Microsoft has released the patches for July 2023. They released Windows 11 KB5028182 and KB5028185 LCUs to fix known issues, security vulnerabilities, and performance issues. Windows 10 KB5028166 July patch also released. Microsoft has announced Windows 11 21H2 end of service, and this is going EoL in October.
The latest Windows 11 KB5028182 and KB5028185 updates address security issues for your Windows operating system, a known problem, and security updates address an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019.
Windows 11 July Updates fix the issue with the EnterpriseDesktopAppManagement configuration service provider (CSP) to distribute the .msi file. This July patch also fixes the issue with Microsoft Intune push notifications. The issue stops devices that have less than 3.5 GB of RAM from getting them.
Microsoft has added Privacy & security enhancement with the Presence sensing option for supported hardware with July 2023 Windows 11 patches. The Windows 11 July patch added a feature that helps to get a greater end-user experience with adds “Let Windows Decide” as a default option for Terminal settings.
Zero Day Security Vulnerability for July 2023
There are Six zero-day vulnerabilities announced by Microsoft with the July patch Tuesday. Microsoft released CVEs, as per the MSRC CVE report, that need to be fixed as the highest priority. More details – FIX Office and Windows HTML Remote Code Execution Zero Day Vulnerability CVE-2023-36884.
| CVE | CVE Title | Severity | CVSS | Public | Exploited | Type |
| CVE-2023-36884 | Office and Windows HTML Remote Code Execution Vulnerability | Important | 8.3 | Yes | Yes | RCE |
| CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability | Important | 8.8 | No | Yes | SFB |
| CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | EoP |
| CVE-2023-32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | EoP |
| CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability | Important | 8.8 | No | Yes | SFB |
Video Review of July 2023 Patch Tuesday Windows 11 KB5028182 KB5028185
Let’s have a quick Video Review of July 2023 Patch Tuesday Windows 10 KB5028166. July Patch Tuesday Windows 11 July patches KB5028182 and KB5028185 are also covered in this video.
July 2023 Patch Tuesday Report. Let’s quickly discuss Windows 11 patches KB5028182 and KB5028185. Windows 10 patches KB5028166, KB5028186, KB5028169, and KB5028168. These are the latest cumulative update security patches for the month of July 2023. We have also discussed 6 Zero-Day Vulnerabilities in this video.
How to Seek Windows Updates?
Windows 11 allows you to choose when and how to receive the latest updates to ensure your device runs efficiently and securely. To manage your update preferences and view available updates, select “Check for Windows updates.”
- Alternatively, you can seek the latest Windows update by selecting Start > Settings > Windows Update by accessing the update settings.
Microsoft releases security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST. IT professionals should plan their deployment schedules according to their time zone(s).
Windows 11 Controlled Feature Rollout
The following updates are released as part of the Controlled Feature Rollout (moment). You need to enable the New toggle control “Get Windows updates as soon as they’re available for your device” on the Settings > Windows Update page to be part of the new features rollout by Microsoft.
This applies only to Windows 11 22H2 all editions if you have NOT temporarily blocked the option mentioned above using the Allow Temporary Enterprise Feature Control option. From the above video, you can learn how to control New Monthly Features Enablement via monthly LCU using Intune WUfB Policy.
Windows 11 22H2 KB5028185 July Patch New Features
The following table gives a quick overview of New Features introduced with the Windows 11 22H2 July Patch Tuesday update KB5028185. Interesting to see that most of these features are introduced as part of the Controlled Feature Rollout (moment) feature as per July 24th Windows configuration update document.
| New Features | Details | Version |
|---|---|---|
| Roll out of notification badging for Microsoft accounts on the Start menu | A Microsoft account is what connects Windows to your Microsoft apps. The account backs up all your data and helps you to manage your subscriptions. | Windows 11 22H2 |
| Sharing of a local file in File Explorer with Microsoft Outlook contacts | You now have the option to email the file to yourself quickly. In addition, loading your contacts from Outlook is better. | Windows 11 22H2 |
| Additional Language Support for Live Captions | To turn on live captions, use the WIN + Ctrl + L keyboard shortcut. You can also use the Quick Settings accessibility flyout menu. | Windows 11 22H2 |
| New VPN Status icon | The VPN icon will be overlayed in your system’s accent color over the active network connection. | Windows 11 22H2 |
| New Voice Commands added for Text Selection | You can access the command help page on the voice access bar from Help > View all commands or use the voice access command “What can I say?” | Windows 11 22H2 |
| Display seconds in the clock on the system tray | To turn this on, go to the Taskbar behaviors section in Settings > Personalization > Taskbar. | Windows 11 22H2 |
| Print Screen (PRT SCR) key behavior change | Pressing the print screen key opens the Snipping Tool by default. You can turn off this setting from Settings > Accessibility > Keyboard. | Windows 11 22H2 |
| copy button for you to quickly copy two-factor authentication (2FA) codes | These are in notification toasts you get from apps installed on your PC or from phones linked to your PC. Note that this feature only works for English. | Windows 11 22H2 |
| Multi-app kiosk mode | You can configure distinct types of access and apps to run for different users on one device. Multi-app kiosk mode is ideal for scenarios in which multiple people use the same device. | Windows 11 22H2 |
| Presence sensor privacy setting in Settings > Privacy & security > Presence sensing | If you have a device that has compatible presence sensors, you can now choose the apps that can access those sensors. You can also choose the apps that do not have access. | Windows 11 22H2 |
| Improvements in Computer performance for gaming scenario | Your computer’s performance when you use a mouse that has a high report rate for gaming. | Windows 11 22H2 |
| Live kernel memory dump (LKD) collection from Task Manager | Using LKD, you can gather data to troubleshoot an issue while the OS continues to work. | Windows 11 22H2 |
Windows 11 21H2 New Improvements with July Patches
Most of the improvements are coming only to Windows 11 22H2. We, the HTMD community, covered all the new features or improvements of the Windows 11 21H2 release in the following table. Here are the improvements for Windows 11, version 21H2 version.
This update adds many new features and improvements to Microsoft Defender for Endpoint. This Windows 11 July 2023 patch improves the end-user experience of Terminal Settings and the reliability of Desktop Windows Manager (DWM).
| New Improvements | Details |
|---|---|
| MDE Improvements | This update adds many new features and improvements to Microsoft Defender for Endpoint. |
| Improvements in Input Method Editor (IME) | Several simplified Chinese fonts and the Microsoft Pinyin Input Method Editor (IME) |
| Changes in the Default Terminal settings | Windows 11 21H2 July Patch update adds “Let Windows Decide” as a default option |
| Desktop Window Manager (DWM) | Windows 11 21H2 July update improves the reliability Desktop Window Manager (DWM). |
Issues Fixed with Windows 11 July Patches
Let’s look at the issues fixed with Windows 11 July patch Tuesday KBs (KB5028182 and KB5028185). The following table covers both Windows 11 22H2 and 21H2 fixes.
| Fixes with Windows 11 July Patches | Details |
|---|---|
| July Patches fixes the Microsoft Intune push notifications | The issue stops devices that have less than 3.5 GB of RAM from getting them |
| The July Windows 11 LCU fixes the issue that affects .msi files | A minor update is not installed. This occurs when you use the EnterpriseDesktopAppManagement configuration service provider (CSP) to distribute the .msi file |
| July Patches fix devices that use the Network Protector for BitLocker | The device will not resume after it has been suspended |
| Windows 11 July patches fix the issue with AVD and Windows 365 users | You might not see the right location for a Remote Desktop session in your virtual machine or Cloud PC |
| Windows File Explorer not responding issue has been fixed | This occurs after you try to view the effective access permissions for files in File Explorer |
| The issue stops the Narrator from retaining your scan mode when you switch between browsers. | The issue stops the Narrator from retaining your scan mode when you switch between browsers It reads the wrong state when you cancel the selection of an option button you have selected |
| Monthly Scheduled Tasks not running issue is fixed | It might not run on time if the next occurrence happens when daylight savings time occurs |
| The July patches fix that affects all the registry settings under the Group Policy settings | They might be deleted. This occurs when you do not rename the local temporary user policy file during Group Policy processing. |
| The Windows 11 July patches fix the issues related to the print spooler | This issue occurs when you print using a certain workspace. |
| Permission issue with HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | You can now set and maintain the correct default permissions for this directory path. When the permissions are wrong, Start menu, search, and Azure AD authentication fails. |
Known Issues from Windows 11 KB5028182 and KB5028185
Let’s look at the issues fixed with Windows 11 July patch Tuesday KBs (KB5028182 and KB5028185). The following table covers both Windows 11 22H2 and 21H2 fixes.
| Summary | Originating update | Status |
|---|---|---|
| Computing effective access might not show results You might be unable to view effective access, and explorer.exe might continue to use CPU after closing the dialog. | Windows 11 KB5026368 KB5026372 May Patches | Workaround provided |
| Devices with a locale set to Croatia might not utilize the expected currency. The correct default currency might not display or be used in Windows devices that have a locale set to Croatia. This can affect applications that retrieve the device’s currency for purchases or other transactions. | NA | Workaround provided |
SCCM Windows 11 KB5028182 KB5028185 Deployment
Learn how to Deploy Windows 11 KB5028182 KB5028185 July 2023 Cumulative Updates using SCCM/WSUS. You can deploy Windows 11 July 2023 CU KBs using SCCM.
Using the following methods, you can create a monthly patch package for July 2023. You can also search with Windows 11 LCU for July 2023 KB5028182 KB5028185. The easiest way is to check from the SCCM admin console.
NOTE! You can verify the Windows 11 (OS Builds 22000.2176, 22621.1992) by installing July 2023 Latest Cumulative Updates.
- In SCCM Console, Navigate to Software Library\Overview\Software Updates\All Software Updates.
- You must initiate a WSUS Sync from the All Software Updates node (Right-click on the node and initiate the sync).
- Search with the following KB5028182 KB5028185 Number.
- Or you can search with 23-07 Cumulative Update for Windows 11, as shown in the below screenshot.
| Name of Windows 11 patches for July 2023 | Release Date |
|---|---|
| 2023-06 Cumulative Update for Windows 11 Version 22H2 for ARM64-based Systems (KB5028185 ) | 7/11/2023 5:00:00 PM |
| 2023-06 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5028185) | 7/11/2023 5:00:00 PM |
| 2023-06 Cumulative Update for Windows 11 for ARM64-based Systems (KB5028182) | 7/11/2023 5:00:00 PM |
| 2023-06 Cumulative Update for Windows 11 for x64-based Systems (KB5028182) | 7/11/2023 5:00:00 PM |
- How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr
- SCCM ADR Automatic Deployment Rule Creation Process
Intune Windows 11 KB5028182 KB5028185 Deployment
Let’s check how to deploy the July 2023 Patch Tuesday (LCU) Deployment using Intune. You can deploy Windows 11 July CU using Microsoft Intune. The patch deployment process in Microsoft Intune is different from that of SCCM.
I don’t think creating a new patch deployment policy to cater to monthly CU deployments is mandatory, but you can use the following method to expedite. The existing patch deployment policy will deliver the patches using WUfB (Windows Update for Business).
You have the option to expedite the Installation of July 2023 quality updates. Create expedited update profiles for Quality updates using the following steps.
The following are the Settings for Intune quality update profile for the monthly patching process if you want to expedite the deployment of patches. Otherwise, you can use the standard quality updates policy from Intune.
- Name – Windows 11 July 2023 LCU
- Description – Recommend adding a detailed description
- Expedite installation of quality updates if the device OS version is less than 11th July 2023 – 2023.07 B Security Updates for Windows 10 and later
- Number of days to wait before the restart is enforced – 1 Day
More Details on Zero Day Out Of Band Patch Deployment Using Intune MEM Expedite Best Option and Intune Reporting Issue: Expedite Windows Security Patch Deployment.
Automated Patch Management with Windows Autopatch
Autopatch helps streamline updating operations and create new opportunities for IT pros. The Windows Autopatch Release Management provides you with more clarity on the Quality, Feature updates, and install schedules in Intune portal, Here, you can get more information Windows Autopatch Implementation Setup Guide.
In Intune Portal, Navigate to Devices, Under Windows Autopatch. Select Release Management, which displays the updates and releases scheduled.
Windows 11 KB5028182 KB5028185 Direct Download Links
Let’s manually download the 2023 July Cumulative Update for Windows 11 KB5028182 KB5028185 from the Microsoft Update Catalog website. The following tables provide the direct links to download the July 2023 Cumulative Updates for Windows 11.
You can check the Microsoft Update Catalog portal to get the Windows 11 LCUs direct download links for July 2023 LCU. Check out Microsoft Update Catalog, https://www.catalog.update.microsoft.com/
Search for updates from the Windows Update Catalog – To download the latest cumulative update (LCU) for your operating system that you want to apply manually.
- Enter the KB article number
- Click the Search icon
- Search Keyword 2023-07
| Title | Products | Size | Direct Download |
|---|---|---|---|
| 2023-07 Cumulative Update for Windows 11 for x64-based Systems (KB5028182) | Windows 11 21H2 | 345.4 MB | Download |
| 2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5028185) | Windows 11 22H2 | 302.0 MB | Download |
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
This update has broken an Intune managed Task Bar customization for Windows 11. The taskbar no longer appears even after reboot, or restart of Windows Explorer. The Intune config is a basic XML with shortcuts in “replace” mode. We also have a basic config for the Start Menu and a reg key to move the taskbar to the left hand side.
I haven’t been able to resolve this yet but I have tried a few Reg fixes, DISM and SFC.
We have the same issue, luckily this only hit our update test devices first.
We have also yet to find a solution have you?
We narrowed it down to partially a corrupt DLL Windows.UI.xaml.dll
We have tried renaming it, replacing it, deleting it, no luck as its protected system file.
We also tried everything you did and we also use Intune.
Found the solution! it was applocker, removed our IT machines from the policy and all good. Spent 2 days on this. Microsoft strikes again!!