Download Windows 10 KB5030211 Patch Tuesday Security Update [September 2023]

Patch up two zero-day vulnerabilities and address 5 critical security flaws with KB5030211 for Windows 10.

Table of contents

It is now the second Tuesday of the month, and as anticipated, Microsoft has released KB5030211 for Windows 10 version 22H2 and 21H2 (specific editions only). As usual, this is a security update that includes patches for discovered vulnerabilities and also addresses issues with the OS.

Installing KB5030211 will upgrade the operating system’s build to 19044.3448 (21H2) and 19045.3448 (22H2).

Most of the improvements included in this release were included in last month’s optional non-security update KB5029331. But another improvement has since been added to this release that addresses authentication issues with smart cards while joining a PC to a domain.

Moreover, this release addresses a total of 63 vulnerabilities, out of which 2 are zero-day vulnerabilities that have already been exploited by attackers. More information on these ahead.

You can learn more about these security vulnerability fixes on Microsoft’s MSRC vulnerability guide. Set the filter to “Update Tuesday (2nd Tuesday of the month)” and then select “September 2023” in the “Vulnerabilities” tab.

This page covers

KB5030211 release summary

The table below gives a brief summary of the update and the updated OS builds:

Article KB	OS Version	Release Date	Updated OS Build
KB5030211	Windows 10 22H2	12 September 2023	19045.3448
KB5030211	Windows 10 21H2	12 September 2023	19044.3448

September 2023 Patch Tuesday Summary for Windows 10

KB5030211 changelog

This update includes all the improvements that were introduced in KB5029331 which was released on 22nd August 2023 and was a Type D update. Other than those, one additional improvement has also been included

We have compiled and listed all of the new features and improvements in KB5030211 here for you:

[New] This update addresses an issue that affects authentication while using a smart card to join or rejoin a computer to an Active Directory domain. Previously, the computer failed to join the domain, and the issue started occurring after installing Windows updates dated October 2022 or later.

This update improves how Windows detects your location. This helps to give you better weather, news, and traffic information.
This update expands the rollout of notification badging for Microsoft accounts on the Start menu. A Microsoft account is what connects Windows to your Microsoft apps. The account backs up all your data and helps you to manage your subscriptions.
This update adds the Windows Backup app to your device.

This update supports daylight saving time (DST) changes in Israel.
This update addresses an issue that affects the display of the search box.
This update addresses an issue that affects settings. They do not sync even if you turn on the toggle on the Windows backup page in the Settings app.

This update addresses an issue that affects the Group Policy Service. It will not wait for 30 seconds, which is the default wait time, for the network to be available. Because of this, policies are not correctly processed.
This update adds a new API for D3D12 Independent Devices. You can use it to create multiple D3D12 devices on the same adapter.
This update addresses an issue that affects an app that simulates keyboard input. That app might not send Japanese characters to other apps.

This update addresses an issue that affects a WS_EX_LAYERED window. The window might be rendered with the wrong dimensions or at the wrong position. This occurs when you scale the display screen.
This update addresses an issue that affects print jobs that are sent to a virtual print queue. They fail without an error.
This update addresses an issue that affects disk partitions. The system might stop working. This occurs after you delete a disk partition and add the space from the deleted partition to an existing BitLocker partition.

This update addresses an issue that affects Remote Desktop (RD) sessions. They disconnect when multiple apps are in use.
This update addresses an issue that affects the Resultant Set of Policy (RSOP). The Windows LAPS “BackupDirectory” policy setting was not reported. This occurs when the setting is set to 1, which is “Back up to AAD.”
This update addresses a known issue that affects ClickOnce. Apps that you used ClickOnce to deploy might begin to prompt for installation. This occurs even when the ClickOnce apps are already installed and marked as “trusted”.

The update addresses an issue that affects those who use Windows Update for Business. After you are asked to change your password at sign-in, the change operation fails. Then you cannot sign in. The error code is 0xc000006d.

These are all of the features, improvements, and fixes that KB5030211 offers for Windows 10 22H2 and 21H2. To read more in-depth about these, refer to this Microsoft announcement of KB5030211.

Other than these improvements and fixes, this update also includes security updates.

Security updates in KB5030211

Out of the 63 vulnerabilities, 5 are deemed of critical importance. It means that their chances of being exploited are high. It is observed that most of these critical vulnerabilities address Remote Code Execution in Visual Studio, and one of these addresses an Elevation of privilege in Microsoft Azure Kubernetes.

Here is a quick summary of the critical vulnerabilities in this update:

CVE-2023-38148 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

CVE-2023-29332 – Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE-2023-36796 – Visual Studio Remote Code Execution Vulnerability
CVE-2023-36793 – Visual Studio Remote Code Execution Vulnerability

CVE-2023-36792 – Visual Studio Remote Code Execution Vulnerability

Additionally, 2 zero-day vulnerabilities have also been addressed in this month’s Patch Tuesday updates. These are CVE-2023-36761 which addressed a Microsoft Word Information Disclosure vulnerability, and CVE-2023-36802 which addresses a Microsoft Streaming Service Proxy Elevation of Privilege vulnerability.

While only CVE-2023-36761 has been publically disclosed both of these have already been exploited. Therefore, it is recommended that you install this KB article as soon as possible and patch up the vulnerabilities.

Moreover, Microsoft is currently not aware of any issues with this release.

Download and install KB5030211

This update can be installed through Windows Update and standalone installers.

We have given the direct download links to the standalone installers below, using which you can install the update on your respective Windows 10 version, or you can simply update to the latest build using Windows Update through the given guide below.

Standalone installers

Click on the links below to download the KB article for your Windows 10 version.

