Lucene search

K
mskbMicrosoftKB5028185
HistoryJul 11, 2023 - 7:00 a.m.

July 11, 2023—KB5028185 (OS Build 22621.1992)

2023-07-1107:00:00
Microsoft
support.microsoft.com
10
windows update
security issues
notification badging
file sharing
live captions
voice access command

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.079

Percentile

94.3%

July 11, 2023—KB5028185 (OS Build 22621.1992)

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. NoteFollow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Highlights

  • This update addresses security issues for your Windows operating system.
  • New! This update expands the roll out of notification badging for Microsoft accounts on the Start menu. A Microsoft account is what connects Windows to your Microsoft apps. The account backs up all your data and helps you to manage your subscriptions. You can also add extra security steps to keep you from being locked out of your account. This feature gives you quick access to important account-related notifications.
  • New! This update improves the sharing of a local file in File Explorer with Microsoft Outlook contacts. You now have the option to quickly email the file to yourself. In addition, loading your contacts from Outlook is better. This feature is not available for files stored in Microsoft OneDrive folders. OneDrive has its own sharing functionality.
  • New! This update adds live captions for the following languages:
    • Chinese (Simplified and Traditional)
    • French (France, Canada)
    • German
    • Italian
    • Japanese
    • Portuguese (Brazil, Portugal)
    • Spanish
    • Danish
    • English (Ireland, other English dialects)
    • KoreanTo turn on live captions, use the WIN + Ctrl + Lkeyboard shortcut. You can also use the Quick Settings accessibility flyout menu. When you turn it on for the first time, Windows will ask you to download the required speech recognition support. Speech recognition support might not be available in your preferred language, or you might want support in other languages. You can download speech recognition support from Settings>Time & Language>** Language & region**. To learn more, see Use live captions to better understand audio.
  • New!This update redesigns the in-app voice access command help page.Every command now has a description and examples of its variations. The search bar allows you to quickly find commands. The new categories provide further guidance. You can access the command help page on the voice access bar fromHelp>View all commands or use the voice access command “what can I say?” Note that the help page might not include all commands. Also, the supplementary information might be inaccurate. We plan to update this in the future. For a list of all Voice Access commands, see Use voice access to control your PC & author text with your voice.
  • New! This update adds voice access command support for the following English dialects:
    • English (United Kingdom)
    • English (India)
    • English (New Zealand)
    • English (Canada)
    • English (Australia)When you turn on voice access for the first time, Windows will ask you to download a speech model. You might not find a speech model that matches your display language. You can still use voice access in English (US). You can always choose a different language from Settings >Language on the voice access bar.
  • New! This update adds new text selection and editing voice access commands. Some examples are in the table.To do this|Say this
    —|—
    Select a range of text in the text box| “Select from [text 1] to [text 2]”, e.g., “Select from have to voice access”
    Delete all the text in a text box| “Delete all”
    Apply bold, underline, or italic formatting for the selected text or the last dictated text| “Bold that,” “Underline that,” “Italicize that”
  • New! This update adds a VPN status icon, a small shield, to the system tray. It displays when you are connected to a recognized VPN profile. The VPN icon will be overlayed in your system’s accent color over the active network connection.
  • New! You can now choose to display seconds in the clock on the system tray. To turn this on, go to the Taskbar behaviors section inSettings > Personalization>** Taskbar**. You can also right-click the taskbar to quickly get to taskbar settings.
  • New! This update provides a copy button for you to quickly copy two-factor authentication (2FA) codes. These are in notification toasts you get from apps installed on your PC or from phones linked to your PC. Note that this feature only works for English.
  • New! This update adds access key shortcuts to File Explorer’s context menu. An access key is a one keystroke shortcut. You can use it to quickly run a command in a context menu using your keyboard. Each access key corresponds to a letter in the display name of the menu item. To try this out, you can click on a file in File Explorer and press the menu key on your keyboard.
  • New! This update adds multi-app kiosk mode, which is a lockdown feature. If you are an administrator, you can specify the apps that can run on a device. Other apps will not run. You can also block certain functionalities. You can configure distinct types of access and apps to run for different users on one device. Multi-app kiosk mode is ideal for scenarios in which multiple people use the same device. Some examples are frontline workers, retail, education, and test taking. Some lockdown customizations include:
    • Limit access to Settings, except certain pages, such as Wi-Fi and screen brightness
    • Show only the apps that are allowed on the Start menu
    • Block certain toasts and pop-up windowsCurrently, you can enable multi-app kiosk mode using PowerShell and WMI Bridge. To learn more, see Set up a multi-app kiosk on Windows 11 and AssignedAccess CSP. Support for Microsoft Intune, mobile device management (MDM), and provisioning package configuration is coming soon.
