[German]On March 12, 2024 (second Tuesday of the month, Patchday at Microsoft), various cumulative updates were released for the supported Windows 10 builds (from the RTM version to the current version) as well as for the Windows Server counterparts. Here are some details on the respective security updates for Windows 10.A list of the updates can be found on this Microsoft website. I have extracted the details below. Since March 2021, Microsoft has been integrating the Servicing Stack Updates (SSUs) for newer Windows 10 builds into the cumulative update. March 2023 will be the last time preview updates will be available for older Windows 10 builds.
Updates for Windows 10 Version 21H1-22H2
For the Windows 10 versions mentioned above, Microsoft only provides one update package, which is named below.
Update KB5035845 for Windows 10 Version 21H1 – 22H2
Cumulative Update KB5035845 raises the OS build for all Windows 10 variants to 1904x.4170 – with 21H2, only the Enterprise variant will receive the update. The update only contains security fixes, but no new operating system functions. The cumulative update simply states:
This update addresses security issues for your Windows operating system.
Microsoft also points out that this update makes quality improvements to the Servicing Stack (responsible for Microsoft updates). This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. Please note the information on installation and known problems described in the support article.
Updates for Windows 10/Server 2019
The following updates are available for Windows 10 Enterprise 2019 LTSC and Windows Server 2019.
Update KB5035849 for Windows 10 Enterprise 2019 LTSC /Windows Server 2019
Cumulative Update KB5035849 (is sorted under Windows 10 v1809, but refers to the 2019 versions and) and includes quality improvements but no new operating system features. This update is only available for Windows 10 2019 Enterprise LTSC and IoT Enterprise LTSC (the remaining versions will no longer receive security updates on May 11, 2021) and Windows Server 2019. Microsoft has listed a number of fixes.
- The update affects Active Directory domains that host mobile device management (MDM) providers. They can transition from "Compatibility mode" to the strong certificate mapping "Enforcement mode." To do this, they can allow an Active Directory Key Distribution Center (KDC) to read user security identifiers (SID) from the Subject Alternative Name (SAN). Then, the providers can populate those values. To learn more, see:
- KB5014754: Certificate-based authentication changes on Windows domain controllers
- Preview of SAN URI for Certificate Strong Mapping for KB5014754
- CVE-2022-34691, CVE-2022-26931, and CVE-2022-26923
The update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog, via WSUS and WUfB. Microsoft has also updated the Service Stack Update (SSU). Please note the installation sequence described in the support article and, if applicable, the notes on further requirements and any existing problems. There is also this comment that the update to Windows Server 2019 fails with various error codes. The same information can be found on reddit.com, e.g. update KB5035849 fails with error code 0xd0000034.
Updates for Windows 10 Version 1507 and 1607
Updates for the Enterprise LTSC versions are available for Windows 10 RTM up to version 1607. These updates are automatically downloaded and installed by Windows Update, but are available for download in the Microsoft Update Catalog (search for the KB number). The latest Servicing Stack Update (SSU) must be installed before manual installation. Details can be found in the respective KB article.
- Windows 10 Version 1607: Update KB5035855 is only available for Enterprise LTSC and Windows Server 2016. The update addresses security issues and other problems.
- Windows 10 Version 1507: Update KB5035858 is available for the RTM version (LTSC). The update fixes vulnerabilities and bugs.
There was no update for the remaining Windows 10 versions, as these versions have fallen out of support. If in doubt, details on the above updates can be found in the respective Microsoft KB articles.
Addendum: I had already mentioned it in the blog post Windows Server: March 2024 update causes LSASS memory leak on DCs that some readers reported problems with the March 2024 updates in connection with a memory leak on domain controllers. This has now been confirmed by Microsoft.
Similar articles:
Office Updates March 5, 2024
Microsoft Security Update Summary (March 12, 2024)
Patchday: Windows 10-Updates (March 12, 2024)
Patchday: Windows 11/Server 2022-Updates (March 12, 2024)
Windows Server 2012 / R2 and Windows 7 (March 12, 2024)
Microsoft Office Updates (March 12, 2024)
Windows 10/Server 2019: Update KB5035849 fails with error 0xd0000034
