The first Windows security updates of 2024 are here
Welcome to the Microsoft Windows January 2024 security updates overview. It is the first Patch Day of the year for Microsoft. The company has addressed a total of 48 unique vulnerabilities in Microsoft products and 5 unique vulnerabilities in non-Microsoft products.
Our overview provides system administrators and home users with actionable information about the released security updates. It includes an Excel spreadsheet with a list of updates, information about affected products, known issues, and lists of other security updates that Microsoft released for its products.
You also find resource links, including download links, and instructions to download and install the patches on Windows devices.
Check out the December 2023 Security update overview here.
Note: if you are getting error 0x80070643 when installing the update.
Microsoft Windows Security Updates: January 2024
Here is a link to an Excel spreadsheet that lists information about the released security updates on the January 2024 Microsoft Patch Day. Follow this link to download an archive file that contains the spreadsheet: Windows security updates January 2024
Executive Summary
- All Windows client and server versions are affected by at least 1 critical issue, most are affected by 2 critical issues.
- Windows clients with issues are: Windows 10 version 1809, Windows 10 version 21H2 and 22H2, Windows 11 version 21H2, 22H2 and 23H2
- Windows Server clients: Windows Server 2008 and 2008 R2, Windows Server 2019
Product overview
Each supported version of Windows and their critical vulnerabilities are listed below.
- Windows 10 version 22H2: 34 vulnerabilities, 2 critical and 32 important.
- Windows Kerberos Security Feature Bypass Vulnerability -- CVE-2024-20674
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2024-20700
- Windows 11 version 22H2: 35 vulnerabilities, 2 critical and 33 important
- same as Windows 10 version 22H2
- Windows 11 version 23H2: 35 vulnerabilities, 2 critical and 33 important
- same as Windows 10 version 22H2
Windows Server products
- Windows Server 2008 R2 (extended support only): 19 vulnerabilities: 1 critical and 18 important
- Windows Kerberos Security Feature Bypass Vulnerability -- CVE-2024-20674
- Windows Server 2012 R2 (extended support only): vulnerabilities: critical and important
- No information
- Windows Server 2016: 26 vulnerabilities: 1 critical and 25 important
- same as Windows Server 2008 R2
- Windows Server 2019: 33 vulnerabilities: 2 critical and 31 important
- same as Windows Server 2008 R2, plus
- Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2024-20700
- Windows Server 2022: 36 vulnerabilities: 2 critical and 34 important.
- same as Windows Server 2019
Windows Security Updates
Windows 10 version 22H2
- Support Page: KB5034122
Updates and improvements:
- Fixes an issue that caused the device to shut down after 60 seconds after using a smart card to authenticate on a remote system.
- The update addresses an issue that affects the display of a smart card icon. It does not appear when signing in.
- Security updates.
Windows 11 version 22H2 and 23H2
- Support Page: KB5034123
Updates and improvements:
- Fixes an issue that caused the device to shut down after 60 seconds after using a smart card to authenticate on a remote system.
- The update addresses an issue that affects the display of a smart card icon. It does not appear when signing in.
- The update addresses a Wi-Fi adapter issue that may cause them to not connect to some networks.
Security updates
2024-01 Security Update for Windows 11 (KB5034440)
2024-01 Security Update for Microsoft server operating system, version 22H2 for x64-based Systems (KB5034439)
2024-01 Security Update for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5034441)
2024-01 Cumulative Security Update for Internet Explorer Windows Server 2012 R2, Windows Server 2012, Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5034120)
2024-01 Security Only Quality Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034167)
2024-01 Security Monthly Quality Rollup for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034169)
2024-01 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB5034171)
2024-01 Security Monthly Quality Rollup for Windows Server 2008 (KB5034173)
2024-01 Security Only Quality Update for Windows Server 2008 (KB5034176)
2024-01 Security Monthly Quality Rollup for Windows Server 2012 (KB5034184)
2024-01 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5034119)
2024-01 Dynamic Cumulative Update for Windows 11 (KB5034121)
2024-01 Dynamic Cumulative Update for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5034122)
2024-01 Cumulative Update for Windows 10 Version 1809 (KB5034127)
2024-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5034129)
2024-01 Cumulative Update for Windows 10 Version 1507 (KB5034134)
2024-01 Servicing Stack Update for Windows Server 2012 R2 for x64-based Systems (KB5034587)
2024-01 Servicing Stack Update for Windows Server 2012 for x64-based Systems (KB5034588)
Microsoft .NET
2024-01 Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 for x64 (KB5033897)
2024-01 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 (KB5033898)
2024-01 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5033899)
2024-01 Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 for x64 (KB5033900)
2024-01 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB5033905)
2024-01 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 for x64 (KB5033906)
2024-01 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5033907)
2024-01 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 for x64 (KB5033913)
2024-01 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 R2 for x64 (KB5033915)
2024-01 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5033916)
2024-01 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 (KB5033945)
2024-01 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5033946)
2024-01 Security Only Update for .NET Framework 4.6.2 for Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5033947)
2024-01 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5033948)
2024-01 Security Only Update for .NET Framework 3.5 SP1 for Windows Server 2008 (KB5033952)
2024-01 Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2008 (KB5034008)
2024-01 Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034269)
2024-01 Security Only Update for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 (KB5034270)
2024-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034277)
2024-01 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5034278)
2024-01 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5034279)
2024-01 Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 (KB5034280)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5033904)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5033909)
2024-01 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5033910)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5033911)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5033912)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5033914)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 (KB5033917)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5033918)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5033919)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5033920)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5033922)
2024-01 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5034272)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5034273)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 (KB5034274)
2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 (KB5034275)
2024-01 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5034276)
Non-Security updates
2024-01 Dynamic Update for Windows 10 Version 1607 (KB5034230)
Known Issues
Windows 10 version 22H2
Description: Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment.
