KB5033379 for Windows 10

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5033379 is the cumulative update for Windows 10 x86 and x64 editions. It can also be called the cumulative update for Windows 10 version 1507. The update was released as part of the ‘Patch Tuesday’ project of Microsoft on 12 December 2023.

Salient points

  • KB5033379 is a cumulative update that supersedes KB5032199. KB5032199 was released in November 2023.
  • KB5031377 corresponds to Windows 10 build 10240.20232.
  • KB5033379 corresponds to Windows 10 build 10240.20345.
  • KB5032390 is the latest Servicing Stack Update that corresponds to KB5032199 and KB5033379. KB5032390 was released on 14 November 2023.
  • There is no additional or separate SSU release for Windows 10 in December 2023.
  • 15 security vulnerabilities affect Windows 10 32-bit systems. 3 of these threats are ‘CRITICAL’ severity vulnerabilities.
  • 15 security vulnerabilities affect Windows 10 x64 or 64-bit systems. 3 of these threats are ‘CRITICAL’ severity vulnerabilities.
  • One zero-day threat affecting Windows 10 x86 and x64 systems is mentioned in the vulnerability section. CVE-2023-20588 is an AMD vulnerability that is being exploited by various threat actors.

Download KB5033379

KB5033379 can be applied automatically using one of the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Services

WSUS remains the most preferred method of rollout updates on Windows servers and workstations.

As part of the automated deployment, the latest Servicing Stack Update KB5032390 will be installed automatically as part of the Windows Update process.

You can also apply KB5033379 manually. For manual application, you need to follow a two-step process.

  1. Download and install Servicing Stack Update KB5032390
  2. Download and install KB5033379 cumulative update

The Servicing Stack Update and Cumulative Updates are available as offline installer files. You can download these offline installer files using the Microsoft Update Catalog site. Or, alternatively, you could use the direct download links shared below to download the offline installer files.

Download Servicing Stack Update KB5032390

Upon installation, the Servicing Stack Updates do not cause the system to reboot.

Download cumulative update KB5033379

The cumulative update will cause the system to reboot. So, it is also suggested, that the change is implemented as part of an organized change process.

Also, all changes of KB5032199 are included in KB5033379. If you skipped installing KB5032199, you can install KB5033379 directly. This will offer full security and protection on the Windows 10 endpoint systems.

Vulnerabilities

Windows 10 x86 edition and x64 editions are affected by 15 security vulnerabilities. 3 of these are CRITICAL vulnerabilities. There is a single zero-day threat that affects Windows 10 x86 and x64 systems.

Zero-day vulnerabilities

The following zero-day threat was first reported in August 2023. It has been mitigated in the current Windows Update cycle. Therefore, we suggest immediate deployment of the cumulative update KB5033379 for Windows Server 10 x86 and x64 versions.

CVE detailsCVSSSeverityImpact Description
CVE-2023-205885.5IMPORTANTInformation DisclosureA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

CRITICAL vulnerabilities

There are 3 security vulnerabilities with CRITICAL severity levels for Windows 10 x64 and x86 systems. All these threats have the ‘Remote Code Execution’ impact. These vulnerabilities are shared below.

CVE detailsCVSSSeverityImpact Description
CVE-2023-356308.8CRITICALRemote Code ExecutionThis threat impacts the Internet Connection Sharing (ICS).

Successful exploitation of this vulnerability requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.
This attack is limited to systems connected to the same network segment as the attacker. 
CVE-2023-356288.1CRITICALRemote Code ExecutionThis vulnerability arises on account of Windows MSHTML Platform.

The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.

This could result in the attacker executing remote code on the victim’s machine.
CVE-2023-356418.8CRITICALRemote Code ExecutionThis threat affects the Internet Connection Sharing (ICS).

To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service.

This attack is limited to systems connected to the same network segment as the attacker

KB5033379 – Changelog

The following changes or improvements are part of the KB5033379 cumulative update for Windows 10:

  • This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
  • This update addresses security issues for your Windows operating system
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.