Download KB5029263, KB5029253 Windows 11 Patch Tuesday Security Update [August 2023]

Patch Tuesday Windows 11Patch Tuesday Windows 11

Key Points

  • KB5029263 applies to Windows 11 22H2, while KB5029253 applies to Windows 11 21H2 (original release).
  • These releases address critical security vulnerabilities, including 2 zero-day exploits.
  • Only security patches have been included in this month’s Patch Tuesday releases for Windows 11 when compared to July’s optional non-security updates.

Microsoft has released security updates for Windows 11 version 22H2 and the original release 21H2. These are cumulative Patch Tuesday updates released on the second Tuesday of August 2023.

KB5029263 applies to Windows 11 22H2 which upgrades the build to 22621.2134, while KB5029253 applies to Windows 11 21H2 which upgrades the build to 22000.2295.

Both of these updates include fixes and improvements for the respective operating systems, but more importantly, they include security upgrades. Together, both of the aforementioned updates address 86 vulnerabilities (74 Microsoft CVEs and 12 non-Microsoft CVEs), and an additional 2 security advisories. Note that 2 of these are zero-day vulnerabilities – one advisory and one CVE.

You can learn more about these security vulnerability fixes on Microsoft’s MSRC vulnerability guide. Set the filter to “Update Tuesday (2nd Tuesday of the month)” and then select “August 2023” in the “Vulnerabilities” tab.

Release Summary: KB5029263, KB5029253

The table below gives a brief summary of these updates and the updated OS builds:

Article KBOS VersionRelease DateUpdated OS Build
KB5029263Windows 11 22H28 August 202322621.2134
KB5029253Windows 11 21H28 August 202322000.2295
August 2023 Patch Tuesday Summary for Windows 11

KB5029263 Changelog

This update includes all the features and improvements introduced in KB5028254 which was released on 26th July 2023. Other than that, no additional improvements have been made except the security patches (discussed ahead in this post).

We have compiled and listed all the new features and improvements in KB5029263 here for you:

  • Security updates: This category includes updates that address security vulnerabilities in Windows. These updates are important to install as soon as possible to protect your system from attack.
    1. This update addresses an issue that affects certain CPUs. There is inconsistent reporting of the L2 cache.
    2. This update addresses an issue that affects the Windows Management Instrumentation (WMI) repository. This causes an installation error. The issue occurs when a device does not shut down properly.
    3. This update addresses an issue that affects certain wireless wide area network (WWAN) devices. After every restart, a dialog reappears. It asks you to switch to an embedded SIM (eSIM) even when you choose “No.”
    4. This update addresses a deadlock in Internet Protocol Security (IPsec). When you configure servers with IPsec rules, they stop responding. This issue affects virtual and physical servers.
    5. This update addresses an issue that affects the MPSSV service. The issues cause your system to restart repeatedly. The stop error code is 0xEF.
  • Performance updates: This category includes updates that improve the performance of Windows. These updates can make your system feel faster and more responsive.
    1. This update makes brightness settings more accurate.
    2. This update addresses an issue that affects Virtual Private Networks (VPN). There might be excessive Address Resolution Protocol (ARP) requests to the network gateway. This occurs when the VPN is on a wireless mesh network that uses an aggressive throttling algorithm. Because of this, network performance is poor.
    3. This update addresses an issue in the Windows Notification Platform. The issue affects how much power your device uses.
    4. This update affects the Windows Push Notification Services (WNS). It makes the connection between the client and the WNS server more reliable.
    5. This update addresses an issue that affects user-mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
  • Feature updates: This category includes updates that add new features to Windows. These updates are not essential to the security or performance of Windows, but they can make your system more versatile and useful.
    1. This update enhances hinting for some of the letters of the Verdana Pro font family.
    2. This update makes the Narrator announce the “Change product key” label.
    3. This update makes Country and Operator Settings Asset (COSA) profiles up to date.
    4. This update addresses an issue that affects a printing job. An unexpected Internet Printing Protocol (IPP) mode switch can abruptly stop the print job. This occurs when there is an independent hardware vendor (IHV) driver.
  • Bug fixes: This category includes updates that fix bugs in Windows. These updates are not as important as security or performance updates, but they can improve the stability and reliability of Windows.
    1. This update addresses an issue that affects hybrid joined devices. You cannot sign in to them if they are not connected to the internet. This occurs when you use a Windows Hello for Business PIN or biometric credentials. This issue applies to a cloud trust deployment.
    2. This update addresses an issue that affects Widgets . They unpin from the taskbar when you do not expect it.
    3. This update addresses an issue that affects text edit controls in XAML and browser controls. You cannot make text edit controls editable again after they become read-only. This occurs when you use the new Microsoft Input Method Editor for Japanese, Chinese, and Korean.
    4. This update addresses an issue that affects the fastfat file system driver. It stops responding because of a race condition.
    5. This update addresses an issue that affects I/O over Server Message Block (SMB). It might fail when you use the LZ77+Huffman compression algorithm.

