It is now the second Tuesday of the month, and all of us Microsoft geeks know it’s Patch Tuesday. The Windows updates released on Patch Tuesday are cumulative updates, which means that they will install all features and implement all fixes released in the previous Windows updates.
Microsoft has released KB5023696 for Windows 10 versions 22H2, 21H2, & 20H2 (Enterprise and Education editions).
KB5023696 includes some fixes and many security patches for the operating system. However, it does not include any new significant features. That said, it does address 2 zero-day vulnerabilities with Microsoft Outlook and SmartScreen.
You can learn more about the security vulnerability fixes on Microsoft’s MSRC vulnerability guide.
Table of contents
- KB5023696 Release Summary
- Fixes and Improvements in KB5023696
- Known Issues in KB5023696
- Download and Install Windows 10 KB5023696
- Rollback/Remove Windows 10 Cumulative Update
- Cleanup After Installing Windows Updates
- Block KB5023696 from Installing
- Final Analysis
KB5023696 Release Summary
The table below gives a brief summary of the update and the updated OS builds:
|Article KB||OS and Version||Release Date||Updated OS Build|
|KB5023696||Windows 10 22H2||14 Mar 2023||19045.2728|
|KB5023696||Windows 10 21H2||14 Mar 2023||19044.2728|
|KB5023696||Windows 10 20H2 (Enterprise and Education editions only)||14 Mar 2023||19042.2728|
Fixes and Improvements in KB5023696
This update includes all the improvements that were introduced in KB5022906 which was released on 21st February 2023 and was a Type C update, and then some. We have compiled and listed all of the updates below:
- CVE-2023-24880 – is a Windows SmartScreen Security Feature Bypass Vulnerability. Microsoft also confirmed that exploitation was detected for this vulnerability and was publicly disclosed.
- CVE-2023-23397 – is a Microsoft Outlook Elevation of Privilege Vulnerability. It’s already confirmed that the exploitation was detected. However, this vulnerability is not publicly disclosed.
- This update implements phase three of Distributed Component Object Model (DCOM) hardening. After you install this update, you cannot turn off the changes using the registry key.
- This update addresses an issue that affects a computer account and Active Directory. When you reused an existing computer account to join an Active Directory domain, joining failed. This occurred on devices that have installed Windows updates dated October 11, 2022, or later.
- This update improves your experience when you use Windows Spotlight on your lock screen. The informational links open faster.
- This update addresses an issue that affects IE mode. The text on the status bar is not always visible.
- This update addresses accessibility issues. They affected Narrator on the Settings home page.
- This update addresses an issue that stops hyperlinks from working in Microsoft Excel.
- This update addresses an issue that affects a certain streaming app. The issue stops video playback after an advertisement plays in the app.
- This update addresses an issue that affects the Appx State Repository. When you remove a user profile, the cleanup is incomplete. Because of this, its database grows as time passes. This growth might cause delays when users sign in to multi-user environments like FSLogix.
- This update affects the United Mexican States. This update supports the government’s daylight saving time change order for 2023.
- This update addresses a resource conflict issue between two or more threads (known as a deadlock). This deadlock affects COM+ applications.
- This update addresses an issue that affects cbs.log. This issue logs messages that are not error messages in cbs.log.
- This update improves how the Remove-Item cmdlet works for Microsoft OneDrive folders.
- This update addresses an issue that affects AppV. It stops file names from having the correct letter case (uppercase or lowercase).
- This update addresses an issue that affects Microsoft Edge. The issue removes conflicting policies for Microsoft Edge. This occurs when you set the MDMWinsOverGPFlag in a Microsoft Intune tenant and Intune detects a policy conflict.
- This update addresses an issue that affects Azure Active Directory (Azure AD). Using a provisioning package for bulk provisioning fails.
- This update addresses an issue that affects MSInfo.exe. It does not correctly report the enforcement status of the Windows Defender Application Control (WDAC) user mode policy.
- This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This occurs after you run Sysprep on a domain-joined machine.
- This update addresses an issue that affects virtual machines (VM). They stop responding when you add a new disk to a storage pool in thin provisioning scenarios.
Many of these fixes are the same as for Windows 11 Patch Tuesday for March 2023.
With these improvements, there are also some known issues with this update.
Known Issues in KB5023696
An issue with the standalone (clean) installation of Windows 10 with this update is causing Microsoft Edge Legacy to be removed. However, it is not being replaced by the new Chromium-based Edge.
This occurs only when Windows has a custom offline media or an ISO image installed that does not include the 29th March 2021 SSU update. Microsoft suggests that you either install the March SSU update through slipstreaming or simply update an existing OS through Windows Update, so you will not be facing this issue.
Alternatively, you can simply download and install the new Microsoft Edge if you have already encountered this problem.
