Microsoft has released KB5026372 for Windows 11 22H2 and KB5026368 for Windows 11 original release (21H2). These are both security updates but also include new non-security features. A while back, Microsoft changed its approach to releasing the preview cumulative updates for the Windows operating system. If you already installed the preview update, then this will be a small Windows update package. KB5026372 (Windows 11 22H2) does not include many new improvements on its own, since most of them are carried forward from KB5025305 which was April 2023’s optional update for Windows 11. If you did not install it then, then you may be getting some minor new features with this update, such as an option to get the latest non-security updates immediately, and some new animation effects in the widgets icons in the taskbar. That said, KB5026368 (Windows 11 21H2) does include similar security patches, but not many of the same features. These Windows 11 updates include some fixes and many security patches for the operating system. Together, the 2 updates fix 63 vulnerabilities. You can learn more about these security vulnerability fixes on Microsoft’s MSRC vulnerability guide. Set the filter to “Update Tuesday (2nd Tuesday of the month)” and then select “April 2023” in the “Vulnerabilities” tab.
Release Summary: KB5026372 and KB5026368
The table below gives a brief summary of these updates and the updated OS builds:
KB5026372 Changelog
This update includes all the features and improvements that were introduced in KB5025305 which was released on 25th April 2023, and then some. We have compiled and listed all of the new features and improvements in KB5026372 here for you.
New Features in KB5026372
New animation effect Some animation effects have been added to the Widgets icons in the taskbar. These will only appear on two conditions: A new announcement appears on the Widgets taskbar button. You hover over or click the Widgets taskbar button. Additionally, you must also have the animation effects enabled on your OS. Here is how to enable it: Go to the following: Settings app » Accessiblity » Visual Effects Toggle the slider in front of “Animations effect” into the On position. Enable animation effects Opt to get the latest non-security updates immediately Microsoft has now added the option for you to choose whether you want to receive the latest non-security Windows updates on priority. When this option is enabled, Microsoft will prioritize your device to get the latest enhancements and features before many others. Follow these steps to opt-in to receive the latest updates on priority: Go to the following: Settings app » Windows Update Toggle the slider in front of “Get the latest updates as soon as they’re available” into the On position. Receive the latest Windows updates on priority
Fixes and improvements in KB5026372
The following list of fixes and improvements have been implemented with this release: Some animation effects have been added to the Widgets icons in the taskbar. These will only appear on two conditions:
A new announcement appears on the Widgets taskbar button. You hover over or click the Widgets taskbar button.
Additionally, you must also have the animation effects enabled on your OS. Here is how to enable it: Microsoft has now added the option for you to choose whether you want to receive the latest non-security Windows updates on priority. When this option is enabled, Microsoft will prioritize your device to get the latest enhancements and features before many others. Follow these steps to opt-in to receive the latest updates on priority:
[New] This update affects the Kernel-mode Hardware-enforced Stack Protection security feature. The update adds more drivers to the database of drivers that are not compatible with it. A device uses this database when you enable this security feature in the Windows Security UI and it loads the drivers. [New] This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005. This update addresses an issue that affects Microsoft Edge IE mode. Pop-up windows open in the background instead of in the foreground. This update addresses an issue that affects the Chinese input method. You cannot see all of the first suggested items. This update changes firewall settings. You can now configure application group rules. This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022. This update addresses an issue that affects Microsoft Edge IE mode. The Tab Window Manager stops responding. This update addresses an issue that affects protected content. When you minimize a window that has protected content, the content displays when it should not. This occurs when you are using Taskbar Thumbnail Live Preview. This update addresses an issue that affects mobile device management (MDM) customers. The issue stops you from printing. This occurs because of an exception. This update changes the app icons for certain mobile providers. This update addresses an issue that affects signed Windows Defender Application Control (WDAC) policies. They are not applied to the Secure Kernel. This occurs when you enable Secure Boot. This update addresses an issue that displays Task View in the wrong area. This occurs when you close a full-screen game by pressing Win+Tab. This update addresses an issue that occurs when you use a PIN to sign in to Windows Hello for Business. Signing in to Remote Desktop Services might fail. The error message is, “The request is not supported”. This update addresses an issue that affects Administrator Account Lockout policies. GPResult and Resultant Set of Policy did not report them. This update addresses an issue that affects the Unified Write Filter (UWF). When you turn it off by using a call to Windows Management Instrumentation (WMI), your device might stop responding. This update addresses an issue that affects the Resilient File System (ReFS). A stop error occurs that stops the OS from starting up correctly. This update addresses an issue that affects MySQL commands. The commands fail on Windows Xenon containers. This update addresses an issue that affects SMB Direct. Endpoints might not be available on systems that use multi-byte character sets. This update addresses an issue that affects apps that use DirectX on older Intel graphics drivers. You might receive an error from apphelp.dll. This update addresses an issue that affects the legacy Local Administrator Password Solution (LAPS) and the new Windows LAPS feature. They fail to manage the configured local account password. This occurs when you install the legacy LAPS .msi file after you have installed the April 11, 2023, Windows update on machines that have a legacy LAPS policy.