Workaround: Set "Enforce drive encryption type on operating system drives" or "Enforce drive encryption on fixed drives" policies in Microsoft Intune.
(OLD) Description: Desktop icons may be moved around unexpectedly between monitors when using Copilot on more than one monitor. Users may also experience "other alignment issues" according to Microsoft.
Workaround: none. Microsoft may disable Copilot on multimonitor devices.
(OLD) Description: Copilot in Windows is not supported if the taskbar is located vertically on the right or left side of the screen.
Workaround: align the taskbar horizontally, either at the top or bottom of the screen.
(OLD) Description: Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment.
Workaround: this is a reporting issue only according to Microsoft. Microsoft suggests to set the "Enforce drive encryption type on operating system drives" or the "Enforce drive encryption on fixed drives" policies to not configured as a workaround.
Windows 11 version 22H2 and 23H2
(OLD) Description: Users who use multiple monitors on their Windows devices may notice that desktop icons move around unexpectedly. They may, for instance, move between monitors.
Workaround: Microsoft "may" have disabled Windows Copilot on multi-monitor devices until a solution is found.
(OLD) Description: The color font format COLRv1 does not render properly. It is used to display emoji with a 3D-like appearance.
Workaround: none at the time. Microsoft is working on a solution.
(OLD) Description: Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment.
Workaround: this is a reporting issue only according to Microsoft. Microsoft suggests to set the "Enforce drive encryption type on operating system drives" or the "Enforce drive encryption on fixed drives" policies to not configured as a workaround.
Security advisories and updates
- ADV 990001 -- Latest Servicing Stack Updates
Microsoft Office Updates
You find Office update information here.
How to download and install the January 2024 security updates
All security updates get downloaded and installed automatically on non-managed Windows systems by default. It may take some time before these are installed and you may speed up the process. This is recommended in some cases, including when security issues are exploited in the wild already or when non-security updates address major bugs.
Tip: create a backup before you install updates
To update using Windows Update, use the following guide:
- Select Start, type Windows Update and load the Windows Update item that is displayed.
- Select check for updates to run a manual check for updates.
Direct update downloads
Below are resource pages with direct download links, if you prefer to download the updates to install them manually.
Windows 10 version 22H2
- KB5034122 -- 2024-1 Cumulative Update for Windows 10 Version 21H2
Windows 11 version 22H2
- KB5034123 -- 2024-1 Cumulative Update for Windows 11 version 22H2
- KB5034123 -- 2024-1 Cumulative Update for Windows 11 version 23H2
Additional resources
- January 2024 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 11 Update History
- Windows 10 Update History
Bit late in the day, but I just read the blurb for KB5034123 and note the come Feb 27 this year, 22H2 will, quote: “Only cumulative monthly security updates will continue for the supported editions of Windows 11, version 22H2”. Whoopeeee! No more bloatware crap coming my way!
I have found the .Net KB5033920 crashes.. locks the update process (if any other updates- security or otherwise are also downloading/installing) on the 3 laptops that have tried it – with an error code of 0x800F0841. Fix?
Power off .. and then restart and await an ‘ Ooops there was a problem message- uninstalling all updates’
And
then try again, all other updates (Security/Windows etc) will download/install properly … no problem
Sometime in the last 2 weeks something happened that now prevents me from using Windows’ OpenSSH to access a Subversion repository using SSH keys from either of my Windows 10 machines. I suspect the cause is these updates, but when I uninstall them the SSH problem remains, so I can’t be sure. A colleague who uses Ubuntu Linux to access the same repository hasn’t been affected.
