Microsoft has released KB5021255 for Windows 11 22H2, and KB5021234 for Windows 11 21H2 original release. These Windows 11 updates include some fixes and many security patches for the operating system. Together, the 2 updates fix a total of 57 vulnerabilities. However, they do not include any new features. You can learn more about these security vulnerability fixes on Microsoft’s MSRC vulnerability guide.
Release Summary: KB5021255 & KB5021234
The table below gives a brief summary of these updates and the updated OS builds:
KB5021255 (Windows 11 22H2)
Fixes and improvements
Since this update includes all the fixes and improvements that came with KB5020044, we will list all the fixes here (old and new) for your ease.
[New] This update addresses an issue that might affect Data Protection Application Programming Interface (DPAPI) decryption. The decryption of a certificate’s private key might fail. Because of this, a virtual private network (VPN) and other 802.1 certificate-based authentications might fail. This issue might occur when you encrypt the DPAPI master key with the wrong value.[New] A known issue that might affect Task Manager has been addressed. It used to display certain elements in the user interface (UI) in unexpected colors. Some parts of the UI might not be readable. This issue occurred if you have “Choose your mode” set to “Custom” in the Personalization » Colors section of Settings.It gives Microsoft OneDrive subscribers storage alerts on the Systems page in the Settings app. The alerts appear when you are close to your storage limit. You can also manage your storage and purchase additional storage if needed.It provides the full amount of storage capacity of all your OneDrive subscriptions. It also displays the total storage on the Accounts page in the Settings app.It combines Windows Spotlight with Themes on the Personalization page. This makes it easier for you to discover and turn on the Windows Spotlight feature.It adds a new mobile device management (MDM) policy for organizational messages. It gives your company the option to enroll tenant devices so that they receive custom messages from you.An issue that affects some modern applications is addressed. It stopped them from opening.An issue that affects some devices that are managed by an enterprise is fixed. The reliability of app installations has been improved for them.The suspension of daylight saving time (DST) in the Republic of Fiji for this year is addressed.An issue that affects Distributed Component Object Model (DCOM) authentication hardening is fixed. Windows will now automatically raise the authentication level for all non-anonymous activation requests from DCOM clients to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY.An issue that affects Unified Update Platform (UUP) on-premises customers has been fixed. It removed the block that stops them from getting offline language packs.An issue that affects process creation is fixed. It failed to create security audits for it and other related audit events.An issue that affects cluster name objects (CNO) or virtual computer objects (VCO) is fixed. Password resets previously failed. The error message that came up was ” There was an error resetting the AD password… // 0x80070005”.An issue that affects transparency in layered windows is fixed. This occurred when you are in High Definition remote applications integrated locally (RAIL) mode.A known issue that affects the Input Method Editor (IME) has been addressed. Certain applications may stop responding entirely. This occurred when you used keyboard shortcuts to change the input mode of the IME.An issue that affects microphone streams that use the Listen To feature to route to the speaker endpoint is fixed. The microphone stopped working after you restarted the device.An issue that might affect applications that run on the Windows Lock Down Policy (WLDP) is fixed.An issue that affects Microsoft Defender when it is not the primary antivirus is now fixed. Microsoft Defender failed to turn off passive mode. This issue occurred when you turned off the Smart App Control (SAC).This update adds .wcx to the list of Dangerous Extensions that some app control policies do not allow.An issue that affects Microsoft Defender for Endpoint is fixed. Automated investigation blocks live response investigations.An issue that affects printing in landscape mode in Microsoft Edge has been fixed. The print output was incorrect. This issue occurred when you used Microsoft Defender Application Guard.An issue that causes File Explorer to stop working is fixed.An issue that might cause certain apps to stop responding has been addressed. This occurred when you used the Open File dialog.An issue that sometimes affects File Explorer when you open a file is fixed. Because of this issue, there was high CPU usage.An issue that affects protocol activation of the Settings app is fixed. The app failed to open a page under the Accounts category.An issue that affects a computer account is addressed. The use of non-standard characters can stop the cleanup of the Out of Box Experience (OOBE) accounts.An issue that affects the CopyFile function is fixed. It might sometimes return the error 317: ERROR_MR_MID_NOT_FOUND.An issue that affects the Windows Firewall service is addressed. It did not start when you turned on the Override block rules option.An issue that affects the performance of some games and applications has been addressed. This issue is related to GPU performance debugging features.An issue that affects cumulative update installations has been addressed. They failed to install, and the error code was 0x800f0806.
