Download KB5016691 Offline Installer, Windows 11

The optional update KB5016691 is now available for Windows 11. Here are the links to download KB5016691 offline installer.

It’s not Patch Tuesday, but Microsoft released a new update called KB5016691 for all Windows 11 users. Add to that; this new update is optional. However, the update has already been released and tested by Windows Insiders for a couple of weeks.

Since this is an optional update, KB5016691 won’t be installed automatically. You must go to the Settings app and click the “Download & Install” button. This is an entirely opposite behavior to the regular cumulative updates that install automatically.

KB5016691 update

As always, the KB5016691 update is filled with several important fixes and improvements. The significant improvements and fixes include but are not limited to printer malfunction while USB printing, Windows 11 SE trust issues from Microsoft Store, problems with Bluetooth audio headsets, Microsoft Edge browser, automatic high dynamic rage, BitLocker, HyperVisor, and more.

In addition to the regular fixes and improvements, this update also introduces the ability to add languages and related features remotely to IT admins, enhanced Microsoft Defender for Endpoint, and file compression regardless of its size if the SMB (Server Message Block) compression is turned on.

Table of contents:

Download KB5016691 offline installer

The KB5016691 update is available as an offline installer via the Microsoft Update Catalog website.

Go to this webpage, find your Windows 11 version, and click the “Download” button next. Another window or tab will open. Click the available link, and the offline installer is downloaded to your computer. After downloading, double-click on the installer and follow the wizard to install KB5016691. Remember that the update will only install if it is supported. Also, it might download additional updates or dependencies if required.

KB5016691 changelog

  • Gives IT admins the ability to remotely add languages and language-related features. Additionally, they can now manage language scenarios across several endpoint managers. 

  • Compresses a file regardless of its size if you have configured Server Message Block (SMB) Compression.

  • Enhances Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks.

  • Addresses an issue that causes ServerAssignedConfigurations to be null in a few full configuration scenarios.

  • Addresses an issue that affects the automatic high dynamic range (Auto HDR) feature for cross-adapter resource scan-out (CASO)-capable GPU drivers.

  • Addresses a known issue that causes Microsoft Edge to stop responding when you use IE mode. This issue also prevents you from interacting with a dialog.

  • Addresses an issue that prevents virtualized App-V Microsoft Office applications from opening or causes them to stop working.

  • Addresses an issue that might cause the deployment of the Windows Hello for Business certificate to fail in certain circumstances after you reset a device.

  • Addresses multiple issues related to USB printing such as:

    • A printer malfunctions after you restart or reinstall it

    • Being in the wrong mode after you switch from an Internet Printing Protocol (IPP) Class Driver to an independent hardware vendor (IHV) driver

    • Experiencing bidirectional communication issues that prevent you from accessing device features

  • Addresses an issue that affects the ProjectionManager.StartProjectingAsync API. This issue stops some locales from connecting to Miracast Sinks.

  • Addresses an issue that degrades BitLocker performance.

  • Addresses an issue that prevents Windows 11 SE from trusting some Microsoft Store applications.

  • Addresses an issue that prevents HyperVisor Code Integrity from being enabled automatically on systems that have Arm64 processors.

  • Addresses an issue that stops non-Windows devices from authenticating. This issue occurs when they connect to a Windows-based remote desktop and use a smart card to authenticate.

  • Addresses an issue that causes the Resultant Set of Policy tool (Rsop.msc) to stop working when it processes 1,000 or more “File System” security settings.

  • Addresses an issue that causes the Take a Test app to remove all policies related to lockdown enforcement when you close the app.

  • Addresses an issue that causes the Settings app to stop working on server domain controllers (DCs) when accessing the Privacy > Activity history page.

  • Addresses an issue that might cause certain Bluetooth audio headsets to stop playing after a progress bar adjustment. This issue affects modern systems that support Advanced Audio Distribution Profile (A2DP) offload.

  • Addresses an issue that prevents devices from receiving an offer from Windows Update for the same extension driver when that extension driver is already installed without the base driver.

  • Addresses a race condition that causes the Local Security Authority Subsystem Service (LSASS) to stop working on Active Directory domain controllers. This issue occurs when LSASS processes simultaneous Lightweight Directory Access Protocol (LDAP) over Transport Layer Security (TLS) requests that fail to decrypt. The exception code is 0xc0000409 (STATUS_STACK_BUFFER_OVERRUN).

  • Addresses an issue that affects a lookup for a nonexistent security ID (SID) from the local domain using read-only domain controller (RODC). The lookup unexpectedly returns the STATUS_TRUSTED_DOMAIN_FAILURE error instead of STATUS_NONE_MAPPED or STATUS_SOME_MAPPED.

  • Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. This issue affects devices that have installed Windows updates dated June 14, 2022 or later. This issue occurs when the device performs a specific form of service for user (S4U) in a non-Trusted Computing Base (TCB) Windows service that runs as Network Service.

That is it.

Scroll to Top