Share via

Windows 11, version 23H2 known issues and notifications

  • Article

Find information on known issues and the status of the Windows 11, version 23H2 rollout. For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X (formerly Twitter) for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.

The Windows release health site is always evolving. Take our short survey and let us know how we can improve.

Current status as of July 17, 2024
 
Windows 11, version 23H2, also known as the Windows 11 2023 Update, is now broadly available to all users with eligible devices who Check for updates. In addition to annual updates, devices running version 23H2 receive new features and enhancements more frequently using servicing technology.
 
Eligible Windows 11 Home and Pro devices that are not managed by IT departments will be automatically updated to version 23H2 when they reach, or approach, end of servicing.
 
If you have an eligible Windows 10 Home or Pro consumer device, you can easily update to version Windows 11, version 23H2. Open Settings > Windows Update and select Check for updates. If the update is available for your device, you will see the option to Download and install. For more details, watch this video.
  
NOTE: Timing of feature delivery and availability varies by market and device.

Known issues

See open issues, content updated in the last 30 days, and information on safeguard holds. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge).

SummaryOriginating updateStatusLast updated
August 2024 security update might impact Linux boot in dual-boot setup devices
This issue might impact devices with dual-boot setup for Windows and Linux when SBAT setting is applied
OS Build 22621.4037
KB5041585
2024-08-13		Mitigated
2024-08-23
15:09 PT
Devices might boot into BitLocker recovery with the July 2024 security update
This issue is more likely to affect devices that have the Device Encryption option enabled
OS Build 22621.3880
KB5040442
2024-07-09		Resolved
KB5041585		2024-08-13
13:31 PT
CrowdStrike issue impacting Windows endpoints causing an error message
Affected systems might restart repeatedly and require recovery operations in order to restore normal use.
N/A

Resolved External
2024-08-05
16:07 PT

Issue details

August 2024

August 2024 security update might impact Linux boot in dual-boot setup devices

StatusOriginating updateHistory
MitigatedOS Build 22621.4037
KB5041585
2024-08-13		Last updated: 2024-08-23, 15:09 PT
Opened: 2024-08-21, 18:33 PT

After installing the August 2024 Windows security update, released August 13, 2024 (KB5041585), you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”

The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.

Workaround:

Scenario 1: Before applying the August 2024 Windows update

If you’re dual booting Linux and Windows and you haven’t finalized the installation of the August 2024 Windows update with a reboot yet, you will be able to use the below opt-out registry key. This registry prevents the SBAT update from being applied as part of the August 2024 Windows update and future Windows updates, preventing this issue from happening. Later on, you will be able to delete the registry key if you want to install future SBAT updates.

Important: This documentation contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows.

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD

Scenario 2: After applying the August 2024 Windows update

If your Linux becomes unbootable after installing the August 13, 2024, or later updates, you can recover your Linux system by following these instructions.

Important: Modifying firmware settings incorrectly might prevent your device from starting correctly. Follow these instructions carefully and only proceed if you are confident in your ability to do so.

        a) Disable Secure Boot:

  • ​Boot into your device’s firmware settings.
  • ​Disable Secure Boot (steps vary by manufacturer).
        b) Delete SBAT Update:

  • ​Boot into Linux.
  • ​Open the terminal and run the below command:
sudo mokutil --set-sbat-policy delete
  • ​Enter your root password if prompted.
  • ​Boot into Linux once more.
        c) Verify SBAT Revocations:

  • ​In the terminal, run the below command:
mokutil --list-sbat-revocations
  • ​Ensure the list shows no revocations.
        d) Re-enable Secure Boot:

  • ​Reboot into the firmware settings.
  • ​Re-enable Secure Boot.
        e) Check Secure Boot Status:

  • ​Boot into Linux. Run the below command:
 mokutil --sb-state
  • ​The output should be “SecureBoot enabled”. If not, retry the step 4.
        f) Prevent Future SBAT Updates in Windows:

  • ​Boot into Windows.
  • ​Open Command Prompt as Administrator and run:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD

At this point, you should now be able to boot into Linux or Windows as before. It’s a good time to install any pending Linux updates to ensure your system is secure.

