Microsoft Windows 11 23H2 Update Version OS Build 22631.7079

Views
5

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

KB5087420 for Windows 11 version 23H2 (OS Build 22631.7079) delivers security fixes, quality improvements, and Secure Boot rollout changes. It also includes a Remote Desktop warning dialog fix and a known BitLocker recovery-key issue on some managed devices. Reference IDs: KB5027397, KB5082052, KB5086307.

Update Details

Security

  • Addresses security issues in Windows operating system updates.
  • Secure Boot: expands high-confidence device targeting for automatic delivery of new Secure Boot certificates and adds a C:\Windows\SecureBoot folder with deployment scripts on eligible devices.
  • Microsoft Defender SmartScreen now sends file hashes for unsigned files to improve application reputation checks.

Bug Fixes

  • Fixes a Remote Desktop Connection security warning dialog rendering issue in multi-monitor setups with different scaling after KB5082052.
  • Updates Country and Operator Settings Asset (COSA) profiles for certain mobile operators.
  • Supports the 2023 daylight saving time change for Egypt.
  • Enterprise State Roaming can now be managed through Windows Backup for Organizations policies.

New Features

  • Adds a new C:\Windows\SecureBoot folder on eligible devices with sample scripts for Secure Boot certificate status detection and automated deployment.
  • Enables Enterprise State Roaming management through Windows Backup for Organizations policies.

Known Issues

  • Some devices with an unrecommended BitLocker Group Policy configuration may prompt for the BitLocker recovery key on the first restart after installing this update.
  • The BitLocker issue affects a limited set of managed systems where PCR7 is explicitly included, Secure Boot State PCR7 Binding is "Not Possible", and the device is eligible for the 2023-signed Windows Boot Manager.

Hints

  • Use EKB KB5027397 to update to Windows 11, version 23H2.
  • Microsoft recommends auditing BitLocker Group Policy settings for explicit PCR7 inclusion before installing this update.
  • For affected BitLocker devices, Microsoft recommends setting the policy to Not Configured, running gpupdate /force, then suspending and re-enabling BitLocker protectors.
  • A permanent fix for the BitLocker recovery-key issue is planned in a future Windows update.
  • The update is cumulative and includes fixes from KB5082052.
  • The servicing stack update included is KB5086307 (22621.6937).
Product Information

Vendor: Microsoft

Product: Windows 11

Version: OS Build 22631.7079

Release date: May 12, 2026

View All Updates