KB5032192 for Windows 11 21H2

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5032192 is the cumulative update for Windows 11 version 21H2. It was released under the ‘Patch Tuesday’ project of Microsoft on 14 November 2023.

Salient points

  • KB5032192 has been superseded by the December 2023 cumulative update for Windows 11 21H2 KB5033369. You can read the details on the KB5033369 page.
  • KB5032192 is a cumulative update. It supersedes the KB5031358 cumulative update released in October 2023.
  • KB5032192 corresponds to Windows 11 21H2 build 22000.2600.
  • KB5031358 corresponds to Windows 11 21H2 build 22000.2538.
  • You will transition from build 2538 to 2600 when you upgrade from KB5031358 to KB5032192 on Windows 11 21H2.
  • 29 security vulnerabilities affect Windows 11 21H2 editions for x64 platforms.
  • 28 security vulnerabilities affect Windows 11 21H2 editions for ARM64 platforms.
  • 2 of these security vulnerabilities carry a ‘CRITICAL’ severity for Windows 11 21H2 x64 and ARM64 deployments.
  • A single zero-day threat affects the Windows 11 21H2 edition for x64 and ARM64 systems.
  • Servicing Stack Update 22000.2592 corresponds to KB5032192. It is a part of the cumulative update.
  • Separate installation of the Servicing Stack Update is not needed for KB5032192.

We look at the download links for KB5032192 and the different vulnerabilities below. KB5032192 installer files are available for x64 and ARM64 systems.

It may be pertinent to add that Windows 11 version 21H2 for Home, Pro, Pro Education, and Pro for Workstation have reached the end of service on October 10, 2023.  The monthly security and quality updates will not be available for these Windows 11 21H2 versions.

Download KB5032192

KB5032192 can be applied automatically using the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Services

WSUS remains the best method or preferred approach to rolling out updates to Windows 11 endpoints.

You can also deploy KB5032192 manually. For manual deployments, you need an offline installer file for KB5032192. The offline installer file is available in the MSU file extension separately for x64 and ARM64 systems.

You can download the offline installer file for x64 or ARM64 platforms. The offline installer file can be downloaded from the Microsoft Update Catalog site. Or, you could also download the offline installer file from the direct download links shared below.

Your Windows 11 21H2 system will reboot after KB5032192 is deployed.


Windows 11 21H2 x64 edition is affected by 29 security vulnerabilities and ARM64 edition is affected by 28 security vulnerabilities. We discuss the zero-day threat and two CRITICAL threats that impact Windows 11 21H2 for x64 and ARM64 systems.

Zero-day vulnerabilities

The following is the zero-day threat affecting Windows 11 version 21H2 for x64 and ARM64 systems. A zero-day threat is publicly disclosed and already exploited by various threat actors. Therefore, it is imperative that the zero-day vulnerabilities are patched on a priority basis.

CVE detailsCVSSSeverityImpactDescription
CVE-2023-360337.8IMPORTANTElevation of PrivilegeAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CRITICAL vulnerabilities

The 2 CRITICAL vulnerabilities affecting Windows 11 21H2 are shared below. These vulnerabilities could lead to ‘Remote Code Execution’ attacks or ‘Elevation of Privileges’ attacks.

CVE detailsCVSSSeverityImpactDescription
CVE-2023-363979.8CRITICALRemote Code ExecutionThis threat impacts the Windows Pragmatic General Multicast (PGM).

When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.
CVE-2023-364008.8CRITICALElevation of PrivilegeThis vulnerability arises on account of Windows HMAC Key Derivation.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Post-deployment issues – KB5032192

After installing KB5031358, you may experience a reporting issue in the Bitlocker configuration service provider. This issue continues after installing KB5032192 as well. Microsoft is working on a resolution for the issue.

Issue description

Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also be affected.

It may be worth repeating that the issue is a reporting issue and does not impact the actual drive encryption.

Microsoft is working on providing a resolution for the issue.

The following changes are part of the KB5032192 cumulative update for Windows 11 21H2 editions:

  • This update supports daylight saving time (DST) changes in Syria.
  • This update addresses an issue that affects an Application Virtualization (App-V) environment. Copy operations within it stop working. This occurs after you install the April 2023 update.
  • This update addresses an issue that affects Outlook. It stops responding. This occurs when you print to an Internet Printing Protocol (IPP) printer that has a slow response time.
  • This update makes Country and Operator Settings Asset (COSA) profiles up to date for certain mobile operators.
  • This update addresses an issue that blocks external connections. This occurs when you set up a Kubernetes load balanced service and turn on session affinity.
  • This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
  • This update addresses an issue that affects Windows LAPS. Its PasswordExpirationProtectionEnabled policy fails to turn on the setting.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.