Applies ToWindows 11 Enterprise and Education, version 22H2 Windows 11 version 23H2, all editions

Release Date:

8/27/2024

Version:

OS Builds 22621.4112 and 22631.4112

07/09/24---END OF SERVICE NOTICE---

IMPORTANT Home and Pro editions of Windows 11, version 22H2 will reach end of service on October 8, 2024. Until then, these editions will only receive security updates. They will not receive non-security, preview updates. To continue receiving security and non-security updates after October 8, 2024, we recommend that you update to the latest version of Windows.

Note We will continue to support Enterprise and Education editions after October 8, 2024.

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page.  

Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.      

Highlights 

Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

Gradual rollout

These might not be available to all users because they will roll out gradually.

  • [Windows Share] New! You can now share content to your Android device from the Windows Share window. To do this, you must pair your Android device to your Windows PC. Use the Link to Windows app on your Android device and Phone Link on your PC.

  • ​​​​​​​[Narrator] This update makes scan mode respond quicker. This is especially helpful when you use Microsoft Edge and read large documents. To use scan mode, you must turn on Narrator first (Windows logo key + Ctrl + Enter). Then, turn on scan mode by pressing Caps lock + Spacebar during a Narrator session.

  • [Voice access] You can now dictate the characters that you spell at a faster speed. You also have more editing options for the commands that select, delete, and move within text.

  • [File Explorer]​​​​​​​

    • When you press Windows logo key + E, a screen reader might say a pane has focus, or the focus might not be set at all.

    • When you press Ctrl + F, sometimes the search does not start.

    • Keyboard focus sometimes might get lost when you press Shift + Tab.

    • Screen readers do not announce when you open or browse items that are in a breadcrumb of the Open or Save dialog.

    • Screen readers do not announce when you open or browse items in the column header.

  • [Widgets Board] We are rolling out an update to the Widgets Board to improve security and the APIs for creating widgets and feeds for users in EEA regions. As part of this update, the Microsoft Start Experiences app will power the Microsoft Start widget and feed experiences. Also, as part of this update, some existing widgets will be removed and others will be modified, temporarily affecting their functionality. This update sets the foundation for new widgets and other features in development, set to roll out soon.

Improvements

To view the list of addressed issues, click or tap the OS name to expand the collapsible section.

Use EKB KB5027397 to update to Windows 11, version 23H2.

This non-security update includes quality improvements. Key changes include:

  • This build includes all the improvements in Windows 11, version 22H2.

  • No additional issues are documented for this release.

This non-security update includes quality improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

  • [Input Method Editor (IME)] When a combo box has input focus, a memory leak might occur when you close that window.

  • [Country and Operator Settings Asset] This update brings COSA profiles up to date for certain mobile operators.

  • [Bluetooth] External devices lose their connection when you deploy certain Bluetooth policies.

  • [Bind Filter Driver] Your system might stop responding when it accesses symbolic links.​​​

  • [Unified Write Filter (UWF) and Microsoft System Center Configuration Manager (SCCM)] An SCCM task to re-enable UWF fails because of a deadlock in UWF. This stops the device from restarting when you expect it.

  • [Hibernate stop error] Your laptop stops responding after you resume it from hibernate. This occurs if you have closed and opened the lid many times.

  • [File Explorer] The navigation pane does not update when you browse folders that are in a shell namespace extension.

  • [Microsoft Entra single sign-on (SSO)] The SSO notice that the European Digital Markets Act (DMA) requires prompts too often. This occurs when you authenticate using a certificate. To learn more, see Upcoming changes to Windows single sign-on. ​​​​​​​

  • ​​​​​​​[BitLocker] You might not be able to decrypt a BitLocker data drive. This occurs when you move that drive from a newer version of Windows to an older version.

Windows 11 servicing stack update (KB5041586) - 22621.4099 and 22631.4099

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. 

Known issues in this update

Applies to

Symptom

Workaround

All users

After installing this security update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”

The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.

The September 2024 Windows security update (KB5043076) and later updates do not contain the settings that caused this issue.

On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied.

On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

How to get this update

Before you install this update

Microsoft combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Install this update

To install this update, use one of the following Windows and Microsoft release channels.

Available

Next Step

Yes

Go to Settings Update & Security > Windows Update. In the Optional updates available area, you will find the link to download and install the update.

Available

Next Step

No

None. These changes will be included in the next security update to Windows Update for Business.

Available

Next Step

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Available

Next Step

No

You can import this update into Windows Server Update Services (WSUS) manually. See the Microsoft Update Catalog for instructions.

If you want to remove the LCU

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 5041587.   

For a list of the files that are provided in the servicing stack update, download the file information for the SSU (KB5041586) - versions 22621.4099 and 22631.4099

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.