KB5025230: LAPS, Defender and much more

Improvements

• This security update contains quality improvements. When you install this KB:
• New. This update adds many new features and enhancements to Microsoft Defender for Endpoint. For more information, see Microsoft Defender for Endpoint.
• New. This update implements the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature. For more information, see By popular demand: Windows LAPS now available!
• This update fixes an issue that affects inbound Component Object Model (COM) activations. They fail. The error code is 0x80010111. This occurs when the client protocol version is lower than 5.7.
• This update fixes an issue that affects Microsoft PowerPoint. It no longer works on Azure Virtual Desktop (AVD). This occurs when you use Visual Basic for Applications (VBA).
• This update fixes an issue that affects Windows Search. Windows Search fails inside Windows container images.
• This update affects the Arab Republic of Egypt. This update supports the government-mandated daylight saving time change for the year 2023.
• This update fixes an issue that affects the Key Distribution Center (KDC) service. When the service is stopped on a local computer, logon fails on all local Kerberos systems. The error is STATUS_NETLOGON_NOT_STARTED.
• This update fixes an issue that affects the Windows Remote Management (WinRM) client. The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service.
• This update fixes an issue that affects the Desired State Configuration. The previously configured options are lost. This occurs when metaconfig.mof is not present.
• This update fixes compatibility issues that affect some printers. These printers use Windows Graphical Device Interface (GDI) printer drivers. These drivers do not fully adhere to the GDI specifications.
• This update fixes a stack overflow condition that causes a device to stop working. This occurs when you call xxxDestroyWindow() in kernel mode.
• This update fixes a rare issue that can cause an input target to be null. This problem can occur when you try to convert a physical point to a logical point during the hit test. Because of this, the computer issues a stop error.
• This update fixes an issue that affects certain processors that have firmware Trusted Platform Modules (TPM). You cannot use Autopilot to set them up.
• This update fixes an issue that affects the Fast Identity Online 2.0 (FIDO2) PIN credentials icon. It does not display on the credentials screen of an external monitor. This occurs when that monitor is connected to a closed laptop.
• This update fixes an issue that affects a Clustered Shared Volume (CSV). The CSV cannot be brought online. This occurs if you enable BitLocker and locally managed CSV protections and the system has recently rotated the BitLocker keys.
• This update fixes an issue that affects Windows Server 2022 domain controllers. They no longer work. This occurs when they process Lightweight Directory Access Protocol (LDAP) requests.
• The update fixes an issue that affects administrator account lockout policies. GPResult and Resultant Set of Policy did not report this.
• The update fixes an issue that affects MySQL commands. The commands fail on Windows Xenon containers.
• The update fixes an issue that affects Windows Server failover clustering. When you configure a cloud witness, both sites think that the other site is down. This is a "split-brain" scenario.

Open issues

• After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are vSphere ESXi 7.0.x and below.