KB5032190 is the cumulative update for Windows 11 released on 14 November 2023. It was released under the ‘Patch Tuesday’ project of Microsoft. This update caters to Windows 11 22H2 and 23H2 editions.
Salient points
- KB5032190 has now been superseded by the KB5033375 cumulative update for Windows 11 22H2 and 23H2 editions.
- KB5032190 is a cumulative update that supersedes KB5031354. It corresponds to Windows 11 build 22621.2715 and 22631.2715.
- KB5031354 was released on 10 October 2023 as part of October’s Patch Tuesday efforts.
- A preview update KB5031455 was released on 31 October 2023 to resolve issues arising out of the deployment of KB5031354. The preview update KB5031455 corresponds to Windows 11 build 22621.2506 and 22631.2506.
- KB5032190 also includes all changes that are part of the preview update KB5031455. If you did not deploy the KB5031455 update, you can skip it to install KB5032190 directly.
- KB5032190 for Windows 11 22H2 edition corresponds to build 22621.2715.
- KB5032190 for Windows 11 23H2 edition corresponds to build 22631.2715.
- For Windows 11 22H2, Servicing Stack Update 22621.2567 corresponds to KB5032190.
- For Windows 11 23H2, Servicing Stack Update 22631.2567 corresponds to KB5032190.
- The Servicing Stack Updates for KB5032190 are included in the main cumulative update. Separate installation of Windows 11 Servicing Stack Update is not needed.
- Separate installation files are available for x64 and ARM64 systems.
- 29 security vulnerabilities affect Windows 11 versions 22H2 and 23H2 for x64 platforms.
- 28 security vulnerabilities affect Windows 11 versions 22H2 and 23H2 for ARM64 platforms.
- 2 security vulnerabilities have ‘CRITICAL’ severity for Windows 11 versions 22H2 and 23H2. These threats have an ‘Remote Code Execution’ and ‘Elevation of Privileges’ impact.
- A single zero-day vulnerability affects Windows 11 22H2 and 23H2 editions. CVE-2023-36033 is the zero-day threat impacting Windows DWM Core Library and could cause an ‘Elevation of Privilege’ attack.
Download KB5032190
You can install KB5032190 automatically using one of the following processes:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
For manual installation, you can download an offline installer file from the Microsoft Update Catalog site. We have shared the catalog link and the direct download links for the offline installer files.
The installer files for the update are available for x64 and ARM64 systems.
- Download KB5032190 from the Microsoft Update Catalog site
- Direct download KB5032190 for Windows 11 version 22H2 for x64 – the size of the update file is 599.4 MB.
- Direct download KB5032190 for Windows 11 version 22H2 for ARM64 – the size of the update file is 725.6 MB.
- Direct download KB5032190 for Windows 11 version 23H2 for x64 – the size of the update file is 599.4 MB.
- Direct download KB5032190 for Windows 11 version 23H2 for ARM64 – the size of the update file is 725.6 MB.
Your system will reboot after applying the KB5032190 security update.
It may be important to know that the Servicing Stack Updates 22621.2567 and 22631.2567 are built-in to the KB5032190 cumulative update. Separate installation of the Servicing Stack Update is not needed for Windows 11 22H2 and 23H2 editions.
Vulnerabilities
Windows 11 version 22H2 and 23H2 for x64 platforms are affected by 29 security vulnerabilities. 2 of these vulnerabilities are ‘CRITICAL’ severity vulnerabilities.
A single zero-day threat also affects Windows 11 versions 22H2 and 23H2.
Zero-day vulnerabilities on Windows 11 22H2 and 23H2
The following is the zero-day threat affecting Windows 11 versions 22H2 and 23H2.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-36033 | 7.8 | IMPORTANT | Elevation of Privilege | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CRITICAL vulnerabilities on Windows 11 version 22H2 and 23H2 for x64 and ARM64 deployments
The following are the 2 security vulnerabilities that affect Windows 11 versions 22H2 and 23H2 for x64 and ARM64 systems.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-36397 | 9.8 | CRITICAL | Remote Code Execution | This threat impacts the Windows Pragmatic General Multicast (PGM). When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
CVE-2023-36400 | 8.8 | CRITICAL | Elevation of Privilege | This vulnerability arises on account of Windows HMAC Key Derivation. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. |
Post-deployment issues – KB5032190
There are multiple polt-deployment issues that have been reported by Microsoft for KB5032190 security update.
Bitlocker device encryption reporting issue
After installing KB5032190, you may experience a reporting issue in the Bitlocker configuration service provider.
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also pe affected.
To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.
Desktop icons issue
Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview).
This issue awaits a resolution from Microsoft’s side.
COLRv1 rendering issue
The color font format for COLRv1 does not render properly. This format enables Windows to display emoji with a 3D-like appearance.
This issue is awaiting a resolution from Microsoft’s side.
KB5032190 – Changelog
KB5032190 for Windows 11 22H2 and 23H2 include the following changes or improvements:
- KB5032190 resolves security issues on Windows 11 22H2 and 23H2 editions
- KB5032190 added Copilot for Windows, a centralized AI assistance to Windows 11 22H2 and 23H2.
- This update gives a richer preview when you hover over files under Recommended on the Start menu.
- This update adds an enhanced volume mixer to Quick Settings. It is also easier to turn on the Windows Spatial Audio experience.
- This update adds “never combined” mode. In this mode, you can view application windows and their labels on the taskbar separately.
- Starting in this update, desktop labels appear when you move between desktops in Task View (WIN + CTRL + left or right arrows).
- You can now hide the time and date in the system tray.
- Notifications now show as a bell icon in the system tray. When new notifications appear, the icon will have a fill color based on your system’s accent color.
- This update adds a “view notification” button for urgent or important notifications that you receive when you turn on do not disturb.
- You can now right-click an app on the taskbar and end the task.
- This update adds the option to start diagnosing network problems from the system tray.
- This update adds a modernized File Explorer Home that is powered by WinUI.
- File Explorer’s newly designed address bar recognizes local and cloud folders.
- A new details pane in File Explorer (ALT + Shift + P) helps you access related content, stay up to date with file activity, and collaborate without opening a file.
- This update introduces Gallery in File Explorer. Gallery makes it easy to access your photo collection.
- You can now tear off and merge tabs with an existing File Explorer window.
- This update improves the performance of the calculating phase when you send a large number of files at the same time to the recycle bin in File Explorer.
- This update addresses an issue that stops File Explorer from opening.
- You can now go to any app or website that supports passkeys to create a passkey that uses Windows Hello.
- View and delete passkeys saved for your favorite apps and websites in Windows Settings.
- This update adds Enhanced Phishing Protection in Microsoft Defender SmartScreen. It helps to protect school and work passwords from phishing and unsafe use on websites and in apps.
- Enterprise customers can now set theEnablePasswordlessExperience policy. Once you set the policy, it hides passwords for some Windows authentication scenarios.
- This update introduces the Windows Backup app. Use it to quickly get your current PC backed up and ready to move to a new PC.
- This update improves the Windows Spotlight experience. You can preview images in full screen using the Learn more button.
- You can sign in to and connect your Windows 365 Cloud PC to your local desktop using the Windows 365 switch.
- You can turn on Auto Color Management (ACM) on your Standard Dynamic Range (SDR) display.
- This update adds a new Settings home page. It has interactive cards that represent devices and account related settings.
- Dev Drive is a new form of storage volume. It gives developers what they need to host source code, working folders, and package caches.
- This update adds Dynamic Lighting. It gives you control of lighting devices that implement the open HID LampArray standard.
- The update adds Adaptive Dimming. This works for PCs that have presence sensors that support attention detection.
- Voice access now works right when you start your PC. You can turn on voice access from the accessibility flyout box on the Lock screen.
- This update adds commands to correct words that voice access fails to recognize. You can say “correct [text]” to correct specific text.
- This update adds two new energy recommendations in Settings > System > Power & battery > Energy recommendations. One turns on dark mode. The second adjusts the refresh rate.
- You can now stop Windows from communicating with your mobile devices.
- You can now join Bluetooth Personal Area networks. This option is for paired devices, like phones, that share an internet connection over Bluetooth.
- This update adds a new cellular toggle. It makes it easier to control whether to use cellular when Wi-Fi is available, but it is poor.
- You have more options on the Data Usage page. They support daily and weekly data limits.
- You can now get to advanced properties for network adapters and internet properties from Settings. Go to Settings > Network & internet > Advanced network settings.
- You can now view Wi-Fi passwords for your known networks in Settings. Go to Settings > Network & internet > Wi-Fi and “Manage known networks.”
- This update improves your experience when you change time zones.
- This update improves the design of the Task Manager dialogs and its Settings page.
- Windows now detects camera streaming issues.
- The network flyout box on the Lock screen now aligns with Windows 11 design principles.
- This update changes the design of the firewall notification dialogs for Windows Security. They now match the look of Windows 11.
- This update addresses an error on the Settings home page that occurs when you sign in. Because of this, you cannot view your account information on that home page.
November 2023 Cumulative or Security Updates
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.