This update automatically applies Safe OS Dynamic Update ( KB5034235) to the Windows Recovery Environment (WinRE) on a running PC to address a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE. For more information, see CVE-2024-20666.

This update is available on Microsoft Update for Windows client operating systems and available on WSUS and MU Catalog for Windows Server operating systems. Prerequisites. This update will be offered if you have .NET 6.0 installed on a supported version of Windows. Restart Requirement.

Resolves a vulnerability in Windows Explorer that could allow remote code execution if a user visited a specially crafted webpage.

MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.

Fixes an issue in which the "Link to a Document" content type can't navigate to the requested resource if both "#" and "?" exist in the URL.

Resolves a vulnerability in Windows DirectWrite that could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client.

This update addresses an issue that affects a network resource. You cannot access it from a Remote Desktop session. This occurs when you turn on the Remote Credential Guard feature and the client is Windows 11, version 22H2 or higher.

Workaround. Windows devices might face VPN connection failures after installing the update dated April 9, 2024, or later. This issue is addressed in KB5037765. After installing the April 9, 2024 security update on domain controllers (DCs), you might notice a significant increase in NTLM authentication traffic.

To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-28288. Notes: This is build 16.0.10397.20002 of the security update package.

Cause. This issue occurs because the access check fails between the Client Access server and the Microsoft Office Store: ( https://o15.officeredir.microsoft.com/r/rlidMktplcWSConfig15 ). Resolution. If the server that's running Exchange Server has an internet connection, check the proxy server to see whether the following URL is enabled for access: