Microsoft has rolled out the KB5041580 cumulative update for both Windows 10 22H2 and Windows 10 21H2, bringing with it a suite of 14 changes and fixes, notably addressing BitLocker issues and implementing crucial security updates. This update is deemed mandatory as it encompasses Microsoft’s August 2024 Patch Tuesday security updates, which rectify a substantial 142 vulnerabilities.
Users can initiate the installation of this update by navigating to Settings, selecting Windows Update, and performing a ‘Check for Updates’. Given the mandatory nature of this update, it will automatically commence installation once the update check is executed. To enhance user experience, there is an option to schedule a restart for the computer to complete the installation at a more convenient time.
Upon successful installation, Windows 10 22H2 will be upgraded to build 19045.4780, while Windows 10 21H2 will transition to build 19044.4780. Additionally, users have the option to manually download and install the KB5041580 update directly from the Microsoft Update Catalog.
What’s new in Windows 10 KB5041580
The KB5041580 update introduces a variety of fixes aimed at resolving persistent issues, including a notable bug that led to the operating system booting into the BitLocker recovery screen. Among the fourteen fixes included in this update, several key highlights are as follows:
- BitLocker (known issue): A BitLocker recovery screen may appear during startup, particularly after installing the July 9, 2024 update. This issue is more prevalent when device encryption is enabled. Users can unlock their drives by entering the recovery key from their Microsoft account via Settings > Privacy & Security > Device encryption.
- Lock screen: This update addresses CVE-2024-38143, restoring the availability of the “Use my Windows user account” checkbox on the lock screen for Wi-Fi connectivity.
- NetJoinLegacyAccountReuse: The update removes this registry key; further details can be found in KB5020276 regarding domain join hardening changes.
- Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI): SBAT is now applied to Windows systems to prevent vulnerable Linux EFI (Shim bootloaders) from executing. Note that this update may affect older Linux ISO images, which might require updates from the respective Linux vendors.
- FrameShutdownDelay: The browser will now properly recognize the value in the “HKLMSOFTWAREMicrosoftInternet ExplorerMain” registry key.
- Wi-Fi Protected Access 3 (WPA3): The HTML preview rendering issue in the Group Policy editor has been resolved.
- Group Policy Preferences Item Level Targeting (ILT) and Local Users and Groups: Users can now select groups from the target domain for ILT, resolving issues that arose in multi-forest deployments.
- Transmission Control Protocol (TCP): The update addresses a system hang during file transfers caused by the TCP send code.
- Print Support App: This update rectifies issues where the app would become unresponsive when interfacing with USB devices.
- Universal Print clients: Communication failures with the Universal Print service have been addressed, particularly when Web Proxy Auto Discovery (WPAD) is enabled.
- Windows Defender Application Control (WDAC):
- Prevents a stop error when applying more than 32 policies.
- Addresses a memory leak that could exhaust system resources over time.
This comprehensive update not only enhances security but also improves overall system stability and user experience. As always, users are encouraged to keep their systems up-to-date to benefit from these critical improvements.