KB5017328 Cumulative Update for Windows 11

KB5017328 is the latest cumulative update released by Microsoft on 13th September 2022. The update was released as part of the ‘Patch Tuesday’ project of Microsoft.

We look at the key aspects of KB5017328 for Windows 11 and all the changes brought about as part of the security update.

Salient points about KB5017328 for Windows 11

  • KB5017328 is the cumulative update that supersedes KB5016691.
  • Post-deployment of KB5017328, the build on Windows 11 will change to 22000.978. Prior to KB5017328, Windows 11 had the build number 22000.918.
  • There has been a new optional update that was released on 20th September. KB5017383 is the preview update that will get combined into October month’s security update for Windows 11.
  • Servicing Stack Update for Windows 11 is a part of the cumulative update for Windows 11. SSU version 22000.975 is a part of the cumulative update KB5017328.
  • 40 security vulnerabilities affect Windows 11 x64 and ARM64 versions. These have been patched in the KB5017328 cumulative update.
  • CVE-2022-37969 is the zero-day threat that affects Windows 11 computers.

Prerequisites for installing KB5017328 on Windows 11

There are no specific prerequisites for installing KB5017328. Since the update is cumulative in nature, it already contains all the changes that have been part of the previous cumulative updates.

If you did not install previous updates, all changes from these updates will be downloaded as part of the KB5017328 cumulative update. Or else, incremental changes will be only downloaded to make the process swift and brief.

The size of the MSU update file for KB5017328 is 301.4 MB for x64 version and 412.4 MB for ARM64 systems.

Security Vulnerabilities patched in KB5017328 for Windows 11

There have been 40 vulnerability disclosures for Windows 11 for the month of September 2022. Out of these 40, we are primarily concerned with the three critical vulnerabilities.

We list the 40 vulnerabilities, based on the type of threat below.

  • Out of 40 vulnerabilities, there are 17 Remote Code Execution threats. 3 of these RCE threats are ‘CRITICAL’.
  • There are 5 ‘Denial of Service’ vulnerabilities.
  • There are 12 ‘Elevation of Privilege’ vulnerabilities that affect Windows 11.
  • Finally, there are 5 ‘Information Disclosure’ vulnerabilities on the Windows 11 operating system.

Out of these vulnerabilities, we focus our attention on the following four vulnerabilities:

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2022-37969 is a zero-day ‘Elevation of Privilege’ vulnerability with a CVSS rating of 7.8. Successful exploitation of this threat could allow the attacker access to SYSTEM privileges.

CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability has a CVSS rating of 9.8. It affects Windows 11 systems that are running the IPSec service.

An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.

CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 is a critical ‘Remote Code Execution’ vulnerability with a CVSS rating of 9.8. It an lead to ‘Remote Code Execution’ attacks on the Windows 11 computers. The vulnerability affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 IKE is unaffected by CVE-2022-34721.

CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability is a critical vulnerability with a CVSS score of 9.8 and can lead to Remote Code Execution attacks. The threat affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 of IKE Protocol is unaffected by CVE-2022-34722 vulnerability.

Essentially, deploying KB5017328 resolves these security threats on Windows 11 systems.

Deployment of KB5017328 on Windows 11

Deployment of KB5017328 is straight forward. The cumulative update can be deployed automatically through:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Service

You can download the MSU update files manually from the Microsoft Update Catalog website.

  • x64 version of KB5017328 for Windows 11 can be downloaded from this page.
  • ARM64 version of KB5017328 for Windows 11 can be downloaded from the catalog page here.

Issues after deployment of KB5017328 on Windows 11

KB5017328 has caused issues on the GPO or Group Policy objects in User Configuration > Preferences Windows Settings. File copies using Group Policy Preferences may create empty file objects. Microsoft has published a mitigation for the GPO issue on this page.

Additionally, the XPS viewer may be unable to open XPS documents for non-English documents. This issue has been resolved in the preview update KB5017383. Or, you could wait for October month’s cumulative update for the resolution of XPS issue on Windows 11.

You may like to read more content related to Windows Updates below: