Microsoft releases KB5025239 update for Windows 11, adding new Windows Local Administrator Password Solution (LAPS), security fixes and more

Microsoft has released the cumulative KB5025239 update for Windows 11 22H2, bringing with it not only security and bug fixes, but also general improvements and new features.

Among the highlights are the addition of the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature. This update also adds new notifications about Microsoft account to the Start menu, improves Microsoft Defender for Endpoint, and provides easy access to the Bing chat experience in Microsoft Edge via the taskbar.

See also:

• Microsoft is changing the function of the Print Screen key in Windows 11
• Microsoft is making it easier to terminate unresponsive apps in Windows 11 with new End Task option
• Microsoft bows to feedback and reverses Quick Access Toolbar changes in Office

There are lots of security fixes in this update, and this is why it is a mandatory one. Microsoft also points out that it addresses a compatibility issue that occurs because of unsupported use of the registry.

But for the Windows-maker it is the fact that this update implements the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature that is the main highlight.

Explaining just what LAPS is, Microsoft says: "You might already be familiar with the existing Microsoft security product known as Local Administrator Password Solution (LAPS). LAPS has been available on the Microsoft Download Center for many years. It is used to manage the password of a specified local administrator account by regularly rotating the password and backing it up to Active Directory (AD). LAPS has proven itself to be an essential and robust building block for AD enterprise security on premises. We'll affectionally refer to this older LAPS product as 'Legacy LAPS'".

Continuing its explanation, the company says:

The LAPS scenario in Azure AD, now part of Microsoft Entra, will shift from private to public preview later this quarter. Windows LAPS is a huge improvement in virtually every area beyond Legacy LAPS. Let's talk about some of the exciting new capabilities that are included in this new Windows LAPS feature based on your feedback!

The full changelog for the update is as follows:

• New! This update introduces notifications for Microsoft accounts in the Start menu. This is only available to a small audience right now. It will deploy more broadly in the coming months. Some devices might notice different visual treatments as we gather feedback. See the example below.
• New! The search box on the taskbar will be lighter when you set Windows to a custom color mode. This will occur when you set the Windows mode to dark and the app mode to light in Settings > Personalization > Colors.
• This update addresses an issue that affects the Notepad combo box in Settings. It fails to show all the available options.
• This update addresses an issue that affects Microsoft PowerPoint. It stops responding. This occurs when you use accessibility tools.
• This update addresses an issue that affects Microsoft Narrator. It fails to read items in dropdown lists in Microsoft Excel.
• This update addresses an issue that affects USB printers. The system classifies them as multimedia devices even though they are not.
• New! This update adds many new features and improvements to Microsoft Defender for Endpoint. For more information, see Microsoft Defender for Endpoint.
• New! Once you have access to the new Bing, the search box on the taskbar might include a button that opens the Bing chat experience in Microsoft Edge. If you don’t have access, the search box on the taskbar will feature a dynamic search highlight button.
• This update addresses an issue that affects complexity policy settings for PINs. They are ignored.
• This update addresses an issue that affects the Fast Identity Online 2.0 (FIDO2) PIN credential icon. It does not appear on the credentials screen of an external monitor. This occurs when that monitor is attached to a closed laptop.
• This update addresses an issue that affects a Clustered Shared Volume (CSV). The CSV fails to come online. This occurs if you enable BitLocker and local CSV managed protectors, and the system recently rotated the BitLocker keys.
• This update addresses an issue that affects Active Directory Users & Computers. It stops responding. This occurs when you use TaskPad view to enable or disable many objects at the same time.
• The update addresses an issue that affects the Remote Procedure Call Service (rpcss.exe). The issue might cause a race condition between the Distributed Component Object Model (DCOM) and the Microsoft Remote Procedure Call (RPC) endpoint mapper.
• This update addresses an issue that affects Microsoft PowerPoint. It stops responding on the Azure Virtual Desktop (AVD). This occurs when you use Visual Basic for Applications (VBA).
• This update addresses an issue that affects Windows Search. Windows Search fails inside of Windows container images.
• This update affects the Group Policy Editor. It adds Transport Layer Security (TLS) 1.3 to the list of protocols that you can set.
• This update affects the Arab Republic of Egypt. The update supports the government’s daylight saving time change order for 2023.
• This update affects jscript9Legacy.dll. It adds ITracker and ITrackingService to stop MHTML from not responding.
• This update addresses an issue that affects the Microsoft HTML Application Host (HTA). This issue blocks code execution that uses Microsoft HTA. This occurs when you turn on Windows Defender Application Control (WDAC) User Mode Code Integrity (UMCI) enforced mode.
• This update affects the Group Policy Management Console. It addresses a scripting error in the Group Policy Preferences window.
• This update addresses an issue that affects the Windows Remote Management (WinRM) client. The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service.
• This update addresses an issue that affects Desired State Configuration. It loses its previously configured options. This occurs if metaconfig.mof is missing.
• This update addresses an issue that affects the Dynamic Host Configuration Protocol (DHCP) option 119 - Domain Search Option. The issue stops you from using a connection-specific DNS Suffix Search List.
• This update addresses a rare issue that might cause an input destination to be null. This issue might occur when you attempt to convert a physical point to a logical point during hit testing. Because of this, the computer raises a stop error.
• This update addresses an issue that affects the Simple Certificate Enrollment Protocol (SCEP) certificate. The system reports some SCEP certificate installations as failed. Instead, the system should report them as pending.
• This update addresses an issue that affects the new Windows Runtime (WinRT) API. This issue stops an application from querying for location information using MBIM2.0+.
• This update addresses a known issue that affects kiosk device profiles. If you have enabled automatic logon, it might not work. After Autopilot completes provisioning, these devices stay on the credential screen. This issue occurs after you install updates dated January 10, 2023, and later.
• This update affects Xbox Elite users who have the Xbox Adaptive Controller. This update applies your controller remapping preferences on the desktop.
• This update addresses an issue that might affect your audio. It might cause glitching or screeching. This occurs when the system is under a heavy load or wakes from sleep.
• This update addresses an issue that stops WDAC from parsing fields from binaries.
• This update addresses an issue that might affect Win32 and Universal Windows Platform (UWP) apps. They might close when devices enter Modern Standby. Modern Standby is an expansion of the Connected Standby power model. This issue occurs if certain Bluetooth PhoneLink features are turned on.

As KB5025239 is a mandatory update, it will be installed automatically for most people. It is also possible to install it manually via Windows Update, or to download it directly from the Microsoft Update Catalog.

Image credit: diy[email protected] / depositphotos