Microsoft has released cumulative updates KB5058411 and KB5058405 for Windows 11 versions 24H2 and 23H2, addressing security vulnerabilities and system stability issues. These updates are part of Microsoft’s monthly Patch Tuesday cycle and include fixes for critical flaws, such as WSUS download failures and Secure Boot conflicts. The updates also introduce minor enhancements, including DST support for Aysen, Chile, and Kerberos authentication improvements.
**TL;DR Summary**
– **Updates Released**: KB5058411 (24H2) and KB5058405 (23H2)
– **Key Fixes**:
– Resolved WSUS download failures (error 0x80240069)
– Patched Kerberos authentication issues with Credential Guard
– Addressed Secure Boot conflicts for Linux dual-boot systems
– **Known Issues**:
– Citrix SRA 2411 conflicts may revert security updates
– RDP disconnections persist for UDP-based connections to older servers
Update Details and Security Patches
The KB5058411 and KB5058405 updates are part of Microsoft’s ongoing effort to address vulnerabilities in Windows 11. These updates include fixes for several security flaws, such as Kerberos authentication issues and IIS vulnerabilities. The patches also resolve a known problem where devices with April 2025 updates failed to download 24H2 via WSUS, displaying error code 0x80240069. This issue was particularly problematic for enterprises relying on WSUS for centralized update management.
Microsoft has also addressed Secure Boot conflicts introduced by the August 2024 update (KB5041585), which caused failures for Linux dual-boot setups. The September 2024 update (KB5043076) removed the conflicting SBAT settings, restoring compatibility for users with dual-boot configurations. Additionally, the updates include a fix for BitLocker recovery screen triggers that were inadvertently activated by earlier updates.
Known Issues and Workarounds
One notable issue involves Citrix Session Recording Agent 2411, which may cause January 2025 security updates to revert on affected systems. Citrix has provided a registry fix (CTX692505) as a temporary workaround. Another persistent problem is RDP disconnections for UDP-based connections to older Windows Server versions, which drop after 65 seconds. Microsoft recommends applying KB5053656 or disabling UDP transport to mitigate this issue.
Users have also reported installation problems, such as corrupted Bluetooth files post-update, which can be resolved using the Deployment Image Servicing and Management (DISM) tool. Community feedback from ElevenForum and NinjaOne highlights varying installation experiences, with some users reporting smooth updates and others encountering integrity violations requiring manual repairs.
Relevance to Security Professionals
These updates are critical for maintaining system security, particularly for enterprises managing large fleets of Windows 11 devices. The fixes for WSUS and Secure Boot conflicts are especially important for organizations relying on these features for update deployment and system integrity. Security teams should prioritize testing and deploying these updates to mitigate potential vulnerabilities.
For incident response teams, the Kerberos and IIS patches are high-priority items, as these components are often targeted in attacks. The Citrix SRA issue also underscores the importance of monitoring third-party software compatibility with Windows updates. Proactive patch management and testing are essential to avoid disruptions.
Conclusion
The KB5058411 and KB5058405 updates deliver essential security fixes and stability improvements for Windows 11. While most issues have been resolved, some known problems persist, requiring manual intervention or workarounds. Organizations should review the update notes and test deployments in staging environments before rolling out to production systems.
For further details, refer to Microsoft’s official support pages and community discussions on ElevenForum. Staying informed about these updates ensures systems remain secure and operational.
References
- “Windows 11 KB5058411 and KB5058405 cumulative updates released,” Microsoft Support, 2025. [Online]. Available: https://support.microsoft.com.
- “Windows 11 Updates & Security (2024–2025),” ElevenForum, 2025. [Online]. Available: https://www.elevenforum.com.
- “UUP Dump for ISO Downloads,” UUP Dump, 2025. [Online]. Available: https://uupdump.net.
- “Windows Update,” Wikipedia, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Windows_Update.
- “KB5053598 Analysis,” NinjaOne, 2025. [Online]. Available: https://www.ninjaone.com/kb-catalog/kb5053598.
