Microsoft has released the patches for April 2023. They released Windows 11 KB5025224 and KB5025239 cumulative updates to fix known issues, security vulnerabilities, and performance issues. Windows 10 patches are explained in Windows 10 KB April 2023 Patch Tuesday post.
The latest Windows 11 KB5025224 and KB5025239 security updates address and include improvements. This update addresses a compatibility issue and LAPS as a Windows Inbox feature and a known issue with LAPS. The issue occurs because of unsupported use of the registry. These updates also have an additional feature notification icon in the start menu. This icon is near the profile picture. These patches also have new features for Microsoft Defender for Endpoint.
The Windows 11 April patches fixed the issue related to kiosk device profiles is fixed. If you have enabled automatic login, it might not work after Windows Autopilot provisioning. Fixes issue Also, when opening PPT on the AVD. However, there are some known issues with Windows 11 April 2023 patches, and more details are available in the below section.
To upgrade to Windows 11 22H2, you can use either SCCM or Intune methods. Microsoft releases different KB articles for Windows 11 April 2023 Cumulative Updates (CUs), with KB5025224 and KB5025239 designated for Windows 11 21H2 and 22H2, respectively.
Zero-Day Security Vulnerability
One Zero-Day Security Vulnerability with Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2023-28252. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
- Windows 11 Version Details – Windows 11 21H2 KB5025224 (OS Build 22000.1817)
- Version Details – Windows 11 22H2 KB5025239 (OS Build 22621.1555)
- More Details on Windows 11 version Numbers: Windows 11 Version Numbers Build Numbers Major Minor Build Rev.
Video – Windows 11 KB5025224 KB5025239 April Patch Tuesday
Let’s check the Fixes, Improvements, and Known Issues with Windows 11 KB5025224 + KB5025239, and Windows 10 KB5025221 April Patch Tuesday in this video.
How to Seek Windows Updates?
Windows 11 allows you to choose when and how to receive the latest updates to ensure your device runs efficiently and securely. To manage your update preferences and view available updates, select “Check for Windows updates.”
Alternatively, you can seek the latest Windows update by selecting Start > Settings > Windows Update by accessing the update settings.
Microsoft releases security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST. IT professionals should plan their deployment schedules according to their time zone(s).
New Features of Windows 11 Released with April Patches
HTMD community covered all the new features of the Windows 11 22H2 release in the following blog post. All these features are included in the latest Cumulative Update released on the patch Tuesday, 11th April 2023. Here are the improvements for Windows 11, version 22H2.
| New Features | Details |
|---|---|
| New Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature. | LAPS capabilities are coming directly to your devices starting with today’s April 11, 2023 security update. |
| Notifications for Microsoft accounts in the Start menu. | The notification icon in the start menu. This is near the profile picture. This is only available to a small audience right now. |
| The search box on the taskbar will be lighter when you set Windows to a custom color mode. | When you set the Windows mode to dark and the app mode to light in Settings > Personalization > Colors. |
| New features for Microsoft Defender for Endpoint | A free Antivirus solution for Windows devices. |
Let’s learn some interesting Latest Features of Windows 11 22H2 and its Advanced Features. The 22H2 features update for Windows 11, the Latest Features Of Windows 11 22H2, and Advanced Features.
You can refer to more details on Windows 11 22H2 and 21H2 enhancements with April 2023 patch Tuesday from February 21, 2023, and February 28, 2023.
Issues Fixed with Windows 11 April Patches
Let’s look at the issues fixed with Windows 11 April patch Tuesday KBs (KB5025224 and KB5025239). The following table covers both Windows 11 22H2 and 21H2 fixes.
| Fixes with Windows 11 April Patches | Details |
|---|---|
| Windows Autopilot – The issue related to kiosk device profiles is fixed. If you have enabled automatic login, it might not work. | After Autopilot completes provisioning, these devices stay on the credential screen. This issue occurs after you install updates dated January 10, 2023, and later. |
| The Group Policy Management Console issue is fixed with April LCU patches for Windows 11. | This patch(s) addresses a scripting error in the Group Policy Preferences window. |
| The notepad combo box in Settings issue is fixed | The Notepad app fails to show all the available options |
| Microsoft PowerPoint issues were fixed | When you use accessibility tools, PowerPoint stops responding. Also, when opening PPT on the AVD. This occurs when you use Visual Basic for Applications (VBA) |
| Microsoft Narrator issues were fixed with April patches | MS Narrator fails to read items in dropdown lists in Microsoft Excel. |
| USB printers related issues were fixed | The system classifies USB Printers as multimedia devices even though they are not. |
| Compatibility issues that affect some printers are fixed | These printers use Windows Graphical Device Interface (GDI) printer drivers. These drivers do not completely adhere to GDI specifications. |
| The complexity policy settings for PINs is fixed | The complexity of policy settings for PINs is ignored |
| Fast Identity Online 2.0 (FIDO2) PIN credential icon issue is resolved | FIDO2 PIN credential icon does not appear on the credentials screen of an external monitor. This occurs when that monitor is attached to a closed laptop. |
| DSA.msc stops responding when you use TaskPad view to enable or disable many objects simultaneously. | The system reports some SCEP certificate installations as failed. Instead, the system should report them as pending. |
| Active Directory Users & Computers (DSA.msc) issue is fixed | Windows Remote Management (WinRM) client issue is resolved with April patches. |
| Windows Remote Management (WinRM) client issue is resolved with April patches | The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service. |
Known Issues from Windows 11 KB5025224 and KB5025239
You can check the current status of known issues after the last patch update on April 2023 CU for Windows 11 devices. This table offers a summary of active current problems and issues resolved in the last 30 days.
