file has been modified.
  • Fixes an issue that might cause Windows to stop working when you enable Windows Defender Application Control with the Intelligent Security Graph feature turned on.

Known Issues from July 2022 Cumulative Update and Status

Let’s check the current status of known issues after the last patch update on July 2022 CU. There are only two issues that are pending/outstanding as you can see below.

  • XPS documents with non-English language characters might not open
  • Performance might be affected when authenticated network operations take place
Known IssueStatusOriginating KBOriginating BuildOriginating DateResolving KBResolved DateLast Updated
XPS documents with non-English language characters might not open ConfirmedKB501466822000.778 June 24 2022 N/A N/A August 9 2022
Performance might be affected when authenticated network operation take place Confirmed KB501469722000.739 June 14 2022 N/A N/A August 5 2022
Start menu might not open ResolvedKB501466822000.778 June 24 2022 N/A July 23 2022 July 23 2022
PowerShell Desired State Configuration resources might fail to apply successfully ResolvedKB501469722000.739 June 14 2022 KB5015814 July 12 2022 July 20 2022
Some .NET Framework 3.5 apps might have issues ResolvedKB501264322000.652 April 26 2022 N/A July 20 2022 July 20 2022
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities – Table 1

Deploy Windows 10 KB5016616 August Cumulative Updates using SCCM and WSUS

Let’s check how to Deploy Windows 10 KB5016616 and Windows 11 KB5016629 August Cumulative Updates using SCCM/WSUS. You can deploy Windows 10/11 August 2022 CU KBs using Intune or SCCM.

You can create a monthly patch package for August 2022 using the following methods. You can also search with Windows 11 LCU for August 2022 KB. The easiest way is to check from the SCCM admin console.

NOTE! – You can verify the Windows 10 versions (OS Builds 19042.1889, 19043.1889, and 19044.1889) and Windows 11 version 22000.856 after installing August 2022 Latest Cumulative Updates.

  • Navigate to \Software Library\Overview\Software Updates\All Software Updates.
  • You will need to initiate a WSUS Sync from the All Software Updates node (Right-click on the node and initiate the sync).
  • Search with the following KB5016616 and KB5016629 Numbers.
  • Or you can search with 22-07 Cumulative Update for Windows 10 and Windows 11, as shown in the below screenshot.
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 4
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 4

The following table gives details of all the KB articles released on 09th August 2022.

2022-08 Security Update for Windows 10 Version 1607 for x86-based Systems (KB5012170)
2022-08 Servicing Stack Update for Windows 10 Version 1607 for x64-based Systems (KB5017095)
2022-08 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5016616)
2022-08 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5016616)
2022-08 Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5016616)
2022-08 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5015733)
2022-08 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 for ARM64 (KB5015730)
2022-08 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 20H2 (KB5015730)
2022-08 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 (KB5015730)
2022-08 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 for ARM64 (KB5015732)
2022-08 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 for x64 (KB5015730)
2022-08 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for ARM64 (KB5016737)
2022-08 Security Update for Windows 10 Version 20H2 for x86-based Systems (KB5012170)
2022-08 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 for x64 (KB5015732)
2022-08 Security Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5012170)
2022-08 Security Update for Windows 10 Version 20H2 for x64-based Systems (KB5012170)
2022-08 Security Update for Windows 10 Version 20H2 for ARM64-based Systems (KB5012170)
2022-08 Security Update for Windows Server
2022-08 Security Update for Windows Server
2022-08 Security Update for Windows 10 Version 21H1 for ARM64-based Systems (KB5012170)
2022-08 Security Update for Windows 10 Version 21H2 for x86-based Systems (KB5012170)
2022-08 Security Update for Windows 11 for x64-based Systems (KB5012170)
2022-08 Cumulative Update for Windows 11 for x64-based Systems (KB5016629)
2022-08 Security Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5012170)
2022-08 Security Update for Windows 10 Version 21H2 for x64-based Systems (KB5012170)
2022-08 Security Update for Windows 10 Version 21H1 for x64-based Systems (KB5012170)
2022-08 Security Update for Windows 11 22H2 for x64-based Systems (KB5012170)5012170
2022-08 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5016616)
2022-08 Servicing Stack Update for Windows 10 Version 1607 for x86-based Systems (KB5017095)
2022-08 Security Update for Windows 10 Version 21H1 for x86-based Systems (KB5012170)
2022-08 Cumulative Update for Windows 10 Version 21H1 for ARM64-based Systems (KB5016616)
2022-08 Cumulative Update for Windows 10 Version 21H1 for x86-based Systems (KB5016616)
2022-08 Cumulative Update for Windows Server
2022-08 Security Update for Windows 10 Version 1607 for x64-based Systems (KB5012170)
2022-08 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5016616)
2022-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5016627)
2022-08 Cumulative Update for Windows 10 Version 20H2 for ARM64-based Systems (KB5016616)
2022-08 Cumulative Update for Windows Server
2022-08 Cumulative Update for Windows 10 Version 20H2 for x86-based Systems (KB5016616)
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities – Table 2

August 2022 Latest Cumulative Update Patch Deployment using Intune

Let’s check how to deploy the August 2022 Latest Cumulative Update Patch Deployment using Intune. You can deploy Windows 10/11 CUs using the Microsoft Endpoint Manager Intune. The patch deployment process in Intune is different from that of SCCM.

