Microsoft fixes VPN issues in Windows 11 with KB5037771 update, and brings ads to the Start menu

Microsoft has released its monthly patches for Windows 11 in the form of the KB5037771 update. There are lots of fixes in this release including for problems with domain controllers, VPNs, and SMB clients.

There are a number of security fixes, but also more controversial changes -- including ads in the Start menu (or app recommendations as Microsoft calls them). Other changes include improvements to Widgets and Windows Subsystem for Linux 2 (WSL2).

See also:

• Microsoft powers up Windows Terminal with session restoration and experimental scratchpad features
• Microsoft eases its foot off the accelerator for Copilot development in Windows 11
• Microsoft makes the Windows 11 Start Menu expandable with Start Menu Companions

The highlights for the KB5037771 update, as Microsoft sees it, are:

• New! The Recommended section of the Start menu will show some Microsoft Store apps. These apps come from a small set of curated developers. This will help you to discover some of the great apps that are available. If you want to turn this off, go to Settings > Personalization > Start. Turn off the toggle for Show recommendations for tips, app promotions, and more.
• New! In the coming weeks, your most frequently used apps might appear in the Recommended section of the Start menu. This applies to apps that you have not already pinned to the Start menu or the taskbar.
• New! This update improves the Widgets icons on the taskbar. They are no longer pixelated or fuzzy. This update also starts the rollout of a larger set of animated icons.
• New! This update affects Widgets on the lock screen. They are more reliable and have improved quality. This update also supports more visuals and a more customized experience for you.
• This update affects the touch keyboard. It makes the Japanese 106 keyboard layout appear as expected when you sign in.
• This update addresses an issue that affects Settings. It stops responding when you dismiss a flyout menu.

In addition to the various fixes, improvements and changes, the KB5037771 update also introduces a strange problem for which there is currently no fix. Microsoft explains:

After installing this update, you might be unable to change your user account profile picture.

When attempting to change a profile picture by selecting the button Start> Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error message with error code 0x80070520.

The company adds:

We are working on a resolution and will provide an update in an upcoming release.

The full list of changes for the update is as follows:

• This update adds a new mobile device management (MDM) policy called “AllowScreenRecorder.” It affects the Snipping Tool. IT admins can use this policy to turn off screen recording in the app.
• This update adds support for Arm64 .msi files using a Group Policy Object (GPO). You can now use the Group Policy Management Console (GPMC) to add Arm64 .msi files. You can also use a GPO to install these files on Arm64 machines.
• This update addresses an issue that affects the netstat -c command. It fails to perform effective port exhaustion troubleshooting.
• This update addresses an issue that affects a low latency network. The speed of data on the network degrades significantly. This occurs when you turn on timestamps for a Transmission Control Protocol (TCP) connection.
• This update addresses a race condition that might stop a machine from starting up. This occurs when you set up a bootloader to start up multiple OSes.
• This update addresses an issue that affects an accelerator backing store management path. A memory leak occurs that affects some devices.
• This update affects media allocations. It improves their memory granularity for some hardware setups. This lowers overcommitment. Also, performance is more efficient.
• This update affects Windows Subsystem for Linux 2 (WSL2). Intermittent name resolution fails in a split DNS setup.
• This update addresses an issue that affects universal printers. The system creates duplicate print queues for them.
• This update makes Country and Operator Settings Asset (COSA) profiles up to date for some mobile operators.
• This update addresses an issue that affects the container networking Address Resolution Protocol (ARP). It returns the wrong Virtual Subnet ID (VSID) for external ports.
• This update addresses a memory allocation issue in the Host Networking Service (HNS). The issue causes high memory consumption. It also affects service and pod deployment and scaling.
• This update addresses an issue that occurs when you elevate from a normal user to an Administrator to run an application. When you use a PIN to sign in, the app will not run.
• This update affects hypervisor-protected code integrity (HVCI). It accepts drivers that are now compatible.
• This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
• This update addresses an issue that affects Protected Process Light (PPL) protections. You can bypass them.
• This update addresses an issue that affects Bluetooth Advanced Audio Distribution Profile (A2DP) hardware offload. A stop error occurs on PCs that support it.
• This update addresses an issue that affects the Distributed Transaction Coordinator (DTC). A memory leak occurs when it retrieves mappings.
• This update addresses an issue that affects Windows Local Administrator Password Solution (LAPS). Its Post Authentication Actions (PAA) do not occur at the end of the grace period. Instead, they occur at restart.
• This update addresses an issue that affects the Resilient File System (ReFS). A high load might make the system unresponsive. Also, signing in might be slow.

You can download the KB5037771 update via Windows Update or from the Microsoft Update Catalog.

Image credit: vadimrysev / depositphotos