Microsoft is THE BEST, I don’t know what y’all complaining about! They have the best Western and Indian Engineers working on this AAAAA-class OS – you don’t know how privileged you folks are!
This newest update was forced on me while I was using my computer. This update has been stuck in “restarting” mode for 2 hours now. how long does this update take to complete?
This newest update was forced on me while I was using my computer. This update has been stuck in “restarting” mode for 2 hours now. how long does this update take to complete?
It seems to me that Windows’ updates are more often a problem than whatever it is they are supposedly trying too protect you from.
This problem is not exclusive of W10, W11 has the same issue (0x80070643).
Windows 7 updates reached 2024.
It looks like OS will outlive win 10.
Yep. Same here. Runs like a charm.
I copied and pasted KB5034441 and did a search and the solution is to
manually resize the recovery partition
https://support.microsoft.com/help/5028997
2024-01 Security Update for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5034441)
I’ve tried every fix known for the last 6 hours. Nothing works! I would suggest waiting for MicroSuck to come out with a fix instead of pulling your hair out like me. Now I’m bald and don’t have a fix. Don’t be like me!
KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024:
IMPORTANT
Some computers might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. In this case, you will receive the following error message:
Windows Recovery Environment servicing failed.
(CBS_E_INSUFFICIENT_DISK_SPACE)
To help you recover from this failure, please follow Instructions to manually resize your partition to install the WinRE update.
Known issue Because of an issue in the error code handling routine, you might receive the following error message instead of the expected error message when there is insufficient disk space:
0x80070643 – ERROR_INSTALL_FAILURE
https://support.microsoft.com/en-us/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8
Same problem (0x80070643) here, what a complete W11 disaster! :[
KB5034441 failure is caused by the recovery partition being too small. I bet this update will be pulled.
Installing “2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)” throws an error.
“Error Encountered There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)”
According to a Microsoft document, users need to manually resize a partition to install the WinRE update.
https://support.microsoft.com/en-gb/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8
Reading through the instructions they give to do this – are Microsoft taking the piss? I have no idea what planet they’re on if they’re expecting users to follow those instructions. I think perhaps wait a bit to see if Microsoft give a more realistic solution.
I have 3 desktops and 2 laptops all throwing the same error. I read their solution and I think they are flming high as kites if they expect end users to do this!
2024-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5034129)
Server 2022
Causes Chrome to crash, v 120.0.6099.217
Same problem with KB5034129 for windows 2022.
Same exact problem and error message (Jan. 9, 2024) on multiple Windows 10 Pro machines. Even after reboots and Windows Update rescan. Same error every time. Presumably Microsoft will fix this sometime later today.
Same exact problem and error message (Jan. 9, 2024) on multiple Windows 10 Pro machines. Even after reboots and Windows Update rescan. Same error every time. Presumably Microsoft will fix this sometime later today.
Microsoft has not fixed it. I am still getting the error message today, 1/21/24. However, subsequent updates seem to install OK.
Same issue:
2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)
There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)
Two of my three systems got error 0x80070643 on “2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems KB5034441”
Both systems are Windows 10 Pro machines which DON’T use Bitlocker encryption. (The system which updated correctly runs Windows 10 Home Edition).
The problem seems consistent with the “Important” note at https://support.microsoft.com/en-us/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8 but I’ll be damned if I resize partitions to accommodate an improperly tested patch.
Instead, I ‘hid’ the offending update:
(1) Download the executable file “wushowhide.diagcab” by clicking this link:
http://download.microsoft.com/download/F/2/2/F22D5FDB-59CD-4275-8C95-1BE17BF70B21/wushowhide.diagcab
(2) Execute the file (by doubleclicking from an Admin account) either to (a) hide an outstanding Microsoft update or (b) see if any updates are hidden (and optionally unhide them).
Anyone else gets a problem downloading and installing KB5034439?
Yes, it fails with the error Failed to install on 13/01/2024 (0x80070643)
Yes. It fails because the WinRE partition is too small for the update to fit.
Microsoft provided some instructions, but they involve modifying the partitions (shrink, delete, create, format).
Tuesday, 2024-01-08
I did an update today with the 2024-01 security update for Windows 10 version 22H2 for x64-based systems (KB5034441).
And after a few moments, I got the message:
There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)
I have tried to fix this with:
By typing cmd and then pressing Ctrl + Shift + Enter in succession to open the command prompt as an administrator. Again, type sfc /scan now at the prompt and press Enter.
This did not work.
Suggest how to fix this?
2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)
There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)