KB5032189 is the cumulative update for Windows 10 version 21H2 and version 22H2. The update was released on 14 October 2023 under the ‘Patch Tuesday’ program.
Salient points
- KB5032189 is a cumulative update. It supersedes the KB5031356 released in October 2023.
- KB5032189 also includes all changes that are part of the preview update KB5031455. The preview update was released on 26 October 2023.
- KB5032189 corresponds to build 19044.3693 for Windows 10 version 21H2.
- KB5032189 corresponds to build 19045.3693 for Windows 10 version 22H2.
- 25 security vulnerabilities affect the x64 version of Windows 10 version 21H2 and 22H2. 2 of these vulnerabilities have a ‘CRITICAL’ severity level.
- 23 security vulnerabilities affect the x86 versions of Windows 10 version 21H2 and version 22H2. 2 of these vulnerabilities have a ‘CRITICAL’ severity level.
- 23 security vulnerabilities affect the ARM64 version of Windows 10 version 21H2 and version 22H2. 2 of these vulnerabilities have a ‘CRITICAL’ severity level. All these 11 vulnerabilities are ‘Remote Code Execution’ threats.
- Zero-day threat CVE-2023-36033 affects all platforms of Windows 10 version 21H2 and version 22H2. You can choose to deploy the KB5032189 security update or mitigate the risk as per the instructions shared below.
- Servicing Stack Update 19044.3684 corresponds to Windows 10 version 21H2. Separate installation of the SSU is not needed as it is included in the main security or cumulative update.
- Servicing Stack Update 19045.3684 corresponds to Windows 10 version 22H2. Separate installation of the SSU is not needed as it is included in the main security or cumulative update.
- Bitlocker device encryption reporting issue continues to affect Windows 10 versions 21H2 and 22H2. The issue was caused after the installation of the KB5031356 security update.
KB5032198 Prerequisites for installation
For offline OS image servicing:
You need KB5011543 or later cumulative update on the system. KB5011543 was released in March 2022. If this is not possible, please install the May 2022 Servicing Stack Update KB5014032.
For WSUS or Microsoft Catalog packages:
You need KB5003173 cumulative update from May 2021 or later. If this is not possible, please install the August 2021 Servicing Stack Update KB5005260.
Download KB5032198
KB5032189 can be applied automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
WSUS remains the most preferred way to patch Windows 10 workstations. You will need to pull security updates for Windows 10 version 1903 and later.
For manual deployments, you need to download the offline installer file from the Microsoft Update Catalog site. The offline installer needs to be downloaded for the specific Windows 10 version on your computers. Or, you could use the direct download links shared below for the offline installer files for Windows 10 version 21H2 and version 22H2.
Download KB5032189 for Windows 10 version 21H2 and version 22H2
You will need to ensure that the offline installer file corresponding to the platform architecture is used. So, please pick the file relevant for x64, x86 or ARM64 platforms.
KB5032198 – 65000 Error in the “Require Device Encryption
Another reporting issue affects Bitlocker. Actual device encryption is not impacted.
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment.
Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also be affected.
To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.
Vulnerabilities
Windows 10 21H2 and x64 editions are affected by 25 security vulnerabilities. The ARM64 and x86 editions are affected by 23 security vulnerabilities. We discuss the zero-day threat and two CRITICAL threats that impact Windows 10 21H2 for x86, x64 and ARM64 systems.
Zero-day vulnerabilities
The following is the zero-day threat affecting Windows 10 versions 21H2 and 22H2 for x64, x86, and ARM64 systems. A zero-day threat is publicly disclosed and already exploited by various threat actors. Therefore, it is imperative that the zero-day vulnerabilities are patched on a priority basis.
| CVE details | CVSS | Severity | Impact | Description |
|---|---|---|---|---|
| CVE-2023-36033 | 7.8 | IMPORTANT | Elevation of Privilege | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CRITICAL vulnerabilities
The 2 CRITICAL vulnerabilities affecting Windows 10 21H2 and 22H2 are shared below. These vulnerabilities could lead to ‘Remote Code Execution’ attacks or ‘Elevation of Privileges’ attacks.
| CVE details | CVSS | Severity | Impact | Description |
|---|---|---|---|---|
| CVE-2023-36397 | 9.8 | CRITICAL | Remote Code Execution | This threat impacts the Windows Pragmatic General Multicast (PGM). When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-36400 | 8.8 | CRITICAL | Elevation of Privilege | This vulnerability arises on account of Windows HMAC Key Derivation. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. |
November 2023 Cumulative or Security Updates
- KB5032196 Cumulative Update for Windows Server 2019
- KB5032197 Cumulative Update for Windows Server 2016
- KB5032198 Cumulative Update for Windows Server 2022
- KB5032247 Monthly Rollup Update for Windows Server 2012
- KB5032249 Monthly Rollup for Windows Server 2012 R2
- KB5032190 Windows 11 22H2 and 23H2 Editions
- KB5032192 for Windows 11 21H2 edition
- KB5032189 for Windows 10 21H2 and 22H2 versions
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.