KB5035853 and KB5035854 updates rolled out to Windows 11 23H2, 22H2, 21H2

Windows 11 23H2, 22H2, and 21H2 received security updates on Patch Tuesday 12 March 2024 focusing on bug fixes for Get Help App Not Working and Remote Desktop Web Authentication. KB5035853 is the release that increases the build numbers to 22621.3296 and 22631.3296 for 23H2 and 22H2. Windows 11 21H2 got the patch KB5035853 changing the build number to 22000.2836.

Let’s talk about Windows 11 23H2 and 22H2 first; the full name of the March 2023 update is “2024-03 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5035853)” where architecture and version are variable. In the same way, 22H2’s release name is “2024-03 Cumulative Update for Windows 11 for x64-based Systems (KB5035854)”.

Overall, Patch Tuesday brought security updates for Windows clients and servers, for Office – and other products to resolve 73 vulnerabilities (CVEs), two of which are 0-day vulnerabilities.

KB5035854 and KB5035853 Windows updates

Here are the changelogs:

KB5035854 for Windows 11 23H2 and 22H2

Improvements

This security update includes improvements. When you install this KB:

• This update addresses an issue that makes the troubleshooting process fail. This occurs when you use the Get Help app.
• This update addresses an issue that affects Remote Desktop Web Authentication. You might not be able to connect to sovereign cloud endpoints.

From 22H2

This update addresses a known issue that might affect the February 2024 security and preview updates. They might not install, and your device might stop responding at 96%. The error code is “0x800F0922.” The error message is, “Something did not go as planned. No need to worry – undoing changes. Please keep your computer on.”

Furthermore, the Windows update adds all the improvements and fixes rolled out with KB5034848 (Cumulative update preview). These are:

Highlights

• The Phone Link settings page is changed to a new name: Mobile devices. To reach the location, navigate to “Settings > Bluetooth & devices > Mobile devices”.
• Snipping Tool on your PC allows you to edit the latest pictures and screenshots from your Android device. You will get an instant notification on your PC when your Android device captures a new photo or screenshot. To enable this, navigate to Settings => Bluetooth & devices => Mobile devices. Select “Manage devices” and allow your PC to access your Android device.
• KB5035854 LCU adds support for the USB 80Gbps standard. 80Gbps is the next generation of USB4 having twice the bandwidth of USB 40Gbps. Remember to have a compatible PC and USB4 or Thunderbolt™ peripheral to use USB 80Gbps.
• This security update affects games you install on a secondary drive but now they remain installed on the drive.
• KB5035854 Cumulative Update addresses long-edge-fed printers where the alignment of stapling or hole punch locations is wrong.
• Also, this update addresses the Windows Settings Home page which randomly stops responding when you go to the page.
• This update addresses networking and because of this a device fails to make the automatic switch from cellular to WiFi when it can use Wi-Fi.
• KB5035854 addresses an issue that stops a system from going to sleep when you try to connect an external device to the system.
• March 2024 Patch Tuesday update for Windows 11 23H2 and 22H2 affects the Windows Backup app which will no longer show on the user interface in regions where the app is not supported. To learn more, see KB5032038.

Quality improvements

• Patch Tuesday March 2024 update for Windows 11 23H2 and 22H2 addresses Notepad not opening for the standard user account when you use cmd.exe to open it based on file type association.
• KB5035854 addresses 8 Zip archives that stop you from opening them by double-clicking them in File Explorer.
• Windows 11 build 22621.3296 and 22631.3296 for 23H2 and 22621.3296 and 22631.3296 for 22H2 addresses CrashOnAuditFail registry value. After setting it to one (1), only admins can sign in to a machine that has stopped working. After you install KB5035854, standard users can sign in to the machine.
• This cumulative update addresses Azure Virtual Desktop virtual machines restarting randomly because of an access violation in lsass.exe.
• LCU addresses stop error RDR_FILE_SYSTEM (0x27) on a machine used as a remote desktop session host. This error leads all users to be signed out from the machine.
• This update addresses the wrong Microsoft Edge User Interface for Internet Options Data Settings.
• March 2024 security update for Windows 11 23H2 and 22H2 addresses embedded SIM (eSIM) profile. When you delete it, you do not get a notification.
• KB5035854 addresses Remote Desktop Web Authentication that might prevent connecting to sovereign cloud endpoints.
• Windows 11 build 22621.3296 and 22631.3296 for 23H2 and 22621.3296 and 22631.3296 for 22H2 addresses the troubleshooting process fail issue. when using the Get Help app.
• This update addresses the Certificate Authority snap-in does not allow to select the “Delta CRL” option. and stops you from using the GUI to publish Delta CRLs.
• This security update addresses the Steps Recorder issue leading to some of the UI and steps are not localized to Chinese.