| Summary | Originating update | Status | Last update |
|---|---|---|---|
| Legacy LAPS and New LAPS Client Conflict | KB5025224 (22000.1817) KB5025239 (22621.1555) | Investigating | New Built-in LAPs Client For Windows 11 And 10 |
| “Local Security Authority protection is off.” with the persistent restart. Update for Microsoft Defender Antivirus antimalware platform | KB5007651 (Version 1.0.2302.21002) | Not Resolved | Workaround is provided |
| You might receive an error with apphelp.dll from apps using DirectX | OS Build 22621.819 KB5019980 2022-11-08 | Not Resolved | Mitigation is in place |
| Domain join processes may fail with the error “0xaac (2732).” | N/A | Not Resolved | Workaround is provided |
| WSUS might not offer updates to Windows 11, version 22H2 | N/A | Not Resolved | Mitigation is in place |
| The start menu, Windows Search, and UWP apps might have issues opening | N/A | Investigating | Mitigation is in place |
| Domain join processes may fail with the error “0xaac (2732)“ | OS Build 22621.674 KB5018427 2022-10-11 | Refer to KB5020276 to understand the designed behavior | As per design |
| KB5012170 might fail to install and you might receive a 0x800f0922 error | KB5012170 might fail to install, and you might receive a 0x800f0922 error | Investigating | Workaround is provided |
SCCM Windows 11 KB5025224 and KB5025239 Deployment
Learn how to Deploy Windows 11 KB5025224 and KB5025239 April 2023 Cumulative Updates using SCCM/WSUS. You can deploy Windows 11 February 2023 CU KBs using Intune or SCCM.
Using the following methods, you can create a monthly patch package for April 2023. You can also search with Windows 11 LCU for April 2023 KB5025224 and KB5025239. The easiest way is to check from the SCCM admin console.
NOTE! You can verify the Windows 11 versions (OS Builds, 22000.1817, and 22621.1555) by installing April 2023 Latest Cumulative Updates.
- In SCCM Console, Navigate to \Software Library\Overview\Software Updates\All Software Updates.
- You must initiate a WSUS Sync from the All Software Updates node (Right-click on the node and initiate the sync).
- Search with the following KB5025224 and KB5025239 Numbers.
- Or you can search with 23-04 Cumulative Update for Windows 11, as shown in the below screenshot.
| Name of Windows 11 patches for April 2023 | Release Date |
|---|---|
| 2023-04 Cumulative Update for Windows 11 Version 22H2 for ARM64-based Systems (KB502539) | 4/11/2023 5:00:00 PM |
| 2023-04 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB502539) | 4/11/2023 5:00:00 PM |
| 2023-04 Cumulative Update for Windows 11 for ARM64-based Systems (KB5025224) | 4/11/2023 5:00:00 PM |
| 2023-04 Cumulative Update for Windows 11 for x64-based Systems (KB5025224) | 4/11/2023 5:00:00 PM |
- How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr
- SCCM ADR Automatic Deployment Rule Creation Process
Intune Windows 11 KB5025224 and KB5025239 Deployment
Let’s check how to deploy the Windows 11 KB5025224 and KB5025239 April 2023 Patch Tuesday (LCU) Deployment using Intune. You can deploy Windows 11 April CU using Microsoft Intune. The patch deployment process in Microsoft Intune is different from that of SCCM.
I don’t think creating a new patch deployment policy to cater to monthly CU deployments for Windows 11 is mandatory, but you can use the following method to expedite. The existing patch deployment policy will deliver the patches using WUfB (Windows Update for Business).
Read More – Software Update Patching Options with Intune Setup Guide.
You can expedite the Installation of April 2023 quality updates if the device OS version is less than 2023.04. Create expedited update profiles for Quality updates using the following steps.
