Applies ToWindows 10, version 22H2, all editions

Release Date:

23/01/2024

Version:

OS Build 19045.3996

11/17/20

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page.   

Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.

 Highlights

  • This update addresses an issue that affects some single-function printers. They might install as a scanner.

  • New! The coming weeks will bring a richer weather experience to your lock screen. This includes dynamic, interactive weather updates. So, as you hover over the weather on your lock screen, you will see more information. When you tap or click on the weather card and sign in, Microsoft Edge opens with the full forecast in MSN weather. If you already use Weather in Settings > Personalization > lock screen > Lock screen status, there is nothing for you to do. Also, this new experience will be on by default if Lock screen status is set to “None.” Like today, lock screen status will be available when you lock your screen no matter which personalization option you select (Windows spotlight, Picture, or Slideshow).

Improvements

Important: Use EKB KB5015684 to update to Windows 10, version 22H2.

This non-security update includes quality improvements. When you install this KB:

  • Microsoft has been working to ensure compliance with the Digital Markets Act (DMA) in the European Economic Area (EEA). To learn more, see Previewing changes in Windows to comply with the Digital Markets Act in the European Economic Area. These changes will gradually roll out to Windows 10, version 22H2 PCs in the EEA to be compliant by March 6, 2024.

  • This update addresses an issue that affects an Internet Explorer shortcut. After you use a policy to remove it, the shortcut reappears.

  • This update addresses an issue that affects Windows Management Instrumentation (WMI). A caching issue occurs. The issue causes CurrentTimeZone to change to the wrong value.

  • This update addresses an issue that affects XPath queries on FileHash and other binary fields. It stops them from matching values in event records.

  • This update addresses a known issue that affects BitLocker data-only encryption. A mobile device management (MDM) service, such as Microsoft Intune, might not get the right data. This occurs when you use the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node.

  • This update addresses an issue that affects the Code Integrity Module (ci.dll). This issue stops your device from responding.

  • This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

  • This update affects Unified Extensible Firmware Interface (UEFI) Secure Boot systems. It adds a renewed signing certificate to the Secure Boot DB variable. You can now opt for this change. For more details, see KB5036210.

  • This update addresses an issue that stops you from reconnecting to an existing Remote Desktop session. Instead, you get a new one.

  • This update addresses an issue that occurs when you change the keyboard language. The change fails to apply to RemoteApps in some scenarios.

  • This update addresses an issue that affects Windows Local Administrator Password Solution (LAPS) Post Authentication Actions (PAA). The actions occur at restart instead of at the end of the grace period.

  • This update addresses an issue that affects Active Directory. Bind requests to IPv6 addresses fail. This occurs when the requestor is not joined to a domain.

  • This update addresses an issue that affects the LocalUsersAndGroups CSP. It stops processing group memberships if it cannot find a group.

  • This update addresses an issue that affects deleted cloud files. When a cloud provider vetoes a deletion request, the files might still be removed.

  • This update addresses an issue that affects MSIX applications. They do not open, and, in some cases, they make the host unresponsive. This occurs when they use MSIX App Attach with a CimFS image.

  • This update addresses an issue that affects Group Policy Folder Redirection in a multi-forest deployment. The issue stops you from choosing a group account from the target domain. Because of this, you cannot apply advanced folder redirection settings to that domain. This issue occurs when the target domain has a one-way trust with the domain of the admin user. This issue affects all Enhanced Security Admin Environment (ESAE), Hardened Forests (HF) or Privileged Access Management (PAM) deployments.

  • This update changes a setting in Active Directory Users & Computers. By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.

  • This update affects the Windows Backup app. It will no longer show on the user interface of enterprise-managed devices. To learn more, see KB5032038.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

Windows 10 servicing stack update - 19045.3989

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Symptom

Workaround

Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview).

We are gradually rolling out a new Copilot experience for devices with KB5039299or later updates installed. This new experience will address this issue.

KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.

Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen.

We are gradually rolling out a new Copilot experience for devices with KB5039299 or later updates installed. This new experience will address this issue.

KB5039299 was released on June 25, 2024, and you can expect to receive the new Copilot experience sometime from now until the next few months.

Some eligible Windows 10 might receive a 0xd0000034 error when attempting to upgrade to Windows 11 from Windows Update.

Note This issue should not affect the ability to continue to use Windows devices with Windows 10.

This issue is addressed in KB5034763.

After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Instead, these Windows devices will download updates and apps from the public internet. IT administrators also see increased download traffic on their internet routes.

Those of you who use the Home edition of Windows are not likely to experience this issue. MCC and DHCP Option 235 are typically used in enterprise environments.

This issue is addressed in KB5040525.

How to get this update

Before installing this update

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Prerequisite:

Based on your installation scenario, choose one of the following:

  1. For offline OS image servicing:

    If your image does not have the March 22, 2022 (KB5011543) or later LCU, you must install the special standalone May 10, 2022 SSU (KB5014032) before installing this update.

  2. For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog: 

    If your devices do not have the May 11, 2021 (KB5003173) or later LCU, you must install the special standalone August 10, 2021 SSU (KB5005260) before installing this update.

Install this update

Release Channel

Available

Next Step

Windows Update or Microsoft Update

Yes

Go to Settings Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Windows Update for Business

No

None. These changes will be included in the next security update to this channel.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

If you want to remove the LCU

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 5034203.  

For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 19045.3989

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.