KB5039217 is the cumulative update for Windows 10 version 1809. It was released on 11 June 2024 under the ‘Patch Tuesday’ project.
Versions available
KB5039217 for Windows 10 is available for the following versions:
- Windows 10 version 1809 for 32 bit systems
- Windows 10 version 1809 for x64 systems
- Windows 10 version 1809 for ARM64 deployments
Salient points
- KB5039217 is a cumulative update that supersedes KB5037765 released on 14 May 2024.
- KB5039217 corresponds to Windows 10 build 10.0.17763.5936 for version 1809.
- KB5039335 is the Servicing Stack Update that corresponds to KB5039217. It is available for x86 and x64 deployments.
- 26 security vulnerabilities affect Windows 10 version 1809 for x86 and ARM64 deployments.
- 27 security vulnerabilities affect Windows 10 version 1809 for x64 deployments.
- CVE-2024-30080 is the CRITICAL vulnerability that could cause ‘Remote Code Execution’ attacks. This is a CVSS 9.8 vulnerability affecting MSMQ or Microsoft Message Queuing. This vulnerability affects Windows 10 version 1809 x86, ARM64, and x64 deployments.
Install KB5039217
KB5039217 can be installed automatically or manually. For automatic installations, you can install KB5039217 using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
For manual installations, you need to follow a two-step process:
- Install KB5039335 on Windows 10 version 1809
- Install KB5039217 on Windows 10 version 1809
The Servicing Stack will not cause a reboot.
Once the SSU has been installed, you can install the main cumulative update.
- Download KB5039217 from the Microsoft Update Catalog site
- Direct download KB5039217 for x86 deployments – 355.1 MB
- Direct download KB5039217 for ARM64 deployments – 666.5 MB
- Direct download KB5039217 for x64 deployments – 669 MB
The main cumulative update will cause the Windows 10 workstation to reboot for applying the changes.
Security Vulnerabilities
Windows 10 version 1809 x86 and ARM64 deployments are affected by 26 security vulnerabilities. Windows 10 version 1809 x64 deployments are affected by 27 security vulnerabilities. One of these vulnerabilities is a CRITICAL Remote Code Execution threat.
CVE-2024-30080 is a CRITICAL ‘Remote Code Execution’ vulnerability. It affects Windows 10 version 1809 for x86 and x64 deployments.
The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. To determine if your system is susceptible, check to see if the MSMQ HTTP-Support feature is enabled and if there is a service running named Message Queuing on the machine.
To exploit this vulnerability, an attacker would need to send a series of specially crafted MSMQ packets in a rapid sequence over HTTP to a MSMQ server. This could result in remote code execution on the server side.
KB5039217 – Changelog
The following changes are part of the KB5039217 cumulative update:
- This update addresses security issues for your Windows operating system.
- This update affects the version of curl.exe that isin Windows. The version number is now 8.7.1.
- This update addresses an issue that affects lsass.exe. It stops responding. This occurs after you install the April 2024 security updates on Windows servers.
- This update addresses an issue that affects lsass.exe. It leaks memory. This occurs during a Local Security Authority (Domain Policy) Remote Protocol (LSARPC) call.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.