- KB5027225: 2023-06 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems
- KB5027222: 2023-06 Cumulative Update for Windows Server 2019 for x64-based Systems
- KB5027219: 2023-06 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5027271: 2023-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
Impacted Products:
- Microsoft Windows
- Microsoft Windows
- Microsoft Edge (Edge HTML-based)
- Microsoft Edge (Chromium-based)
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Visual Studio
- ASP.NET Core
- Chakra Core
- Online Services
- Microsoft Dynamics
- .NET Framework
- .NET Core
Please note the following information regarding the security updates:
- For information regarding enabling Windows 10, version 1809 features and later, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs. There is no change to the cumulative monthly security update
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
KB5027225: Applies to: Windows 10 Enterprise 2019 LTSC Windows 10 IoT Enterprise 2019 LTSC Windows 10 IoT Core 2019 LTSC
Improvements
This update addresses an issue that affects servers that have Citrix and Ivanti as a Remote Desktop Services (RDS) server. Signing into them takes a very long time.
This update addresses a resource conflict issue between two or more threads (known as a deadlock). This deadlock affects COM+ applications.
This update addresses an issue that affects the Storage Spaces Direct (S2D) cluster. It might not come online. This occurs after a periodic password rollover. The error code is 1326.
This update addresses a memory leak. It occurs every time you print a rich text document.
This update addresses an issue that might affect the Domain Name System (DNS) suffix search list. When you configure it, the parent domain might be missing.
This update changes the support phone number for Microsoft India for Windows activation.
This update addresses an issue that might cause some systems to stop working. This occurs when you implement firewall logging.
This update addresses an issue that might affect the Local Security Authority Subsystem Service (LSASS). It might close sporadically. The system logs the exception 0xc0000710 in the Application Error event 1000. Because of this, the domain controller restarts unexpectedly. This issue affects read-only DCs (RODC) that also run Microsoft Defender Advanced Threat Protection (ATP).
This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019. To learn more, see KB5028407.
Symptom
After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.
Workaround
Please see VMware’s documentation to mitigate this issue.
Microsoft and VMware are investigating this issue and will provide more information when it is available.
KB5027222: Applies to Windows 10, version 1607, all editions Windows Server 2016, all editions
Improvements
This update addresses an issue that affects the Storage Spaces Direct (S2D) cluster. It might not come online. This occurs after a periodic password rollover. The error code is 1326.
This update addresses an issue that affects the Appx State Repository. When you remove a user profile, the cleanup is incomplete. Because of this, its database grows as time passes. This growth might cause delays when users sign into multi-user environments like FSLogix.
This update addresses an issue that affects the Windows Remote Management (WinRM) client. The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service.
This update addresses an issue that affects signed Windows Defender Application Control (WDAC) policies. They are not applied to the Secure Kernel. This occurs when you enable Secure Boot.
This update addresses an issue that might affect the Local Security Authority Subsystem Service (LSASS). It might close sporadically. The system logs the exception 0xc0000710 in the Application Error event 1000. Because of this, the domain controller restarts unexpectedly. This issue affects read-only DCs (RODC) that also run Microsoft Defender Advanced Threat Protection (ATP).
This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019. To learn more, see KB5028407.
Symptom
After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.
After installing updates released January 10, 2023, and later, kiosk device profiles that have auto log on enabled might not sign in automatically. After Autopilot completes provisioning, affected devices will stay on the sign-in screen prompting for credentials.
Workaround
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue.
For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
Microsoft is working on a resolution and will provide an update in an upcoming release.
KB5027219: Applies to Windows Server 2012 Windows Embedded 8 Standard
Improvements
This security update includes quality improvements. When you install this KB:
This update addresses an issue that might cause a memory leak. The leak might have occurred during prolonged Remote Desktop audio redirection.
This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019. To learn more, see KB5028407.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the June 2023 Security Updates.
KB5027271: Windows Server 2012 R2 Windows Embedded 8.1 Industry Enterprise Windows Embedded 8.1 Industry Pro
This cumulative security update includes improvements that are part of update KB5026415 (released May 9, 2023). This update also contains miscellaneous security improvements to internal Windows OS functionality. No specific issues are documented for this release.
For more information about the resolved security vulnerabilities, please refer to the Deployments | Security Update Guide and the June 2023 Security Updates.