Download and Install Windows 10 KB5023696
This update can be installed through Windows Update and standalone installers.
We have given the direct download links to the standalone installers below, using which you can install the update on your respective Windows 10 version, or you can simply update to the latest build using Windows Update through the given guide below.
For Windows 10 Version 22H2
Download KB5023696 for Windows 10 Version 22H2 64-Bit [700.7 MB]
Download KB5023696 for Windows 10 Version 22H2 32-Bit [359.3 MB]
For Windows 10 Version 21H2
Download KB5023696 for Windows 10 Version 21H2 64-Bit [700.7 MB]
Download KB5023696 for Windows 10 Version 21H2 32-Bit [359.3 MB]
For Windows 10 Version 20H2 (Enterprise & Education Editions)
Download KB5023696 for Windows 10 Version 20H2 64-Bit [700.7 MB]
Download KB5023696 for Windows 10 Version 20H2 32-Bit [359.3 MB]
To install the update, simply run the downloaded MSU file and Windows will automatically install the update. To download any other updates related to any of the above, please check the Microsoft Catalog.
To install this update via Windows Update, you need to be running Windows 10 version 22H2, 21H2, or 20H2 (Enterprise or Education editions). To check your version of the operating system, type in winver in the Run Command box and press Enter.
Once ensured you have the right OS version, perform the following steps to install KB5023696:
Navigate to the following:
Settings app >> Update and Security >> Windows Update
Here, click Check for updates from the right side of the app.
Once the update is downloaded and installed, click Restart Now.
You will now see the following update download and install automatically:
2023-03 Cumulative Update for Windows 10 Version 2XHX for x64/32-based Systems (KB5023696)
When it downloads, click “Restart now.”
Once the computer reboots, the update will be successfully installed. To confirm this, check the updated build number by typing in winver in the Run Command box.
Rollback/Remove Windows 10 Cumulative Update
If you do not wish to keep the installed update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update.
To roll back after 10 days, you will need to apply this trick.
Cleanup After Installing Windows Updates
If you want to save space after installing Windows updates, you can run the following commands one after the other in Command Prompt with administrative privileges:
dism.exe /Online /Cleanup-Image /AnalyzeComponentStore dism.exe /Online /Cleanup-Image /StartComponentCleanup
Block KB5023696 from Installing
Since these are mandatory updates, they will download and install themselves on the schedule. If you want to block them from installing, temporarily or permanently, you can follow the steps below:
Download the “Show or hide updates” tool from Microsoft.
Run the utility and click Next to start the scanning process.
Next, click the Hide updates button.
Select the updates you want to block and click Next.
This automatically hides the update from Windows Update and it will not be installed during the next update process.
Press the Close button to close.
If you want to unhide or show hidden updates, run the tool again and select Show hidden updates instead of “Hide updates.” The rest of the process is the same.
Patch Tuesday updates are thoroughly vetted by Microsoft and other Insider users through feedback. Moreover, type C and D updates are also released prior to Patch Tuesday updates to address any remaining issues. Even so, the final update is not without its problems.
Nonetheless, we still recommend that you install the latest cumulative updates to patch up those vulnerabilities and keep your systems safe from outside threats.
Windows 10 Patch Tuesday History
|KB Article||OS Versions||Build||Release Date||Significant Changes||Announcement|
|KB5023696||22H2, 21H2, 20H2||1904X.2728||14-Mar-23||– Improved Windows Spotlight experience on the lock screen, fixed AD joining issue and others||Microsoft Announcement of KB5023696|
|KB5022834||22H2, 21H2, 20H2||1904X.2604||14-Feb-23||– Fixes audio issues with IoT devices||Microsoft Announcement of KB5022834|
|KB5022282||22H2, 21H2, 20H2||1904X.2486||10-Jan-23||-Microsoft ODBC SQL Server Driver connectivity issue resolved||Microsoft Announcement of KB5022282|
|KB5021233||22H2, 21H2, 21H1, 20H2||1904X.2364||13-Dec-22||-Search bar will now appear by default on the taskbar|
-Cortana won’t be pinned in the taskbar by default
|Microsoft Announcement of KB5021233|
|KB5019959||22H2, 21H2, 21H1, 20H2||1904X.2251||8-Nov-22||-Fixes to Microsoft Direct3D 9 and DCOM||Microsoft Announcement of KB5019959|
- Windows 10 Cumulative Update KB5009543 Released For 21H2, 21H1, 20H2
- Windows 10 Cumulative Update KB5008212 Released for 21H2, 21H1, 20H2, 2004
- February 2022 Patch Tuesday: KB5010342 for Windows 10 21H2, 21H1, 20H2
- Download Cumulative Update KB5006670 for Windows 10 v21H1, v20H2, and v2004
- Download KB4601319 Cumulative Update For Windows 10 20H2, 2004 And 21H1