KB5033373 is the monthly cumulative update for Windows 10 version 1607. This update was released on 12 December 2023 under the ‘Patch Tuesday’ project.
KB5033373 has also been released for Windows Server 2016 and Windows Server 2016 Server Core installation. You can find more information about KB5033373 for Windows Server 2016 on the relevant page.
Salient points
- KB5033373 is for Windows 10 version 1607 for December 2023. The update is available for x86 and x64 platforms. This update supersedes KB5032197.
- KB5033373 corresponds to Windows 10 build 14393.6529.
- KB5032197 for Windows 10 version 1607 corresponds to Windows 10 build 14393.6452.
- KB5032391 is the Servicing Stack Update corresponding to KB5032197 and KB5033373 for Windows 10 version 1607. The SSU is available separately for x86 and x64 platforms.
- KB5032391 was released in November 2023. There has been no new release for the Servicing Stack Update in December 2023.
- 13 security vulnerabilities affect Windows 10 version 1607 for x64 and x86 architectures.
- 3 security vulnerabilities have a ‘CRITICAL’ severity level. All these could cause the ‘Remote Code Execution’ attacks.
- There is a single zero-day vulnerability CVE-2023-20588 that affects Windows 10 version 1607.
Download KB5033373 for Windows 10 version 1607
KB5033373 for Windows 10 version 1607 can be deployed through one of the following automated processes:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
WSUS is the most preferred method to patch Windows 10 workstations with the latest cumulative updates.
For automated deployments, the Servicing Stack Update is installed automatically prior to the installation of the KB5033373 cumulative update. There is no system reboot after deploying the Servicing Stack Update.
KB5033373 can be applied on Windows 10 version 1607 in a manual approach. For this, you will need to follow a two-step process.
- Download and install the Servicing Stack Update KB5032391 on Windows 10 version 1607.
- Download and install KB5033373 cumulative update for Windows 10 version 1607.
We have shared both steps below.
You could download the offline installer files for the Servicing Stack Update and the cumulative update from the Microsoft Update Catalog site. Or, you could use the download links shared below to download the .MSU file directly.
- Download KB5032391 Servicing Stack Update for Windows 10 version 1607
- Download KB5032391 for Windows 10 version 1607 for x86 edition – the size of this update is 5.4 MB.
- Download KB5032391 for Windows 10 version 1607 for x64 edition – the size of this update is 11.7 MB.
Once you have installed the Servicing Stack Update, you can proceed with the installation of KB5033373 on Windows 10 version 1607. The download links for KB5033373 are specified below.
- Download KB5033373 for Windows 10 version 1607 from Microsoft Update Catalog
- Direct Download KB5033373 for Windows 10 version 1607 x86 edition – the size of the update file is 908.5 MB.
- Direct Download KB5033373 for Windows 10 version 1607 x64 edition – the size of the update file is 1639.9 MB.
When you deploy KB5033373 on Windows 10 version 1607, your system will reboot or restart.
All changes of KB5032197 are included in KB5033373. If you did not install KB5032197, you can skip and install KB5033373. The SSU KB5032391 will be automatically installed as part of the KB5033373 cumulative update.
Vulnerabilities
13 security vulnerabilities affect Windows 10 version 1607 for x64 systems. There are 13 vulnerabilities on the x86 and x64 editions of Windows 10 version 1607. We look at the 3 CRITICAL threats below. There is also a zero-day threat affecting the AMD servers.
Zero-day vulnerabilities
The following zero-day threat was first reported in August 2023. It has been mitigated in the current Windows Update cycle. Therefore, we suggest immediate deployment of the cumulative update KB5033373 for Windows Server 10 x86 and x64 versions.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-20588 | 5.5 | IMPORTANT | Information Disclosure | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. |
CRITICAL vulnerabilities
There are 3 CRITICAL vulnerabilities affecting Windows 10 version 1607 x64 and x86 system architecture. All these are the ‘Remote Code Execution’ while the other one is an ‘Elevation of Privilege’ threat. These vulnerabilities are shared below for your ready reference.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-35630 | 8.8 | CRITICAL | Remote Code Execution | This threat impacts the Internet Connection Sharing (ICS). Successful exploitation of this vulnerability requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message. This attack is limited to systems connected to the same network segment as the attacker. |
CVE-2023-35628 | 8.1 | CRITICAL | Remote Code Execution | This vulnerability arises on account of Windows MSHTML Platform. The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. This could result in the attacker executing remote code on the victim’s machine. |
CVE-2023-35641 | 8.8 | CRITICAL | Remote Code Execution | This threat affects the Internet Connection Sharing (ICS). To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service. This attack is limited to systems connected to the same network segment as the attacker |
KB5033373 for Windows 10 version 1607 – Changelog
The following changes are part of the KB5033373 cumulative update for Windows 10 version 1607:
- This update affects the Netherlands time zone. It adds the recent man-made landmass outside of Rotterdam to the shape files.
- This update addresses security issues for your Windows operating system.
December 2023 Cumulative or Security Updates
- KB5033371 for Windows 10 version 1809
- KB5033373 for Windows 10 version 1607
- KB5033379 for Windows 10
- KB5033372 for Windows 10 21H2 and 22H2
- KB5033375 Cumulative Update for Windows 11 22H2 and 23H2
- KB5033369 Cumulative Update for Windows 11 21H2
- KB5033420 Monthly Rollup Update for Windows Server 2012 R2
- KB5033429 Monthly Rollup Update for Windows Server 2012
- KB5033383 Cumulative Update for Windows Server 2022
- KB5033118 Cumulative Update for Windows Server 2022
- KB5033371 Cumulative Update for Windows Server 2019
- KB5033373 Cumulative Update for Windows Server 2016
- Microsoft Edge upgrades to version 120.0.2210.61
November 2023 Cumulative or Security Updates
- KB5032196 Cumulative Update for Windows Server 2019
- KB5032197 Cumulative Update for Windows Server 2016
- KB5032198 Cumulative Update for Windows Server 2022
- KB5032247 Monthly Rollup Update for Windows Server 2012
- KB5032249 Monthly Rollup for Windows Server 2012 R2
- KB5032190 Windows 11 22H2 and 23H2 Editions
- KB5032192 for Windows 11 21H2 edition
- KB5032189 for Windows 10 21H2 and 22H2 versions
- KB5032196 for Windows 10 version 1809
- KB5032197 for Windows 10 version 1607
October 2023 Security Updates
You may be interested in reading more about other October 2023 security or cumulative updates shared below:
- KB5031358 Cumulative Update for Windows 11 version 21H2
- KB5029377 Security Update for SQL Server 2019 GDR
- KB5031354 Cumulative Update for Windows 11 version 22H2
- KB5031356 for Windows 10
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.