KB5031354 is the cumulative update for Windows 11 released on 10 October 2023. It was released under the ‘Patch Tuesday’ project of Microsoft.
Salient points
- KB5031354 has been superseded by KB5032190. You can read more about it on the KB5032190 page.
- KB5031354 is a cumulative update that supersedes KB5030219. It corresponds to Windows 11 build 22621.2428.
- KB5030219 was released as part of the September ‘Patch Tuesday’ initiative. It corresponds to Windows 11 build 22621.2283.
- The update is available for Windows 11 version 22H2.
- KB5031354 also includes all changes that were part of the preview update KB5030310 released on 26 September 2023.
- The Servicing Stack Update for KB5031354 is 22621.2423. It is part of the cumulative update. Separate installation of Windows 11 Servicing Stack Update is not needed.
- 75 security vulnerabilities affect Windows 11 version 22H2 for x64 and ARM 64 platforms. This is as per the October security bulletin released by Microsoft.
- 12 vulnerabilities have ‘CRITICAL’ severity for Windows 11 versions 21H2 and 22H2. All these are ‘Remote Code Execution’ threats.
- CVE-202-44487 is a zero-day threat that affects Windows 11 version 22H2. The threat is patched in KB5031354 or you could use the mitigation steps described below.
- CVE-2023-35349 is a CVSS 9.8 vulnerability that could cause a ‘Remote Code Execution’ attack.
Download KB5031354
You can install KB5031354 automatically using one of the following processes:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
For manual installation, you can download an offline installer file from the Microsoft Update Catalog site. We have shared the catalog link and the direct download links for the offline installer files.
- Download KB5031354 from the Microsoft Update Catalog site
- Direct download KB5031354 for Windows 11 version 22H2 for x64 – the size of the update file is 605.1 MB.
- Direct download KB5031354 for Windows 11 version 22H2 for ARM6 – the size of the update file is 721.7 MB.
Your system will reboot after applying the KB5031354 security update.
It may be important to know that the Servicing Stack Update 22621.2423 is built-in to the KB5031354 cumulative update. Separate installation of the Servicing Stack Update is not needed.
Vulnerabilities
Windows 11 version 22H2 for x64 and ARM64 platforms is affected by 75 security vulnerabilities. 12 of these vulnerabilities are ‘CRITICAL’ severity vulnerabilities.
Two zero-day threats also affect Windows 11 version 22H2.
Zero-day vulnerabilities on Windows 11
The following are the two zero-day threats affecting Windows 11 version 22H2.
CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
---|---|---|---|---|
CVE-2023-36563 | IMPORTANT | 6.5 | Information Disclosure | Exploiting this vulnerability could allow the disclosure of NTLM hashes. |
CVE-2023-44487 | IMPORTANT | 6.5 | Denial of Service | HTTP/2 Rapid Reset Attack |
For the HTTP/2 Rapid Reset Attack, Microsoft has also shared a mitigation plan detailed below.
Microsoft has also released a mitigation process to resolve CVE-2023-44487. For this, you can also set the limit of the RST_STREAMS per minute using the new registry key in this update.
Registry key | Default value | Valid value range | Registry key function |
Http2MaxClientResetsPerMinute | 400 | 0–65535 | Sets the allowed number of resets (RST_STREAMS) per minute for a connection. When you reach this limit, the connection ends. |
Http2MaxClientResetsGoaway | 1 | 0-1 | Disables or enables the GOAWAY message to send when you reach the limit. If you set this to 0, the connection ends as soon as you reach the limit. |
CRITICAL vulnerabilities on Windows 11 version 22H2 x64 and ARM64 deployments
The following are 12 security vulnerabilities that affect Windows 11 version 22H2 and are resolved in KB5031354.
CVE Details | CVSS Score | Comments |
---|---|---|
CVE-2023-35349 | 9.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
CVE-2023-36697 | 6.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server |
CVE-2023-36718 | 7.8 | This vulnerability could lead to a contained execution environment escape on the Microsoft Virtual Trusted Platform Module. |
CVE-2023-41774 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-41773 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-41771 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-41770 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-41769 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-41768 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-41767 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-41765 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-38166 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
Post-deployment issues – KB5031354
After installing KB5031354, you may experience a reporting issue in the Bitlocker configuration service provider.
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also pe affected.
To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.
October 2023 Cumulative or Security Updates
You may also like to read more about the October 2023 cumulative updates below:
- KB5031356 for Windows 10
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.