A360
Key Takeaways✦ Atlas AI
01
Microsoft's new Windows 11 update, KB5083631, delivers 34 changes, focusing on bolstering security for batch files, CMD scripts, and Remote Desktop sessions through enhanced Kerberos authentication.
02
The update significantly improves event logging for CVE-2024-30098, now including application names, which is crucial for identifying and updating smart card certificate-dependent applications.
03
New Secure Boot certificates are being deployed to replace expiring ones, with improved targeting data to ensure broader automatic reception, though some Windows Server 2025 devices may require BitLocker recovery post-update.
Atlas AI
Microsoft has released KB5083631, an optional cumulative “preview” update for Windows 11. The non-security update includes 34 changes and is designed to let administrators test quality improvements ahead of the next Patch Tuesday release.
Microsoft says the update also introduces an optional “more secure processing mode” for batch files and CMD scripts. The feature is intended to prevent batch files from being modified while they are running.
Remote Desktop Kerberos fix
Microsoft says KB5083631 improves Kerberos authentication for Remote Desktop sessions that use Remote Credential Guard, addressing error 0xc000009a.
ATLAS SIGNAL│Cybersecurity│High│Now
18d
Microsoft Windows 11 Update Enhances Enterprise Security, Mitigating Global Cyber Risks
Microsoft's latest Windows 11 update (KB5083631) introduces critical security enhancements, including improved Kerberos authentication for Remote Desktop and a more secure processing mode for batch files, alongside a Secure Boot certificate refresh. These updates are crucial for protecting global enterprises from evolving cyber threats and ensuring the integrity of their IT infrastructure, particularly for organizations reliant on Windows environments for remote operations and data management.
1 story
Event logging update tied to CVE-2024-30098
Microsoft says it updated event logging related to CVE-2024-30098 to include the name of the affected application. The company says the change can help administrators identify applications that rely on smart card certificates and may need updates following recent security changes.
Secure Boot certificate refresh
Microsoft says it is rolling out updated Secure Boot certificates to replace the original 2011 certificates, which it says will expire in late June 2026.
The company also says Windows quality updates now include additional high-confidence device-targeting data to increase the number of devices eligible to receive the new certificates automatically as part of a controlled, phased rollout.
Possible BitLocker recovery prompt on Windows Server 2025
Microsoft warns that some Windows Server 2025 devices with an “unrecommended” BitLocker Group Policy configuration may boot into BitLocker recovery after installing the update. In those cases, users may be required to enter the BitLocker recovery key on the first restart after deployment.
