The monthly security update for Microsoft Windows 11 was released on 14th December. The update for Windows 11 is managed under the KB5008215 security update. This update is a major update as it fixes 28 security vulnerabilities for Windows 11 based on the x64 systems. Of these 28 vulnerabilities, there are 2 vulnerabilities that have a critical impact on your computers based on the Windows 11 operating system. The remaining vulnerabilities have ‘important’ severity levels with pronounced effects on the Windows 11 based infrastructure.
Below we look at some of these vulnerabilities. We will also discuss the methods you could use to apply the security update KB5008215 to Windows 11 based computers.
Critical vulnerabilities resolved on Windows 11 under KB5008215
There are two security vulnerabilities that are of a critical impact on Windows 11 computers. Both vulnerabilities are critical because of the possibility of remote code execution. An attacker may be able to deploy or execute malicious code on Windows 11 computer remotely. These critical vulnerabilities are mentioned below:
- CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS).
- CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching.
Elevation of Privileges vulnerability on Windows 11- KB5008215
There are 11 vulnerabilities of the type – ‘Elevation of privileges’ on Windows 11 x64 based systems. All these have been fixed on Windows 11 through the security update KB5008215. The vulnerabilities that have been fixed are mentioned below:
Information Disclosure vulnerability on Windows 11 – KB5008215
The KB5008215 security update for Windows 11 x64 based computers resolves six vulnerabilities with a scope of ‘information disclosure’. The security vulnerabilities which have been resolved in the security update and that could potentially cause data theft on a Windows 11 computer are mentioned below:
Remote Code Execution vulnerabilities on Windows 11 – KB5008215
There have been two critical vulnerabilities of the scope of remote code execution. Aside from these, a couple of other remote code execution vulnerabilities with ‘important’ severity levels have been fixed in the Windows 11 security update KB5008215. The two remote code execution vulnerabilities that have been resolved in the KB5008215 are mentioned below:
Denial of Service vulnerability on Windows 11 – KB5008215
Denial of service attacks on Windows 11 computers are possible. There are three such security vulnerabilities that have been patched as part of the security update KB5008215. The four vulnerabilities that could have potentially caused a denial of service attack on Windows 11 computers are:
How can I get the KB5008215 security update for Windows 11?
Windows 11 security update KB5008215 is a part of the service stack update 22000.345. Service stack updates focus on ensuring continuity of the service stack of Windows 11 computers. SSU help in ensuring faster Windows updates, and offer a granular level of control over different security updates. SSU on Windows 11 is combined with a local cumulative update for Windows 11. The build 22000.345 can be made available through one of the following ways:
- Windows Update on your Windows 11 will automatically download the update through the ‘Windows Update’ program on your computer.
- Windows Update for Business – the patch downloads automatically.
- Windows Server Update Service to patch the Windows 11 based computer automatically.
- Windows Update catalog – you can download the patch manually for applying at a date of your choice.
If you wish to download the Windows 11 security update KB5008215 manually, you can download it through the Windows update catalog: https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008215. This security update is approximately 250 Mb in size. So, downloading and installing it over a fast connection will not take much time.
Quality improvements in KB5008215 for Windows 11
Microsoft has stated that the security update focuses on improving the security internals of the operating system. No quality improvements have been stated on a separate basis. And, no issues or problems have been disclosed or detected after the application of the KB5008215 security update.
You may also like to read the following content related to Microsoft Security Updates :
- KB5026372 cumulative update for Windows 11 22H2
- KB5026368 Cumulative Update for Windows 11 21H2
- KB5026409 Security Update for Windows Server 2012 R2
- KB5026411 security update for Windows Server 2012
- KB5026419 cumulative update for Windows Server 2012
- KB5026415 Monthly rollup update for Windows Server 2012 R2
- KB5026370 cumulative update for Windows Server 2022
- KB5026362 cumulative update for Windows Server 2019
- KB5026363 May 2023 cumulative update for Windows Server 2016
- KB5025287 for Windows Server 2012 – April 2023
- KB5025285 Monthly rollup update for Windows Server 2012 R2 – April 2023
- Security Update for Windows Server 2012 R2 – KB5008285
- KB5025288 security update for Windows Server 2012 R2 – April 2023
- KB5025272 Security Update for Windows Server 2012 – April 2023
- KB5025230 cumulative update for Windows Server 2022 – April 2023
- KB5025229 cumulative update for Windows Server 2019 – April 2023
- KB5025228 cumulative update for Windows Server 2016
- KB5023706 cumulative update for Windows 11 22H2
- KB5023752 security update for Windows Server 2012
- KB5023764 security update for Windows Server 2012 R2
- Microsoft Windows Server 2012 – KB5008255 – Security Update
- KB5026368 Cumulative Update for Windows 11 21H2
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.