Microsoft has released the patches for August 2023. The Windows 11 KB5029253 KB5029263 LCUs were released to fix known, security and performance issues. Windows 10 KB5029244 August patch was also released. Microsoft has announced Windows 11 21H2 end of service, and this is going EoL in October.
This month is only one zero-day vulnerability, and this is related to ASP .NET (CVE-2023-38180). The second one is an advisory ADV230003 for last month’s vulnerability related to Outlook – CVE-2023-36884 (FIX Office And Windows HTML Remote Code Execution Zero Day Vulnerability CVE-2023-36884).
Issues related to downloading the Windows Autopilot policy are fixed with this August’s latest cumulative update. This increases the retry attempts when you try to download the Windows Autopilot profile. This helps improve stability when the network connection is not fully initialized.
The August Patch Tuesday Windows 11 patches fixed the login issue for Hybrid Azure AD joined devices. This issue occurs when you use a Windows Hello for Business PIN or biometric credentials. This issue applies to a cloud trust deployment.
Zero Day Security Vulnerability for August 2023
There is one zero-day vulnerability announced by Microsoft with the August patch Tuesday, and that is CVE-2023-38180 related to ASP .NET. The second one is an advisory for last month’s vulnerability related to Outlook – CVE-2023-36884.
The advisory ADV230003 is about the last month’s Outlook app related vulnerability. This defence in-depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023.
Release date | Last Updated | CVE Number | CVE Title | Publicly Disclosed | Exploitability assessment | Exploited | Mitigations | Impact | Max Severity | Tag |
---|---|---|---|---|---|---|---|---|---|---|
Aug 8, 2023 | Aug 8, 2023 | CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability | No | Exploitation More Likely | Yes | Denial of Service | Important | ASP .NET | |
Aug 8, 2023 | Aug 8, 2023 | ADV230003 | Microsoft Office Defense in Depth Update | Yes | Exploitation Detected | Yes | Defense in Depth | Moderate | Microsoft Office |
Video Review of August 2023 Patch Tuesday Windows 11
Let’s have a quick Video Review of August 2023 Patch Tuesday Windows 10 KB5029244. August Patch Tuesday Windows 11 August patches KB5029253 and KB5029263 are also covered in this video.
August 2023 Patch Tuesday Report. Let’s quickly discuss Windows 11 patches KB5029253 and KB5029263. Windows 10 patches KB5029244. These are the latest cumulative update security patches for the month of August 2023. We have also discussed 1 Zero-Day Vulnerabilities in this video.
How to Seek Windows Updates?
Windows 11 allows you to choose when and how to receive the latest updates to ensure your device runs efficiently and securely. To manage your update preferences and view available updates, select “Check for Windows updates.”
- Alternatively, you can seek the latest Windows update by selecting Start > Settings > Windows Update by accessing the update settings.
Microsoft releases security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST. IT professionals should plan their deployment schedules according to their time zone(s).
Windows 11 22H2 KB August Patch New Features
The following table gives a quick overview of New Features introduced with the Windows 11 22H2 August Patch Tuesday update KB5029263. Interesting to see that most of these features are introduced as part of the Controlled Feature Rollout (moment) feature as per July 24th Windows configuration update document.
NOTE! – There are no significant feature updates as part of the moment (Controlled Feature Rollout). The recent feature updates are documented by Microsoft – What’s new in recent Windows updates.
We have also documented recent feature updates as part of Windows 11 Insider Build (5 Latest Features of Windows 11 Announced – July 2023 Dev and Canary Channel Updates).
List of Windows 11 Improvements with August Patches
Most of the improvements are coming only to Windows 11. The HTMD community has covered all the new features or improvements of the Windows 11 release in the following table. Here are the improvements for Windows 11 latest versions.
This update adds many new features and improvements to Microsoft Defender for Endpoint. This Windows 11 August 2023 patch improves the end-user experience of Terminal Settings and the reliability of Desktop Windows Manager (DWM).
New Improvements | Details |
---|---|
Handwriting Software Input Panel (SIP) and Handwriting Engine Improvements | This supports GB18030-2022 conformance level 2 |
Verdana Pro font enhancement | Updates some of the letters of the Verdana Pro font family |
Enhancement for COSA profiles | This update keeps Country and Operator Settings Asset (COSA) profiles current. |
Enhancements in Windows 11 brightness settings | August update makes brightness settings more accurate. |
Issues Fixed with Windows 11 August Patches
Let’s look at the issues fixed with Windows 11 August patch Tuesday KBs (KB5029253 and KB5029263). The following table covers both Windows 11 22H2 and 21H2 fixes. The following are the fixes that are added with August’s Latest Cumulative Update (LCU).
These Windows 11 August Patches address an issue that affects a printing job. An unexpected Internet Printing Protocol (IPP) mode switch can cause the print job to stop abruptly. This occurs when there is an independent hardware vendor (IHV) driver.
