Flexis November 2023 Patch Recommendation
Patches Microsoft released in November 2023:
- KB5032198– 2023-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems.
- KB5032196: – 2023-11 Cumulative Update for Windows Server 2019 for x64-based Systems
- KB5032197: – 2023-11 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5032391: – 2023-11 Servicing Stack Update for Windows Server 2016 for x64-based Systems.
- KB5032249: – 2023-11 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
Impacted Products:
Microsoft Windows
Microsoft Edge
(HTML-based)
Microsoft Edge
(Chromium-based)
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
Windows Defender
Visual Studio
ASP.NET Core
Chakra Core
Microsoft Dynamics
.NET Framework
.NET Core
Please note the following information regarding the security updates:
Windows 8.1 reached end of support on January 10, 2023, at which point technical assistance and software updates are no longer provided. If you have devices running Windows 8.1, we recommend upgrading them to a more current, in-service, and supported Windows release. If devices do not meet the technical requirements to run a more current release of Windows, we recommend that you replace the device with one that supports Windows 11.
Microsoft will not be offering an Extended Security Update (ESU) program for Windows 8.1. Continuing to use Windows 8.1 after January 10, 2023 may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations. For more information, see Windows 8.1 support will end on January 10, 2023.
KB5032198: Applies to: Windows 10 Enterprise 2019 LTSC Windows 10 IoT Enterprise 2019 LTSC Windows 10 IoT Core 2019 LTSC
Improvements
This security update includes quality improvements. When you install this KB:
This update supports daylight saving time (DST) changes in Syria. To learn more, see Interim guidance for Syria DST changes 2022.
This update addresses an issue that affects UI Automation and caching mode.
This update affects Windows Autopilot profiles. The process to download the Windows Autopilot policy is more resilient. This helps when a network connection might not be fully initialized. This update increases the retry attempts when you try to download the Windows Autopilot profile.
This update addresses an issue that causes your device to restart when you do not expect it. This occurs after you restore a system.
This update affects user mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
This update addresses an issue that affects Xenon or Argon containers. They do not start.
This update affects Windows Server: Azure Edition. It is easier to view attestation failure notifications.
This update addresses an issue that affects an Application Virtualization (App-V) environment. Copy operations within it stop working. This occurs after you install the April 2023 update.
This update addresses an issue that blocks external connections. This occurs when you set up a Kubernetes load balanced service and turn on session affinity.
This update addresses an issue that affects NCryptGetProperty(). Calling it with NCRYPT_KEY_TYPE_PROPERTY returns 0x1 instead of 0x20. This occurs when the key is a machine key.
This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
This update addresses an issue that affects Windows LAPS. Its PasswordExpirationProtectionEnabled policy fails to turn on the setting.
This update addresses an issue that affects the refsutil.exe inbox utility. Options, like salvage and leak, do not work well on Resilient File System (ReFS) volumes.
This update addresses an issue that might affect a large reparse point. You might get a stop error when you use NTFS to access it. This issue occurs after a canceled FSCTL Set operation changes the reparse tag.
This update addresses an issue that affects a machine that is used as a remote desktop session (RDS) host. An RDR_FILE_SYSTEM (0x27) stop error occurs. Because of this, everyone that uses RDS starts up from this machine.
This update addresses a known issue that affects virtual machines (VMs) that run on VMware ESXi hosts. Windows Server 2022 might fail to start up. The affected VMs will receive an error with a blue screen and a stop code: PNP DETECTED FATAL ERROR.
KB5032196: Win 10 Ent LTSC v2019 Win 10 IoT Ent LTSC v2019 Windows 10 IoT Core 2019 LTSC Windows Server 2019
Improvements
This security update includes improvements. When you install this KB:
This update supports daylight saving time (DST) changes in Syria. To learn more, see Interim guidance for Syria DST changes 2022.
This update affects user mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
This update addresses an issue that affects Xenon or Argon containers. They do not start.
This update addresses an issue that affects NCryptGetProperty(). Calling it with NCRYPT_KEY_TYPE_PROPERTY returns 0x1 instead of 0x20. This occurs when the key is a machine key.
This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
This update addresses an issue that affects Windows LAPS. Its PasswordExpirationProtectionEnabled policy fails to turn on the setting.
This update addresses an issue that affects an Application Virtualization (App-V) environment. Copy operations within it stop working. This occurs after you install the April 2023 update.
This update addresses an issue that might affect a large reparse point. You might get a stop error when you use NTFS to access it. This issue occurs after a canceled FSCTL Set operation changes the reparse tag.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
Known issues in this update.
Symptom
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also be affected.
Workaround
To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.
We are working on a resolution and will provide an update in an upcoming release.
KB5032197: Windows 10, version 1607, all editions Windows Server 2016, all editions
Improvements
This security update includes quality improvements. When you install this KB:
This update supports daylight saving time (DST) changes in Syria. To learn more, see Interim guidance for Syria DST changes 2022.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
KB5032391: Win 10 Ent LTSB v2016 Win 10 IoT Ent LTSB v2016 Windows Server 2016
This article applies only to releases on the Windows Update website. This article does not apply to security releases for products that are not supported by Windows Update.
This article is intended for use by administrators of Windows Server Update Services (WSUS), Windows Update, and Microsoft Update services. This article contains a list of content changes that have been made available on the second Tuesday of every month for WSUS, Windows Update, and Microsoft Update. Administrators can use this list both as a quick reference to content changes that have been made during routine synchronizations and as an explanation of these changes.
This information will be updated during our regular update release on the second Tuesday of every month. This article lists changes that were made on or after January 10, 2023. It does not list changes that were made before that date. For more information about changes that occurred before January 10, 2023, see the “References” section.
KB5032249 : Windows Server 2012 R2
This cumulative security update includes improvements that are part of update KB5031419 (released October 10, 2023). This update also makes improvements for the following issue:
This update includes daylight saving time (DST) changes for Syria. For more information, see Syria 2022 time zone update now available.