KB5034766

• This update addresses security issues for your Windows operating system.     

• This update addresses an issue that affects remote direct memory access (RDMA) performance counters. They do not return networking data on VMs in the right way.

• This update addresses an issue that affects fontdrvhost.exe. It stops responding when you use Compact Font Format version 2 (CFF2) fonts.

• This update addresses a memory leak in ctfmon.exe.

• This update addresses a memory leak in TextInputHost.exe.

• This update affects Unified Extensible Firmware Interface (UEFI) Secure Boot systems. It adds a renewed signing certificate to the Secure Boot DB variable. You can now opt for this change. For more details, see KB5036210.

• This update addresses an issue that affects the download of device metadata. Downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS are now more secure.

• This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.

• This update addresses an issue that affects Windows Defender Application Control (WDAC). Its “allow” policies might block some binaries from running.

• This update addresses an issue that affects the Certificate Authority snap-in. You cannot select the "Delta CRL" option. This stops you from using the GUI to publish Delta CRLs.

• This update changes a setting in Active Directory Users & Computers. By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.