Microsoft has released the patches for May 2023. They released Windows 11 KB5026368 and KB5026372 cumulative updates to fix known issues, security vulnerabilities, and performance issues. Windows 10 KB5026361 and KB5026362 patches were also released.
The latest Windows 11 KB5026368 and KB5026372 security updates address and include improvements. A new toggle control UI is available, “Get Windows updates as soon as they’re available for your device,” on the Settings > Windows Update page. For managed devices, the toggle is disabled by default.
This Windows 11 May patches update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.
Another vulnerability fixed by Microsoft is FIX Windows Boot Manager Vulnerability CVE-2023-24932 BlackLotus UEFI Bootkit. To upgrade to Windows 11 22H2, you can use either SCCM or Intune methods. Microsoft releases different KB articles for Windows 11 May 2023 Cumulative Updates (CUs), with KB5026368 and KB5026372 designated for Windows 11 21H2 and 22H2, respectively.
- Windows 11 Version Details – Windows 11 21H2 KB5026368 (OS Build 22000.1936)
- Version Details – Windows 11 22H2 KB5026372 (OS Build 22621.1702)
- More Details on Windows 11 version Numbers: Windows 11 Version Numbers Build Numbers Major Minor Build Rev.
Video – May Patch Tuesday | 3 Zero-day Vulnerabilities
Let’s check out 2023 May Patch Tuesday | 3 Zero-day Vulnerabilities | KB5026372, KB5026368, KB5026361, and KB5026362.
Zero Day Security Vulnerability
3 Zero-Day Security Vulnerabilities with Windows OLE Remote Code Execution Vulnerability CVE-2023-29325. Also, Secure Boot Security Feature Bypass Vulnerability CVE-2023-24932 and Win32k Elevation of Privilege Vulnerability CVE-2023-29336.
CVE-2023-29325 – The exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine.
CVE-2023-24932 – The security update addresses the vulnerability by updating the Windows Boot Manager, but it is not enabled by default. Additional steps are required at this time to mitigate the vulnerability. Please refer to the following for steps to determine the impact on your environment: KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932.
- CVE-2023-29336 – An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
| Release Date | CVE Number | CVE Title | Publicly Disclosed | Exploitability Assessment | Exploited | Impact | Max Severity | Tag |
|---|---|---|---|---|---|---|---|---|
| May 9, 2023 | CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability | Yes | Exploitation More Likely | No | Remote Code Execution | Critical | Windows OLE |
| May 9, 2023 | CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | Yes | Exploitation Detected | Yes | Security Feature Bypass | Important | Windows Secure Boot |
| May 9, 2023 | CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability | No | Exploitation Detected | Yes | Elevation of Privilege | Important | Windows Win32K |
How to Seek Windows Updates?
Windows 11 allows you to choose when and how to receive the latest updates to ensure your device runs efficiently and securely. To manage your update preferences and view available updates, select “Check for Windows updates.”
- Alternatively, you can seek the latest Windows update by selecting Start > Settings > Windows Update by accessing the update settings.
Microsoft releases security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST. IT professionals should plan their deployment schedules according to their time zone(s).
New Features of Windows 11 Released with May Patches
HTMD community covered all the new features of the Windows 11 22H2 release in the following blog post. All these features are included in the latest Cumulative Update released on the patch Tuesday, 9th May 2023. Here are the improvements for Windows 11, version 22H2.
New! This update adds a new toggle control on the Settings > Windows Update page. When you turn it on, we will prioritize your device to get the latest non-security updates and enhancements when they are available for your device.
| New Features | Details |
|---|---|
| Firewall Settings Changes | You can now configure application group rules. |
| Adds animations to a few icons on the Widgets taskbar button | A new announcement appears on the Widgets taskbar button. You hover over or click the Widgets taskbar button. |
| New toggle control “Get Windows updates as soon as they’re available for your device” on the Settings > Windows Update page. | When you turn it on, Microsoft will prioritize your device to get the latest non-security updates and enhancements when they are available for your device. For managed devices, the toggle is disabled by default. |
Let’s learn some interesting Latest Features of Windows 11 22H2 and its Advanced Features. The 22H2 features update for Windows 11, the Latest Features Of Windows 11 22H2, and Advanced Features.
Issues Fixed with Windows 11 May Patches
Let’s look at the issues fixed with Windows 11 May patch Tuesday KBs (KB5026368 and KB5026372). The following table covers both Windows 11 22H2 and 21H2 fixes.
| Fixes with Windows 11 May Patches | Details |
| Intune (MDM) Stack Printing Issue is fixed. | This update addresses an issue that affects mobile device management (MDM) customers. This occurs because of execution. |
| Microsoft Edge IE mode Issus is fixed with May 2023 patch Tuesday updates | IE Mode Pop-up windows open in the background instead of in the foreground. |
| The LAPS legacy client conflict issue is fixed with May Patch Tuesday updates | Failed to manage the configured local account password. This occurs when you install the legacy LAPS.msi file after you have installed the April 11, 2023, Windows update on the machines that have a legacy LAPS policy. |
| Secure Boot enablement related issues are fixed with the May Patch Tuesday update | This update addresses an issue that affects signed Windows Defender Application Control (WDAC) policies. They are not applied to the Secure Kernel. |
| The error is 0xc0000005 (STATUS_Access_VIOLATION) LSASS issue is fixed | The Local Security Authority Subsystem Service (LSASS) process might stop responding. Because of this, the machine restarts. |
| Fixed Windows PIN Sign-in Error “The request is not supported” | When you use a PIN to sign in to Windows Hello for Business. Signing in to Remote Desktop Services might fail. |
| The resilient File System (ReFS) related issue is fixed. | The resilient File System (ReFS) related issue is fixed. |
| The Administrator Account Lockout policies issues is fixed. | GPResult and Resultant Set of policy did not report them. |
| SMB Direct issue fixed with this error. | Endpoint might not be available on the systems that use multi-byte character sets. |
| Active Directory Users & Computers DSA.msc stops responding issues is fixed | When you use TaskPad view to enable or disable many objects simultaneously. |
| Windows Remote Management (WinRM) client issue is resolved with May patches | The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the storage migration service. |
Known Issues from Windows 11 KB5026368 and KB5026372
Let’s look at the issues fixed with Windows 11 May patch Tuesday KBs (KB5026368 and KB5026372). The following table covers both Windows 11 22H2 and 21H2 fixes.
| Summary | Originating update | Status | Last updated |
|---|---|---|---|
| “Local Security Authority protection is off.” with persistent restart Once enabled, your Windows device might persistently notify you that it is vulnerable, and a restart is required. | N/A | Resolved | 2023-05-03 13:27 PT |
| Third-party UI customization apps might cause Windows to not start up Apps to change behaviors or UI in Windows 11 might cause issues with updates released February 28, 2023 or later. | OS Build 22000.30000 KB5023774 2023-03-28 | Resolved External | 2023-05-08 18:24 PT |
SCCM Windows 11 KB5026368 and KB5026372 Deployment
Learn how to Deploy Windows 11 KB5026368 and KB5026372 May 2023 Cumulative Updates using SCCM/WSUS. You can deploy Windows 11 May 2023 CU KBs using Intune or SCCM.
Using the following methods, you can create a monthly patch package for May 2023. You can also search with Windows 11 LCU for May 2023 KB5026368 and KB5026372. The easiest way is to check from the SCCM admin console.
NOTE! You can verify the Windows 11 versions (OS Builds, 22000.1936, and 22621.1702) by installing May 2023 Latest Cumulative Updates.
- In SCCM Console, Navigate to \Software Library\Overview\Software Updates\All Software Updates.
- You must initiate a WSUS Sync from the All Software Updates node (Right-click on the node and initiate the sync).
- Search with the following KB5026368 and KB5026372 Numbers.
- Or you can search with 23-04 Cumulative Update for Windows 11, as shown in the below screenshot.
| Name of Windows 11 patches for May 2023 | Release Date |
|---|---|
| 2023-05 Cumulative Update for Windows 11 Version 22H2 for ARM64-based Systems (KB5026372) | 5/09/2023 5:00:00 PM |
| 2023-05 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5026372) | 5/09/2023 5:00:00 PM |
| 2023-05 Cumulative Update for Windows 11 for ARM64-based Systems (KB5026368) | 5/09/2023 5:00:00 PM |
| 2023-05 Cumulative Update for Windows 11 for x64-based Systems (KB5026368) | 5/09/2023 5:00:00 PM |
- How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr
- SCCM ADR Automatic Deployment Rule Creation Process
Intune Windows 11 KB5026368 and KB5026372 Deployment
Let’s check how to deploy the Windows 11 KB5026368 and KB5026372 May 2023 Patch Tuesday (LCU) Deployment using Intune. You can deploy Windows 11 May CU using Microsoft Intune. The patch deployment process in Microsoft Intune is different from that of SCCM.
I don’t think creating a new patch deployment policy to cater to monthly CU deployments for Windows 11 is mandatory, but you can use the following method to expedite. The existing patch deployment policy will deliver the patches using WUfB (Windows Update for Business).
Read More – Software Update Patching Options with Intune Setup Guide.
You can expedite the Installation of May 2023 quality updates if the device OS version is less than 2023.04. Create expedited update profiles for Quality updates using the following steps.
You can expedite the Installation of May 2023 quality updates if the device OS version is less than 2023.04. Create expedited update profiles for Quality updates using the following steps.
- Sign in to the Microsoft Intune admin center https://Intune.microsoft.com/
- Navigate Device -> Windows 10 quality Updates.
- Click on + Create Profile.
The following are the Settings for Intune quality update profile for the Windows 11 monthly patching process if you want to expedite the deployment of patches. Otherwise, you can use the standard quality updates policy from Intune.
- Name – Windows 11 May 2023 LCU
- Description— I would recommend adding a detailed description.
- Expedite installation of quality updates if the device OS version is less than 9th May 2023 – 2023.05 B Security Updates for Windows 10 and later
- Number of days to wait before the restart is enforced – 1 Day
More Details on Zero Day Out Of Band Patch Deployment Using Intune MEM Expedite Best Option and Intune Reporting Issue: Expedite Windows Security Patch Deployment.
Automated Patch Management with Windows Autopatch
Autopatch helps streamline updating operations and create new opportunities for IT pros. The Windows Autopatch Release Management provides you with more clarity on the Quality, Feature updates, and install schedules in Intune portal, Here you can get more information Windows Autopatch Implementation Setup Guide.
In Intune Portal, Navigate to Devices, Under Windows Autopatch. Select Release Management, which displays the updates and releases scheduled.
- May 09, 2023—KB5026368 (OS Build 22000.1936)
- May 14, 2023—KB5026372 (OS Build 22621.1702)
Windows 11 KB5026368 and KB5026372 Direct Download Links
Let’s manually download the 2023 May Cumulative Update for Windows 11 KB5026368 and KB5026372 from the Microsoft Update Catalog website. The following tables provide the direct links to download the May 2023 Cumulative Updates for Windows 11.
You can check the Microsoft Update Catalog portal to get the Windows 11 LCUs direct download links to the hotfixes for May 2023 LCU. Check this out Microsoft Update Catalog –https://www.catalog.update.microsoft.com/
Search for updates from the Windows Update Catalog – To download the latest cumulative update (LCU) for your operating system that you want to apply manually. Put the KB article number and click the Search icon.
| Title | Products | Size | Direct Download |
|---|---|---|---|
| 2023-05 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5026372) | Windows 11 22H2 | 275 MB | Download |
| 2023-05 Cumulative Update for Windows 11 for x64-based Systems (KB5026368) | Windows 11 21H2 | 336.5 MB | Download |
Author
Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
Anyone having issues with2023-05 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5026372) on Windows 11 machines ?
Keep running in to errors in Software Center, The update downloads however fails when tries to install..
0x80246FFF(-2145095681)
We have the same issue… Do you found a solution?