KB5031358 is the cumulative update for Windows 11 version 21H2. It was released under the ‘Patch Tuesday’ project of Microsoft on 10 October 2023.
Salient points
- KB5031358 has now been superseded by KB5032192. You can read more about KB5032192 on this page.
- KB5031358 is a cumulative update. It supersedes the KB5030217 cumulative update released in September 2023.
- KB5031358 also includes all changes that are part of the preview update KB5030301.
- KB5031358 corresponds to Windows 11 21H2 build 22000.2538.
- KB5030217 corresponds to Windows 11 21H2 build 22000.2416.
- 75 security vulnerabilities affect Windows 11 21H2 editions for x64 and ARM64 platforms. This is as per the October security bulletin released by Microsoft.
- 12 of these security vulnerabilities carry a ‘CRITICAL’ severity for Windows 11 21H2.
- There are two zero-day threats that impact Windows 11 21H2 edition.
- Servicing Stack Update 22000.2531 corresponds to KB5031358. It is a part of the cumulative update.
- Separate installation of the Servicing Stack Update is not needed for KB5031358.
We look at the download links for KB5031358 and the different vulnerabilities below.
Download KB5031358
KB5031358 can be applied automatically using the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
WSUS remains the best method or preferred approach to rolling out updates to Windows 11 endpoints.
You can also deploy KB5031358 manually. For manual deployments, you need an offline installer file for KB5031358. The offline installer file is available in the MSU file extension.
You can download the offline installer file for x64 or ARM64 platforms. The offline installer file can be downloaded from the Microsoft Update Catalog site. Or, you could also download the offline installer file from the direct download links shared below.
- Download KB5031358 from the Microsoft Update Catalog site
- Direct download KB5031358 for Windows 11 21H2 for x64 edition – the size of the installer file is 350.5 MB
- Direct download KB5031358 for Windows 11 21H2 for ARM64 edition – the size of the installer file is 470.2 MB
Your Windows 11 21H2 system will reboot after KB5031358 is deployed.
Vulnerabilities
Windows 11 21H2 is affected by 75 security vulnerabilities. We discuss the zero-day threats and CRTICAL threats that impact Windows 11 21H2.
Zero-day vulnerabilities
The following are the two zero-day threats affecting Windows 11 version 22H2.
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36563 | IMPORTANT | 6.5 | Information Disclosure | Exploiting this vulnerability could allow the disclosure of NTLM hashes. |
| CVE-2023-44487 | IMPORTANT | 6.5 | Denial of Service | HTTP/2 Rapid Reset Attack |
For CVE-2023-44487, Microsoft has also shared a mitigation plan. The mitigation for the HTTP/2 Rapid Reset attack is mentioned below.
Microsoft has also released a mitigation process to resolve CVE-2023-44487. For this, you can also set the limit of the RST_STREAMS per minute using the new registry key in this update. These registry keys are available on systems that have been patched with KB5031358. The mitigation allows you to limit the connection streams per minute.
| Registry key | Default value | Valid value range | Registry key function |
|---|---|---|---|
| Http2MaxClientResetsPerMinute | 400 | 0–65535 | Sets the allowed number of resets (RST_STREAMS) per minute for a connection. When you reach this limit, the connection ends. |
| Http2MaxClientResetsGoaway | 1 | 0-1 | Disables or enables the GOAWAY message to send when you reach the limit. If you set this to 0, the connection ends as soon as you reach the limit. |
CRITICAL vulnerabilities
The 12 CRITICAL vulnerabilities affecting Windows 11 21H2 are shared below. These vulnerabilities could lead to ‘Remote Code Execution’ attacks.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2023-35349 | 9.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36697 | 6.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server |
| CVE-2023-36718 | 7.8 | This vulnerability could lead to a contained execution environment escape on the Microsoft Virtual Trusted Platform Module. |
| CVE-2023-41774 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41773 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41771 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41770 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41769 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41768 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41767 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41765 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-38166 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
Post-deployment issues – KB5031358
Post-deployment issues – KB5031358
After installing KB5031358, you may experience a reporting issue in the Bitlocker configuration service provider.
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also be affected.
It may be worth repeating that the issue is a reporting issue and does not impact the actual drive encryption.
Microsoft is working on providing a resolution for the issue.
October 2023 Cumulative or Security Updates
You may also like to read more about the October 2023 cumulative updates below:
- KB5029377 Security Update for SQL Server 2019 GDR
- KB5031354 Cumulative Update for Windows 11 version 22H2
- KB5031356 for Windows 10
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.