KB5034774 for Windows 10 – February 2024

KB5034774 is the cumulative update for Windows 10 x86 and x64 editions. It can also be called the cumulative update for Windows 10 version 1507. The update was released as part of the ‘Patch Tuesday’ project of Microsoft on 13 February 2024.

Salient points

  • KB5034774 is a cumulative update that supersedes KB5034134. KB5034134 was released in January 2024.
  • KB5034134 corresponds to Windows 10 build 10240.20402.
  • KB5033379 corresponds to Windows 10 build 10240.20469.
  • KB5034864 is the latest Servicing Stack Update that corresponds to KB5034774. KB5034864 was released on 13 February 2024.
  • 33 security vulnerabilities affect Windows 10 32-bit systems. 1 of these threats is a ‘CRITICAL’ severity vulnerability
  • 33 security vulnerabilities affect Windows 10 x64 or 64-bit systems. 1 of these threats is a ‘CRITICAL’ severity vulnerability.

Download KB5034774

KB5034774 can be applied automatically using one of the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Services

WSUS remains the most preferred method of rollout updates on Windows servers and workstations.

As part of the automated deployment, the latest Servicing Stack Update KB5034864 will be installed automatically as part of the Windows Update process.

You can also apply KB5034774 manually. For manual application, you need to follow a two-step process.

  1. Download and install Servicing Stack Update KB5034864
  2. Download and install KB5034774 cumulative update

The Servicing Stack Update and Cumulative Updates are available as offline installer files. You can download these offline installer files using the Microsoft Update Catalog site. Or, alternatively, you could use the direct download links shared below to download the offline installer files.

Download Servicing Stack Update KB5034864

Upon installation, the Servicing Stack Updates do not cause the system to reboot.

Download cumulative update KB5034774

The cumulative update will cause the system to reboot. So, it is also suggested, that the change is implemented as part of an organized change process.

Also, all changes of KB5034134 are included in KB5034774. If you skipped installing KB5034134, you can install KB5034774 directly. This will offer full security and protection on the Windows 10 endpoint systems.

Vulnerabilities

Windows 10 x86 edition and x64 editions are affected by 33 security vulnerabilities. 1 of this is a CRITICAL vulnerability. The details of the vulnerability are shared below. It could lead to ‘Remote Code Execution’ attacks.

CRITICAL vulnerabilities

There is a single security vulnerability with CRITICAL severity levels for Windows 10 x64 and x86 systems. The vulnerability is shared below.

CVE detailsCVSSSeverityImpactDescription
CVE-2024-213578.1CRITICALRemote Code ExecutionThis vulnerability affects Windows Pragmatic General Multicast (PGM).

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Windows Pragmatic General Multicast (PGM) produces multicast traffic that runs on layer 4 and is routable. Therefore this vulnerability can be exploited over the network.

An attacker could exploit this vulnerability by sending specially crafted malicious traffic directed at a vulnerable server.

KB5034774 – Changelog

The following changes or improvements are part of the KB5034774 cumulative update for Windows 10:

  • This update makes miscellaneous security improvements to internal OS functionality.
  • This update addresses security issues for your Windows operating system
  • This update affects Unified Extensible Firmware Interface (UEFI) Secure Boot systems. It adds a renewed signing certificate to the Secure Boot DB variable. You can now opt for this change. For more details, see KB5036210.
  • This update addresses an issue that affects the download of device metadata. Downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS are now more secure.
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.