KB5034765 is the cumulative update for Windows 11 released on 13 February 2024. It was released under the ‘Patch Tuesday’ project of Microsoft. This update caters to Windows 11 22H2 and 23H2 editions.
Salient points
- KB5034765 is a cumulative update that supersedes KB5034123. It corresponds to Windows 11 build 22621.3155 and 22631.3155.
- KB5034765 also includes all changes that are part of the preview update KB5034204. KB5034204 was released on 23 January 2024 and corresponds to Windows 11 builds 22621.3085 and 22631.3085.
- KB5034765 for Windows 11 22H2 edition corresponds to build 22621.3155.
- KB5034765 for Windows 11 23H2 edition corresponds to build 22631.3155.
- For Windows 11 22H2, Servicing Stack Update 22621.3073 corresponds to KB5032190, KB5033375, and KB5034123.
- For Windows 11 23H2, Servicing Stack Update 22631.3073 corresponds to KB5032190, KB5033375, and KB5034123.
- The Servicing Stack Updates for KB5034765 are included in the main cumulative update. Separate installation of Windows 11 Servicing Stack Update is not needed.
- Separate installation files for KB5034765 are available for x64 and ARM64 systems.
- 41 security vulnerabilities affect Windows 11 versions of 22H2 x64 and 23H2 x64 systems.
- 41 security vulnerabilities affect Windows 11 versions of 22H2 ARM64 and 23H2 ARM64 platforms.
- 2 security vulnerabilities have ‘CRITICAL’ severity for Windows 11 versions 22H2 and 23H2. These vulnerabilities could lead to ‘Remote Code Execution’ attacks and the ‘Denial of Service’ attacks.
- 2 Zero-day threats affect Windows 11 22H2 and 23H2 editions for x64 and ARM64 platforms. Details of both zero-day vulnerabilities are shared below.
Download KB5034765
You can install KB5034765 automatically using one of the following processes:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
For manual installation, you can download an offline installer file from the Microsoft Update Catalog site. We have shared the catalog link and the direct download links for the offline installer files.
The installer files for the update are available for x64 and ARM64 systems.
- Download KB5034765 from the Microsoft Update Catalog site
- Direct download KB5034765 for Windows 11 version 22H2 for x64 – the size of the update file is 648.4 MB.
- Direct download KB5034765 for Windows 11 version 22H2 for ARM64 – the size of the update file is 776.5 MB.
- Direct download KB5034765 for Windows 11 version 23H2 for x64 – the size of the update file is 648.4 MB.
- Direct download KB5034765 for Windows 11 version 23H2 for ARM64 – the size of the update file is 776.5 MB.
Your system will reboot after applying the KB5034765 security update.
It may be important to know that the Servicing Stack Updates 22621.3073 and 22631.3073 are built-in to the KB5034765 cumulative updates. Separate installation of the Servicing Stack Update is not needed for Windows 11 22H2 and 23H2 editions.
It is also pertinent to know that all changes of KB5034204 are included in KB5034765. If you missed installing KB5034204, installing KB5034765 will give you full security coverage on Windows 11 22H2 and 23H2 editions.
Vulnerabilities
Windows 11 version 22H2 for x64 and 23H2 for x64 systems are affected by 41 security vulnerabilities. 2 of these vulnerabilities are ‘CRITICAL’ severity vulnerabilities.
Windows 11 versions 22H2 for ARM64 and 23H2 for ARM64 are affected by 41 security vulnerabilities. 2 of these vulnerabilities are ‘CRITICAL’ severity vulnerabilities.
CRITICAL vulnerabilities on Windows 11 version 22H2 and 23H2 for x64 and ARM64 deployments
The following are the 2 security vulnerabilities that affect Windows 11 versions 22H2 and 23H2 for x64 and ARM64 systems.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2024-21357 | 8.1 | CRITICAL | Remote Code Execution | This vulnerability affects Windows Pragmatic General Multicast (PGM). Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Windows Pragmatic General Multicast (PGM) produces multicast traffic that runs on layer 4 and is routable. Therefore this vulnerability can be exploited over the network. An attacker could exploit this vulnerability by sending specially crafted malicious traffic directed at a vulnerable server. |
CVE-2024-20684 | 6.5 | CRITICAL | Denial of Service | This could lead to Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. |
Zero-day vulnerabilities
The following zero-day threats affect Windows 11 22H2 and 23H2 editions for x64 and ARM64 deployments.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2024-21351 | 7.6 | IMPORTANT | Security Feature Bypass | When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. |
CVE-2024-21412 | 8.1 | IMPORTANT | Security Feature Bypass | An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link. |
KB5034765 – Changelog
KB5034765 for Windows 11 22H2 and 23H2 includes the following changes or improvements:
- This update addresses security issues for Windows 11 22H2 and 23H2 versions.
- On Windows 11 22H2, this update addresses an issue that affects Narrator announcements. They are slow when you use Natural Voices.
- On Windows 11 22H2, this update addresses an issue that affects explorer.exe. It might stop responding. This occurs when you restart or shut down a PC that has a controller accessory attached to it.
- On Windows 11 22H2, this update addresses an issue that affects the download of device metadata. Downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS are now more secure.
- For Windows 11 23H2, this build includes all the improvements that are part of Windows 11 version 22H2.
January 2024 Cumulative or Security Updates
- KB5034119 Cumulative Update for Windows Server 2016
- KB5034127 Cumulative Update for Windows Server 2019
- KB5034129 Cumulative Update for Windows Server 2022
- KB5034130 for Windows Server 2022 23H2 edition
- KB5034171 Monthly Rollup (ESU) for Windows Server 2012 R2
- KB5034184 Monthly Rollup Update (ESU) for Windows Server 2012
- KB5034121 Cumulative Update for Windows 11 21H2
- KB5034123 for Windows 11 22H2 and 23H2
- KB5034134 for Windows 10 – Jan 2024
- KB5034119 for Windows 10 version 1607
- KB5034127 for Windows 10 version 1809
December 2023 Cumulative or Security Updates
- KB5033371 for Windows 10 version 1809
- KB5033373 for Windows 10 version 1607
- KB5033379 for Windows 10
- KB5033372 for Windows 10 21H2 and 22H2
- KB5033375 Cumulative Update for Windows 11 22H2 and 23H2
- KB5033369 Cumulative Update for Windows 11 21H2
- KB5033420 Monthly Rollup Update for Windows Server 2012 R2
- KB5033429 Monthly Rollup Update for Windows Server 2012
- KB5033383 Cumulative Update for Windows Server 2022
- KB5033118 Cumulative Update for Windows Server 2022
- KB5033371 Cumulative Update for Windows Server 2019
- KB5033373 Cumulative Update for Windows Server 2016
- Microsoft Edge upgrades to version 120.0.2210.61
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.