KB5011493 for Windows 11 – March Update

KB5011493 is the latest cumulative update for Windows 11 that was released on 8th March 2022. This update is applicable to x64 or ARM64 based Windows 11 deployments.

KB5011493 supersedes February month’s cumulative update KB5010386. In the second week of February, Microsoft had released an optional or preview update for Windows 11, KB5010414. KB5011493 supersedes the KB5010414 preview update as well. If you did not install either of these updates in February, you can skip those and install the KB5011493 cumulative update on Windows 11.

If you did install KB5010386 and KB5010414, only the incremental changes will be applied on the Windows 11 computer.

Salient points about KB5011493 for Windows 11:

  • This is a cumulative update that supersedes KB5010386 and KB5010414.
  • SSU 22000.469 needs to be applied at the time of update.
  • Two zero-day vulnerabilities directly affect Windows 11. These are patched in KB5011493.
  • Update file size is 230.5 MB for x64 and 286.9 MB for ARM64.
  • Early adopters have reported no adverse events after applying KB5011493 on Windows 11.

In this document, we will share the vulnerabilities that have been patched as part of the KB5011493 security update. And, we discuss ways in which you can get this update on Windows 11 based computers.

Zero-day Vulnerabilities resolved in KB5011493 for Windows 11

There are three zero-day vulnerabilities that are shared by Microsoft for the month of March 2022. We list these vulnerabilities below. Two of these vulnerabilities are patched in KB5011493. The other one is on the .NET stack and is resolved using a .NET update patch. The three zero-day vulnerabilities are:

  • CVE-2022-21990 – this vulnerability affects Windows 11, x64 and ARM64 deployments. It is a CVSS 8.8 remote code execution vulnerability on the Windows Remote Desktop Client software. It is mitigated in KB5011493 for Windows 11.
  • CVE-2022-24512 – .NET Remote Code Execution with CVSS score of 6.3. There is a separate patch for resolving the .NET vulnerability.
  • CVE-2022-24459 – Elevation of Privilege vulnerability on Windows Fax and Scan Service. It has a CVSS score of 7.8 with high impact on the affected infrastructure. This vulnerability affects the Windows 11 and it is mitigated in KB5011493.

Given the nature of these vulnerabilities, it does merit your attention to update the Windows 11 computers with KB5011493.

Other vulnerabilities resolved in KB5011493 for Windows 11

There are 71 vulnerabilities that form part of Microsoft’s March updates. Of these, we have already shared the three zero-day risks. Aside from these, we also do have some vulnerabilities that are publicly disclosed and more likely to be exploited. We list these vulnerabilities briefly. This should form a ready reckoner of sorts for vulnerability management and remediation.

  • CVE-2022-24508 – CVSS 8.8 – Remote Code Execution vulnerability on SMBv3 server and client compression.
  • CVE-2022-24507- CVSS 7.8 – Elevation of Privilege on Windows Ancillary Function driver.
  • CVE-2022-23299 – CVSS 7.8 – Elevation of Privilege on Windows PDEV. It is resolved in KB5011493.
  • CVE-2022-23294 – CVSS 8.8 – Remote Code Execution in Windows Event tracking.
  • CVE-2022-23286 – CVSS 7 – Elevation of Privileges on Windows Cloud Mini driver.
  • CVE-2022-23285 – CVSS 8.8 – Remote Code Execution on Remote Desktop client software.
  • CVE-2022-24502 – CVSS 4.3 – Windows HTML Platforms Security
  • CVE-2022-23253 – CVSS 6.5 – Denial of Service on Point to Point tunnel protocol.

All these vulnerabilities are resolved in the KB5011493 cumulative update for Windows 11.

How can I get KB5011493 for Windows 11?

Upgrading Windows 11 with KB5011493 is a straight process. You have multiple options to perform this update.

  • KB5011493 can be downloaded and applied automatically using Windows Update.
  • KB5011493 can be downloaded and applied automatically using the WSUS or Windows Server Update Service. You need to define the product on WSUS as Windows 11 and category to correspond with Security updates.
  • KB5011493 is also available for patching through Windows Update for Business.
  • KB5011493 can be manually downloaded from the Microsoft Update catalog and applied manually on Windows 11. You can download KB5011493 from this page on Microsoft update catalog. The x64 update file is 230.5 MB and the ARM64 update file is 286.9 MB.

You will need to apply a Service Stack Update (SSU), 22000.469, before patching with KB5011493. Early adopters of the KB5011493 have not reported any adverse event after updating Windows 11 with KB5011493.

Summary

KB5011493 is a simple update for Windows 11. There are no complications involved in installing it. And, there are no issues that have been reported post-installation of the update. You will need to make sure that the Service Stack Update 22000.469 is installed before implementing KB5011493 on Windows 11 computer.

You may also like to read the following content related to Windows 11: