KB5034766

This update addresses security issues for your Windows operating system.     

This update addresses an issue that affects remote direct memory access (RDMA) performance counters. They do not return networking data on VMs in the right way.

This update addresses an issue that affects fontdrvhost.exe. It stops responding when you use Compact Font Format version 2 (CFF2) fonts.

This update addresses a memory leak in ctfmon.exe.

This update addresses a memory leak in TextInputHost.exe.

This update affects Unified Extensible Firmware Interface (UEFI) Secure Boot systems. It adds a renewed signing certificate to the Secure Boot DB variable. You can now opt for this change. For more details, see KB5036210.

This update addresses an issue that affects the download of device metadata. Downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS are now more secure.

This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.

This update addresses an issue that affects Windows Defender Application Control (WDAC). Its “allow” policies might block some binaries from running.

This update addresses an issue that affects the Certificate Authority snap-in. You cannot select the "Delta CRL" option. This stops you from using the GUI to publish Delta CRLs.

This update changes a setting in Active Directory Users & Computers. By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.