Fixed vulnerabilities

Tenable has this blog post with an overview of the 52 vulnerabilities that have been fixed (no 0-day this time). Here are some of the critical vulnerabilities that have been fixed:

• CVE-2024-21334 – Open Management Infrastructure or OMI RCE vulnerability, CVEv3 Score 9.8, important; To exploit this vulnerability, a remote, unauthenticated attacker could use a specially formulated request to initiate a use-after-free vulnerability. Furthermore, OMI got another patch this month (CVE-2024-21330) that fixes an EoP vulnerability.
• CVE-2024-21407– Windows Hyper-V RCE vulnerability,  CVEv3 Score 8.1, critical; To successfully manipulate this vulnerability, an attacker must be authenticated and collect information about the target environment to plan their execution. The complexity of the attack is high, but exploitation could conduct code execution on the host server.
• CVE-2024-21433 – Print Spooler Elevation of Privilege vulnerability, CVEv3 Score 7.0, important; Categorized as Exploitation More Likely and designated a CVSSv3 score of 7.0. Exploitation of this vulnerability needs to achieve a race condition that could grant the attacker SYSTEM privileges.
• CVE-2024-21433 – Print Spooler Elevation of Privilege vulnerability, CVEv3 Score 7.0, important; categorized in Exploitation More Likely and assigned a CVSSv3 score of 7.0. This vulnerability would require an attacker to gain a race condition that could give the attacker SYSTEM privileges.
• CVE-2024-26182, CVE-2024-21443, CVE-2024-26178, CVE-2024-26176, CVE-2024-26173 – Windows Kernel Elevation of Privilege vulnerability, CVEv3 Score 7.8 (CVE-2024-21443 with CVEv3 7.3), important; CVE-2024-26182 is the only Windows Kernel EoP vulnerability that has been classified as Exploitation More Likely. Exploitation of these vulnerabilities could lead to an attacker gaining SYSTEM privileges.
• CVE-2024-26166, CVE-2024-21441, CVE-2024-21450, CVE-2024-21444, CVE-2024-26161: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution vulnerability, CVEv3 Score 8.8, important; To exploit the vulnerability, an authenticated user must be tricked into connecting to a malicious SQL database. Once connected, specially crafted responses can be sent to the client to exploit the vulnerability and allow the execution of arbitrary code.

A list of all CVEs can be found on this Microsoft page and excerpts are available at Tenable. Following is the list of patched products:

• .NET
• Azure Data Studio
• Azure SDK
• Microsoft Authenticator
• Microsoft Azure Kubernetes Service
• Microsoft Dynamics
• Microsoft Edge for Android
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Intune
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft QUIC
• Microsoft Teams for Android
• Microsoft WDAC ODBC Driver
• Microsoft WDAC OLE DB provider for SQL
• Microsoft Windows SCSI Class System File
• Open Management Infrastructure
• Outlook for Android
• Role: Windows Hyper-V
• Skype for Consumer
• Software for Open Networking in the Cloud (SONiC)
• SQL Server
• Visual Studio Code
• Windows AllJoyn API
• Windows Cloud Files Mini Filter Driver
• Windows Composite Image File System
• Windows Compressed Folder
• Windows Defender
• Windows Error Reporting
• Windows Hypervisor-Protected Code Integrity
• Windows Installer
• Windows Kerberos
• Windows Kernel
• Windows NTFS
• Windows ODBC Driver
• Windows OLE
• Windows Print Spooler Components
• Windows Standards-Based Storage Management Service
• Windows Telephony Server
• Windows Update Stack
• Windows USB Hub Driver
• Windows USB Print Driver
• Windows USB Serial Driver

To have more info navigate to March 2024 Security Updates. and Security Update Guide website

Make sure that servicing stack update 22000.2830 is installed before installing KB5035854 and KB5035853 updates on Windows 11 23H2, 22H2, and 21H2.

How to download KB5035853 and KB5035854 and install on Windows 11.

1. Press Winkey + I and go to Windows update.
2. Click on “Check for updates”.
3. Stay until the patch is downloaded and select “Restart now”.
4. Alternatively go toKB5035853 download link and find the file suitable for your computer.
5. Click on Download.
6. In the same way, click on KB5035854 download link .
7. Right click on the .msu file and select open.

That’s all!!