KB5027223 is the latest security update for Windows 11 version 21H2. The update has been released on 13th June as part of the ‘Patch Tuesday’ initiative of Microsoft.
Let us review the main aspects of KB5027223 for Windows 11.
Salient points
- KB5027223 is a cumulative update that supersedes May month’s cumulative update KB5026368.
- KB5027223 also contains all the changes that are part of the preview update KB5026436. KB5026436 was released on 23rd May 2023.
- If you have not deployed KB5026436 yet, you can skip it and install KB5027223 straightaway.
- Servicing Stack Update 22000.2000 corresponds to KB5027223. It is part of the cumulative update. Separate installation of the Servicing Stack Update is not needed.
- KB5027223 corresponds to Windows 11 build 22000.2057. KB5026368 corresponds to Windows 11 build 22000.1936. The preview update KB5026436 corresponds to Windows 11 build 22000.2003.
- The security vulnerability in Windows Kernel, CVE-2023-32019, has been resolved in KB5027223.
- 29 security vulnerabilities affect Windows 11 version 21H2 for x64 systems.
- There are 4 security vulnerabilities that have a CRITICAL severity level. These vulnerabilities are mentioned in the vulnerability section below.
- Two older vulnerabilities have assumed zero-day status for Windows 11 21H2 version.
Download KB5027223
KB5027223 can be deployed automatically through any of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
It is recommended to use WSUS as the preferred method for rolling out KB5027223 to all Windows 11 endpoints.
For manual deployments, you can install the update using an offline installer file. The offline installer file is in MSU format. There are separate installer files for the x64 and ARM64 systems.
The offline installer file for KB5027223 can be downloaded from the Microsoft Update Catalog. The direct download links for KB5027223 have been shared below.
- Download KB5027223 from Microsoft Update Catalog.
- Direct download link for KB5027223 for x64 systems – the size of the update file is 338.6 MB.
- Direct download link for KB5027223 for ARM64 systems – the size of the update file is 459.9 MB.
Vulnerabilities
Out of 29 security vulnerabilities disclosed for Windows 11 21H2, we have shared the four CRITICAL and two zero-day threats below.
| Vulnerability | CVSS Score | Severity | Type | Description |
|---|---|---|---|---|
| CVE-2023-24880 (Zero-day) | 4.4 | Moderate | Security Feature Bypass | An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. |
| CVE-2021-34527 (Zero-day) | 8.8 | Critical | Remote Code Execution | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| CVE-2023-29363 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32013 | 6.5 | Critical | Denial of Service | Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. |
| CVE-2023-32014 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32015 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
About Zero-day threats
Zero-day threats are those threats that have been publicly disclosed or are being exploited by various threat actors. These zero-day threats require immediate patching.
There are no new zero-day threats for Windows 11 version 21H2 for the month of June 2023. However, two older security vulnerabilities have assumed the zero-day status.
- CVE-2023-24880 is a threat that was first disclosed in March 2023 and assumed zero-day status in June 2023.
- CVE-2021-34527 is a threat that was first disclosed in July 2021 and assumed zero-day status in June 2023.
Therefore, it is imperative to take action against these zero-day security vulnerabilities.
KB5027223 Changelog
The following changes or improvements are part of the KB5027223 update for Windows 11:
- This update addresses a known issue that affects 32-bit apps that are large address aware and use the CopyFile API. You might have issues when you save, copy, or attach files. If you use some commercial or enterprise security software that uses extended file attributes, this issue will likely affect you. For Microsoft Office apps, this issue only affects the 32-bit versions. You might receive the error, “Document not saved.”
- This update addresses a compatibility issue. The issue occurs because of unsupported use of the registry.
Post-deployment issues
Post-deployment of KB5027223, Windows 11 systems using third-party apps ExplorerPatch or StartAllBack may not start. Microsoft recommends uninstalling these third-party apps.
StartAllBack has released version 3.5.6 to resolve this issue.
It is best to speak with the customer support team of ExplorerPatch or StartAllBack to resolve the issue. Else, you may need to uninstall these third-party apps.
June 2023 Security Updates
The following security or cumulative updates have been released in June 2023:
- KB5027283 Monthly Rollup Update for Windows Server 2012
- KB5027271 Monthly Rollup for Windows Server 2012 R2
- KB5027282 Security Update for Windows Server 2012 R2
- KB5027225 Cumulative Update for Windows Server 2022
- KB5027219 Cumulative Update for Windows Server 2016
- KB5027231 Cumulative Update for Windows 11 22H2
- KB5027222 Cumulative Update Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.