Windows 10 version 1809 – KB5031361

by

KB5031361 is the cumulative update for Windows 10 version 1809. The update was released on 10 October 2023 as part of the ‘October Patch Day’ initiative of Microsoft.

Salient points

  • KB5031361 has now been superseded by KB5032196 for Windows 10 version 1809.
  • KB5031361 for Windows 10 version 1809 is a cumulative update that supersedes the KB5030214 update released in September 2023.
  • KB5031361 corresponds to Windows 10 build 17763.4974.
  • KB5030214 corresponds to Windows 10 build 17763.4851.
  • KB5005112 is the Servicing Stack Update released in August 2021. It must be already deployed on Windows 10 version 1809 systems prior to installing KB5031361.
  • Servicing Stack Update 17763.4965 corresponds to KB5031361 for Windows 10 version 1809. It is already built-in the cumulative update. Separate installation of the latest Servicing Stack Update is not needed.
  • 72 security vulnerabilities affect Windows 10 version 1809 for 32-bit systems and ARM64 systems. 11 of these vulnerabilities have a ‘CRITICAL’ severity level.
  • 74 security vulnerabilities affect Windows 10 version 1809 for x64 systems. 12 of these vulnerabilities have a ‘CRITICAL’ severity level.
  • KB5031361 for Windows 10 version 1809 is available separately for x86, x64, and ARM64 deployments.

Download KB5031361 for Windows 10 version 1809

KB5031361 is also available for Windows Server 2019. You can read more about KB5031361 for Windows Server 2019 deployments on this page.

Over here, we discuss the ways to install KB5031361 on Windows 10 version 1809 deployments.

You could use one of the following automated deployment processes for KB5031361 on Windows 10 version 1809:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Services

WSUS remains the most preferred method to roll out Windows cumulative updates.

You can also install KB5031361 on Windows 10 version 1809 in a manual approach. For this, you will need to follow a two-step process.

  1. Check if you have KB5005112 Servicing Stack Update installed. If not, download the installer file for KB5005112.
  2. Download and install KB5031361 for Windows 10 version 1809 for x86, x64, or ARM64 editions.

We cover the download links for KB5031361 for Windows 10 version 1809 below.

KB5005112 was released in August 2021. So, we expect that this Servicing Stack Update will already be on your system. You could check the Windows Update History on the Windows 10 system to confirm the same.

Once the Servicing Stack Update has been installed, you can proceed with the installation of the main cumulative update on the Windows 10 version 1809 system.

KB5031361 will cause the Windows 10 version 1809 system to reboot. So, please plan the change as an organized change process.

Vulnerabilities

There are multiple security vulnerabilities affecting Windows 10 x86, x64, and ARM64 platforms. We look at the zero-day threats and the CRITICAL severity threats that affect Windows 10 version 1809 below.

Zero-day vulnerabilities

There are two zero-day threats that affect Windows 10 version 1809 x86, x64, and ARM64 editions.

Zero-day threats are publicly disclosed threats. Or, these have already been exploited by various threat actors. Therefore, zero-day threats need to be patched immediately.

The following are the two zero-day threats that affect Windows 10 version 1809 under the October 2023 ‘Patch Tuesday’ program:

CVE VulnerabilitySeverityCVSS ScoreImpactComments
CVE-2023-36563IMPORTANT6.5Information DisclosureExploiting this vulnerability could allow the disclosure of NTLM hashes.
CVE-2023-44487IMPORTANT6.5Denial of ServiceHTTP/2 Rapid Reset Attack

Once you have deployed the update, you can also mitigate the CVE-2023-44487 by limiting the HTTP/2 connections. As part of the mitigation effort, you can also set the limit of the RST_STREAMS per minute using the new registry key in this update. This registry key will be available after you have successfully deployed the KB5031362 cumulative update.

Registry keyDefault valueValid value rangeRegistry key function
Http2MaxClientResetsPerMinute5000–65535Sets the allowed number of resets (RST_STREAMS) per minute for a connection. When you reach this limit, the connection ends.

CRITICAL vulnerabilities

All 12 CRITICAL vulnerabilities affecting Windows 10 version 1809 x64 are of the type of ‘Remote Code Execution’ threats. These vulnerabilities are shared below for your ready reference.

CVE DetailsCVSS ScoreComments
CVE-2023-353499.8This vulnerability affects the Microsoft Message Queuing.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.
CVE-2023-366976.8This vulnerability affects the Microsoft Message Queuing.
Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server
CVE-2023-367187.8This vulnerability could lead to a contained execution environment escape on the Microsoft Virtual Trusted Platform Module.
CVE-2023-417748.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417738.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417718.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417708.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417698.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417688.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417678.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417658.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-381668.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.

Windows 10 version 1809 x86 and ARM64 systems are affected with all the above vulnerabilities with the exception of CVE-2023-36718. So, the x86 and ARM64 editions of Windows 10 version 1809 are affected by 11 CRITICAL security vulnerabilities.

IIS Vulnerability

There is a CVSS 9.8 vulnerability on the IIS Server running on Windows 10 version 1809. This vulnerability has an IMPORTANT severity level. The details of the vulnerability are shared below:

CVE VulnerabilitySeverityCVSS ScoreImpactComments
CVE-2023-36434IMPORTANT9.8Elevation of PrivilegesIn a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft suggests using complex or strong passwords to protect against this vulnerability.

Windows 10 version 1809 – KB5031361 Changelog

The following changes are part of the KB5031361 cumulative update for Windows 10 version 1809:

  • New! This update completes the work to comply with the GB18030-2022 requirements. It removes and remaps characters for Microsoft Wubi input and Microsoft Pinyin U-mode input. You can no longer enter character codepoints that are not supported. All the required codepoints are up to date.
  • New! This update adds Azure Arc Optional Component related links to Server Manager. Now, you can turn on Arc on your servers. You do not need to run a PowerShell script.
  • This update changes the spelling of Ukraine’s capital from Kiev to Kyiv.
  • This update addresses an issue that affects scheduled tasks. Tasks that call the credential manager API might fail. This occurs if you select [Run only when user is logged on] and [Run with highest privileges].
  • This update addresses an issue that stops you from getting the IE mode windows list.
  • This update addresses an issue that affects external binding. It fails. This occurs after you install Windows updates dated May 2023 or later. Because of this, there are issues that affect LDAP queries and authentication.
  • This update addresses an issue that affects those who enable the “Smart Card is Required for Interactive Logon” account option. When RC4 is disabled, you cannot authenticate to Remote Desktop Services farms. The error message is, “An authentication error has occurred. The requested encryption type is not supported by the KDC.”
  • This update addresses an issue that affects Kerberos delegation. It might fail in the wrong way. The error code is 0xC000006E (STATUS_ACCOUNT_RESTRICTION). This issue might occur when you mark the intermediate service account as “This account is sensitive and cannot be delegated” in Active Directory. Applications might also return the error message, “System.Security.Authentication.AuthenticationException: Failed to initialize security context. Error code was -2146893042.”
  • This update affects Windows Filtering Platform (WFP) connections. The redirect diagnostics for them has improved.
  • This update addresses an issue that affects a relying party. When you sign out of it, a SAML request cookie is not cleared. Because of this, your device automatically attempts to connect to the same relying party when you sign in again.
  • This update addresses an issue that affects the Server Message Block (SMB) client. It does not reconnect all the persistent handles when the reauthentication of a session fails.
  • This update supports daylight saving time (DST) changes in Greenland.
  • This update addresses security issues for your Windows operating system. 

October 2023 Security Updates

You may be interested in reading more about other October 2023 security or cumulative updates shared below:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.