Next steps: We are investigating the issue with our Linux partners and will provide an update when more information is available.

Affected platforms:

  • ​Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise 2015 LTSB
  • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

July 2024

Devices might boot into BitLocker recovery with the July 2024 security update

StatusOriginating updateHistory
Resolved KB5041585OS Build 22621.3880
KB5040442
2024-07-09		Resolved: 2024-08-13, 10:00 PT
Opened: 2024-07-23, 13:57 PT

After installing the July 2024 Windows security update, released July 9, 2024 (KB5040442), you might see a BitLocker recovery screen upon booting your device. This screen does not commonly appear after a Windows update. You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security -> Device encryption. Resulting from this issue, you might be prompted to enter the recovery key from your Microsoft account to unlock your drive.

Resolution: This issue was resolved by Windows updates released August 13, 2024 (KB5041585), and later. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.

If you install an update released August 13, 2024 (KB5041585) or later, you do not need to use a workaround for this issue. If you are using an update released before August 13, 2024, and have this issue, your device should proceed to start up normally from the BitLocker recovery screen once the recovery key has been entered. You can retrieve the recovery key by logging into the BitLocker recovery screen portal with your Microsoft account. Detailed steps for finding the recovery key are listed here: Finding your BitLocker recovery key in Windows.

Affected platforms:

  • ​Client: Windows 11 version 23H2, Windows 11 version 22H2, Windows 11 version 21H2, Windows 10 version 22H2, Windows 10 version 21H2, Windows 10 Enterprise 2015 LTSB
  • ​Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008

CrowdStrike issue impacting Windows endpoints causing an error message

StatusOriginating updateHistory
Resolved ExternalN/A

Last updated: 2024-08-05, 16:07 PT
Opened: 2024-07-19, 07:30 PT

Microsoft has identified an issue impacting Windows endpoints which are running the CrowdStrike Falcon agent, developed by CrowdStrike Holdings. Following updates released and delivered by CrowdStrike on July 18, 2024, devices running the Falcon agent may encounter an error message on a blue screen and experience a continual restarting state.

Affected systems might restart repeatedly and require recovery operations in order to restore normal use.

Updated July 25, 2024: Microsoft released further guidance on Windows resiliency: Best practices and the path forward. Read more about how we are working in close cooperation to improve resiliency across the Windows ecosystem and explore best practices you can use to support resiliency in your organization.

Updated July 22, 2024: Microsoft has released a third mitigation option for this issue impacting Windows clients and servers. If devices are unable to recover with the two previous options mentioned below, IT admins can use PXE to remediate. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints for detailed instructions on prerequisites and configurations to use PXE Recovery.

Updated July 21, 2024: As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. Based on customer feedback, this new release includes a new option for recovery using safe boot, the option to generate ISO or USB, a fix for ADK detection when the Windows Driver Kit is installed, and a fix for the USB disk size check. See the revised New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints for detailed instructions on using the signed Microsoft Recovery Tool.

Updated July 20, 2024: Microsoft has released KB5042426, which contains step-by-step guidance for Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent and encountering a 0x50 or 0x7E error message on a blue screen. We will continue to work with CrowdStrike to provide the most up-to-date information available on this issue. 

A new USB Recovery Tool is available to help IT admins expedite the repair process. The new tool can be found in the Microsoft Download Center. Read more about the new recovery tool and usage instructions at New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints.

Updated July 19, 2024: A new Knowledge Base article, KB5042421, with additional step-by-step guidance for Windows 11 and Windows 10 clients is now available. We will continue to work with CrowdStrike to provide up-to-date mitigation information as it becomes available.

To mitigate this issue ahead of additional resolution options, you can follow these steps:

  1. ​Start Windows into Safe Mode or the Windows Recovery Environment.
  2. ​Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. ​Locate the file matching “C-00000291*.sys” and delete it.
  4. ​Restart the device.
  5. ​Recovery of systems requires a Bitlocker key in some cases.

For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status.

Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - CrowdStrike Blog.

Affected platforms:

  • ​Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019
  • ​Server: Windows Server 2022; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Report a problem with Windows updates

To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.

Need help with Windows updates?

Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.

For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.

View this site in your language

This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.