KB5027231 is the latest cumulative update for Windows 11 version 22H2. It was released on 13th June as part of the ‘Patch Tuesday’ project.
Let us review some main points about the KB5027231 security update below.
Salient points
- KB5027231 is a cumulative update that supersedes May month’s cumulative update KB5026372.
- KB5027231 also contains all changes that are part of the preview update KB5026446. This preview update was released on 24th May 2023.
- KB5027231 corresponds to Windows 11 build 22621.1848. KB5026372 or May cumulative update works on Windows 11 build 22621.1702. The preview update KB5026446 corresponds to build 22621.1778.
- If the preview update has not been deployed yet, you can skip it. Installing KB5027231 will automatically take care of the KB5026446 update.
- Servicing Stack Update 22621.1771 corresponds to KB5027231. It is included as part of the main cumulative update. Separate installation of the Servicing Stack Update is not required.
- Windows 11 version 22H2 is affected by 31 security vulnerabilities. 4 of these are CRITICAL vulnerabilities.
- There are two older vulnerabilities that have assumed a zero-day status in June 2023.
- Microsoft has also patched the Windows Kernel vulnerability CVE-2023-32019 as part of the KB5027231 release.
Download KB5027231
KB5027231 can be automatically deployed using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
WSUS remains the preferred option to roll out updates from the machine to Windows 11 endpoints.
For manual deployments, you can download the MSU offline installer file from the Microsoft Update Catalog site. The direct download links for KB5027231 for x64 and ARM64 systems have also been shared below.
- Download KB5027231 from the Microsoft Update Catalog page.
- Download KB5027231 for x64 systems – this update file has a size of 288.6 MB.
- Download KB5027231 for ARM64 systems – this update file has a size of 400.9 MB.
The updates will cause Windows 11 systems to reboot.
Vulnerabilities
There are 31 security vulnerabilities that affect Windows 11 version 22H2. However, we cover the 4 CRITICAL vulnerabilities and the two zero-day threats below.
| Vulnerability | CVSS Score | Severity | Type | Description |
|---|---|---|---|---|
| CVE-2023-24880 (Zero-day) | 4.4 | Moderate | Security Feature Bypass | An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. |
| CVE-2021-34527 (Zero-day) | 8.8 | Critical | Remote Code Execution | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| CVE-2023-29363 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32013 | 6.5 | Critical | Denial of Service | Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. |
| CVE-2023-32014 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32015 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
About Zero-day threats
Zero-day threats are those threats that have been publicly disclosed or are being exploited by various threat actors. These zero-day threats require immediate patching.
There are no new zero-day threats for Windows 11 version 22H2 for the month of June 2023. However, two older security vulnerabilities have assumed the zero-day status.
- CVE-2023-24880 is a threat that was first disclosed in March 2023 and assumed zero-day status in June 2023.
- CVE-2021-34527 is a threat that was first disclosed in July 2021 and assumed zero-day status in June 2023.
Therefore, it is imperative to take action against these zero-day security vulnerabilities.
KB5027231 Changelog
The following changes or improvements are part of the Windows 11 22H2 cumulative update KB5027231:
- This update addresses a known issue that affects 32-bit apps that are large address aware and use the CopyFile API. You might have issues when you save, copy, or attach files. If you use some commercial or enterprise security software that uses extended file attributes, this issue will likely affect you. For Microsoft Office apps, this issue only affects the 32-bit versions. You might receive the error, “Document not saved.”
- This update addresses a compatibility issue. The issue occurs because of unsupported use of the registry.
June 2023 Cumulative Updates
The following security or cumulative updates have been released in June 2023:
- KB5027283 Monthly Rollup Update for Windows Server 2012
- KB5027271 Monthly Rollup for Windows Server 2012 R2
- KB5027282 Security Update for Windows Server 2012 R2
- KB5027225 Cumulative Update for Windows Server 2022
- KB5027219 Cumulative Update for Windows Server 2016
- KB5027222 Cumulative Update Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.