March 2023 Security updates are now available for all versions of Windows, including Windows 11, 10, 8.1, and 7. Apart from these cumulative updates, Microsoft also releases the latest Windows Server updates for all its versions like 2022, 2019, 2016, 2012 R2, 2012, 2008 SP2, and 2008 R2 SP1. No new NET Frameworks came for either version of Windows, so you need to remain on your earlier framework version.
Several versions of Windows are now stopped providing new security updates. So, we recommend having a look at their release note and deciding whether you would like to continue with them. If you are planning to purchase a new PC, consider checking the minimum system requirements by Windows 11.
March 2023 Security updates for Windows PC
The following security updates came in March 2023 and update all Windows versions to their latest Build updates. We have also included what fixes came with these security updates including known issues (if any), and ways to install them on your respective Windows PC.
1] Windows 11, version 22h2
- OS Build: 22621.1413
- Release Note: KB5023706
- SSU: 22621.1344
Key Highlights:
- Improves the security of the whole operating system.
- Implements phase three of Distributed Component Object Model (DCOM) hardening. To know more about this, see KB5004442. After you install this update, you may no longer turn off the changes by tweaking the registry entries.
- Addresses an issue affecting your user account and Active directory. You may now use a pre-existing computer account to join an Active Directory domain which was earlier failing on the following error code –
"Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: 'An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.'"
To know more on this, see KB5020276.
Direct Download Page for different architectures: Microsoft Update Catalog
Known Issues on it:
- Copying large multiple Gigabyte (GB) files will now take a longer time to complete on Windows 11, version 22h2. The copying issue arises mostly when you are copying files to your device from a network share via Server Message Block (SMB). Individual customers are less likely to face this trouble on their Home or Small Offices PCs.
To improve the copying speed on your computer, you may use either of the following tools –
Robocopy: robocopy \\someserver\someshare c:\somefolder somefile.img /J
XCopy: xcopy \\someserver\someshare c:\somefolder /J
- After you install this update, this affects some third-party UI customization apps. As a result of this, they might not start up or get stuck in a repetitive loop.
To solve this, uninstall all such apps, restart your computer, and then only reinstall them on your PC.
- If you had installed Feb 14, 2023 security update on your computer, you will find some issues with your WSUS. Though the updates download to the WSUS server, they never propagate further to the client devices. This is more likely to happen with the servers which are recently been upgraded from Server 2016 to Windows Server 2019.
As of now, Microsoft and its core team are working on this problem and might provide a resolution in the upcoming weeks.
2] Windows 11, version 21h2
- OS Build: 22000.1696
- Release Note: KB5023698
- SSU: 22000.1630
Key Highlights:
- Addresses security issues for your Windows operating system.
- Implements phase three of Distributed Component Object Model (DCOM) hardening. To know more about this, see KB5004442. After you install this update, you may no longer turn off the changes by tweaking the registry entries.
- Resolves a key issue that affects a computer account and Active directory. You may now use a pre-existing computer account to join an Active Directory domain which was earlier failing on the following error code –
"Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: 'An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.'"
To know more on this, see KB5020276.
- No additional issues were documented for this release.
Direct Download Page for different architectures: Microsoft Update Catalog
3] Windows 10 versions 22h2, 21h2, and 20h2
- Release Note: KB5023696
- Respective OS Build numbers: 19045.2728, 19044.2728, and 19042.2728
- Servicing Stack update: 19045.2664, 19044.2664, and 19042.2664
Note: Microsoft has already ended up providing any further updates to Windows 10 version 21h1. So, if you are still using this version, we suggest upgrading to Windows 10 newer versions like 21h2 or 22h2.
Key Highlights:
- Brings Security updates for all Windows components and Microsoft Services.
- Implements phase three of Distributed Component Object Model (DCOM) hardening on all versions of Windows 10. To know more, see KB5004442. Do note that you can’t turn off the hardening feature by tweaking the registry keys from now onward.
- Resolves a known issue that affects a computer account and Active Directory. Earlier, when you reuse an existing computer account to join an Active Directory domain, joining fails. This happens on devices that are on Windows Cumulative update dated Oct 11, 2022, or later.
- No new bugs or issues are reported in this patch update.
Direct Download Page for different architectures: Microsoft Update Catalog
Note: Windows 10 versions 2104, 1909, and 1903 have already reached their end-of-service statement. If you are still on these versions, we recommend upgrading your device to the latest versions of Windows 10.
4] Windows 10, version 1809
- Release Note: KB5023702
- OS Build: 17763.4131
- Servicing Stack update: 17763.4121
Key Highlights:
- Implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.
- Works and resolves a key issue that affects the registry size and grows very large in size. This problem arises only when the registry entries are not removed even when the users sign out of their active Active Virtual Desktop (AVD) environment that uses FSlogix.
- This update supports the United Mexican States government’s daylight saving time change order for 2023.
- Resolves a key issue that affects the Local Security Authority Subsystem Service (LSASS). Earlier, LSASS was known to stop responding when you run Sysprep on a domain-joined machine.
- Addresses a key issue that is known to affect lsass.exe. After you install this update, the issue wherein it stops responding to a Lightweight Directory Access Protocol (LDAP) query to a domain controller (having a very large LDAP filter) stands resolved.
- Works and resolves a known issue that affects Cluster Name Object of Failover Clustering on Azure virtual machines (VM). With this update, you will not see any issue preventing you from repairing the Cluster Name Object.
- Addresses the “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy:” issue which is known to affect a computer account and Active directory. Previously, using a similar name (existing in the Active directory) is simply blocked by the Security policy. However, you may now reuse an existing computer to join an Active Directory domain, and the joining will not fail.
- Resolves an issue that affects the Routing and Remote Access Service (RRAS). As a result of this, RRAS cannot accept any new incoming virtual private network (VPN) connections.
Known Issue on it:
- After installing KB5001342, the Cluster Service failed to start because a Cluster Network Driver is not found. This bug might appear after this patch update as well.
Direct Download Page for different architectures: Microsoft Update Catalog
Note: Windows 10 versions 1803, 1707, and 1703 have also reached their service-end statements. You better upgrade to the next available version to avoid unwarranted hacks and other problems.
5] Windows 10, version 1607
KB5022838 updates Windows to 1607 to Build 14393.5717
Key Highlights:
- Resolves a key issue that affects the Local Security Authority Subsystem Service (LSASS). Earlier, LSASS was known to stop responding when you run Sysprep on a domain-joined machine.
- Implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.
- Addresses the “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy:” issue which is known to affect a computer account and Active directory. Previously, using a similar name (existing in the Active directory) is simply blocked by the Security policy. However, you may now reuse an existing computer to join an Active Directory domain, and the joining will not fail. To know more about this, see KB5020276.
- This update supports the United Mexican States government’s daylight saving time change order for 2023.
Known Issues on it
Microsoft has not documented any known issue associated with this security patch to Windows 10 1607.
Direct Download Page for different architectures: Microsoft Update Catalog
6] Windows 10 1507 (Initial version)
Key Changes:
Apart from improving the security updates to the whole Operating System and Microsoft Services, this update brings the following changes to your computer –
- Implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.
- Resolves a key issue that affects the Local Security Authority Subsystem Service (LSASS). Earlier, LSASS was known to stop responding when you run Sysprep on a domain-joined machine.
- Addresses the “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy:” issue which is known to affect a computer account and Active directory. Previously, using a similar name (existing in the Active directory) is simply blocked by the Security policy. However, you may now reuse an existing computer to join an Active Directory domain, and the joining will not fail. To know more about this, see KB5020276.
- This update supports the United Mexican States government’s daylight saving time change order for 2023.
- No additional issues were documented for this release.