These are all of the features, improvements, and fixes that KB5029263 offers for Windows 11 22H2. To read more in-depth about these, refer to this Microsoft announcement of KB5029263.

KB5029253 Changelog

This update includes all the features and improvements introduced in KB5028245 which was released on 25th July 2023. Other than that, no additional improvements have been made except the security patches.

We have compiled and listed all of the new features and improvements in KB5029253 here for you:

  • This update addresses an issue that affects virtual private networks (VPN). There might be excessive Address Resolution Protocol (ARP) requests to the network gateway. This occurs when the VPN is on a wireless mesh network that uses an aggressive throttling algorithm. Because of this, network performance is poor.
  • This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.
  • This update affects the Handwriting Software Input Panel (SIP), the Handwriting Engine, and the Handwriting Embedded Inking Control. They now support GB18030-2022 conformance level 2. Because of this, they meet the level 3 requirements.
  • This update affects the Windows Push Notification Services (WNS). It makes the connection between the client and the WNS server more reliable.
  • This update addresses an issue that affects UI Automation and caching mode.
  • This update addresses an issue that affects the Windows Notification Platform. It fails to send notifications from applications to you.
  • This update addresses an issue that affects hybrid joined devices. You cannot sign in to them if they are not connected to the internet. This occurs when you use a Windows Hello for Business PIN or biometric credentials. This issue applies to a cloud trust deployment.
  • This update affects Windows Autopilot profiles. The process to download the Windows Autopilot policy is more resilient. This helps when a network connection might not be fully initialized. This update increases the retry attempts when you try to download the Windows Autopilot profile.
  • This update addresses an issue that might affect Win32 and Universal Windows Platform (UWP) apps. They might close when devices enter Modern Standby. Modern Standby is an expansion of the Connected Standby power model. This issue occurs if certain Bluetooth Phone Link features are turned on.
  • This update addresses an issue that affects the Windows Management Instrumentation (WMI) repository. This causes an installation error. The issue occurs when a device does not shut down properly.
  • This update addresses an issue that affects certain CPUs. There is inconsistent reporting of the L2 cache.
  • This update addresses an issue that affects Event Forwarding Subscriptions. When you add an Event Channel to the subscription, it forwards events you do not need.
  • This update enhances hinting for some of the letters of the Verdana Pro font family.
  • This update affects user-mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
  • This update addresses an issue that might affect your computer when you are playing a game. Timeout Detection and Recovery (TDR) errors might occur.
  • This update affects text edit controls in XAML and browser controls. You cannot make text edit controls editable again after they become read-only. This occurs when you use the new Microsoft Input Method Editor for Japanese, Chinese, and Korean.
  • This update makes the Narrator announce the “Change product key” label.
  • This update addresses an issue that affects the Defender Firewall Profile . It fails to automatically switch from a LAN that is trusted to a public network.
  • This update makes Country and Operator Settings Asset (COSA) profiles up to date.
  • This update addresses a deadlock in Internet Protocol Security (IPsec). When you configure servers with IPsec rules, they stop responding. This issue affects virtual and physical servers.
  • This update addresses an issue that affects the MPSSV service. The issues cause your system to restart repeatedly. The stop error code is 0xEF.
  • This update addresses an issue that affects a Clustered Shared Volume (CSV). The CSV fails to come online. This occurs if you enable BitLocker and local CSV-managed protectors, and the system recently rotated the BitLocker keys.
  • This update addresses an issue that causes Windows to fail. This occurs when you use BitLocker on a storage medium that has a large sector size.
  • This update affects the Windows Kernel Vulnerable Driver Blocklist, DriverSiPolicy.p7b. It adds drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
  • This update addresses an issue that affects the fastfat file system driver. It stops responding because of a race condition.
  • This update addresses an issue that affects refsutil.exe. Options, like salvage and leak, do not work properly on Resilient File System (ReFS) volumes.
  • This update addresses an issue that affects I/O over Server Message Block (SMB). It might fail when you use the LZ77+Huffman compression algorithm.

