Microsoft has released the patches for September 2023. The Windows 11 KB5030217 KB5030219 LCUs were released to fix known security and performance issues. Windows 10 KB5030211 September patch was also released. Microsoft has announced Windows 11 21H2 end of service, and this is going EoL in October.
The September patch release adds a new policy called “Enable optional updates.” Administrators can use it to configure the monthly, optional cumulative updates for commercial devices. You can also use this policy for the gradual Controlled Feature Rollouts (CFR).
This month is two zero-day vulnerabilities, CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability and CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability.
This Windows 11 KB5030217 KB5030219 September Patch update addresses an issue that affects the Resultant Set of Policy (RSOP). The Windows LAPS “BackupDirectory” policy setting was not being reported. This occurs when the setting is set to 1, which is “Back up to AAD.”
The September Patch Tuesday Windows 11 patches fixed an issue that affects those who use Windows Update for Business. After you are asked to change your password at sign in, the change operation fails. Then you cannot sign in. The error code is 0xc000006d.
Zero Day Security Vulnerability for August 2023
There is two zero-day vulnerabilities announced by Microsoft with the September patch Tuesday, and that are CVE-2023-36761 related to Office Word and CVE-2023-36802 related to Microsoft Streaming Service.
|Release date||Last Updated||CVE Number||CVE Title||Publicly Disclosed||Exploitability assessment||Exploited||Mitigations||Impact||Max Severity||Tag|
|Sep 12, 2023||Sep 12, 2023||CVE-2023-36761||Microsoft Word Information Disclosure Vulnerability||Yes||Exploitation Detected||Yes||Information Disclosure||Important||Office Word|
|Sep 12, 2023||Sep 12, 2023||CVE-2023-36802||Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability||No||Exploitation Detected||Yes||Elevation of Privilege||Important||Microsoft Streaming Service|
Video Review of September 2023 Patch Tuesday Windows 11
Let’s have a quick Video Review of September 2023 Patch Tuesday Windows 10 KB5030211. September Patch Tuesday Windows 11 September patches KB5030217 and KB5030219 are also covered in this video.
September 2023 Patch Tuesday Report. Let’s quickly discuss Windows 11 KB5030217 KB5030219 September patches. Windows 10 patches KB5030211. These are the latest cumulative update security patches for the month of September 2023. We have also discussed 2 Zero-Day Vulnerabilities in this video.
How to Seek Windows Updates?
Windows 11 allows you to choose when and how to receive the latest updates to ensure your device runs efficiently and securely. To manage your update preferences and view available updates, select “Check for Windows updates.”
- Alternatively, you can seek the latest Windows update by selecting Start > Settings > Windows Update by accessing the update settings.
Microsoft releases security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST. IT professionals should plan their deployment schedules according to their time zone(s).
Windows 11 22H2 KB September Patch New Features
The following table gives a quick overview of New Features introduced with the Windows 11 22H2 September Patch Tuesday update KB5030217 KB5030219.
List of Windows 11 Improvements with September Patches
Most of the improvements are coming only to Windows 11. The HTMD community has covered all the new features or improvements of the Windows 11 release in the following table. Here are the improvements for Windows 11 latest versions.
|New Improvements September patch Tuesday||Details|
|September patch Tuesday update improves how Windows detects your location.||Windows location helps to give you better weather, news, and traffic information.|
|September LCU supports daylight saving time (DST) changes in Israel.||DST changes are common for this season.|
Issues Fixed with Windows 11 September Patches
Let’s look at the issues fixed with the Windows 11 September patch Tuesday KBs (KB5030217 KB5030219). The following table covers both Windows 11 22H2 and 21H2 fixes. The following are the fixes that are added with September’s Latest Cumulative Update (LCU).
|Fixes with Windows 11 September Patches||Details|
|This September update addresses an issue that affects the Group Policy Service.||It will not wait for 30 seconds, which is the default wait time, for the network to be available. Because of this, policies are not correctly processed.|
|This update adds a new API for D3D12 Independent Devices.||You can use it to create multiple D3D12 devices on the same adapter.|
|This September update addresses an issue that affects a WS_EX_LAYERED window.||The window might render with the wrong dimensions or at the wrong position. This occurs when you scale the display screen.|
|This update addresses an issue that causes high CPU use.||This occurs when you enable the “fBlockNonDomain” policy.|
|This update addresses an issue that affects print jobs that are sent to a virtual print queue.||They fail without an error.|
|This update addresses an issue that affects disk partitions. The system might stop working.||This occurs after you delete a disk partition and add the space from the deleted partition to an existing BitLocker partition.|
|This Windows 11 KB5030217 KB5030219 September Patch update addresses an issue that affects the Resultant Set of Policy (RSOP).||The Windows LAPS “BackupDirectory” policy setting was not being reported. This occurs when the setting is set to 1, which is “Back up to AAD.”|
|The September update addresses an issue that affects those who use Windows Update for Business.||After you are asked to change your password at sign in, the change operation fails. Then you cannot sign in. The error code is 0xc000006d.|
Known Issues from September Windows 11 Patches KB5030217 KB5030219
Let’s look at the issues fixed with the Windows 11 September patch Tuesday KBs (KB5030217 KB5030219). The following table covers both Windows 11 22H2 and 21H2 fixes.