- Sign in to the Microsoft Intune admin center https://Intune.microsoft.com/
- Navigate Device -> Windows 10 quality Updates.
- Click on + Create Profile.
The following are the Settings for Intune quality update profile for the Windows 11 monthly patching process if you want to expedite the deployment of patches. Otherwise, you can use the standard quality updates policy from Intune.
- Name – Windows 11 April 2023 LCU
- Description— I would recommend adding a detailed description.
- Expedite installation of quality updates if the device OS version is less than 11th April 2023 – 2023.04 B Security Updates for Windows 10 and later
- Number of days to wait before the restart is enforced – 1 Day
More Details on Zero Day Out Of Band Patch Deployment Using Intune MEM Expedite Best Option and Intune Reporting Issue: Expedite Windows Security Patch Deployment.
Automated Patch Management with Windows Autopatch
Autopatch helps streamline updating operations and create new opportunities for IT pros. The Windows Autopatch Release Management provides you with more clarity on the Quality, Feature updates, and install schedules in Intune portal, Here you can get more information Windows Autopatch Implementation Setup Guide.
In Intune Portal, Navigate to Devices, Under Windows Autopatch. Select Release management, which displays the updates and releases scheduled.
- March 14, 2023—KB5023698 (OS Build 22000.1696)
- March 14, 2023—KB5023696 (OS Builds 19042.2728, 19044.2728, and 19045.2728)
- March 14, 2023—KB5023702 (OS Build 17763.4131)
- March 14, 2023—KB5023706 (OS Build 22621.1413)
Windows 11 KB5025224 and KB5025239 Direct Download Links
Let’s manually download the 2023 April Cumulative Update for Windows 11 KB5025224 and KB5025239 from the Microsoft Update Catalog website. The following tables provide the direct links to download the April 2023 Cumulative Updates for Windows 11.
You can check the Microsoft Update Catalog portal to get the Windows 11 LCUs direct download links to the hotfixes for April 2023 LCU. Check this out Microsoft Update Catalog –https://www.catalog.update.microsoft.com/
Search for updates from the Windows Update Catalog – To download the latest cumulative update (LCU) for your operating system that you want to apply manually. Put the KB article number and click the Search icon.
Note! When using a search for a specific KB article, make sure to avoid any spaces between the letters and numbers in the KB article number. For example, to search for the KB article numbers KB5025224 and KB5025239, enter them as is without any spaces.
| Title | Products | Size | Direct Download |
|---|---|---|---|
| 2023-04 Cumulative Update for Windows 11 for x64-based Systems (KB5025224) | Windows 11 | 324.8 MB | Download |
| 2023-04 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5025239) | Windows 11, version 22H2 | 298.2 MB | Download |
Author
About the Author – Jitesh Kumar
I can’t get this to install into my Win 11 22H2 WIM via SCCM offline servicing. This process has worked fine with monthly updates until now, but for this update I get the following in the SCCM OfflineServicingMgr.log
Applicability State = APPLICABLE, Update Binary = C:\ConfigMgr_OfflineImageServicing\23c69e7f-ac7a-4563-a928-5ffc636f3c0f\Windows11.0-KB5025239-x64.cab. SMS_OFFLINE_SERVICING_MANAGER 14/04/2023 17:36:44 7160 (0x1BF8)
Applying update with ID 17052523 on image at index 1. SMS_OFFLINE_SERVICING_MANAGER 14/04/2023 17:36:44 7160 (0x1BF8)
InstallUpdate returned code 0x800f0988 SMS_OFFLINE_SERVICING_MANAGER 14/04/2023 17:44:39 7160 (0x1BF8)
STATMSG: ID=7911 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_OFFLINE_SERVICING_MANAGER” SYS=PGIAS02.PVI.LOCAL SITE=PGI PID=1588 TID=7160 GMTDATE=Fri Apr 14 16:44:39.428 2023 ISTR0=”17052523″ ISTR1=”PGI0020B” ISTR2=”1″ ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X988 SMS_OFFLINE_SERVICING_MANAGER 14/04/2023 17:44:39 7160 (0x1BF8)
Failed to install update with ID 17052523 on the image. ErrorCode = 2440 SMS_OFFLINE_SERVICING_MANAGER 14/04/2023 17:44:39 7160 (0x1BF8)
There’s plenty of disk space. I can’t find much info about those error codes.
Do you have any suggestions?
Normally Offline servicing supports applying the classic Windows updates. These UUP-type Windows updates have WIM files, etc., so it’s better to raise a support case with Microsoft to confirm whether this is a supported scenario.
Hi,
I have been the same issue.
To resolve it, just create an USB key of windows 11 and after that, launch setup.exe
when the question “what do you want to consider” Keep data and application and install.
After the last reboot, everything will be fine because this KB is already installed 😉