KB5020387 And KB5020435 Fix SSL And TLS Connections For Windows 11 (21H2) And Windows 10

Microsoft has released out-of-band updates for both Windows 10 and Windows 11 21H2. These updates address an SSL and TLS handshake issue. Download and install the update through the standalone installer given in this post.

Windows 11 Cumulative Update

Microsoft has released 2 out-of-band updates for Windows 11 and Windows 10, which are KB5020387 and KB5020435, respectively. Both of these updates address the same issue. Note that the Windows 11 update is for those users who are still on the 21H2 version and have not upgraded to Windows 11 22H2.

Usually, when an update is published, it is made available through Windows Update as well as standalone installers. However, these updates are only available to download through Microsoft Catalog, which means standalone installers only. You can also download them from the direct download links shared below.

Furthermore, since these updates address the Secure Socket Layer (SSL) and Transport Layer Security (TLS) connections, we would suggest that you install them right away.

Let us take a close look at these releases.

New Builds after Installing the Updates

The table below briefly gives information on what the new builds of the operating systems would be after installing the respective update.

UpdateOSOS VersionNew Build
KB5020387Windows 1121H222000.1100
KB5020435Windows 1021H219044.2132
KB5020435Windows 1021H119043.2132
KB5020435Windows 1020H2 (Edu, Enterprise, and IoT Enterprise)19042.2132
Windows 11/10 Builds after installing the update

You can check your operating system’s version and build by typing in winver in the Run Command box.

Windows 11 KB5020387 (Build 22000.1100) Summary

Here are some of the important details about this build for Windows 11.

Complete Release BuildCumulative Update for Windows 11 21H2 for x64-based Systems (10.0.22000.1100) (KB5020387)
ChannelStable (Flight Hub)
Release DateMonday, October 17th, 2022
Official Announcementhttps://support.microsoft.com/en-us/topic/october-17-2022-kb5020387-os-build-22000-1100-out-of-band-5e723873-2769-4e3d-8882-5cb044455a92
System Requirementshttps://www.itechtics.com/windows-11-requirements-check/
Download and installEither from Microsoft Catalog or the direct download links shared below.
Windows 11 KB5020387 Summary

Windows 10 KB5020435 (Build 1904X.2132) Summary

Here are some of the important details about this build for Windows 10.

Complete Release BuildCumulative Update for Windows 10 version XXXX for x86/64-based Systems (KB5020435)
ChannelStable (Flight Hub)
Release DateMonday, October 17th, 2022
Official Announcementhttps://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5
Download and installEither from Microsoft Catalog or the direct download links shared below.
Windows 10 KB5020435 Summary

Channel-wise Windows 11 Builds

Here is the list of the latest Windows 11 builds and versions for each channel for your information:

Windows 11 Latest Versions Numbers

Windows 11 ChannelRelease DateBuild/Version Information
Windows 11 (22H2) Stable25-Oct-22Windows 11 22H2 Build 22621.755
Windows 11 (21H2) Stable17-Oct-22Windows 11 21H2 Build 22000.1100
Windows 11 22H2 Release Preview19-Oct-22Windows 11 22H2 Build 22621.754
Windows 11 21H2 Release Preview18-Oct-22Windows 11 21H2 Build 22000.1163
Windows 11 Beta20-Oct-22Windows 11 22H2 Build 22623.870/22621.870
Windows 11 Dev27-Oct-22Windows 11 Build 25231
Windows 11 latest versions and builds summary

New in KB5020387 And KB5020435

As we mentioned earlier, both of these updates address the same issue in Windows 10 and 11.

Microsoft has addressed an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections.

These connections may have had handshake failures before the fix. For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of fewer than 5 bytes within a single input buffer. If the connection fails, a developer’s app will receive the error, “SEC_E_ILLEGAL_MESSAGE.”

No other improvements or fixes have been made to the operating systems.

Known Issues

In the case of KB5020387 for Windows 11, Microsoft is not currently aware of any issues. However, there are a few with KB5020435 for Windows 10:

  • An issue with the standalone (clean) installation of Windows 10 with this update is causing Microsoft Edge Legacy to be removed. However, it is not being replaced by the new Chromium-based Edge. This occurs only when Windows has a custom offline media or an ISO image installed that does not include the 29th March 2021 SSU update. Microsoft suggests that you either install the March SSU update through slipstreaming or simply update an existing OS through Windows Update, so you will not be facing this issue. Alternatively, you can simply download and install the new Microsoft Edge if you have already encountered this problem.
  • There may be some audio-related issues after installing this update, but Microsoft has already suggested a workaround for it.

Download KB5020387

Click on the download link given below to download KB5020387 for Windows 11 21H2:

Download KB5020387 for Windows 11 21H2 [306.3 MB]

Download KB5020435

Click on the download link given below to download KB5020435 for Windows 10:

Windows 10 Version 21H2

Download KB5020435 for Windows 10 Version 21H2 64-Bit [683.9 MB]

Download KB5020435 for Windows 10 Version 21H2 32-Bit [352.4 MB]

Windows 10 Version 21H1

Download KB5020435 for Windows 10 Version 21H1 64-Bit [683.9 MB]

Download KB5020435 for Windows 10 Version 21H1 32-Bit [352.4 MB]

Windows 10 Version 20H2

Download KB5020435 for Windows 10 Version 20H2 64-Bit [683.9 MB]

Download KB5020435 for Windows 10 Version 20H2 32-Bit [352.4 MB]

To install the update, simply run the downloaded MSU file and Windows will automatically install the update. You can also extract the CAB file from the MSU file and install it.

To download any other updates related to any of the above, please check the Microsoft Catalog.

Rollback/Remove Windows Cumulative Update

If you do not wish to keep the installed update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update.

To roll back after 10 days, you will need to apply this trick.

Cleanup After Installing Windows Update

If you want to save space after installing Windows updates, you can run the following commands one after the other in Command Prompt with administrative privileges:

dism.exe /Online /Cleanup-Image /AnalyzeComponentStore
dism.exe /Online /Cleanup-Image /StartComponentCleanup
dism cleanup
DISM cleanup

Also see:

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave a Reply

You have to agree to the comment policy.