On the occasion of its major maintenance in April 2023, Microsoft is releasing two Windows 11 cumulative updates, KB5025224 and KB5025239. They are aimed respectively at PCs under 21H2 and 22H2.
Being part of a Patch Tuesday the firm deploys many security patches. A total of 59 vulnerabilities are corrected, five of which are announced as critical. We have a flaw affecting Pragmatic Ggenerally Multicast aka PGM by enabling remote code execution ( CVE-2023-28250), the Point-to-Point protocol also allowing remote code execution (CVE-2023-28232, CVE-2023-28220 et CVE-2023-28219) et Microsoft Message Queuing (CVE-2023-21554).
Windows 11 et KB5025224 / KB5025239.
In parallel KB5025224 for Windows 11 implements the LAPS solution contraction of Local Administrator Password Solution (LAPS). You can find all the details about it here: what is LAPS?.
We have fixed a compatibility bug caused by ” unsupported use of registry “. Unfortunately there is no further information on this. The update fixes an issue that affects kiosk device profiles and we have the content for the March 2023 optional update.
It includes an improved search box experience in the taskbar. As you type in the search box, results appear in the search flyout box. It is possible to modify the desired search experience at the following address
Paramètres > Personnalisation > Barre des tâches.
A new strategy manages the display of the search box in the taskbar.
We have a number of fixes including fixing an issue where the contents of the notepad drop-down list were not displaying in settings. Microsoft is also addressing issues with unresponsive PowerPoint (accessibility tools) and USB printers identified as media devices. Finally, several other problems are corrected, in particular concerning
- cmd.exe,
- the remote procedure call service (rpcss.exe),
- ms-appinstaller URI.It,
- PowerPoint (Azure Virtual Desktop (AVD)),
- Windows Search,
- Microsoft HTML Application Host (HTA),
- compatibility issues affecting some printers,
- le certificat SCEP (Simple Certificate Enrollment Protocol),
- l’API Windows Runtime (WinRT),
- the FIDO2 confidential code identification icon,
- SharedPC Account Manager and lsass.exe.
For Windows 11 22H2, KB5025239 addresses a compatibility issue caused by ” unsupported use of registry and implements the new Windows Local Administrator Password (LAPS) solution. The functionality is now integrated natively in Windows. Its objective is to make life easier for an administrator in order to more easily manage the password of a local administrator account using Active Directory.
Deployment and installation of KB5025224 et KB5025239 are provided by Windows Update and Windows Server Update Services (WSUS). You can also grab them manually for offline installation. Here are the Microsoft Update Catalog links