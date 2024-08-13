Key Takeaways Patch Tuesday brings security fixes to Windows 11, addressing vulnerabilities and bug fixes for BitLocker and lock screen issues.

Windows 10 also receives security updates, including fixes for BitLocker and lock screen issues seen in Windows 11.

Microsoft acknowledges a profile picture error in both Windows 10 and 11, working on a fix for Windows 10 users.

Well, it's that time of the month again when Microsoft releases a patch for its Windows 10 and 11 systems. Known as "Patch Tuesday," it's usually held on the second Tuesday of every month and features a big update for Microsoft's supported systems. August 2024's Patch Tuesday notes have just dropped, and by the looks of things, this round of updates is a pretty calm one.

Related Files review: A more modern alternative to the Windows 11 File Explorer The Files app is what I want the Windows 11 File Explorer to look like, but it's not quite perfect. It's also limited by Windows in some ways.

Patch Tuesday brings some security fixes for Windows 11

First up, let's take a look at Windows 11's Patch Tuesday. Windows 11 23H2 and 22H2 are getting patch KB5041585, while 21H2 is getting KB5041592. So, what does the patch contain? As it turns out, Microsoft keeps things succinct, with just one highlight:

This update addresses security issues for your Windows operating system.

As for bug fixes, this update comes with a few remedies for some annoying issues:

[Protected Process Light (PPL) protections] You can bypass them. [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks. [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account. [Lock screen] This update addresses CVE-2024-38143. Because of this, the “Use my windows user account” check box is not available on the lock screen to connect to Wi-Fi. [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes. [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image. read more

Unfortunately, if you're running Windows 11 21H2, this update may make it so you can't change your profile picture, choosing instead to throw a 0x80070520 error. Microsoft states that if you encounter this, you should contact support.

Patch Tuesday also introduces security fixes to Windows 10

If you're using Windows 10, Patch Tuesday will bring KB5041580 to versions 22H2 and 21H2. Sure enough, August's patch was pretty quiet for Windows 10 too, as there's just one highlight:

This update addresses security issues for your Windows operating system.

The update also addresses some issues that also saw fixes in Windows 11:

[BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account. [Lock screen] This update addresses CVE-2024-38143. Because of this, the “Use my windows user account” check box is not available on the lock screen to connect to Wi-Fi. [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes. [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image. read more

Microsoft states that the 0x80070520 bug involving changing your profile picture also appears in Windows 10. However, unlike the advice Microsoft gave for Windows 11, the company states that it's working on a fix.

If you want to download the update or check out the notes, here are all the details: