Microsoft has released the KB5051974 cumulative update for Windows 10 22H2 and Windows 10 21H2, which installs the new Outlook for Windows app and fixes a memory leak bug. This update is mandatory, containing security updates for January 2025.
Details on KB5051974 update
Windows users can install this update by navigating to Settings, then clicking on Windows Update, and performing a ‘Check for Updates.’ As this update is mandatory, it will automatically install once users check for updates. Users can schedule a restart time to complete the installation.
After installation, Windows 10 22H2 will update to build 19045.5487, and Windows 10 21H2 will update to build 19044.5487. Users can also manually download and install the KB5051974 update from the Microsoft Update Catalog.
What’s new in the update
The KB5051974 update includes numerous bug fixes. It addresses the Capture Service and Snipping Tool, which stopped responding when the Windows logo key+Shift+S was pressed multiple times with Narrator on. This update contains eleven fixes or changes, including:
- [Mail] New!: The new Outlook for Windows app is introduced, appearing as a new app icon in the Apps section near classic Outlook, with no changes to settings or defaults.
- [Screen capture] Fixed: The Capture Service and Snipping Tool become unresponsive under specific conditions.
- [Chinese Pinyin IME] Fixed: Bing will cease giving automatic suggestions in the search box for search engines like Baidu.
- [Digital/Analog converter (DAC)] Fixed: Issues with USB audio devices are resolved, particularly for USB 1.0-based DAC audio drivers.
- [USB audio device drivers] Fixed: The code 10 error message, indicating “This device cannot start,” when connecting to certain external audio management devices is fixed.
- [USB cameras] Fixed: Devices will now recognize the camera is on after installing the January 2025 security update.
- [Virtual memory] Fixed: Resolved issues that depleted virtual memory potentially causing some apps to fail.
Three known issues persist, all introduced in prior updates. Users may experience issues with OpenSSH connections not functioning post-update due to the SSHD service not starting automatically. Manual intervention is needed to start the SSHD service.
Another issue occurs if the Citrix Session Recording Agent (SRA) version 2411 is installed; Windows updates may fail. The workaround involves stopping the Session Recording Monitoring service, installing the security update, and re-enabling the service.
Additionally, Windows EventViewer may inaccurately show an Event 7023 error regarding SgrmBroker.exe, which Microsoft states serves no functional purpose and will be addressed in future updates.
Security updates
The update also includes at least 55 documented software defect patches in Windows OS and applications. Notably, two vulnerabilities are under active exploitation:
- CVE-2025-21391: This Windows Storage Elevation of Privilege vulnerability allows attackers to delete targeted files, posing significant risks of disruption and service outages.
- CVE-2025-21418: This flaw in the Windows Ancillary Function Driver for WinSock could provide SYSTEM privileges to attackers.
Microsoft emphasizes the urgency of addressing both vulnerabilities, alongside CVE-2025-21376, which is a remote code execution vulnerability in the Windows Lightweight Directory Access Protocol (LDAP). This vulnerability allows remote attackers to execute code by sending crafted requests.
Additional security measures are necessary for Microsoft Excel regarding CVE-2025-21387, which can be exploited through the Preview Pane without user interaction. Multiple patches are required to address this vulnerability comprehensively.
The latest release includes 57 new CVEs in various components, including Windows, Office, Azure, and others. Three critical patches were released alongside 53 marked as important and one as moderate in severity. Two of the vulnerabilities are publicly known, while two are under active attack.
Featured image credit: Tadas Sar/Unsplash