These are all of the features, improvements, and fixes that KB5029253 offers for Windows 11 21H2. To read more in-depth about these, refer to this Microsoft announcement of KB5029253.

As you may notice, many of the improvements listed above for both updates are similar. However, due to minor differences, it was mandatory to list them both separately.

Other than these improvements and fixes, these updates also include security updates that are common.

Security updates in KB5029263, KB5029253

As mentioned earlier, both of these updates include security updates. In fact, the only change between this month’s Patch Tuesday releases and the last month’s non-security optional updates is the inclusion of security patches.

Out of the 86 vulnerabilities, 6 are deemed of critical importance. It means that their chances of being exploited are high. It is observed that all of these critical vulnerabilities address Remote Code Execution in Microsoft Teams, Microsoft Outlook, and Microsoft Message Queuing.

Here is a quick summary of the critical vulnerabilities in the two updates:

  • Windows 11 version 22H2:  33 vulnerabilities, 3 critical and 30 important
    • Microsoft Message Queuing Remote Code Execution Vulnerability — CVE-2023-35385
    • Microsoft Message Queuing Remote Code Execution Vulnerability — CVE-2023-36910
    • Microsoft Message Queuing Remote Code Execution Vulnerability — CVE-2023-36911
  • Windows 11 version 21H2:  33 vulnerabilities, 3 critical and 30 important
    • Microsoft Message Queuing Remote Code Execution Vulnerability — CVE-2023-35385
    • Microsoft Message Queuing Remote Code Execution Vulnerability — CVE-2023-36910
    • Microsoft Message Queuing Remote Code Execution Vulnerability — CVE-2023-36911

Additionally, 2 zero-day vulnerabilities have also been addressed in this month’s Patch Tuesday updates . These are CVE-2023-38180 which addressed a vulnerability with ASP .NET, and ADV230003 which is about the last month’s Outlook vulnerability.

The security advisory (ADV230003) has a status of “Exploitation detected,” which, in Microsoft’s language, means that they are aware of at least one instance where this vulnerability has been exploited by an attacker.

Known issues in KB5029263, KB5029253

As with every Windows update, these also come with a set of known issues. Known issues are the problems associated with the updates that Microsoft is aware of. Microsoft usually provides a workaround for such issues while they attempt to permanently fix them in a later release.

You can read all about the open (and fixed) known issues with Windows 11 in our dedicated post:

Windows 11 Known Issues

After considering both the improvements and security patches as well as the known issues in these updates, if you still feel like upgrading to this build, continue reading to learn how.

Download and Install KB5029263 & KB5029253

You can install these updates on a Windows 11 PC through Windows Update as well as a standalone installer.