With these improvements, there are also some known issues that you should be aware of before upgrading to this build.
Known Issues
Provisioning Windows 11
Microsoft warns its users that provisioning the Windows 11 version 22H2 might not work as expected and may cause issues. It can cause the Windows 11 operating system to be configured only partially or can cause the OS to restart when on the Out Of Box Experience (OOBE) screens. Provisioning is done by IT administrators when setting up new devices for businesses or schools using .PPKG files. Currently, the only workaround Microsoft came up with is to provision the Windows device before upgrading to the 2022 update, while they work on a permanent fix.
Slow File Transfers
Another issue that Microsoft acknowledged is the slow file transfers in Windows 11 22H2. As per an earlier announcement on Microsoft Tech Community, the company confirmed that updating your operating systems to Windows 11 2022 Update slows down file transfers of larger files (files in GBs) by almost 40% of the regular speed. Since the file transfer uses the SMB protocol, there ought to be an issue with the protocol itself resulting in slower file transfer speeds for larger files. However, according to Microsoft, the problem isn’t with the protocol. As a workaround, Microsoft recommends using the Robocopy command-line utility to transfer files from one place to another over the network. This will restore the transfer speeds to the older Windows 11 version 21H2 speed. Alternatively, you can also use the xcopy command with a similar syntax to Robocopy. Learn how to use Robocyopy and Xcopy top copy folder structure without files. You can use the command Robocopy with the /J switch to transfer large files without buffering. Here is the syntax to be used in an elevated Command Prompt: Replace someserver and someshare with the complete server name and file name that needs to be copied, respectively. Also, replace somefolder with the name of the folder where you want to replace the copied file, and somefile.exe with the file name and extension you wish to save the file as. This is the only workaround for now till Microsoft works on a permanent fix.
Unable to Connect to Direct Access
After installing KB5021255, users that use Direct Access might be unable to reconnect after losing network connectivity or switching between Wi-Fi access points. To resolve this, Microsoft suggests that you restart your computer. However, if that does not work, you can use the Known Issue Rollback (KIR) Group Policy, which can be downloaded from the link below: Download Known Issue Rollback Group Policy for Windows 10 Note: The policy will need to be installed and configured according to your Windows version, which you can confirm by typing in winver in the Run Command box. Once downloaded, navigate to the given path below inside the Group Policy editor to configure it: Here, you will find the respective group policies for your Windows version:
KB5018427 221029_091533 Known Issue Rollback – For Windows 11 22H2KB5018483 220927_043051 Known Issue Rollback – For Windows 11 21H2KB5018485 220927_043049 Known Issue Rollback – For Windows Server 2022KB5018482 220927_043047 Known Issue Rollback – For Windows 10 (22H2, 21H2, 21H1, 20H2)
Apps using ODBC May Not Connect
After installing this update, apps that use ODBC connections through Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might not connect. Additionally, you might receive one of the following error messages in the app:
The EMS System encountered a problem. Message: [Microsoft][ODBC SQL Server Driver] Protocol error in TDS Stream.The EMS System encountered a problem. Message: [Microsoft][ODBC SQL Server Driver] Unknown token received from SQL Server.
To check if you are using an affected app, open the app that connects to a database. Open a Command Prompt window and run the following command: If the command lists a task, then the app might be affected. Currently, Microsoft has not given a fix for this issue. But hopefully, it will be resolved in a future update. After considering both the improvements as well as the known issues in this update, if you still feel like upgrading to this build, continue reading to learn how.
KB5021234 (Windows 11 21H2)
Fixes and improvements
Since this update includes all the fixes and improvements that came with KB5019157, we will list all the fixes here (old and new) for your ease.
