KB5011564 Monthly Rollup update for Windows 8.1 – March Update

The monthly rollup update for March for Windows 8.1 has been released on 8th March. This update fixes security issues and brings in performance improvements on Windows 8.1. The update also includes the changes that are a part of the security update KB5011560. If you chose to skip KB5011560, you can install the KB5011564 to mitigate the security vulnerabilities on Windows 8.1.

KB5011564 is a cumulative update. It supersedes the KB5010419 monthly roll update that was released in February. We look at the vulnerabilities that have been fixed on Windows 8.1 as part of KB5011564. There are 2 zero-day vulnerabilities that have been patched in KB501564 for Windows 8.1. There are five vulnerabilities that are rated important and have a high impact on the infrastructure comprising of Windows 8.1 systems. And, we discuss the ways you can patch Windows 8.1 with all the prerequisites.

Salient points about KB5011564 for Windows 8.1

  • KB5011564 supersedes KB5010419.
  • KB5011564 contains security updates and non-security product improvements.
  • SSU KB5001403 needs to be applied before installing KB5011564 monthly rollup update.
  • The update files are available for 32 bit and x64 based systems.
  • KB5011564 resolves 2 zero-day vulnerabilities. Details of the vulnerabilities are shared below.
  • KB5011564 can be applied automatically or manually on Windows 8.1.
  • No fresh issues have been reported post-deployment of KB5011564 on Windows 8.1.

Zero-day vulnerabilities resolved in KB5011564 for Windows 8.1

The following vulnerabilities are zero-day threats for Windows 8.1. Two of these are resolved in KB5011564 and the third requires the application of .NET security updates.

  • CVE-2022-21990 – this vulnerability affects Windows Server 8.1 32 bit and x64. It is a CVSS 8.8 remote code execution vulnerability on the Windows Remote Desktop Client software. It is mitigated in KB5011560 for Windows 8.1.
  • CVE-2022-24512 – .NET Remote Code Execution with CVSS score of 6.3. There is a separate patch for resolving the .NET vulnerability and is available through the .NET page and Visual Studio site of Microsoft.
  • CVE-2022-24459 – Elevation of Privilege vulnerability on Windows Fax and Scan Service. It has a CVSS score of 7.8 with high impact on the affected infrastructure. This vulnerability affects the Windows Server 8.1 32 bit and x64 systems as well. It is mitigated in KB5011560 for Windows 8.1.

Once you patch with the corresponding update, these vulnerability gaps are closed on Windows 8.1 based systems.

Other vulnerabilities on Windows 8.1 resolved in KB5011564

There are 71 vulnerabilities that have been shared in Microsoft’s updates across multiple versions of Windows operation systems. Not all vulnerabilities affect Windows 8.1. However, we want to focus on vulnerabilities that are more likely to be exploited. This should help you take action to mitigate the threats.

There have been 5 vulnerabilities on Windows 8.1 that have a high impact on the associated infrastructure of Windows 8.1. These vulnerabilities are mentioned below:

  • CVE-2022-24502 – CVSS 4.3 – Windows HTML Platforms Security
  • CVE-2022-23299 – CVSS 7.8 – Elevation of Privilege on Windows PDEV.
  • CVE-2022-23294 – CVSS 8.8 – Remote Code Execution involving Windows Event Tracing.
  • CVE-2022-23285 – CVSS 8.8 – Remote Code Execution on Remote Desktop Client software.
  • CVE-2022-23253 – CVSS 6.5 – Denial of Service involving Point to Point tunneling protocol.

These vulnerabilities are patched as part of the KB5011560 security-only update as well as the KB5011564 monthly rollup update.

How can I get monthly rollup update KB5011564 for Windows 8.1?

The monthly rollup update for Windows 8.1 is available through regular update channels. Before applying KB501564, you need to deploy the KB5001403 Servicing Stack update. The update is made available through Windows Update automatically. If you intend to patch through the catalog, you can install KB5001403 before installing the KB5011564 monthly rollup update.

  • KB5011564 monthly rollup update can be installed automatically through Windows Update and Microsoft Update.
  • KB5011564 can be patched automatically through the WSUS or Windows Server Update Service. You need to configure the WSUS product as “Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro.”
  • You can download the KB5011564 through Microsoft Update catalog as well. The KB5011564 can be downloaded from this Microsoft catalog page. The update file is available for 32 bit and x64 systems. The 32 bit file is 358.5 MB in size. x64 file is 549.8 MB in size.

These updates may require the server to reboot. So, please plan accordingly.


KB5011564 monthly rollup update for Windows 8.1 is cumulative and supersedes KB5010419 cumulative update for the month of February. The update resolved 2 zero-day vulnerabilities and five vulnerabilities with a significant impact on your Windows 8.1 infrastructure. You need to apply SSU KB5001403 before applying the cumulative update on Windows 8.1.

You may also like to read more about the following content related to Windows Updates: