Sage Advice Hub

Welcome to the Microsoft Windows January 2024 security updates overview. It is the first Patch Day of the year for Microsoft. The company has addressed a total of 48 unique vulnerabilities in Microsoft products and 5 unique vulnerabilities in non-Microsoft products.

Our overview provides system administrators and home users with actionable information about the released security updates. It includes an Excel spreadsheet with a list of updates, information about affected products, known issues, and lists of other security updates that Microsoft released for its products.

You also find resource links, including download links, and instructions to download and install the patches on Windows devices.

Check out the December 2023 Security update overview here.

Note: if you are getting error 0x80070643 when installing the update.

Microsoft Windows Security Updates: January 2024

Here is a link to an Excel spreadsheet that lists information about the released security updates on the January 2024 Microsoft Patch Day. Follow this link to download an archive file that contains the spreadsheet:  Windows security updates January 2024

Executive Summary

• All Windows client and server versions are affected by at least 1 critical issue, most are affected by 2 critical issues.
• Windows clients with issues are: Windows 10 version 1809, Windows 10 version 21H2 and 22H2, Windows 11 version 21H2, 22H2 and 23H2
• Windows Server clients: Windows Server 2008 and 2008 R2, Windows Server 2019

Product overview

Each supported version of Windows and their critical vulnerabilities are listed below.

• Windows 10 version 22H2: 34 vulnerabilities, 2 critical and 32 important.
  • Windows Kerberos Security Feature Bypass Vulnerability -- CVE-2024-20674
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2024-20700
• Windows 11 version 22H2:  35 vulnerabilities, 2 critical and 33 important
  • same as Windows 10 version 22H2
• Windows 11 version 23H2:  35 vulnerabilities, 2 critical and 33 important
  • same as Windows 10 version 22H2

Windows Server products

• Windows Server 2008 R2 (extended support only): 19 vulnerabilities: 1 critical and 18 important
  • Windows Kerberos Security Feature Bypass Vulnerability -- CVE-2024-20674
• Windows Server 2012 R2 (extended support only):  vulnerabilities:  critical and  important
  • No information
• Windows Server 2016: 26 vulnerabilities: 1 critical and 25 important
  • same as Windows Server 2008 R2
• Windows Server 2019: 33 vulnerabilities: 2 critical and 31 important
  • same as Windows Server 2008 R2, plus
  • Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2024-20700
•  Windows Server 2022: 36 vulnerabilities: 2 critical and 34 important.
  • same as Windows Server 2019

Windows Security Updates

Windows 10 version 22H2

• Support Page: KB5034122 

Updates and improvements:

• Fixes an issue that caused the device to shut down after 60 seconds after using a smart card to authenticate on a remote system.
• The update addresses an issue that affects the display of a smart card icon. It does not appear when signing in.
• Security updates.

Windows 11 version 22H2 and 23H2

• Support Page: KB5034123 

Updates and improvements:

• Fixes an issue that caused the device to shut down after 60 seconds after using a smart card to authenticate on a remote system.
• The update addresses an issue that affects the display of a smart card icon. It does not appear when signing in.
• The update addresses a Wi-Fi adapter issue that may cause them to not connect to some networks.

Security updates

2024-01 Security Update for Windows 11 (KB5034440)

2024-01 Security Update for Microsoft server operating system, version 22H2 for x64-based Systems (KB5034439)

2024-01 Security Update for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5034441)

2024-01 Cumulative Security Update for Internet Explorer Windows Server 2012 R2, Windows Server 2012, Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5034120)

2024-01 Security Only Quality Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034167)

2024-01 Security Monthly Quality Rollup for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034169)

2024-01 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB5034171)

2024-01 Security Monthly Quality Rollup for Windows Server 2008 (KB5034173)

2024-01 Security Only Quality Update for Windows Server 2008 (KB5034176)

2024-01 Security Monthly Quality Rollup for Windows Server 2012 (KB5034184)

2024-01 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5034119)

2024-01 Dynamic Cumulative Update for Windows 11 (KB5034121)

2024-01 Dynamic Cumulative Update for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5034122)

2024-01 Cumulative Update for Windows 10 Version 1809 (KB5034127)

2024-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5034129)