|“UNSUPPORTED_PROCESSOR” error message on a blue screen after installing updates released on August 22, 2023 and then restarting their device. This update might automatically uninstall to allow Windows to start up as expected.||OS Build 22000.2360||Issue Description|
|Third-party UI customization apps might prevent the Start menu from opening||OS Build 22621.30000 KB5028254||Resolved External|
SCCM Windows 11 KB Deployment
Learn how to Deploy Windows 11 KB5030217 KB5030219 September 2023 Cumulative Updates using SCCM/WSUS. You can deploy Windows 11 September 2023 CU KBs using SCCM.
You can create a monthly patch package for September 2023 using the following methods. You can also search with Windows 11 LCU for September 2023 KB5030217 KB5030219. The easiest way is to check from the SCCM admin console.
NOTE! You can verify the Windows 11 (OS Builds 22000.2416, 22621.2283) by installing the September 2023 Latest Cumulative Updates.
- In SCCM Console, Navigate to Software Library\Overview\Software Updates\All Software Updates.
- You must initiate a WSUS Sync from the All Software Updates node (Right-click on the node and initiate the sync).
- Search with the following KB Number.
- Or you can search with 23-09 Cumulative Update for Windows 11, as shown in the below screenshot.
|Name of Windows 11 patches for September 2023||Release Date|
|2023-09 Cumulative Update for Windows 11 Version 22H2 for ARM64-based Systems (KB5030219)||09/12/2023 5:00:00 PM|
|2023-09 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5030219)||09/12/2023 5:00:00 PM|
|2023-09 Cumulative Update for Windows 11 for ARM64-based Systems (KB5030217)||09/12/2023 5:00:00 PM|
|2023-09 Cumulative Update for Windows 11 for x64-based Systems (KB5030217)||09/12/2023 5:00:00 PM|
- How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr
- SCCM ADR Automatic Deployment Rule Creation Process
Intune Windows 11 KB5030217 KB5030219 Deployment
Using Intune, let’s check how to deploy the September 2023 Patch Tuesday (LCU) Deployment. You can deploy Windows 11 September CU using Microsoft Intune. The patch deployment process in Microsoft Intune is different from that of SCCM.
I don’t think creating a new patch deployment policy to cater to monthly CU deployments is mandatory, but you can use the following method to expedite. The existing patch deployment policy will deliver the patches using WUfB (Windows Update for Business).
You have the option to expedite the Installation of September 2023 quality updates. Create expedited update profiles for Quality updates using the following steps. Learn more about Intune patching from the video below.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com/
- Navigate Device -> Windows 10 quality Updates.
- Click on +Create Profile.
The following are the Settings for the Intune quality update profile for the monthly patching process if you want to expedite the deployment of patches. Otherwise, you can use the standard quality updates policy from Intune.
- Name – Windows 11 September 2023 LCU
- Description – Recommend adding a detailed description
- Expedite installation of quality updates if the device OS version is less than 12th September 2023 – 2023.09 B SecurityUpdate for Windows 10 and later
- Number of days to wait before the restart is enforced – 1 Day
Windows 11 KB5030217 KB5030219 Direct Download Links
Let’s manually download the 2023 September Cumulative Update for Windows 11 KB5030217 KB5030219 from the Microsoft Update Catalog website. The following tables provide the direct links to download the September 2023 Cumulative Updates for Windows 11.
You can check the Microsoft Update Catalog portal to get the Windows 11 LCUs direct download links for September 2023 LCU. Check out the Microsoft Update Catalog, https://www.catalog.update.microsoft.com/
Search for updates from the Windows Update Catalog – To download the latest cumulative update (LCU) for your operating system that you want to apply manually.
- Enter the KB article number
- Click the Search icon
- Search Keyword 2023-09
|2023-09 Cumulative Update for Windows 11 for x64-based Systems (KB5030217)||Windows 11 21H2||348.6 MB||Download|
|2023-09 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5030219)||Windows 11 22H2||400.6 MB||Download|
Automated Patch Management with Windows Autopatch
Autopatch helps streamline updating operations and create new opportunities for IT pros. The Windows Autopatch Release Management provides you with more clarity on the Quality, Feature updates, and install schedules in the Intune portal, Here, you can get more information Windows Autopatch Implementation Setup Guide.
In Intune Portal, Navigate to Devices, Under Windows Autopatch. Select Release Management, which displays the updates and releases scheduled.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.