Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates.
The Windows 10 KB5041580 update is mandatory as it contains Microsoft’s August 2024 Patch Tuesday security updates, which fix 142 vulnerabilities.
Windows users can install this update by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’
However, as this update is mandatory, it will automatically start installing in Windows once you check for updates. To make this more manageable, you can schedule a time when your computer is restarted to finish the installation.
After installing this update, Windows 10 22H2 will be updated to build 19045.4780, and Windows 10 21H2 will be updated to build 19044.4780.
Windows 10 users can also manually download and install the KB5041580 update from the Microsoft Update Catalog.
What’s new in Windows 10 KB5041580
The KB5041580 update includes numerous Windows fixes causing issues, including a bug that caused the operating system to boot into the BitLocker recovery screen.
This update also includes a total of fourteen fixes, with the highlighted ones listed below:
-
[BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.
-
[Lock screen] This update addresses CVE-2024-38143. Because of this, the “Use my windows user account” check box is not available on the lock screen to connect to Wi-Fi.
-
[NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.
-
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.
-
[FrameShutdownDelay] The browser ignores its value in the “HKLMSOFTWAREMicrosoftInternet ExplorerMain” registry key.
-
[Wi-Fi Protected Access 3 (WPA3)] In the Group Policy editor, HTML preview rendering fails.
-
[Group Policy Preferences Item Level Targeting (ILT) and Local Users and Groups] You cannot choose a group from the target domain for ILT. Also, you cannot choose an account from Local Users and Groups. The forest does not appear. This issue occurs when you deploy multiple forests, and the target domain has a one-way trust with the domain of the admin. This issue affects Enhanced Security Admin Environment (ESAE), Hardened Forests (HF), or Privileged Access Management (PAM) deployments.
-
[Transmission Control Protocol (TCP)] The TCP send code often causes a system to stop responding during routine tasks, such as file transfers. This issue leads to an extended send loop.
-
[Print Support App] When you use the app with a USB device, the app stops responding and does not print. This issue also limits the functions of the user interface.
-
[Universal Print clients] They fail to communicate with the Universal Print service. This affects printing functions. This issue occurs when you turn on Web Proxy Auto Discovery (WPAD).
-
[Windows Defender Application Control (WDAC)]
-
This update prevents a stop error that occurs when you apply more than 32 policies.
-
A memory leak occurs that might exhaust system memory as time goes by. This issue occurs when you provision a device.
-
When you apply WDAC Application ID policies, some apps might fail.
-
-
[Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
-
[Windows Backup] Backup sometimes fails. This occurs when a device has an Extensible Firmware Interface (EFI) system partition (ESP).
-
[DHCP Option 235 (known issue)] Some Windows devices use this option to find Microsoft Connected Cache (MCC) nodes in their network. But you might not be able to use these nodes when you find them. Instead, these devices download updates and apps from the public internet. Because of this, download traffic increases.
Unfortunately, one long-standing issue still impacts Windows 10, causing users to receive 0x80070520 errors when attempting to change their account profile pictures.
A full list of fixes can be found in the KB5041580 support bulletin and last month’s KB5040525 preview update bulletin.