KB Article	Windows Version	Download
KB5030211	Windows 10 22H2	x64 x86
KB5030211	Windows 10 21H2	x64 x86

Download Windows 10 Patch Tuesday updates for September 2023

To install the update, simply run the downloaded MSU file and Windows will automatically install the update. You can also extract the CAB file from the MSU file and install it.

To download any other updates related to any of the above, please check the Microsoft Catalog.

Windows Update

To install this update via Windows Update, you need to be running Windows 10 version 22H2 or 21H2 (with the supported edition). To check the version and edition of the operating system, type in “winver” in the Run Command box and press Enter.

Once you have the right OS version, perform the following steps to install KB5030211:

Navigate to the following:

Settings app >> Update and Security >> Windows Update

Click “Check for updates” on the right.

Check for pending updates

You will now see the following update downloading and installing automatically:
```
2023-09 Cumulative Update for Windows 10 version 2XH2 for x64/x86-based Systems (KB5030211)
```
Click “Restart Now” when the update is ready for final installation.

Restart computer

Once the computer restarts, the update will be successfully installed. To confirm this, check the updated build number by typing in “winver” in the Run Command box.

KB5030211 successfully installed on Windows 10 22H2

Rollback/remove Windows 10 cumulative update

If you do not wish to keep the installed update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update.

To roll back after 10 days, you will need to apply this trick.

Cleanup after installing Windows updates

If you want to save space after installing Windows updates, you can run the following commands one after the other in Command Prompt with administrative privileges:

dism.exe /Online /Cleanup-Image /AnalyzeComponentStore
dism.exe /Online /Cleanup-Image /StartComponentCleanup

dism cleanup — Cleanup after Windows update installation

Block KB5030211 from installing

Since these are mandatory updates, they will download and install themselves on the schedule. If you want to block them from installing, temporarily or permanently, you can follow the steps below:

Download the “Show or hide updates” tool from Microsoft.
Run the utility and click Next to start the scanning process.

Show or hide updates

Next, click the “Hide updates” button.

Hide updates
Select the update(s) you want to block and click Next.

This automatically hides the update from Windows Update and it will not be installed during the next update process.
Click the Close button.

If you want to unhide or show hidden updates, run the tool again and select “Show hidden updates” instead of “Hide updates.” The rest of the process is the same.

Windows 10 KB5030211 hands-on

We have installed KB5030211 through Windows Update on one of our VMs and gained some insight that we’d like to share with our readers.

Since we had previously installed last month’s non-security update KB5029331, it did not take a lot of time to download and install KB5030211.

After it was installed, there were no visible changes within the OS, or in its functionality. This seems true since the release notes do not mention any new features either.

Furthermore, after having done some research, at the time of writing this post, no additional issues (other than the known issues) had been reported by any Windows 10 users.

Windows 10 Patch Tuesday History

KB Article	OS Versions	Build	Release Date	Significant Changes	Announcement
KB5032189	22H2, 21H2	1904X.3693	14-Nov-23	Fixes update installation issues, touchscreen, and Outlook issues.	Microsoft Announcement of KB5032189
KB5031356	22H2, 21H2	1904X.3570	10-Oct-23	Improved search box experience, animations to certain icons, several fixes and security patches	Microsoft Announcement of KB5031356
KB5030211	22H2, 21H2	1904X.3448	12-Sep-23	Fixes smart card authentication for domain joining, improves location detection, expands the rollout of notification badging for Microsoft accounts on the Start menu	Microsoft Announcement of KB5030211
KB5029244	22H2, 21H2	1904X.3324	8-Aug-23	Addresses VPN issues, makes notifications more reliable, and addresses critical Remote Code Execution vulnerabilities.	Microsoft Announcement of KB5029244
KB5028166	22H2, 21H2	1904X.3208	11-Jul-23	Improvements to Microsoft Defender for Endpoint, Printer Spooler, and others.	Microsoft Announcement of KB5028166
KB5027215	22H2, 21H2	1904X.3086	13-Jun-23	Ability to sync language and region settings, address issues with LSASS, and other security improvements	Microsoft Announcement of KB5027215
KB5026361	22H2, 21H2, 20H2	1904X.2965	9-May-23	The ability to sync language and region settings addresses issues with LSASS, other security improvements	Microsoft Announcement of KB5026361
KB5025221	22H2, 21H2, 20H2	1904X.2846	11-Apr-23	Ability to sync language and region settings addresses issues with LSASS, other security improvements	Microsoft Announcement of KB5025221
KB5023696	22H2, 21H2, 20H2	1904X.2728	14-Mar-23	Improved Windows Spotlight experience on the lock screen, fixed AD joining issue and others	Microsoft Announcement of KB5023696
KB5022834	22H2, 21H2, 20H2	1904X.2604	14-Feb-23	Fixes audio issues with IoT devices	Microsoft Announcement of KB5022834
KB5022282	22H2, 21H2, 20H2	1904X.2486	10-Jan-23	Microsoft ODBC SQL Server Driver connectivity issue resolved	Microsoft Announcement of KB5022282
KB5021233	22H2, 21H2, 21H1, 20H2	1904X.2364	13-Dec-22	-Search bar will now appear by default on the taskbar -Cortana won’t be pinned in the taskbar by default	Microsoft Announcement of KB5021233
KB5019959	22H2, 21H2, 21H1, 20H2	1904X.2251	8-Nov-22	Fixes to Microsoft Direct3D 9 and DCOM	Microsoft Announcement of KB5019959

Changelog for Windows 10 Patch Tuesday updates

Tags: Patch Tuesday, Windows 10 Updates, Windows Updates

Subhan Zafar

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

See all posts from Subhan Zafar