KB5034121 for Windows 11 21H2 reminds users why they update to newer versions
Support for Windows 11 21H2 ended last year.
3 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Microsoft just released KB5034121 for Windows 11 21H2, and the first Patch Tuesday updates of 2024 for this Windows 11 version remind users why they should update to newer Windows 11 versions, such as 22H2, or 23H2.
Why? Well, while the package comes with important updates for Windows 11 21H2, one of these updates adds another driver file, the DriverSiPolicy.p7b file, to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
Windows users should update their Windows 11 21H2 as soon as possible, as KB503412 will render their devices safe against BYOVD attacks. But while the list of the drivers that are at risk for such attacks might be growing in the following months, users should seriously think about updating their Windows 11 to newer versions.
Another reason why they should do it is that Windows 11 21H2 already reached its end-of-support date, last October, so the operating system might become even more fragile to all kinds of cyberattacks.
For those who decide to stay on this version, though, KB5034121 comes with the following updates:
- This update addresses an issue that affects the ActiveX scroll bar. It does not work in IE mode.
- This update addresses an issue that causes your device to shut down after 60 seconds. This occurs when you use a smart card to authenticate on a remote system.
- This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- This update addresses an issue that affects the display of a smart card icon. The icon does not appear when you sign in. This occurs when there are multiple certificates on the smart card.
KB5034121: Known issues
Fortunately, the KB5034121 package for Windows 11 21H2 only comes with one known issue, which is the following:
| Applies to | Symptom | Workaround |
|---|---|---|
| IT admins | Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also pe affected.Important This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. | To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.We are working on a resolution and will provide an update in an upcoming release. |
It might be possible this version of Windows will get fewer and fewer updates as time goes by. However, updating to newer Windows 11 versions should be easy, but you will need to take into consideration that the end-of-support for Windows 11 22H2, for example, is going to end in October 2024.
So, it might be wise to update directly to Windows 11 23H2, which you can do by following our guide here.