These are all of the features, improvements, and fixes that KB5026372 offers for Windows 11 22H2. To read more in-depth about these, refer to this Microsoft announcement. Moreover, there are also some known issues with this update. You can read all about the open (and fixed) known issues in our separate post: Windows 11 Known Issues
KB5026368 Changelog
Fixes and improvements
KB5026368, which applies to Windows 11 version 21H2, does not include any significant features. However, This update includes all the improvements that were introduced in KB5025298 which was released on 25th April 2023 and was a Type D update, and then some more. We have listed the cumulative changes below:
[New] This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005. This update addresses an issue that affects Microsoft Edge IE mode. Pop-up windows open in the background instead of in the foreground. This update affects Xbox Elite users who have the Xbox Adaptive Controller. This update applies to your controller remapping preferences on the desktop. This update changes the app icons for certain mobile providers. This update changes firewall settings. You can now configure application group rules. This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022. This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS) process. It might stop responding. Because of this, the machine restarts. The error is 0xc0000005 (STATUS_ACCESS_VIOLATION). This update addresses an issue that affects Edge IE mode. The Tab Window Manager stops responding. This update addresses an issue that affects the Windows Remote Management (WinRM) client. The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service. This update addresses a rare issue that might cause an input destination to be null. This issue might occur when you attempt to convert a physical point to a logical point during hit testing. Because of this, the computer raises a stop error. This update addresses an issue that affects protected content. When you minimize a window that has protected content, the content displays when it should not. This occurs when you are using Taskbar Thumbnail Live Preview. This update addresses an issue that affects provisioning packages. They fail to apply in certain circumstances when elevation is required. This update addresses an issue that affects mobile device management (MDM) customers. The issue stops you from printing. This occurs because of an exception. This update addresses an issue that affects signed Windows Defender Application Control (WDAC) policies. They are not applied to the Secure Kernel. This occurs when you enable Secure Boot. This update addresses an issue that affects the Windows Defender Application Control. The policy that blocks software using a hash rule might not stop the software from running. This update addresses an issue that occurs when you use a PIN to sign in to Windows Hello for Business. Signing in to Remote Desktop Services might fail. The error message is, “The request is not supported”. This update makes improvements to the performance of the search box. This update addresses an issue that affects Administrator Account Lockout policies. GPResult and Resultant Set of Policy did not report them. This update addresses an issue that affects Active Directory Users & Computers. It stops responding. This occurs when you use TaskPad view to enable or disable many objects at the same time. This update addresses an issue that affects the Unified Write Filter (UWF). When you turn it off by using a call to Windows Management Instrumentation (WMI), your device might stop responding. This update addresses an issue that affects the Resilient File System (ReFS). A stop error prevents the OS from starting up correctly. This update addresses an issue that affects MySQL commands. The commands fail on Windows Xenon containers. This update addresses an issue that affects SMB Direct. Endpoints might not be available on systems that use multi-byte character sets. This update addresses an issue that affects apps that use DirectX on older Intel graphics drivers. You might receive an error from apphelp.dll. This update addresses an issue that affects the legacy Local Administrator Password Solution (LAPS) and the new Windows LAPS feature. They fail to manage the configured local account password. This occurs when you install the legacy LAPS .msi file after you have installed the April 11, 2023, Windows update on machines that have a legacy LAPS policy.
That said, there are also some known issues with this release. You can read all about the open (and fixed) known issues in our separate post: Windows 11 Known Issues After considering both the improvements as well as the known issues in these updates, if you still feel like upgrading to this build, continue reading to learn how.
Download and Install KB5026372 & KB5026368
You can install these updates on a Windows 11 PC through Windows Update as well as a standalone installer. Download and install Windows 11, or check if your system meets the minimum hardware requirements for Windows 11.
Download KB5026372 Offline Installers
To download the KB5026372 MSU offline installer for Windows 11 22H2, click on the respective link below: Download Windows 11 KB5026372 for x64-based systems [275.0 MB] Download Windows 11 KB5026372 for ARM-based systems [388.6 MB]
Download KB5026368 Offline Installers
To download the KB5026368 MSU offline installer for Windows 11 21H2, click on the respective link below: Download Windows 11 KB5026368 for x64-based systems [336.5 MB] Download Windows 11 KB5026368 for ARM-based systems [457.3 MB] To install the update, simply run the downloaded MSU file and Windows will automatically install the update. You can also extract the CAB file from the MSU file and install it. To download any other updates related to any of the above, please check the Microsoft Catalog.
Windows Update
Perform the following steps to download and install the Patch Tuesday update on your Windows 11 computer: Once the computer reboots, the update will be successfully installed. To confirm this, check the updated build number by typing in winver in the Run Command box. You will now see one of the following updates downloading and installing automatically, depending on your Windows 11 version: Once installed, click “Restart Now” to finalize the installation.
Rollback/Remove Windows 11 Cumulative Update
If you do not wish to keep the installed update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update. To roll back after 10 days, you will need to apply this trick.
Cleanup After Installing Windows Update
If you want to save space after installing Windows updates, you can run the following commands one after the other in Command Prompt with administrative privileges:
Block KB5026372 or KB5026368 from Installing
Since these are mandatory updates, they will download and install themselves on the schedule. If you want to block them from installing, temporarily or permanently, you can follow the steps below: If you want to unhide or show hidden updates, run the tool again and select Show hidden updates instead of “Hide updates.” The rest of the process is the same. This automatically hides the update from Windows Update and it will not be installed during the next update process.
Final Analysis
Patch Tuesday updates are thoroughly vetted by Microsoft and other Insider users through feedback. Moreover, type C and D updates are also released before Patch Tuesday updates to address any remaining issues. Even so, the final update is not without its problems. If you are a Windows user, then it is always recommended that you install the latest Patch Tuesday releases unless one of the known issues significantly impacts your workflow.
