Microsoft has released the mandatory Windows 11 23H2 KB5043076 cumulative update to fix security vulnerabilities and make 19 improvements.

KB5043076 is a mandatory Windows 11 cumulative update containing the September 2024 Patch Tuesday security updates that fix 79 vulnerabilities and four actively exploited zero-days.

Windows 11 users can install today’s update by going to Start > Settings > Windows Update and clicking on ‘Check for Updates.’

Windows 11 users can also manually download and install the update from the Microsoft Update Catalog.

What’s new in the Windows 11 KB5043076

Today’s Windows 11 KB5043076 update contains nineteen fixes and changes, including numerous bugs in File Explorer.

The highlighted fixes and new features in this update are:

• [Windows Installer] When it repairs an application, the User Account Control (UAC) does not prompt for your credentials. After you install this update, the UAC will prompt for them. Because of this, you must update your automation scripts. Application owners must add the Shield icon. It indicates that the process requires full administrator access. To turn off the UAC prompt, set the HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsInstallerDisableLUAInRepair registry value to 1. The changes in this update might affect automatic Windows Installer repairs; see Application Resiliency: Unlock the Hidden Features of Windows Installer.

• [Widgets Board] We are rolling out an update to the Widgets Board to improve security and the APIs for creating widgets and feeds for users in EEA regions. As part of this update, the Microsoft Start Experiences app will power the Microsoft Start widget and feed experiences. Also, as part of this update, some existing widgets will be removed and others will be modified, temporarily affecting their functionality. This update sets the foundation for new widgets and other features in development, set to roll out soon.

• [Windows Share] New! You can now share content to your Android device from the Windows Share window. To do this, you must pair your Android device to your Windows PC. Use the Link to Windows app on your Android device and Phone Link on your PC.

• [File Explorer]

  • When you press Windows logo key + E, a screen reader might say a pane has focus, or the focus might not be set at all.

  • When you press Ctrl + F, sometimes the search does not start.

  • Keyboard focus sometimes might get lost when you press Shift + Tab.

  • Screen readers do not announce when you open or browse items that are in a breadcrumb of the Open or Save dialog.

  • Screen readers do not announce when you open or browse items in the column header.

• [Narrator] This update makes scan mode respond quicker. This is especially helpful when you use Microsoft Edge and read large documents. To use scan mode, you must turn on Narrator first (Windows logo key + Ctrl + Enter). Then, turn on scan mode by pressing Caps lock + Spacebar during a Narrator session.

• [Battery life] Some GPUs cannot enter the low power state. This leads to high power usage that reduces battery life.

• [FrameShutdownDelay] The browser ignores its value in the “HKLMSOFTWAREMicrosoftInternet ExplorerMain” registry key.

• [Domain Name System (DNS)] A deadlock occurs in the domain controller (DC) when it starts up in the DNS client.

• [OpenSSH] This update adds a prompt that asks you to confirm when you turn on OpenSSH using the Server Manager UI.

• [Unified Write Filter (UWF) and Microsoft System Center Configuration Manager (SCCM)] An SCCM task to re-enable UWF fails because of a deadlock in UWF. This stops the device from restarting when you expect it.

• [vmswitches] They fail to enumerate using Get-VMSwitch command.

After installing today’s KB5043076 update, Windows 11 23H2 will be 22631.4169, and Windows 11 22H2 will change its build number to 22621.4169.

Microsoft is only aware of one issue in Windows 11, which is for dual-boot setups for Windows and Linux. Due to a security update released last month, some users who are dual-booting may receive a  “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” error when booting into Linux.

You can review last month’s Windows 11 KB5041865 preview update bulletin for a complete list of changes in this cumulative update.