  • New! This update introduces live kernel memory dump (LKD) collection from Task Manager. Using LKD, you can gather data to troubleshoot an issue while the OS continues to work. This reduces downtime when you must investigate an unresponsive program or high-impact failures. To learn more, see Task Manager live memory dump.To capture an LKD, go toTask Manager>Details. Right-click theSystemprocess. Select**Create live kernel memory dump file. **This capturesa Full live kernel or Kernel stack memory dump. The dump will be written to a fixed location: _%LocalAppData%\Microsoft\Windows\TaskManager\LiveKernelDumps. _You can also go to the Task Manager Settings page to view or edit the settings for live kernel memory dumps.
  • New! This update replaces the settings forShow the touch keyboard when there’s no keyboard attached. These are located atSettings>Time & language>Typing>Touch keyboard. A new dropdown menu gives you three options to control whether tapping an edit control should open the touch keyboard. The options are:
    • Never. This suppresses the touch keyboard even when no hardware keyboard is attached.
    • When no keyboard attached. This shows the touch keyboard only when you use the device as a tablet without the hardware keyboard.
    • Always. This shows the touch keyboard even when the hardware keyboard is attached.
  • New! This update enables Content Adaptive Brightness Control (CABC) to run on laptops and 2-in-1 devices. This feature dims or brightens areas of a display based on the content. It tries to strike a balance between saving battery life and providing a good visual experience. You can adjust the feature setting fromSettings>System>**Display **>Brightness & color. Thedrop-down menu gives you three options: Off, Always, and On Battery Only. For battery powered devices, the default is On Battery Only. Because the device manufacturer must enable CABC, the feature might not be on all laptops or 2-in-1 devices.
  • New! This update adds a USB4 hubs and devices Settings page. You can find it atSettings****> Bluetooth & devices >USB>USB4 Hubs and Devices. This new page provides information about the system’s USB4 capabilities and the attached peripherals on a system that supports USB4. This information helps with troubleshooting when you need manufacturer or system administrator support. Some features include:
    • You can view the tree of the connected USB4 hubs and devices.
    • You can copy details to the clipboard to share them.If your system does not support USB4 with the Microsoft USB4 Connection Manager, this page will not appear. On systems that support USB4, you will see USB4 Host Router in Device Manager.
  • New! This update adds a presence sensor privacy setting inSettings > Privacy & security>** Presence sensing**. If you have a device that has compatible presence sensors, you can now choose the apps that can access those sensors. You can also choose the apps that do not have access. Microsoft does not collect images or metadata. The device hardware processes your information locally to maximize privacy.
  • New! This update improves the performance of search within Settings.
  • New! This update changes the default print screen (prt scr) key behavior. Pressing the print screen key opens the Snipping Tool by default. You can turn off this setting fromSettings>Accessibility>Keyboard. If you have previously changed this setting, Windows will preserve your preference.
  • New! This update introduces a limit of 20 most recent tabs inSettings>Multitasking. This affects the number of tabs that appear when you use ALT + TAB and Snap Assist.
  • New! This update improves the cloud suggestion and the integrated search suggestion. This helps you to easily type popular words in Simplified Chinese using the Input Method Editor (IME). The cloud suggestion adds the most relevant word from Microsoft Bing to the IME candidate window. The integrated search suggestion gives you additional suggestions that are like what you see on a Bing search page. You can insert a suggestion as text or search for it directly in Bing. To turn on these features, select a chevron button in the upper right of the IME candidate window. Then select theTurn on button.
  • **_New! _**This update improves your computer’s performance when you use a mouse that has a high report rate for gaming. To learn more, see “Reduced game stutter with high report rate mice” in Delivering Delightful Performance for More Than One Billion Users Worldwide.
  • This update addresses an issue that affects the on-screen keyboard. The issue stops it from opening after you lock the machine.
  • This update addresses an issue that might affect your computer when you are playing a game. Timeout Detection and Recovery (TDR) errors might occur.
  • This update addresses an issue that affects certain apps. In some instances, video flickering occurs.
  • This update addresses an issue that affects File Explorer (explorer.exe). It stops working.
  • This update addresses an issue that affects some earbuds. They stop streaming music.
  • This update addresses an issue that affects the Recommended section of the Start menu. When you right-click a local file, it does not behave as expected.

Improvements

This security update includes improvements that were a part of update KB5027303 (released June 27, 2023). When you install this KB:

  • This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.
    If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the Security Update Guide website and the July 2023 Security Updates.

Windows 11 servicing stack update - 22621.1989

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Applies to Symptom Workaround
IT admins Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also pe affected. Important This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. This issue is addressed in KB5034204.

How to get this update

Before installing this updateMicrosoft combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Windows Update for Business Yes None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows 11Classification: Security Updates

If you want to remove the LCUTo remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command:DISM /online /get-packages.Running Windows Update Standalone Installer (wusa.exe) with the**/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File informationFor a list of the files that are provided in this update, download the file information for cumulative update 5028185. For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 22621.1989.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.079

Percentile

94.3%