Download and install Windows 11, or check if your system meets the minimum hardware requirements for Windows 11.

Standalone installers

Click on the links below to download the KB article for your Windows 11 version.

KB ArticleWindows VersionDownload
KB5029263Windows 11 22H2x64
ARM64
KB5029253Windows 11 21H2x64
ARM64
Download Windows 11 Patch Tuesday updates for August 2023

To install the update, simply run the downloaded MSU file and Windows will automatically install the update. You can also extract the CAB file from the MSU file and install it.

To download any other updates related to any of the above, please check the Microsoft Catalog.

Windows Update

Perform the following steps to download and install the Patch Tuesday update on your Windows 11 computer :

  1. Navigate to the following:

    Settings app >> Windows Update
  2. Click “Check for updates.”

    check for updates Windows 11
    Check for pending updates

    You will see one of the following updates downloading and installing automatically, depending on your Windows 11 version:

    2023-08 Cumulative Update for Windows 11 Version
    
    
    
     22H2 for x64-based Systems (KB5029263)
    2023-08 Cumulative Update for Windows 11 for x64-based Systems (KB5029253)
  3. Click “Restart now” when the update has been installed.

    Restart computer
    Restart computer

Once the computer restarts, the update will be successfully installed. To confirm this, check the updated build number by typing in “winver” in the Run Command box.

KB5029263 successfully installed on Windows 11 22H2
KB5029263 successfully installed on Windows 11 22H2

Rollback/Remove Windows 11 Cumulative Update

If you do not wish to keep the installed update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update.

To roll back after 10 days, you will need to apply this trick.

Cleanup After Installing Windows Update

If you want to save space after installing Windows updates, you can run the following commands one after the other in Command Prompt with administrative privileges:

dism.exe /Online /Cleanup-Image /AnalyzeComponentStore
dism.exe /Online /Cleanup-Image /StartComponentCleanup
Cleanup after Windows update installation
Cleanup after Windows update installation

Block KB5029263 or KB5029253 from installing

Since these are mandatory updates, they will download and install themselves on the schedule. If you want to block them from installing, temporarily or permanently, you can follow the steps below:

  1. Download the “Show or hide updates” tool from Microsoft.

  2. Run the utility and click Next to start the scanning process.

    Show or hide updates
    Show or hide updates
  3. Next, click the “Hide updates” button.

    Hide updates
    Hide updates
  4. Select the updates you want to block and click Next.

    This automatically hides the update from Windows Update and it will not be installed during the next update process.

  5. Click the Close button.

If you want to unhide or show hidden updates, run the tool again and select “Show hidden updates” instead of “Hide updates.” The rest of the process is the same.

Windows 11 KB5029263 and KB5029253 hands on

We have installed KB5029263 through Windows Update on one of our VMs and gained some insight that we’d like to share with our readers.

Although we had previously installed last month’s non-security update KB5028254, it still took a significant amount of time for KB5029263 to download. But once downloaded without interruptions, it was a straightforward process to install.

After it was installed, there were no visible changes within the OS, or in its functionality. This seems true since the release notes do not mention any new features either.

Furthermore, after having done some research, at the time of writing this post, no additional issues (other than the known issues) had been reported by any Windows 11 22H2 or 21H2 users .

