Microsoft has rolled out the KB5041580 cumulative update for both Windows 10 22H2 and Windows 10 21H2, bringing with it a suite of 14 changes and fixes, notably addressing BitLocker issues and implementing crucial security updates. This update is deemed mandatory as it encompasses Microsoft’s August 2024 Patch Tuesday security updates, which rectify a substantial 142 vulnerabilities.
Users can initiate the installation of this update by navigating to Settings, selecting Windows Update, and performing a ‘Check for Updates’. Given the mandatory nature of this update, it will automatically commence installation once the update check is executed. To enhance user experience, there is an option to schedule a restart for the computer to complete the installation at a more convenient time.
Source: BleepingComputer
Upon successful installation, Windows 10 22H2 will be upgraded to build 19045.4780, while Windows 10 21H2 will transition to build 19044.4780. Additionally, users have the option to manually download and install the KB5041580 update directly from the Microsoft Update Catalog.
What’s new in Windows 10 KB5041580
The KB5041580 update introduces a variety of fixes aimed at resolving persistent issues, including a notable bug that led to the operating system booting into the BitLocker recovery screen. Among the fourteen fixes included in this update, several key highlights are as follows:
- [BitLocker (known issue)] A BitLocker recovery screen may appear during startup, particularly after installing the July 9, 2024 update. This issue is more prevalent when device encryption is enabled. Users can unlock their drives by entering the recovery key from their Microsoft account via Settings > Privacy & Security > Device encryption.
- [Lock screen] This update addresses CVE-2024-38143, restoring the availability of the “Use my Windows user account” checkbox on the lock screen for Wi-Fi connectivity.
- [NetJoinLegacyAccountReuse] The update removes this registry key, further details can be found in KB5020276 regarding domain join hardening changes.
- [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] SBAT is now applied to Windows systems to prevent vulnerable Linux EFI (Shim bootloaders) from executing. Note that this update may affect older Linux ISO images, which might require updates from the respective Linux vendors.
- [FrameShutdownDelay] The browser will now properly recognize the value in the “HKLMSOFTWAREMicrosoftInternet ExplorerMain” registry key.
- [Wi-Fi Protected Access 3 (WPA3)] The HTML preview rendering issue in the Group Policy editor has been resolved.
- [Group Policy Preferences Item Level Targeting (ILT) and Local Users and Groups] Users can now select groups from the target domain for ILT, resolving issues that arose in multi-forest deployments.
- [Transmission Control Protocol (TCP)] The update addresses a system hang during file transfers caused by the TCP send code.
- [Print Support App] This update rectifies issues where the app would become unresponsive when interfacing with USB devices.
- [Universal Print clients] Communication failures with the Universal Print service have been addressed, particularly when Web Proxy Auto Discovery (WPAD) is enabled.
- [Windows Defender Application Control (WDAC)]
- Prevents a stop error when applying more than 32 policies.
- Addresses a memory leak that could exhaust system memory over time.
- Resolves application failures when applying WDAC Application ID policies.
- [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] Updates the list of drivers vulnerable to Bring Your Own Vulnerable Driver (BYOVD) attacks.
- [Windows Backup] Fixes issues where backup operations would fail on devices with an Extensible Firmware Interface (EFI) system partition.
- [DHCP Option 235 (known issue)] Some devices may struggle to utilize Microsoft Connected Cache (MCC) nodes, leading to increased download traffic from the public internet.
Despite these improvements, a lingering issue continues to affect Windows 10 users, manifesting as 0x80070520 errors when attempting to change account profile pictures. For a comprehensive overview of all fixes, users can refer to the KB5041580 support bulletin, as well as last month’s KB5040525 preview update bulletin.