Direct Download Page for different architectures: Microsoft Update Catalog
7] Windows 8.1 and Windows Server 2012 R2
Windows 8.1 reached the end of support on January 10, 2023. At this point, technical assistance and software updates are no longer provided. If you are running Windows 8.1 on any of your devices, we suggest upgrading to a more current, in-service and supported Windows release.
Note: Since the company won’t be offering an Extended Security Update (ESU) program for Windows 8.1, if you continue to use this version, your device always remains at risk for possible security threats.
Key Changes:
Both Monthly as well as Security update includes the following improvements that are a part of update KB5022899 (Feb-2023) update. After you install this update, the following things will improve on your system –
- Addresses a key issue that occurs after you install July 12, 2022 update on your Windows 8.1 PC. The problem was when you try opening hyperlinks embedded in an Office document (which uses the search-ms protocol) simply fails to work.
- Improves the Local Security Authority Subsystem Service (Lsass.exe) stop-responding issues. This error occurs after System Preparation (Sysprep) is run on a domain-joined device.
- Improves the daylight timings of the United Mexican States. After you install this update, you will not observe daylight saving time in the Year 2023. As per State’s orders, the following changes were requested and hence approved –
- Created a new time zone America/Ciudad_Juarez and mapped it to Mountain Standard Time (Mexico).
- Changed Chihuahua time zone from (UTC -7:00) Mountain Standard Time (Mexico) to (UTC -6:00) Central Standard Time (Mexico).
- Changed Ojinaga time zone from (UTC -7:00) Mountain Standard Time (Mexico) to (UTC -6:00) Central Standard Time (Mexico)
- Updated DST rules for Mountain Standard Time (Mexico) and Central Standard Time (Mexico) to no daylight saving time starting in 2023.
- Implements the final phase of DCOM hardening as described in KB5004442. After you install this update, this phase will remove the ability to disable changes through the registry.
Known issue resolved:
Earlier, when an existing computer account is reused by users to join a computer to an Active Directory domain, the join is unsuccessful. When this happens, you receive the following error message on your PC –
Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.”
According to Microsoft, they have resolved this issue on all versions of Windows including Windows 11, 10, 8.1, and others.
Direct Download Links to KB5023765 & KB5023764
Additional Note: Windows Server 2012 R2 also reached its end-of-support on October 10, 2023. You can’t purchase extending security updates (ESUs) for the 2012 R2 server, however, the same is available for installation post this date. ESUs will continue for three years, renewable on an annual basis, until the final date on October 13, 2026.
8] Windows 7 SP1 and Windows Server 2008 R2
- Monthly Rollup: KB5023769
- Security-Only: KB5023759
- ESU Licensing: KB5016892
- Must install SSU: KB5017397
Note: It is mandatory to reinstall the “Extended Security Updates (ESU) Licensing Preparation Package”, KB5016892 if you want to upgrade to this security patch update.
Key Changes:
- As per the order of the Mexican government in Oct 2022, Microsoft has implemented the following changes to the Windows Operating system. With the new changes, the United Mexican States will not observe daylight saving time (DST) in 2023. The key changes are as follows –
- Created a new time zone America/Ciudad_Juarez and mapped it to Mountain Standard Time (Mexico).
- Changed Chihuahua time zone from (UTC -7:00) Mountain Standard Time (Mexico) to (UTC -6:00) Central Standard Time (Mexico).
- Changed Ojinaga time zone from (UTC -7:00) Mountain Standard Time (Mexico) to (UTC -6:00) Central Standard Time (Mexico)
- Updated DST rules for Mountain Standard Time (Mexico) and Central Standard Time (Mexico) to no daylight saving time starting in 2023.
- Addresses the Local Security Authority Subsystem Service (Lsass.exe) issue in which it stops responding after the System Preparation (Sysprep) is run on a domain-joined device.
- Implements the final phase of DCOM hardening as described in KB5004442. With the recent changes in the final phase, users can’t disable any new features by tweaking the registry entries.