2024-01 Cumulative Update for Windows 10 Version 1507 (KB5034134)

2024-01 Servicing Stack Update for Windows Server 2012 R2 for x64-based Systems (KB5034587)

2024-01 Servicing Stack Update for Windows Server 2012 for x64-based Systems (KB5034588)

Microsoft .NET

2024-01 Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 for x64 (KB5033897)

2024-01 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 (KB5033898)

2024-01 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5033899)

2024-01 Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 for x64 (KB5033900)

2024-01 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB5033905)

2024-01 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 for x64 (KB5033906)

2024-01 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5033907)

2024-01 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 for x64 (KB5033913)

2024-01 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 R2 for x64 (KB5033915)

2024-01 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5033916)

2024-01 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 (KB5033945)

2024-01 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5033946)

2024-01 Security Only Update for .NET Framework 4.6.2 for Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5033947)

2024-01 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5033948)

2024-01 Security Only Update for .NET Framework 3.5 SP1 for Windows Server 2008 (KB5033952)

2024-01 Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2008 (KB5034008)

2024-01 Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034269)

2024-01 Security Only Update for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 (KB5034270)

2024-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5034277)

2024-01 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5034278)

2024-01 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5034279)

2024-01 Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 (KB5034280)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5033904)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5033909)

2024-01 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5033910)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5033911)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5033912)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5033914)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 (KB5033917)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5033918)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5033919)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5033920)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5033922)

2024-01 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5034272)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5034273)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 (KB5034274)

2024-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 (KB5034275)

2024-01 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5034276)

Non-Security updates

2024-01 Dynamic Update for Windows 10 Version 1607 (KB5034230)

Known Issues

Windows 10 version 22H2

Description: Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment.

Workaround: Set "Enforce drive encryption type on operating system drives" or "Enforce drive encryption on fixed drives" policies in Microsoft Intune.

(OLD) Description: Desktop icons may be moved around unexpectedly between monitors when using Copilot on more than one monitor. Users may also experience "other alignment issues" according to Microsoft.

Workaround: none. Microsoft may disable Copilot on multimonitor devices.

(OLD) Description: Copilot in Windows is not supported if the taskbar is located vertically on the right or left side of the screen.

Workaround: align the taskbar horizontally, either at the top or bottom of the screen.

(OLD) Description: Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment.

Workaround: this is a reporting issue only according to Microsoft. Microsoft suggests to set the "Enforce drive encryption type on operating system drives" or the "Enforce drive encryption on fixed drives" policies to not configured as a workaround.

Windows 11 version 22H2 and 23H2

(OLD) Description: Users who use multiple monitors on their Windows devices may notice that desktop icons move around unexpectedly. They may, for instance, move between monitors.

Workaround: Microsoft "may" have disabled Windows Copilot on multi-monitor devices until a solution is found.

(OLD) Description: The color font format COLRv1 does not render properly. It is used to display emoji with a 3D-like appearance.

Workaround: none at the time. Microsoft is working on a solution.

(OLD) Description: Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment.

Workaround: this is a reporting issue only according to Microsoft. Microsoft suggests to set the "Enforce drive encryption type on operating system drives" or the "Enforce drive encryption on fixed drives" policies to not configured as a workaround.

Security advisories and updates

• ADV 990001 -- Latest Servicing Stack Updates

Microsoft Office Updates

You find Office update information here.

How to download and install the January 2024 security updates

All security updates get downloaded and installed automatically on non-managed Windows systems by default. It may take some time before these are installed and you may speed up the process. This is recommended in some cases, including when security issues are exploited in the wild already or when non-security updates address major bugs.

Tip: create a backup before you install updates

To update using Windows Update, use the following guide:

1. Select Start, type Windows Update and load the Windows Update item that is displayed.
2. Select check for updates to run a manual check for updates.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 10 version 22H2

• KB5034122 -- 2024-1 Cumulative Update for Windows 10 Version 21H2

Windows 11 version 22H2

• KB5034123 -- 2024-1 Cumulative Update for Windows 11 version 22H2

Windows 11 version 23H2

• KB5034123 -- 2024-1 Cumulative Update for Windows 11 version 23H2

Additional resources

• January 2024 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 11 Update History
• Windows 10 Update History