New Update Windows 11 May Patch Tuesday (KB5026372)

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Microsoft has released the May Patch Tuesday update KB5026372 for Windows 11 users. It comes with several highlights and improvements and brings all the updates made available in the KB5025305 released towards the end of April. The release notes below will pull in all the changes from both of these updates.

Highlights​

  • New! This update adds a new toggle control on the Settings > Windows Update page. When you turn it on, we will prioritize your device to get the latest non-security updates and enhancements when they are available for your device. For managed devices, the toggle is disabled by default. For more information, see Get Windows updates as soon as they're available for your device.
  • This update addresses security issues for your Windows operating system.

 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044

Improvements​

This security update includes improvements that were a part of update KB5025305 (released April 25, 2023). When you install this KB:

  • This update affects the Kernel-mode Hardware-enforced Stack Protection security feature. The update adds more drivers to the database of drivers that are not compatible with it. A device uses this database when you enable this security feature in the Windows Security UI and it loads the drivers.
  • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.
May 9, 2023—KB5026372 (OS Build 22621.1702) - Microsoft Support
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Patch Tuesday Arrives, Brings One New Windows 11 Feature
It’s Patch Tuesday, and you know what that means, Week B fans: it’s time for the stable release of the new features Microsoft previewed two weeks ago. Or, in this case, feature, since we’re only getting one new functional update this time.

“This update adds a new toggle control on the Settings > Windows Update page,” Microsoft explains in the release notes for KB5026372. “When you turn it on, we will prioritize your device to get the latest non-security updates and enhancements when they are available for your device. For managed devices, the toggle is disabled by default.”

So, big deal, right? It’s just one new toggle in the Settings app. But here’s the thing. When this feature debuted two weeks ago in preview form, it wasn’t really clear what Microsoft was doing. After all, prioritizing your PC to get the latest non-security updates, fixes, improvements, and enhancements as soon as possible doesn’t sound like a big deal. It’s just another cog in the flywheel that is what Microsoft calls “continuous innovation.”

But as I eventually figured out, that’s not what this is. Instead, Microsoft is using a technology called Controlled Feature Rollout (CFR) to push non-tested new features to mainstream users in Windows 11 stable. It is skipping the Windows Insider Program and using its normal customers as guinea pigs. And it’s secretly been doing so for months: the Search pill that mysteriously started appearing on some Windows 11 PCs last November was an early probe in this campaign.

Now, you may still argue this is no big deal: after all, the toggle is disabled by default for managed devices. And it’s a toggle, so even if it is enabled, you can disable it.

And that’s true. It’s also not the problem.

The problem is that Microsoft is introducing new, untested features into stable when it has a formal process for testing them first in the Windows Insider Program. Rushing something to market may be required in some cases—like a security issue—but there’s no justifiable reason to introduce potentially unstable code into Windows before it’s been broadly tested by the people who agreed to do that testing in the first place. But even those who do opt-in to CFRs via the new toggle aren’t doing that: Microsoft does not explain clearly what that toggle does.

But this is the new world we live in. It’s also just one of several ways in which Microsoft continues to undermine the Windows user experience: this company is also bringing ads to the Start menu and Settings app, for example.
 

SpyNetGirl

Level 3
Jan 30, 2023
96
All of the personal opinions from blog posts aside, there is actually an important thing to pay attention to:

The security measures suggested in the official article:

I've implemented them in the hardening script for automation along with all the extra info:
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Windows 11 KB5026372 fails to install with 80070002, 0x800f081f errors, VPN issues too
Last week, Microsoft released Patch Tuesday updates on Windows 10 (KB5026361), Windows 11 (KB5026372), and Servers. The Windows 11 update (KB5026372), however, is causing various issues on user systems. Many users are reporting that the update itself is failing to install. Typically, affected users are reporting about two error codes accompanying the installation failures. These are 0x800f081f, and 80070002, though a user "Federico Z" on Feedback Hub has also added the "8007054F" error to the list.

The 0x800f081f is apparently a Deployment Image Servicing and Management (DISM) issue and seems to be happening to more people. Over on a thread by Srihan Tiwari on the Microsoft forum, the question has been upvoted by 37 using the "I have the same question" option. Meanwhile, the second most common error seems to be the 80070002 code. 9 people have upvoted this query.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057

Temporary fix for Windows 11 VPN speed issues​

While there is no way to work around this on affected Windows 11 systems until Microsoft provides a fix, Windows admins have reported that uninstalling the problematic updates will address the issue

"To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages," Microsoft says.

However, it's important to note that Redmond bundles all security fixes into a single update and, thus, removing the KB5026372 cumulative update will also remove all fixes for recently patched security vulnerabilities, even though it may also resolve the VPN speed issues.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top