I don’t think creating a new patch deployment policy to cater to monthly CU deployments is required. The existing patch deployment policy will deliver the patches using WUfB (Windows Update for Business).

Read More – Software Update Patching Options with Intune Setup Guide (anoopcnair.com)

You have an option to expedite the Installation of August 2022 quality updates if the device OS version is less than 2022.07. Create expedited update profiles for Quality updates using the following steps.

  • Open https://endpoint.microsoft.com/
  • Navigate Device -> Windows 10 quality Updates (preview).
  • Click on + Create Profile.

The following are the Settings for Intune quality update profile.

  • Name August 2022 LCU for Windows 10 KB5016616 and Windows 11 KB5016629
  • Description
  • Expedite installation of quality updates if device OS version less than 9th Aug 2022 – 2022.07 B Security Updates for Windows 10 and later
  • Number of days to wait before the restart is enforced – 1 Day

More Details on Zero Day Out Of Band Patch Deployment Using Intune MEM Expedite Best Option and Intune Reporting Issue: Expedite Windows Security Patch Deployment.

Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 5
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 5

Windows 11 August 2022 Cumulative Update KB

Let’s check Windows 11 August 2022 Cumulative Update KB5016629 deployment options. Like Windows 10 (KB5016616), you can deploy Windows 11 patches (LCUs) using SCCM and Intune.

Windows 11 patching is also important for the organization. Microsoft has released the latest Cumulative Update KB, for Aug 2022. Windows 11 will change its build number to 22000.856 after the cumulative update KB5016629.

  • 2022-07 Cumulative Update for Windows 11 for x64-based Systems (KB5016629)
  • Article ID:5014697 Date revised: Tuesday, August 08, 2022.
  • Maximum Severity Rating: Critical

Direct Download Links of August 2022 Cumulative Updates

Let’s manually download the 2022 August Cumulative Update for Windows 10 (KB5016616), Windows 11 (KB5016629), and Server 2022 (KB5016627) from the Microsoft Update Catalog website.

The following tables contain the direct links to download the August 2022 Cumulative Updates for Windows 10, Windows 11, and Windows Server operating systems.

TitleProductsSizeDirect Download
2022-08 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5016616)Windows 10, version 1903 and later677.5 MBDownload
2022-08 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5016616)Windows 10, version 1903 and later677.5 MBDownload
2022-08 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5016616)Windows 10, version 1903 and later677.5 MBDownload
2022-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5016627)Windows Server version 21H2244.1 MBDownload
2022-08 Cumulative Update for Windows 11 for x64-based Systems (KB5016629)Windows 11274.4 MBDownload
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities 5 – Table 3

You can check the Microsoft Update Catalog portal to get the direct download links to the hotfixes for August 2022 LCU. Check this out Microsoft Update Catalog – https://www.catalog.update.microsoft.com/

List of Aug 2022 CVE Vulnerability Details with Exploitation More Likely

Let’s find out the details of the List of CVE Vulnerability Details with the “Exploitation More Likely” Exploitability Assessment with Aug 2022 patch Tuesday.

CVE Number URLCVE TitlePublicly DisclosedExploitability Assessment
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-33646Azure Batch Node Agent Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-33670Windows Partition Management Driver Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-34699Windows Win32k Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-34703Windows Partition Management Driver Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-34713Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityYesExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35743Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35748HTTP.sys Denial of Service VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35750Win32k Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35751Windows Hyper-V Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35755Windows Print Spooler Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35756Windows Kerberos Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35761Windows Kernel Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-34303CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader BypassNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-34301CERT/CC: CVE-2022-34301 Eurosoft Boot Loader BypassNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35804SMB Client and Server Remote Code Execution VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-21980Microsoft Exchange Server Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-24516Microsoft Exchange Server Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-24477Microsoft Exchange Server Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-34302CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader BypassNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35793Windows Print Spooler Elevation of Privilege VulnerabilityNoExploitation More Likely
https://msrc.microsoft.com//update-guide/vulnerability/CVE-2022-35820Windows Bluetooth Driver Elevation of Privilege VulnerabilityNoExploitation More Likely
Windows 10 KB5016616 Windows 11 KB5016629 August 2022 Patch Tuesday | 2 Zero-Day Vulnerabilities – Table 4

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.