KB5033371 for Windows 10 version 1809

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5033371 is the cumulative update for Windows 10 version 1809. The update was released on 12 December 2023 as part of the ‘December 2023 Patch Day’ initiative of Microsoft.

Salient points

• KB5033371 for Windows 10 version 1809 is a cumulative update that supersedes the KB5032196 update released in November 2023.
• KB5032196 corresponds to Windows 10 build 17763.5122.
• KB5033371 corresponds to Windows 10 build 17763.5206.
• The upgrade from KB5032196 to KB5033371 implies a transition from build 5122 to 5206.
• KB5033371 installer files are available for x86, x64, and ARM64 system architecture.
• KB5005112 is the Servicing Stack Update released in August 2021. It must be already deployed on Windows 10 version 1809 systems before installing KB5033371.
• Servicing Stack Update 17763.5084 corresponds to KB5032196 and KB5033371 for Windows 10 version 1809. It is already built-in the cumulative update. Separate installation of the latest Servicing Stack Update is not needed.
• There has been no Service Stack release for December 2023 for Windows 10 version 1809.
• 15 security vulnerabilities affect Windows 10 version 1809 for x86, x64, and ARM64 systems. 3 of these vulnerabilities have a ‘CRITICAL’ severity level.

Download KB5033371 for Windows 10 version 1809

We discuss the ways to install KB5033371 on Windows 10 version 1809 deployments.

You could use one of the following automated deployment processes for KB5033371 on Windows 10 version 1809:

• Windows Update
• Windows Update for Business
• WSUS or Windows Server Update Services

WSUS remains the most preferred method to roll out Windows cumulative updates.

You can also install KB5033371 on Windows 10 version 1809 in a manual approach. For this, you will need to follow a two-step process.

1. Check if you have KB5005112 Servicing Stack Update installed. If not, download the installer file for KB5005112.
2. Download and install KB5033371 for Windows 10 version 1809 for x86, x64, or ARM64 editions.

We cover the download links for KB5033371 for Windows 10 version 1809 below.

KB5005112 was released in August 2021. So, we expect that this Servicing Stack Update will already be on your system. You could check the Windows Update History on the Windows 10 system to confirm the same.

Once the Servicing Stack Update has been installed, you can proceed with the installation of the main cumulative update KB5033371 on the Windows 10 version 1809 system.

• Download KB5033371 from the Microsoft Update Catalog site for Windows 10 version 1809
• Direct download link for KB5033371 for Windows 10 version 1809 for x86 systems – the size of the update file is 342.7 MB.
• Direct download link for KB5033371 for Windows 10 version 1809 for x64 systems – the size of the update file is 621.6 MB.
• Direct download link for KB5033371 for Windows 10 version 1809 for ARM64 systems – the size of the update file is 662.5 MB.

KB5033371 will cause the Windows 10 version 1809 system to reboot. So, please plan the change as an organized change process.

Vulnerabilities

There are multiple security vulnerabilities affecting Windows 10 x86, x64, and ARM64 platforms. We look at the zero-day threat and the CRITICAL severity threats that affect Windows 10 version 1809 below.

Zero-day vulnerabilities

The following zero-day threat was first reported in August 2023. It has been mitigated in the current Windows Update cycle. Therefore, we suggest immediate deployment of the cumulative update KB5033371 for Windows Server 10 version 1809 for x86 and x64 versions.

CVE details	CVSS	Severity	Impact	Description
CVE-2023-20588	5.5	IMPORTANT	Information Disclosure	A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

CRITICAL vulnerabilities

There are 3 CRITICAL vulnerabilities affecting Windows 10 version 1809 x64, ARM64, and x86 system architecture. All these are the ‘Remote Code Execution’ while the other one is an ‘Elevation of Privilege’ threat. These vulnerabilities are shared below for your ready reference.

CVE details	CVSS	Severity	Impact	Description
CVE-2023-35630	8.8	CRITICAL	Remote Code Execution	This threat impacts the Internet Connection Sharing (ICS). Successful exploitation of this vulnerability requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message. This attack is limited to systems connected to the same network segment as the attacker.
CVE-2023-35628	8.1	CRITICAL	Remote Code Execution	This vulnerability arises on account of Windows MSHTML Platform. The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. This could result in the attacker executing remote code on the victim’s machine.
CVE-2023-35641	8.8	CRITICAL	Remote Code Execution	This threat affects the Internet Connection Sharing (ICS). To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service. This attack is limited to systems connected to the same network segment as the attacker

Known issue – KB5033371 for Windows 10 version 1809

KB5033371 reports the Bitlocker Device Encryption reporting issue. The issue was first reported after the deployment of the October 2023 cumulative update KB5031361. It is essential to note that the issue is a reporting issue only and actual device encryption is not impacted.

Issue Description

Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also be affected.

Mitigation

To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.

Windows 10 version 1809 – KB5033371 Changelog

The following changes are part of the KB5033371 cumulative update for Windows 10 version 1809:

• This update addresses security issues for your Windows operating system. 
• This update changes the English name of the former Republic of Turkey. The new, official name is the Republic of Türkiye.
• This update affects the Netherlands time zone. It adds the recent man-made landmass outside of Rotterdam to the shape files.
• This update affects Microsoft Defender for Endpoint (MDE). It enables Conditional Access (CA) scenarios.

November 2023 Cumulative or Security Updates

• KB5032196 Cumulative Update for Windows Server 2019
• KB5032197 Cumulative Update for Windows Server 2016
• KB5032198 Cumulative Update for Windows Server 2022
• KB5032247 Monthly Rollup Update for Windows Server 2012
• KB5032249 Monthly Rollup for Windows Server 2012 R2
• KB5032190 Windows 11 22H2 and 23H2 Editions
• KB5032192 for Windows 11 21H2 edition
• KB5032189 for Windows 10 21H2 and 22H2 versions
• KB5032196 for Windows 10 version 1809