[New] This update addresses an issue that affects remote networks. This issue stopped you from reconnecting to them using DirectAccess.[New] This update addresses an issue that might affect Data Protection Application Programming Interface (DPAPI) decryption. The decryption of a certificate’s private key might fail. Because of this, a virtual private network (VPN) and other 802.1 certificate-based authentications might fail. This issue might occur when you encrypt the DPAPI master key with the wrong value.It provides the Quick Assist application for the client device.[Enterprise edition only] It provides a way to authenticate Azure Active Directory joined devices to determine if they are on a trusted network. This helps the Windows Defender Firewall to apply the right policies as configured by your organizationSome persistent update failures for the Microsoft Store have been addressed.The suspension of daylight saving time (DST) in the Republic of Fiji for this year is addressed.An issue that affects some devices that are managed by an enterprise is fixed. It improves the reliability of app installations for them.An issue that affects Unified Update Platform (UUP) on-premises customers is fixed. It removes the block that stops them from getting offline language packs.An issue that affects cluster name objects (CNO) or virtual computer objects (VCO) is addressed. The displayed error message was “There was an error resetting the AD password… // 0x80070005”.An issue that affects Microsoft Direct3D 9 (D3D9) has been fixed. It caused D3D9 to stop working when you used Microsoft Remote Desktop.An issue that affects the Windows Firewall service is fixed. It did not start when you turned on the Override block rules option.An issue that might affect applications that run on the Windows Lock Down Policy (WLDP) is fixed.An issue that affects Microsoft Defender for Endpoint is addressed. Automated investigation blocks live response investigations.An issue that affects TextInputHost.exe is fixed. It stopped responding.An issue that affects pinned apps on the Start menu has been addressed. The Start menu stopped working when you moved between pages of pinned apps. This issue occurred when the language is a right-to-left (RTL) language.
With these improvements, there are also some known issues that you should be aware of before upgrading to this build.
Known Issues
KB5021234 has 2 of the same issues as KB5021255. The apps using ODBC may not connect, and some users may be unable to connect to Direct Access.
Download and Install KB5021255 & KB5021234
You can install these updates on a Windows 11 PC through Windows Update as well as a standalone installer. Download and install Windows 11, or check if your system meets the minimum hardware requirements for Windows 11.
Download KB5021255 Offline Installers
To download KB5021255 MSU offline installer for Windows 11 22H2, click on the respective link below: Download Windows 11 KB5021255 for x64-based systems [267.0 MB] Download Windows 11 KB5021255 for ARM-based systems [373.0 MB]
Download KB5021234 Offline Installers
To download KB5021234 MSU offline installer for Windows 11 21H2, click on the respective link below: Download Windows 11 KB5021234 for x64-based systems [315.5 MB] Download Windows 11 KB5021234 for ARM-based systems [432.6 MB] To install the update, simply run the downloaded MSU file and Windows will automatically install the update. You can also extract the CAB file from the MSU file and install it. To download any other updates related to any of the above, please check the Microsoft Catalog.
Windows Update
Perform the following steps to download and install the Patch Tuesday update on your Windows 11 computer: Once the computer reboots, the update will be successfully installed. To confirm this, check the updated build number by typing in winver in the Run Command box.KB5021255 successfully installed on Windows 11 22H2 When installed, click Restart Now to finalize the installation.Restart the computer to finalize Windows update installation
Rollback/Remove Windows 11 Cumulative Update
If you do not wish to keep the installed update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update. To roll back after 10 days, you will need to apply this trick.
Cleanup After Installing Windows Update
If you want to save space after installing Windows updates, you can run the following commands one after the other in Command Prompt with administrative privileges:
Block KB5021255 or KB5021234 from Installing
Since these are mandatory updates, they will download and install themselves on the schedule. If you want to block them from installing, temporarily or permanently, you can follow the steps below: If you want to unhide or show hidden updates, run the tool again and select Show hidden updates instead of “Hide updates.” The rest of the process is the same.
Final Analysis
Patch Tuesday updates are thoroughly vetted by Microsoft and other Insider users through feedback. Moreover, type C and D updates are also released prior to Patch Tuesday updates to address any remaining issues. Even so, the final update is not without its problems. Users on Windows 11 21H2 may experience some issues, but there are more issues with version 22H2. If you have to transfer large files, then updating to this build would definitely be a problem for you. However, if it is an occasional transfer of data, then you can use the Robocopy or xCopy cmdlet to get the job done quickly.
Windows 11 Patch Tuesday History
Also see:
Download KB5021233 Patch Tuesday Update For Windows 10 22H2, 21H2, 21H1, & 20H2Download June 2022 Patch Tuesday Update For Windows 11 (KB5014697)Download August 2022 Patch Tuesday Updates For Windows 11 (KB5016629)Download July 2022 Patch Tuesday Updates For Windows 11 (KB5015814)April 2022 Patch Tuesday: Download KB5012592 Cumulative Update for Windows 11