KB5018418 is the latest cumulative update for Windows 11 21H2 and 22H2 versions. The update was released on 11th October as part of Microsoft’s ‘Patch Tuesday’ project. We look at the critical aspects of KB5018418 for Windows 11 systems below.
Salient points about KB5018418 for Windows 11
- KB5018418 has been replaced by KB5019961 cumulative update. You can read more about KB5019961 on this page.
- KB5018418 is the latest cumulative update that supersedes or replaced KB5017328 cumulative update for Windows 11. KB5017328 was released on 13th September 2022 and you can read more about it on this page for the KB5017328 update.
- This update caused TLS 1.2 connections to drop due to handshake issues. TLS 1 and TLS 1.2 are blocked in Windows 11. To restore TLS 1.2 handshakes, Microsoft released a new out-of-band update KB5020387 on 17th October for Windows 11. You can read more about it in the relevant section below.
- This cumulative update is applicable for Windows 11 21H2 and 22H2 editions.
- Likewise, the update is available for x64 and ARM64 systems running Windows 11.
- Servicing Stack Update version 22000.1035 corresponds to this Windows 11 update. It is built in this cumulative update.
- The latest cumulative update KB5018418 also contains all the changes that are part of the optional or preview update for Windows 11 KB5017383. KB5017383 was released on 20th September 2022.
- If you are upgrading from KB5017328 (September update), then you are transitioning from Windows 11 build 22000.978 to 22000.1098.
- If you are upgrading from KB5017383, you are transitioning from Windows 11 build 22000.1042 to 22000.1098.
- Windows 11 is affected by 66 vulnerabilities. These vulnerabilities include a zero-day threat and 9 other threats with a ‘CRITICAL’ impact on the Windows 11 systems.
- There are no specified prerequisites for installing KB5018418 on Windows 11 computers.
- Some Windows 11 users have reported an inability to connect to servers using RDP or Remote Desktop Connection after installing KB5018411. A workaround is awaited for this issue.
TLS Issues and OOB update KB5020387
TLS 1 and TLS 1.1 are blocked on Windows 11. There are workarounds that could be used to enable TLS 1 and TLS 1.1 through the Windows 11 registry hives.
However, after implementing the KB5018418 cumulative update, it was noticed that the TLS 1.2 connections were dropping on account of the handshakes not going through successfully.
To mitigate the TLS 1.2 issues, Microsoft released a new emergency or OOB update KB5020387. This update, in Microsoft terms, resolves the following issue:
It addresses an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures. For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of less than 5 bytes within a single input buffer. If the connection fails, your app will receive the error, “SEC_E_ILLEGAL_MESSAGE”.Source – Microsoft OOB Release Notes
Since this is an emergency update, you will need to download the MSU file manually from the Microsoft Update Catalog page for KB5020387.
- Download KB5020387 for x64 systems – File size 306.3 MB
- Download KB5020387 for ARM64 systems – File size 421.1 MB
These OOB update files are full-fledged updates that are derived from the KB5018418 cumulative update. Changes contained in KB5020387 should automatically become part of the next month’s ‘Patch Tuesday’ updates.
How to deploy KB5018418 on Windows 11?
Windows 11 was released in October 2021. The latest cumulative update is available for all Windows 11 computers through automated methods that include:
- Windows Update
- Microsoft Windows Update for Business
- WSUS or Windows Server Update Service with product classification of ‘Windows 11’.
Apart from automated patch deployment, you can also download the MSU file for KB5018418 from the Microsoft Update Catalog for manual deployment of the patch on Windows 11 systems.
KB5018418 can be downloaded from this page on Microsoft Update Catalog.
- x64 version of KB5018418 has a size of 309.6 MB.
- ARM64 version of KB5018418 has a size of 425.3 MB.
There are no known issues or complications that have been reported post-deployment of KB5018418 on Windows 11.
Vulnerabilities on Windows 11 as part of KB5018418
Microsoft released a set of 84 vulnerabilities that affect various operating systems. Out of these, 66 security vulnerabilities affect Windows 11 systems. One of the vulnerabilities is a zero-day threat that is already being exploited. There are nine ‘CRITICAL’ impact vulnerabilities as well.
For the purpose of our discussion, we restrict our focus to the zero-day threat and the nine ‘CRITICAL’ impact vulnerabilities on Windows 11.
CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability
This is a CVSS 7.8 vulnerability with an ‘IMPORTANT’ severity rating that affects Windows 11 computers.
This is an ‘Elevation of Privileges’ vulnerability and an attacker could assume system privileges upon a successful attack. CVE-2022-41033 is already being exploited and is considered a zero-day threat.
Aside from the zero-day threat shared above, there are 9 ‘CRITICAL’ vulnerabilities on Windows 11 computers. Out of these 9 vulnerabilities:
- 7 Remote Code Execution threats
- 2 Elevation of Privileges threats
- 1 Spoofing threat
The details of 9 vulnerabilities with a ‘CRITICAL’ impact on Windows 11 are shared in the quick reference summary table.
|CVE-2022-22035||8.1||Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability|
|CVE-2022-30198||8.1||Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability|
|CVE-2022-34689||7.5||Windows CryptoAPI Spoofing Vulnerability|
|CVE-2022-37976||7.8||Windows Common Log File System Driver Elevation of Privilege Vulnerability|
|CVE-2022-33634||8.1||Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability|
|CVE-2022-24504||8.1||Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability|
|CVE-2022-41081||8.1||Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability|
|CVE-2022-38000||8.1||Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability|
|CVE-2022-38047||8.1||Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability|
The nature of these vulnerabilities is such that we suggest immediate patching of KB5018418 on the Windows 11 systems.
You may like to read more about Windows updates below:
- KB5018476 Security Update for Windows Server 2012 R2
- KB5018478 Security update for Windows Server 2012
- KB5018421 Cumulative update for Windows Server 2022
- KB5018411 latest cumulative update for Windows Server 2016
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.