- This Windows 11 August update addresses an issue that affects certain wireless wide area network (WWAN) devices. After every restart, a dialogue reappears. It asks you to switch to an embedded SIM (eSIM) even when you choose “No.”
- This update addresses a deadlock in Internet Protocol Security (IPsec). When you configure servers with IPsec rules, they stop responding. This issue affects virtual and physical servers.
- This update affects the Windows Kernel Vulnerable Driver Blocklist, DriverSiPolicy.p7b. It adds drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- This Windows 11 LCU addresses an issue that affects the fastfat file system driver. It stops responding because of a race condition.
- This update addresses an issue that affects refsutil.exe. Options like salvage and leak do not work properly on Resilient File System (ReFS) volumes.
Fixes with Windows 11 August Patches | Details |
---|---|
Windows 11 21H2 Bitlocker issues are fixed with August LCU | This Bitlocker issue causes Windows to fail. This occurs when you use BitLocker on a storage medium that has a large sector size. Another issue is also fixed if you enable BitLocker and local CSV-managed protectors, and the system recently rotated the BitLocker keys. |
The hybrid Azure AD joined device login issue is fixed with August patches | You cannot sign in to them if they are not connected to the internet. This occurs when you use a Windows Hello for Business PIN or biometric credentials. This issue applies to a cloud trust deployment. |
Issues related to downloading the Windows Autopilot policy are fixed | This update increases the retry attempts when you try to download the Windows Autopilot profile. This helps to improve Maintaining stability even when the network connection is not fully established. |
Issue related to WMI Installation Error is fixed with August Update | Installation error that affects the WMI repository. The issue occurs when a device does not shut down properly. |
The Defender Firewall Profile issue related to network change is fixed with August Updates | The Defender Firewall Profile fails to automatically switch from a LAN that is trusted to a public network. |
A couple of issues related to Windows Defender Application Control (WDAC) are fixed | The issue copies unsigned WDAC policies to the Extensible Firmware Interface (EFI) disk partition. Also, fixing issues related to The “Disabled: Script Enforcement” option might create audit events you do not need. |
SMB performance issues are fixed with August Updates | I/O over Server Message Block (SMB) might fail when you use the LZ77+Huffman compression algorithm. |
Windows Notification Platform-related issues are also fixed | The Windows Notification Platform issue affects how much power your device uses. |
Fixed – Windows Push Notification Services (WNS) client-server reliability issues | This August 2023, LCU makes sure that Windows Push Notification Services (WNS) make the connection between the client and the WNS server more reliable. |
Event forwarding quality issues with Windows 11 are fixed with August Patches | The issue was related to the new event channel, as explained – When you add an Event Channel to the subscription, it forwards events you do not need. |
L2 Caching-related issue with CPU is fixed with this August patches | There is inconsistent reporting of the L2 cache. This normally impacts the overall performance of Windows 11 devices. |
The printer unloading issue with Windows 11 is fixed with August updates | This issue occurs when you print from multiple print queues to the same printer driver. |
This update affects text edit controls in XAML and browser controls. You cannot make text edit controls editable again after they become read-only. | This update affects text edit controls in XAML and browser controls. You cannot make text edit controls editable again after they become read-only. |
Windows 11 display and audio devices issues are fixed when the system resumes sleep | Certain display and audio devices are missing after your system resumes from sleep. |
Windows 11 Widgets getting unpinned from the taskbar | This update addresses an issue that affects Widgets. They unpin from the taskbar when you do not expect it. |
Windows 11 VPN connection issues are fixed with August patches | VPN is on a wireless mesh network that uses an aggressive throttling algorithm. This bug causes excessive Address Resolution Protocol (ARP) requests to the network gateway. |
These August 2023 Windows 11 patches address an issue that affects the MPSSV service. The issues cause your system to restart repeatedly. The stop error code is 0xEF.
This update addresses an issue that might affect Win32 and Universal Windows Platform (UWP) apps. They might close when devices enter Modern Standby. Modern Standby is an expansion of the Connected Standby power model. This issue occurs if certain Bluetooth Phone Link features are turned on.
Known Issues from August Windows 11 Patches KB5029253 KB5029263
Let’s look at the issues fixed with Windows 11 August patch Tuesday KBs (KB5029253 and KB5029263). The following table covers both Windows 11 22H2 and 21H2 fixes.
Summary | Originating update | Status |
---|---|---|
Some apps might fail to playback, record, or capture video | OS Build 22000.30000 KB5028245 | Known Issue Rollback |
When using Outlook, opening links in emails might display an error | NA | Workaround Provided |
SCCM Windows 11 KB5029253 KB5029263 Deployment
Learn how to Deploy Windows 11 KB5029253 KB5029263 August 2023 Cumulative Updates using SCCM/WSUS. You can deploy Windows 11 August 2023 CU KBs using SCCM.
You can create a monthly patch package for August 2023 using the following methods. You can also search with Windows 11 LCU for August 2023 KB5029253 KB5029263. The easiest way is to check from the SCCM admin console.
NOTE! You can verify the Windows 11 (OS Builds 22000.2295, 22621.2134) by installing the August 2023 Latest Cumulative Updates.
- In SCCM Console, Navigate to Software Library\Overview\Software Updates\All Software Updates.
- You must initiate a WSUS Sync from the All Software Updates node (Right-click on the node and initiate the sync).
- Search with the following KB5029253 KB5029263 Number.
- Or you can search with 23-08 Cumulative Update for Windows 11, as shown in the below screenshot.
Name of Windows 11 patches for August 2023 | Release Date |
---|---|
2023-08 Cumulative Update for Windows 11 Version 22H2 for ARM64-based Systems (KB5029263) | 08/08/2023 5:00:00 PM |
2023-08 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5029263) | 08/08/2023 5:00:00 PM |
2023-08 Cumulative Update for Windows 11 for ARM64-based Systems (KB5029253) | 08/08/2023 5:00:00 PM |
2023-08 Cumulative Update for Windows 11 for x64-based Systems (KB5029253) | 08/08/2023 5:00:00 PM |
- How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr
- SCCM ADR Automatic Deployment Rule Creation Process
Intune Windows 11 KB5029253 KB5029263 Deployment
Using Intune, let’s check how to deploy the August 2023 Patch Tuesday (LCU) Deployment. You can deploy Windows 11 August CU using Microsoft Intune. The patch deployment process in Microsoft Intune is different from that of SCCM.
I don’t think creating a new patch deployment policy to cater to monthly CU deployments is mandatory, but you can use the following method to expedite. The existing patch deployment policy will deliver the patches using WUfB (Windows Update for Business).
You have the option to expedite the Installation of August 2023 quality updates. Create expedited update profiles for Quality updates using the following steps. Learn more about Intune patching from the below video.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com/
- Navigate Device -> Windows 10 quality Updates.
- Click on +Create Profile.
The following are the Settings for Intune quality update profile for the monthly patching process if you want to expedite the deployment of patches. Otherwise, you can use the standard quality updates policy from Intune.
- Name – Windows 11 August 2023 LCU
- Description – Recommend adding a detailed description
- Expedite installation of quality updates if the device OS version is less than 8th August 2023 – 2023.08 B SecurityUpdate for Windows 10 and later
- Number of days to wait before the restart is enforced – 1 Day
More Details on Zero Day Out Of Band Patch Deployment Using Intune MEM Expedite Best Option and Intune Reporting Issue: Expedite Windows Security Patch Deployment.
Windows 11 KB5029253 KB5029263 Direct Download Links
Let’s manually download the 2023 August Cumulative Update for Windows 11 KB5029253 KB5029263 from the Microsoft Update Catalog website. The following tables provide the direct links to download the August 2023 Cumulative Updates for Windows 11.
You can check the Microsoft Update Catalog portal to get the Windows 11 LCUs direct download links for August 2023 LCU. Check out Microsoft Update Catalog, https://www.catalog.update.microsoft.com/
Search for updates from the Windows Update Catalog – To download the latest cumulative update (LCU) for your operating system that you want to apply manually.
- Enter the KB article number
- Click the Search icon
- Search Keyword 2023-08
Title | Products | Size | Direct Download |
---|---|---|---|
2023-08 Cumulative Update for Windows 11 for x64-based Systems (KB5029253) | Windows 11 21H2 | 347.6 MB | Download |
2023-08 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5029263) | Windows 11 22H2 | 371.5 MB | Download |
Automated Patch Management with Windows Autopatch
Autopatch helps streamline updating operations and create new opportunities for IT pros. The Windows Autopatch Release Management provides you with more clarity on the Quality, Feature updates, and install schedules in Intune portal, Here, you can get more information Windows Autopatch Implementation Setup Guide.
In Intune Portal, Navigate to Devices, Under Windows Autopatch. Select Release Management, which displays the updates and releases scheduled.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
Am i the only one having a problem with deployment of this month updates for my Windows 11 22H2 clients using SCCM? All my Windows 10 clients are getting the updates, but Windows 11 clients are not… In SCCM console, the windows 11 patches show 0 client required… The 2023 July patches worked perfectly…
Same here all windows 11 show not required for kb5029263
Same issue here, ADR downloaded it, SUG and Deployment Package have it. However required = 0…
Another member of our team removed 2023-07 CU, ran actions. 2023-08 Updates appeared and installed. Confirmed on a few endpoints now.
I’m having the same issue with this months updates not showing as required in the console.
I have had to re-install Windows after this update. I could not expand my projection to external monitors, only the laptop monitor was working. Hope this will be fixed soon
(I have installed the update twice with the same result.).
Please try adding these key and test if it resolves the detection issue
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU and UseUpdateClassPolicySource – DWORD – Value 1