KB5014697 Cumulative Update for Windows 11 – released June 14 2022

KB5014697 is the cumulative update for Windows 11 released on the 14th of June 2022. It supersedes KB5013943 cumulative update. KB5016138 is the latest OOB update for Windows 11. We list the important points about the KB5014697and the KB5016138 OOB updates below.

Salient points about the KB5014697 cumulative update for Windows 11

  • KB5014697 is a cumulative update.
  • It supersedes the KB5013943 cumulative update for the month of May 2022. It also supersedes the OOB update KB5014019 which was released on 24th May 2022.
  • If you have not deployed KB5014019, you can skip it. Installing KB5014697 will add the changes that were brought around as part of the KB5014019 OOB updates.
  • The build on Windows 11 will change to OS Build 22000.739 after patching with KB5014697.
  • Deployment of KB5014697 can break Wi-Fi hotspot functionality.
  • KB5014697 can also break .NET Framework 3.5 apps.
  • On ARM64 systems, post-deployment of KB5014697, login to Azure Active Directory may fail. You will be unable to make use of services that rely on the Azure Active Directory.
  • An OOB update has been released for Windows 11 computers running on ARM64 systems. The out-of-band update KB5016138 is an emergency update released on the 20th of June 2022 for the ARM64 computers.
  • SSU update 22000.702 will be deployed as part of the update process for Windows 11 through the KB5014697 security update.

OOB Update KB5016138 for Windows 11

  • KB5016138 is an emergency out-of-band update or OOB update for Windows 11 computers.
  • It was released within one week of release of the KB5014697 cumulative update/
  • This update is only meant for the ARM64 devices on Windows 11.
  • It will push the OS Build on Windows 11 to 22000.740.
  • It resolves the issues in accessing Azure Active Directory after deploying KB5016138 on Windows 11 computers.
  • KB5016138 does not resolve the Wi-Fi hotspot of .NET Framework 3.5 issues. We expect a fix for these soon. Until then, you will need to disable the Wi-Fi hotspot feature.
  • KB5016138 can be downloaded from the Microsoft Update Catalog page here.
  • The size of the update file for KB5016138 is 384 MB.

KB5014697 – Zero-day vulnerability on Windows 11

  • CVE-2022-30190 is a zero-day vulnerability on Windows 11.
  • It has a CVSS rating of 7.8 and can lead to Remote Code Execution attacks on the target Windows 11 computer.
  • This vulnerability is publicly disclosed. It is also being exploited by attackers.
  • The vulnerability exists in Microsoft System Diagnostic Tool (MSDT).
  • The attacker could use the URL protocol to call MSDT and get access to the target computer.
  • The attacker could deploy arbitrary code on the Windows 11 computer.
  • This vulnerability is patched in KB5014697 for Windows 11.
  • Alternatively, you can disable the URL protocol from being called to attack MSDT. Detailed instructions on how you can disable MSDT are available on Microsoft’s security blog posting on this page.

KB5014697 – Other Vulnerabilities on Windows 11

There are a couple of other vulnerabilities that you need to be aware of. Both these vulnerabilities affect Windows 11 computers.

CVE-2022-30139 – Windows LDAP

  • CVE-2022-30139 is a critical vulnerability with a CVSS rating of 7.5.
  • It can lead to remote code execution attacks on the target computers.
  • This vulnerability on Windows 11 is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.
  • CVE-2022-30139 is patched as part of the KB5014697 security update for Windows 11.

CVE-2022-30163 – Windows Hyper V

  • CVE-2022-30163 is a critical vulnerability on the Hyper V operating system of x64 systems.
  • It has a CVSS rating of 8.5.
  • An attacker could get low-level access to the Hyper V operating system and cause a remote code execution attack on the target machine.
  • The vulnerability is patched as part of the KB5014697 cumulative update for Windows 11.
  • The attack complexity for this vulnerability is complex and it is rated as AC: H.

For both vulnerabilities listed above, patching the KB5014697 security update on Windows 11 should help you take action.

How can I deploy KB5014697 on Windows 11?

Depending on the x64 or ARM64 versions, you can deploy Windows 11 June update KB5014697 through any of the following regular update channels.

  • KB5014697 can be deployed using Windows Update on Windows 11 system.
  • KB5014697 can be deployed using Microsoft Update for Business.
  • WSUS can be used to import and deploy KB5014697 for Windows 11.
  • You can deploy KB5014697 manually by downloading the software update through the Microsoft Update Catalog page for KB5014697.
  • For x64 systems, you can download KB5014697 from this catalog page. The size of the update file for the x64 Windows 11 system is 274.4 MB.
  • While installing through Windows Update, you will get the latest SSU for Windows 11 at the time of deploying the KB5014697 cumulative update.

Summary

KB5014697 and KB5016138 are the two updates for Windows 11 computers. KB5014697 resolves security issues on Windows 11 computers. KB5016138 is an OOB update for ARM64 systems running Windows 11. It resolves access issues from Windows 11 to the Azure Active Directory Services. Apart from this, KB5014697 resolves zero-day vulnerability on Windows 11 computers.

You may like to read more about the June updates from Microsoft in the pages given below: