As you’d expect, Microsoft released new cumulative updates for both Windows 11 v21H2 and v22H2. As always, here are the direct links to download KB5025298 & KB5025305 offline installers. Both updates contain the same fixes, improvements, and new features. It’s that Microsoft uses separate KB IDs for different versions. A similar update is also released for Windows 10 users as KB5025297.
This update contains a new feature for both v21H2 and v22H2 users. After installing this update, you will see a new option in the Windows Firewall settings that allows you to configure application group rules. This allows you to set firewall rules for a group of applications. If you are wondering, it is very similar to setting security control rules for specific user groups.
Other than that, there are a wide range of fixes and improvements. These include but are not limited to updates to LSASS (Local Security Authority Subsystem Service) process, Edge IE mode, Windows Remote Management client, changes to daylight savings in some countries, updates to provisioning packages, fix issues in Windows Defender Application Control, Active Directory, SMB direct, and many more.
As you can guess, this update is pretty busy with many fixes and improvements. However, this is an optional update. That means you have to install it manually from the Windows Update settings page. It won’t be installed automatically like the regular mandatory cumulative update. To install the KB5025298 or KB5025305 update, go to the Settings > Windows Update page, click on the Check for updates button, and then click Download & Install when you see the update.
Alternatively, use the links below to download KB5025298 & KB5025305 offline installers. You can install the update like any other software once you download the offline installer.
Download KB5025298 & KB5025305 Offline Installers
The offline installers for KB5025298 & KB5025305 updates are available from the Microsoft Update Catalog website.
Use the links below to go to the webpage and click the “Download” button next to your Windows version. Another window or tab will open. Click the available link, and the offline installer will be downloaded to your computer. After downloading, double-click the installer and follow the on-screen instructions. Keep in mind that the update will only be installed if supported. It may also download further updates or dependencies if necessary.
Download KB5025298 (for Windows 11 v21H2) — https://www.catalog.update.microsoft.com/Search.aspx?q=KB5025298
Download KB5025305 (for Windows 11 v22H2) — https://www.catalog.update.microsoft.com/Search.aspx?q=KB5025305
KB5025298 & KB5025305 changelog
- New! This update changes firewall settings. You can now configure application group rules.
- This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022.This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS) process. It might stop responding. Because of this, the machine restarts. The error is 0xc0000005 (STATUS_ACCESS_VIOLATION).
- This update addresses an issue that affects Edge IE mode. The Tab Window Manager stops responding.
- This update addresses an issue that affects the Windows Remote Management (WinRM) client. The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service.
- This update addresses a rare issue that might cause an input destination to be null. This issue might occur when you attempt to convert a physical point to a logical point during hit testing. Because of this, the computer raises a stop error.
- This update addresses an issue that affects protected content. When you minimize a window that has protected content, the content displays when it should not. This occurs when you are using Taskbar Thumbnail Live Preview.
- This update addresses an issue that affects provisioning packages. They fail to apply in certain circumstances when elevation is required.
- This update addresses an issue that affects mobile device management (MDM) customers. The issue stops you from printing. This occurs because of an exception.
- This update addresses an issue that affects signed Windows Defender Application Control (WDAC) policies. They are not applied to the Secure Kernel. This occurs when you enable Secure Boot.
- This update addresses an issue that affects the Windows Defender Application Control. The policy that blocks software using a hash rule might not stop the software from running.
- This update addresses an issue that occurs when you use a PIN to sign in to Windows Hello for Business. Signing in to Remote Desktop Services might fail. The error message is, “The request is not supported”.
- This update makes improvements to the performance of the search box.
- This update addresses an issue that affects Administrator Account Lockout policies. GPResult and Resultant Set of Policy did not report them.
- This update addresses an issue that affects Active Directory Users & Computers. It stops responding. This occurs when you use TaskPad view to enable or disable many objects at the same time.
- This update addresses an issue that affects the Unified Write Filter (UWF). When you turn it off by using a call to Windows Management Instrumentation (WMI), your device might stop responding.
- This update addresses an issue that affects the Resilient File System (ReFS). A stop error prevents the OS from starting up correctly.
- This update addresses an issue that affects MySQL commands. The commands fail on Windows Xenon containers.
- This update addresses an issue that affects SMB Direct. Endpoints might not be available on systems that use multi-byte character sets.
- This update addresses an issue that affects apps that use DirectX on older Intel graphics drivers. You might receive an error from apphelp.dll.
That is all.