January 9, 2024 Security update (KB5034129)
Applies To
Azure Local, version 22H2Release Date:
1/9/2024
Version:
OS Build 20349.2227
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Azure Stack HCI, version 22H2, see its update history page.
Improvements
This security update includes quality improvements. When you install this KB:
-
This update addresses an issue that affects Microsoft Intune. One of its new features does not work properly.
-
This update addresses an issue that affects account lockout event 4625. The format of the event is wrong in the ForwardedEvents log. This occurs when an account name is in the user principal name (UPN) format.
-
This update addresses an issue that affects hybrid joined devices. You cannot sign in to them if they are not connected to the internet. This occurs when you use a Windows Hello for Business PIN or biometric credentials. This issue applies to a cloud trust deployment.
-
This update addresses an issue that affects the Trusted Sites Zone logon policy. You cannot manage it using mobile device management (MDM).
-
This update addresses an issue that affects Microsoft Excel. It stops responding when you try to share a file as a PDF in Outlook.
-
This update addresses an issue that affects the Server Manager pop-up text. It removes the words “Azure Automanage.”
-
This update addresses an issue that affects XPath queries on FileHash and other binary fields. It stops them from matching values in event records.
-
This update addresses an issue that affects certain network functions on VMs. Deployment of them fails.
-
This update addresses an issue that affects the Network Controller. The issue makes you create more rules for outbound traffic so that return traffic is not blocked.
-
This update addresses an issue that affects a WS_EX_LAYERED window. The window might render with the wrong dimensions or at the wrong position. This occurs when you scale the display screen.
-
This update addresses an issue that affects printing to PDF metadata. It extracts the username that you sign in with and puts it into the author name metadata box. Instead, print to PDF should place your display name in that box.
-
This update addresses an issue that affects disk partitions. Your system might stop responding. This occurs if you add space from a deleted partition to an existing BitLocker partition.
-
This update addresses an issue that affects Windows Defender Application Control (WDAC). AppID Tagging policies might greatly increase how long it takes your device to start up.
-
This update addresses an issue that causes your device to shut down after 60 seconds. This occurs when you use a smart card to authenticate on a remote system.
-
This update addresses an issue that affects the display of a smart card icon. The icon does not appear when you sign in. This occurs when there are multiple certificates on the smart card.
-
This update addresses an issue that affects Active Directory domain controllers. They report DS_BUSY errors when you create new users. This only occurs on primary domain controller emulators (PDCe).
-
This update addresses an issue that affects the Windows Local Administrator Password Solution (Windows LAPS). The LAPS account does not work. This occurs if the password is older than the age that the maximum age device policy allows.
-
This update addresses an issue that affects the Kerberos Key Distribution Center (KDC). It returns a KDC_ERR_S_PRINCIPAL_UNKNOWN error during trust referrals, which is wrong.
-
This update addresses an issue that affects the msDS-KeyCredentialLink attribute. In some cases, it is updated when it should not be.
-
This update addresses an issue that causes lsass.exe to stop responding. Because of this, a restart loop occurs.
-
This update addresses an issue that affects the Key Distribution Service (KDS). It does not start in the time required if LDAP referrals are needed.
For more information about security vulnerabilities, please refer to the Security Update Guide and the January 2024 Security Updates.
To return to the Azure Stack HCI documentation site
Azure Stack HCI, version 22H2 servicing stack update - 20349.2200
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Known issues in this update
Symptom |
Workaround |
---|---|
After you install KB5034129, chromium-based internet browsers, such as Microsoft Edge, might not open correctly. Browsers affected by this issue might display a white screen and become unresponsive when you open them. Devices that have browser specific Image File Execution Options (IFEO) might be affected by this issue. When an entry for Microsoft Edge (msedge.exe) or other chromium-based browsers is found in the Windows registry, the issue might occur. A registry entry can be created by developer tools or when certain debugging and diagnostic settings are in place for browsers. |
This issue is addressed in KB5034770. Some of you might be using an update that is dated before February 13, 2024. If you encounter this issue, use the workaround steps below. You can prevent this issue by removing certain keys related to Image File Execution Options in the Windows registry. Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows. Modify the Windows registry using the steps below.
We are working on a resolution and will provide an update in an upcoming release. |
How to get this update
Before installing this update
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
To install the LCU on your Azure Stack HCI cluster, see Update Azure Stack HCI clusters.
Install this update
Release Channel |
Available |
Next Step |
Windows Update and Microsoft Update |
Yes |
None. This update will be downloaded and installed automatically from Windows Update. |
Windows Update for Business |
Yes |
None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. |
Microsoft Update Catalog |
Yes |
To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) |
Yes |
This update will automatically sync with WSUS if you configure Products and Classifications as follows: Product: Azure Stack HCI Classification: Security Updates |
If you want to remove the LCU
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File Information
For a list of the files that are provided in this update, download the file information for cumulative update 5034129.
For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20349.2200.