Windows 11 Patch Tuesday History

KB ArticleOS VersionBuildRelease DateSignificant ChangesAnnouncement
KB503476523H2, 22H2226X1.315513-2-24Fixed Narrator, search in Start menu, and more. Moved Copilot icon in taskbar to the rightMicrosoft announcement of KB5034765
KB503412323H2, 22H2226X1.30079-Jan-23Improved weather widget on lock screen, fixed Wi-Fi connectivity issue for education and corporate usersMicrosoft announcement of KB5034123
KB503337523H2, 22H2226X1.286112-Dec-23Copilot improvements, Windows Spotlight to be the default backgroundMicrosoft announcement of KB5033375
KB503219023H2, 22H2226X1.2715 14-Nov-23Enable Moment 4 features, addresses zero-day vulnerabilities, introduces issues with Copilot and COLRv1.Microsoft announcement of KB5032190
KB503135422H222621.242810-Oct-23Introduces Copilot and Dev Drives, new voice access commands, improvements to Settings app and File ExplorerMicrosoft announcement of KB5031354
KB503021922H222621.228312-Sep-23Improved Search app, search flyout box on hover, easily tab through search resultsMicrosoft announcement of KB5030219
KB502926322H222621.21348-Aug-23Addresses VPN issues, more accurate brightness levels, notifications more reliableMicrosoft Announcement of KB5029263
KB502925321H222000.22958-Aug-23Addresses VPN issues, reliable notificationsMicrosoft Announcement of KB5029253
KB502818522H222621.199211-Jul-23Share local files with Outlook contacts, 78 vulnerabilities addressesMicrosoft Announcement of KB5028185
KB502818221H222000.217611-Jul-23Announcement of some Windows 11 22H2 editions EOL, share local files with Outlook contacts Microsoft Announcement of KB5028182
KB502723122H222621.184813-Jun-23Fixes a known issue with 32-bit apps, addresses a Windows kernel information disclosure vulnerabilityMicrosoft Announcement of KB5027231
KB502722321H222000.205713-Jun-23Fixes a known issue with 32-bit apps, addresses a Windows kernel information disclosure vulnerabilityMicrosoft Announcement of KB5027223
KB502637222H222621.17029-May-23Option to get the latest non-security updates immediately, new animations in the Widgets iconsMicrosoft Announcement of KB5026372
KB502636821H222000.19369-May-23Addresses issues with LSASS and other fixesMicrosoft Announcement of KB5026368
KB502523922H222621.155511-Apr-23Microsoft account notifications in the Start menu, the search box will be lighter in a custom color theme, and a plethora of fixesMicrosoft Announcement of KB5025239
KB502522421H222000.181711-Apr-23Fixes known issues with kiosk devicesMicrosoft Announcement of KB5025224
KB502370622H222621.141314-Mar-23AI Bing search box, iOS linking, tabbed notepad, screen recording from Snipping Tool, redesigned Quick AssistMicrosoft Announcement of KB5023706
KB502369821H222000.169614-Mar-23Phase three of DCOM hardening, other fixesMicrosoft Announcement of KB5023698
KB502284522H222621.126514-Feb-23.NET Framework updates integrated into UUP-based feature updatesMicrosoft Announcement of KB5022845
KB502283621H222000.157414-Feb-23– Combines Windows Spotlight with Themes on the Personalization page
– Multiple changes to the Accounts Settings page
Microsoft Announcement of KB5022836
KB502230322H222621.110510-Jan-23– ODBC Connectivity with SQL Server fixed.
– Local Session Manager security issues fixed
Microsoft Announcement of KB5022303
KB502228721H222000.145510-Jan-23– ODBC Connectivity with SQL Server fixed.
– Local Session Manager security issues fixed
Microsoft Announcement of KB5022287
KB502125522H222621.96313-Dec-22-UI discrepancies in Task Manager are fixed
-DPAPI decryption issue is fixed
Microsoft Announcement of KB5021255
KB5021234 21H222000.133513-Dec-22-UI discrepancies in Task Manager are fixed
-DPAPI decryption issue is fixed
Microsoft Announcement of KB5021234
KB501998022H222621.8198-Nov-22Task Manager option added to taskbar’s context menuMicrosoft Announcement of KB5019980
KB501996121H222000.12198-Nov-22Task Manager option added to taskbar’s context menuMicrosoft Announcement of KB5019961
Changelog for Windows 11 Patch Tuesday updates
If you liked this post, Share it on:

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave the first comment