KB5033372 for Windows 10 21H2 and 22H2

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5033372 is the cumulative update for Windows 10 version 21H2 and version 22H2. The update was released on 12 December 2023 under the ‘Patch Tuesday’ program.

Salient points

  • KB5033372 has been superseded by KB5034122 in January 2024.
  • KB5033372 is a cumulative update. It supersedes the KB5032189 released in November 2023.
  • KB5033372 also includes all changes that are part of the preview update KB5032278. The preview update was released on 30 November 2023.
  • KB5033372 corresponds to build 19044.3803 for Windows 10 version 21H2.
  • KB5033372 corresponds to build 19045.3803 for Windows 10 version 22H2.
  • 15 security vulnerabilities affect the x64, x86, and ARM64 versions of Windows 10 version 21H2 and 22H2. 3 of these vulnerabilities have a ‘CRITICAL’ severity level.
  • Zero-day threat CVE-2023-20588 affects all platforms of Windows 10 version 21H2 and version 22H2. The vulnerability resides in systems using AMD processors. Brief details of the vulnerability are in the vulnerabilities section.
  • Servicing Stack Update 19044.3745 corresponds to Windows 10 version 21H2. Separate installation of the SSU is not needed as it is included in the main security or cumulative update.
  • Servicing Stack Update 19045.3745 corresponds to Windows 10 version 22H2. Separate installation of the SSU is not needed as it is included in the main security or cumulative update.
  • Bitlocker device encryption reporting issue continues to affect Windows 10 versions 21H2 and 22H2. The issue was caused after the installation of the KB5031356 security update.

KB5033372 Prerequisites for installation

For offline OS image servicing:

You need KB5011543 or later cumulative update on the system. KB5011543 was released in March 2022. If this is not possible, please install the May 2022 Servicing Stack Update KB5014032.

For WSUS or Microsoft Catalog packages:

You need KB5003173 cumulative update from May 2021 or later. If this is not possible, please install the August 2021 Servicing Stack Update KB5005260.

Download KB5033372

KB5033372 can be applied automatically using one of the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Services

WSUS remains the most preferred way to patch Windows 10 workstations. You will need to pull security updates for Windows 10 version 1903 and later.

For manual deployments, you need to download the offline installer file from the Microsoft Update Catalog site. The offline installer needs to be downloaded for the specific Windows 10 version on your computers. Or, you could use the direct download links shared below for the offline installer files for Windows 10 version 21H2 and version 22H2.

Download KB5033372 for Windows 10 version 21H2 and version 22H2

You will need to ensure that the offline installer file corresponding to the platform architecture is used. So, please pick the file relevant for x64, x86 or ARM64 platforms.

KB5033372 – 65000 Error in the “Require Device Encryption

Another reporting issue affects Bitlocker. Actual device encryption is not impacted.

Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. 

Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also be affected.

To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.

Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview).

Microsoft is working on a resolution for this issue.

Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen. To access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or bottom of your screen.

Microsoft is working on a resolution for the issue.

Windows 10 21H2 and x64 editions are affected by 15 security vulnerabilities. The ARM64 and x86 editions are also affected by 15 security vulnerabilities. We discuss the zero-day threat and two CRITICAL threats that impact Windows 10 21H2 for x86, x64 and ARM64 systems.

The following zero-day threat was first reported in August 2023. It has been mitigated in the current Windows Update cycle. Therefore, we suggest immediate deployment of the cumulative update KB5033372 for Windows Server 10 version 21H2 and 22H2 for the x86, x64, and ARM64 versions.

CVE detailsCVSSSeverityImpact Description
CVE-2023-205885.5IMPORTANTInformation DisclosureA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

The 3 CRITICAL vulnerabilities affecting Windows 10 21H2 and 22H2 are shared below. These vulnerabilities could lead to ‘Remote Code Execution’ attacks on the target workstations.

CVE detailsCVSSSeverityImpact Description
CVE-2023-356308.8CRITICALRemote Code ExecutionThis threat impacts the Internet Connection Sharing (ICS).

Successful exploitation of this vulnerability requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.
This attack is limited to systems connected to the same network segment as the attacker. 
CVE-2023-356288.1CRITICALRemote Code ExecutionThis vulnerability arises on account of Windows MSHTML Platform.

The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.

This could result in the attacker executing remote code on the victim’s machine.
CVE-2023-356418.8CRITICALRemote Code ExecutionThis threat affects the Internet Connection Sharing (ICS).

To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service.

This attack is limited to systems connected to the same network segment as the attacker
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.