KB5031354 Cumulative Update for Windows 11 version 22H2

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5031354 is the cumulative update for Windows 11 released on 10 October 2023. It was released under the ‘Patch Tuesday’ project of Microsoft.

Salient points

  • KB5031354 has been superseded by KB5032190. You can read more about it on the KB5032190 page.
  • KB5031354 is a cumulative update that supersedes KB5030219. It corresponds to Windows 11 build 22621.2428.
  • KB5030219 was released as part of the September ‘Patch Tuesday’ initiative. It corresponds to Windows 11 build 22621.2283.
  • The update is available for Windows 11 version 22H2.
  • KB5031354 also includes all changes that were part of the preview update KB5030310 released on 26 September 2023.
  • The Servicing Stack Update for KB5031354 is 22621.2423. It is part of the cumulative update. Separate installation of Windows 11 Servicing Stack Update is not needed.
  • 75 security vulnerabilities affect Windows 11 version 22H2 for x64 and ARM 64 platforms. This is as per the October security bulletin released by Microsoft.
  • 12 vulnerabilities have ‘CRITICAL’ severity for Windows 11 versions 21H2 and 22H2. All these are ‘Remote Code Execution’ threats.
  • CVE-202-44487 is a zero-day threat that affects Windows 11 version 22H2. The threat is patched in KB5031354 or you could use the mitigation steps described below.
  • CVE-2023-35349 is a CVSS 9.8 vulnerability that could cause a ‘Remote Code Execution’ attack.

Download KB5031354

You can install KB5031354 automatically using one of the following processes:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Service

For manual installation, you can download an offline installer file from the Microsoft Update Catalog site. We have shared the catalog link and the direct download links for the offline installer files.

Your system will reboot after applying the KB5031354 security update.

It may be important to know that the Servicing Stack Update 22621.2423 is built-in to the KB5031354 cumulative update. Separate installation of the Servicing Stack Update is not needed.

Vulnerabilities

Windows 11 version 22H2 for x64 and ARM64 platforms is affected by 75 security vulnerabilities. 12 of these vulnerabilities are ‘CRITICAL’ severity vulnerabilities.

Two zero-day threats also affect Windows 11 version 22H2.

Zero-day vulnerabilities on Windows 11

The following are the two zero-day threats affecting Windows 11 version 22H2.

CVE VulnerabilitySeverityCVSS ScoreImpactComments
CVE-2023-36563IMPORTANT6.5Information DisclosureExploiting this vulnerability could allow the disclosure of NTLM hashes.
CVE-2023-44487IMPORTANT6.5Denial of ServiceHTTP/2 Rapid Reset Attack

For the HTTP/2 Rapid Reset Attack, Microsoft has also shared a mitigation plan detailed below.

Microsoft has also released a mitigation process to resolve CVE-2023-44487. For this, you can also set the limit of the RST_STREAMS per minute using the new registry key in this update.

Registry keyDefault valueValid value rangeRegistry key function
Http2MaxClientResetsPerMinute4000–65535Sets the allowed number of resets (RST_STREAMS) per minute for a connection. When you reach this limit, the connection ends.
Http2MaxClientResetsGoaway10-1Disables or enables the GOAWAY message to send when you reach the limit. If you set this to 0, the connection ends as soon as you reach the limit.

CRITICAL vulnerabilities on Windows 11 version 22H2 x64 and ARM64 deployments

The following are 12 security vulnerabilities that affect Windows 11 version 22H2 and are resolved in KB5031354.

CVE DetailsCVSS ScoreComments
CVE-2023-353499.8This vulnerability affects the Microsoft Message Queuing.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.
CVE-2023-366976.8This vulnerability affects the Microsoft Message Queuing.
Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server
CVE-2023-367187.8This vulnerability could lead to a contained execution environment escape on the Microsoft Virtual Trusted Platform Module.
CVE-2023-417748.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417738.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417718.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417708.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417698.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417688.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417678.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417658.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-381668.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.

Post-deployment issues – KB5031354

After installing KB5031354, you may experience a reporting issue in the Bitlocker configuration service provider.

Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also pe affected.

To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.

October 2023 Cumulative or Security Updates

You may also like to read more about the October 2023 cumulative updates below:

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.