Home » Windows Updates » Download KB5014668 Offline Installer, Windows 11

Download KB5014668 Offline Installer, Windows 11

The optional update KB5014668 is out for Windows 11. Here is the link to download KB5014668 offline installer for Windows 11.

Out of the blue, Microsoft released a new update called KB5014668 for all Windows 11 users. Previously, it was only available for Windows 11 Insiders. Unlike the previous cumulative update, this is an optional update. This means the update won’t be installed automatically. Instead, you must go to the Windows update page and click the “Download & Install” button. Only then is the update installed in Windows 11.

This update contains a few new features along with the regular fixes and improvements. These new features are the Search Highlights, IP address auditing for incoming Windows Remote Management via Even Viewer, Adds Server Message Block (SMB) redirector, add support to TLS (Trasport Layer Security) 1.3 to Windows client and server Lightweight Directory Access Protocol implementation, and the ability to configure SMB client and SMB server cipher suite order using PowerShell.

As I said earlier, this optional update contains some important fixes and improvements. These fixes and enhancements include but are not limited to Japanese system locale, Windows Sandbox startup screen, cloud clipboard service, issues with XAudio API with playing certain games, problems with Windows 11 upgrade, and more. You can find the full changelog below.

Download KB5014668 offline installer

The KB5014697 update is available as an offline installer via the Microsoft Update Catalog website.

Go to this webpage, find your Windows 11 version, and click the “Download” button next. Another window or tab will open. Click the available link, and the offline installer is downloaded to your computer. After downloading, double-click on the installer and follow the wizard to install KB5014697. Remember that the update will only install if it is supported. Also, it might download additional updates or dependencies if required.

KB5014668 changelog

  • Adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection.

  • Adds Server Message Block (SMB) redirector (RDR) specific public File System Control (FSCTL) code FSCTL_LMR_QUERY_INFO.

  • Makes the SMB client and SMB server cipher suite order configurable using PowerShell.

  • Search highlights will present notable and interesting moments of what’s special about each day—like holidays, anniversaries, and other educational moments in time both globally and in your region. To see search highlights, click or tap on the search icon on your taskbar.

    For enterprise customers, search highlights will also feature the latest updates from your organization and suggest people, files, and more.

    Search highlights will roll out to Windows 11 customers over the next several weeks. We are taking a phased and measured approach. Broad availability will occur in the coming months. For group configuration information, see Group configuration: search highlights in Windows.

  • Adds support for Transport Layer Security (TLS) 1.3 in Windows client and server Lightweight Directory Access Protocol (LDAP) implementations.

  • Addresses a race condition issue that might cause an upgrade to Windows 11 (original release) to fail.

  • Addresses an issue that displays Japanese characters incorrectly in PowerShell.

  • Addresses an issue that affects the Cloud Clipboard service and prevents syncing between machines after a period of inactivity.

  • Addresses an issue that fails to hide the Windows Sandbox startup screen after Sandbox starts to run .

  • Addresses an issue that causes a device that has a Japanese system locale to stop working when you disable end-user-defined characters (EUDCs).

  • Enables the InternetExplorerModeEnableSavePageAs Group Policy. For more information, see Microsoft Edge Browser Policy Documentation.

  • Provides the ability to use a network proxy during Universal Print operations.

  • Addresses an issue that might cause playback of consecutive video clips to fail in games that use DirectX 12 (DX12).

  • Addresses an issue that causes certain games to stop working if they use the XAudio API to play sound effects.

  • Addresses an issue that affects some certificates chains to Root Certification Authorities that are members of the Microsoft Root Certification Program. For these certificates, the certificate chain status can be, “This certificate was revoked by its certification authority”.

  • Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection.

  • Addresses an issue that causes a domain controller to incorrectly write Key Distribution Center (KDC) event 21 in the System event log. This occurs when the KDC successfully processes a Kerberos Public Key Cryptography for Initial Authentication (PKINIT) authentication request with a self-signed certificate for key trust scenarios (Windows Hello for Business and Device Authentication).

  • Addresses an issue that prevents Bluetooth from reconnecting to some audio devices after you restart the devices.

  • Addresses an issue that occurs when the Active Directory Lightweight Directory Service (AD LDS) resets the password for userProxy objects. When you try to reset someone else’s password and you are authenticated using a simple bind, the password reset fails. The error is like, “00000005: SvcErr: DSID-03380C23, problem 5003 (WILL_NOT_PERFORM), data 0”.

  • Addresses an issue that causes Microsoft NTLM authentication using an external trust to fail. This issue occurs when a domain controller that contains the January 11, 2022 or later Windows update services the authentication request, is not in a root domain, and does not hold the Global Catalog role. The affected operations might log the following errors:

    • The security database has not been started.

    • The domain was in the wrong state to perform the security operation.


  • Addresses an issue that causes the LocalUsersAndGroups configuration service provider (CSP) policy to fail when you modify the built-in Administrators group. This issue occurs if the local Administrator account isn’t specified in the membership list when you perform a replace operation.

  • Addresses an issue in which malformed XML inputs might cause an error in DeviceEnroller.exe. This prevents CSPs from being delivered to the device until you restart the device or correct the XML.

  • Addresses an issue that might cause Windows 11 (original release) to stop working when you install an application and there is no network connectivity.

  • Updates the Start menu to display Windows PowerShell when you right-click (Win + X) the Start button after you have uninstalled Windows Terminal.

  • Changes the name of the Your Phone app to Phone Link on the Settings page.

  • Addresses an issue that causes the Microsoft Surface Dial customization settings page to stop working.

  • Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.

That is it.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top