Windows 11 Windows 11 version 22H2 receives security update KB5023706 (OS Build 22621.1413)

Microsoft has released a security update for Windows 11 version 22H2, which addresses various security vulnerabilities present in the operating system. The update, named KB5023706 (OS Build 22621.1413), includes improvements to Distributed Component Object Model (DCOM) hardening, Active Directory join failures, and updates to the servicing stack (SSU) which ensures that your device receives and installs Microsoft updates reliably.

However, there are some known issues with the update that users should be aware of before proceeding with the installation. For IT admins using provisioning packages, there may be unexpected behavior where Windows is only partially configured, and the Out of Box Experience may not finish or might restart unexpectedly. This issue does not affect provisioning Windows devices using Windows Autopilot.

Copying large multiple gigabyte files might take longer than expected to finish on Windows 11, version 22H2. This issue is more likely to occur when copying files to Windows 11 from a network share via Server Message Block (SMB) but can also affect local file copying. Microsoft recommends using file copy tools that do not use cache manager (buffered I/O) as a temporary workaround.

There is also an issue with updates released on or after February 14, 2023, which might not be offered from some Windows Server Update Services (WSUS) servers to Windows 11, version 22H2. The updates will download to the WSUS server but may not propagate further to client devices. This issue affects only WSUS servers running Windows Server 2022 which have been upgraded from Windows Server 2016 or Windows Server 2019.

Lastly, users should note that after installing this update, Windows devices with some third-party UI customization apps might not start up. These third-party apps might cause errors with explorer.exe that might repeat multiple times in a loop. It is recommended that users uninstall any third-party UI customization app before installing this or later updates to prevent this issue.

To get the update, users can use Windows Update and Microsoft Update or download the standalone package from the Microsoft Update Catalog website. IT admins can configure policies for Windows Update for Business or use Windows Server Update Services (WSUS) to automatically install the update. For users who wish to remove the cumulative update, Microsoft recommends using the DISM/Remove-Package command line option with the LCU package name as the argument.

In conclusion, Windows 11 version 22H2 users should install the KB5023706 update to ensure that their device is protected from security vulnerabilities. However, it is important to note the known issues and workarounds mentioned above to avoid any unexpected behavior during or after the installation process.

Full release notes:

Last edited:
Top Bottom