Direct Download Links to KB5023769 & KB5023759
How to Download and Install March 2023 Security updates
To download and install the latest Build OS on your computer, search for March 2023 Security updates via Windows Update. You may follow the below steps to perform this task –
- Launch Settings (Win + I) first.
- Go to Windows Update, and hit Check for updates.
The system will connect to Microsoft servers online and download/install the pending updates on your computer.
Microsoft Windows Server Security updates
If you would like to upgrade your Windows Server, locate and click on your own Server among the below list. Search for the respective Server, and when found, click the Download button. Proceeding this way, you may easily upgrade your Windows Server.
- KB5023705 – March 2023, Cumulative Update for Windows Server 2022.
- KB5023696 – March 2023, Cumulative Update for Windows Server, version 20h2.
- KB5023702 – March 2023, Cumulative Update for Windows Server 2019 or Windows Server version 1809.
- KB5023697 – March 2023, Cumulative Update for Windows Server 2016.
- KB5023765 – March 2023, Monthly Rollup Update for Windows Server 2012 R2.
- KB5023764 – March 2023, Security-only Update for Windows Server 2012 R2.
- KB5023756 – March 2023, Monthly Rollup Update for Windows Server 2012.
- KB5023752 – March 2023, Security-only Update for Windows Server 2012.
- KB5023755 – March 2023, Monthly Rollup Update for Windows Server 2008 SP2.
- KB5023754 – March 2023, Security-only Update for Windows Server 2008 SP2.
- KB5023769 – March 2023, Monthly Rollup Update for Windows Server 2008 R2 SP1.
- KB5023759 – March 2023, Security-only Update for Windows Server 2008 R2 SP1.
How do I install Windows Server Quality updates?
If you would like to upgrade your Windows server, look for your server in the above section. Once you find your Server in the above list, click on the hyperlink. You will be redirected to the Rollup page. Scroll down to the “How to Get this update” section, and click on the Microsoft update catalog link.
Search again for your server update, and when found, hit the Download button. On the subsequent page, click the top link, and the setup file starts downloading for your Windows Server. After the download completes, you may proceed with its installation.
Servicing Stack Updates
With the latest change in Servicing Stack update, you don’t need to separately download and install the SSU update on your Windows 10, versions 1809, and later. For Windows 10, version 1607 or earlier versions, the servicing stacks are provided below –
- KB5023788 – Windows 10 Server 2016
- KB5023790 – Windows Server, 2012 R2
- KB5023791 – Windows Server, 2012
- KB5017397 – Windows Server, 2008 R2 SP1
Microsoft Office updates
- For updates on Office 2016 or Office 2013, visit this site.
.NET Framework Updates
January 2023 .NET Frameworks were released on 19th Jan 2023 and hence are included here.
- KB5022406: Jan 2023, Cumulative Update Preview for .NET Framework 3.5, and 4.8 for Windows 11 for x64.
- KB5022479: Jan 2023, Cumulative Update Preview for .NET Framework 3.5, 4.8, and 4.8.1 for Windows 11 for x64.
- KB5022409: Jan 2023, Cumulative Update Preview for .NET Framework 3.5, and 4.8.1 for Windows 11 for x64.
We will update this section later on with updates coming for February 2022. As of now, only January 2023 .NET Frameworks are available.
Direct Download March 2023 Security updates
To download and install the recent Windows or Windows Server updates on your computer, reach out to the following sites, pick your system architecture, and then hit the Download button.
- KB5023706 – March 2023 Cumulative update for Windows 11, version 22h2
- KB5023698 – March 2023 Cumulative update for Windows 11, version 21h2
- KB5023696 – March 2023 Security updates for Windows 10, versions 22h2 & 21h2
Click on the KB number, provided above, to visit the Microsoft update Catalog page. Clicking the Download button, you will be redirected to a new window. Click the top link and the patch download begins shortly afterward.
That’s it, have a look at these March 2023 Security updates and download/install the respective OS or Server version on your Windows PC.
