KB5034766 is the cumulative update for Windows 11 version 21H2. It was released under the ‘Patch Tuesday’ project of Microsoft on 13 February 2024.
Salient points
- KB5034766 is a cumulative update. The update supersedes the KB5034121 cumulative update released in December 2023.
- KB5034766 corresponds to Windows 11 21H2 build 22000.2777.
- KB5034121 corresponds to Windows 11 21H2 build 22000.2713.
- You will transition from build 2713 to 2777 when you upgrade from KB5034121 to KB5034766 on Windows 11 21H2.
- 40 security vulnerabilities affect Windows 11 21H2 editions for x64 platforms.
- 40 security vulnerabilities affect Windows 11 21H2 editions for ARM64 platforms.
- 2 of these security vulnerabilities carry a ‘CRITICAL’ severity for Windows 11 21H2 x64 and ARM64 deployments.
- Servicing Stack Update 22000.2770 corresponds to KB5034121. It is a part of the cumulative update.
- Separate installation of the Servicing Stack Update is not needed for KB5034766.
We look at the download links for KB5034766 and the different vulnerabilities below. KB5034766 installer files are available for x64 and ARM64 systems.
It may be pertinent to add that Windows 11 version 21H2 for Home, Pro, Pro Education, and Pro for Workstation have reached the end of service on October 10, 2023. The monthly security and quality updates will not be available for these Windows 11 21H2 versions.
Download KB5034766
KB5034766 can be applied automatically using the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
WSUS remains the best method or preferred approach to rolling out updates to Windows 11 endpoints.
You can also deploy KB5034766 manually. For manual deployments, you need an offline installer file for KB5034766. The offline installer file is available in the MSU file extension separately for x64 and ARM64 systems.
You can download the offline installer file for x64 or ARM64 platforms. The offline installer file can be downloaded from the Microsoft Update Catalog site. Or, you could also download the offline installer file from the direct download links shared below.
- Download KB5034766 from the Microsoft Update Catalog site
- Direct download KB5034766 for Windows 11 21H2 for x64 edition – the size of the installer file is 357.9 MB
- Direct download KB5034766 for Windows 11 21H2 for ARM64 edition – the size of the installer file is 484 MB
Your Windows 11 21H2 system will reboot after KB5034766 is deployed.
If you have already deployed KB5034121, only the incremental changes of KB5034766 will be installed on the Windows 11 21H2 system. This process of incremental updates is generally very fast and swift.
Vulnerabilities
Windows 11 21H2 x64 edition is affected by 40 security vulnerabilities and ARM64 edition is also affected by 40 security vulnerabilities. We discuss the two CRITICAL threats that impact Windows 11 21H2 for x64 and ARM64 systems.
CRITICAL vulnerabilities
The 2 CRITICAL vulnerabilities affecting Windows 11 21H2 are shared below. These vulnerabilities could lead to ‘Remote Code Execution’ attacks and ‘Denial of Service’ attacks.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2024-21357 | 8.1 | CRITICAL | Remote Code Execution | This vulnerability affects Windows Pragmatic General Multicast (PGM). Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Windows Pragmatic General Multicast (PGM) produces multicast traffic that runs on layer 4 and is routable. Therefore this vulnerability can be exploited over the network. An attacker could exploit this vulnerability by sending specially crafted malicious traffic directed at a vulnerable server. |
CVE-2024-20684 | 6.5 | CRITICAL | Denial of Service | This could lead to Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. |
Zero-day vulnerabilities
The following zero-day threats affect Windows 11 22H2 and 23H2 editions for x64 and ARM64 deployments.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2024-21351 | 7.6 | IMPORTANT | Security Feature Bypass | When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. |
CVE-2024-21412 | 8.1 | IMPORTANT | Security Feature Bypass | An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link. |
KB5034766 – Changelog
The following changes are part of the KB5034766 cumulative update for Windows 11 21H2 editions:
- This update addresses an issue that affects remote direct memory access (RDMA) performance counters. They do not return networking data on VMs in the right way.
- This update addresses an issue that affects fontdrvhost.exe. It stops responding when you use Compact Font Format version 2 (CFF2) fonts.
- This update addresses a memory leak in ctfmon.exe.
- This update addresses a memory leak in TextInputHost.exe.
- This update affects Unified Extensible Firmware Interface (UEFI) Secure Boot systems. It adds a renewed signing certificate to the Secure Boot DB variable. You can now opt for this change. For more details, see KB5036210.
- This update addresses an issue that affects the download of device metadata. Downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS are now more secure.
- This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.
- This update addresses an issue that affects Windows Defender Application Control (WDAC). Its “allow” policies might block some binaries from running.
- This update addresses an issue that affects the Certificate Authority snap-in. You cannot select the “Delta CRL” option. This stops you from using the GUI to publish Delta CRLs.
- This update changes a setting in Active Directory Users & Computers. By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.
January 2024 Cumulative or Security Updates
- KB5034119 Cumulative Update for Windows Server 2016
- KB5034127 Cumulative Update for Windows Server 2019
- KB5034129 Cumulative Update for Windows Server 2022
- KB5034130 for Windows Server 2022 23H2 edition
- KB5034171 Monthly Rollup (ESU) for Windows Server 2012 R2
- KB5034184 Monthly Rollup Update (ESU) for Windows Server 2012
- KB5034121 Cumulative Update for Windows 11 21H2
- KB5034123 for Windows 11 22H2 and 23H2
- KB5034134 for Windows 10 – Jan 2024
- KB5034119 for Windows 10 version 1607
- KB5034127 for Windows 10 version 1809
December 2023 Cumulative or Security Updates
- KB5033371 for Windows 10 version 1809
- KB5033373 for Windows 10 version 1607
- KB5033379 for Windows 10
- KB5033372 for Windows 10 21H2 and 22H2
- KB5033375 Cumulative Update for Windows 11 22H2 and 23H2
- KB5033369 Cumulative Update for Windows 11 21H2
- KB5033420 Monthly Rollup Update for Windows Server 2012 R2
- KB5033429 Monthly Rollup Update for Windows Server 2012
- KB5033383 Cumulative Update for Windows Server 2022
- KB5033118 Cumulative Update for Windows Server 2022
- KB5033371 Cumulative Update for Windows Server 2019
- KB5033373 Cumulative Update for Windows Server 2016
- Microsoft Edge upgrades to version 120.0.2210.61
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.