KB5032189 has been released as part of the Patch Tuesday updates for November 2023. This KB article applies to Windows 10 22H2, and certain editions of 21H2. Installing KB5032189 will upgrade the operating system’s build to 19044.3693 (21H2) and 19045.3693 (22H2).
If you have already installed October’s optional non-security update KB5031445, all of the new fixes and improvements have already been applied to your system. The new things in KB5032189 are only the security fixtures, which are of great significance, and an additional issue relating to Windows Updates which has been addressed.
This guide provides you with a comprehensive insight into the KB5032189 Windows 10 update and direct download links to download and install it.
KB5032189 release summary
The table below gives a brief summary of the update and the updated OS builds:
| Article KB | OS Version | Release Date | Updated OS Build |
| KB5032189 | Windows 10 22H2 | 14 November 2023 | 19045.3693 |
| KB5032189 | Windows 10 21H2 | 10 November 2023 | 19044.3570 |
KB5032189 changelog
This update includes all the improvements that were introduced in KB5031445, which was released on 26 October 2023 and was a Type D update. Therefore, if you already installed that, KB5032189 will be a small update package.
We have compiled and listed all of the new features and improvements in KB5032189 here for you:
- [New] This update addresses a known issue that affected KB5031356. When installing it, the device displayed progress but failed to finish.
- [Security] This update addresses a plethora of security vulnerabilities, where some have been actively exploited. Also addresses 3 zero-day vulnerabilities, which are:
- CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability
- CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- This update addresses an issue that affects touchscreens. They do not work properly when you use more than one display.
- This update supports daylight saving time (DST) changes in Syria.
- This update addresses a memory leak in ctfmon.exe.
- This update addresses a memory leak in TextInputHost.exe.
- This update addresses an error that occurs when you print using v4 print drivers.
- This update addresses an issue that affects Outlook. It stops responding. This occurs when you print to an Internet Printing Protocol (IPP) printer that has a slow response time.
- This update addresses an issue that affects connectivity. It is lost. This occurs when you add a second network interface card (NIC) that has no default gateway.
- This update makes Country and Operator Settings Asset (COSA) profiles up to date for certain mobile operators.
- This update addresses an issue that affects Windows Defender Application Control (WDAC). Its “allow” policies might block some binaries from running.
- This update addresses an issue that affects robocopy. The
/efsrawswitch stops it from copying data properly.
With these fixes and improvements, Microsoft has also disclosed a known issue.
Known issues
This issue might be a headache for the IT admins who install this update..
If you have configured the FixedDrivesEncryptionType or the SystemDrivesEncryptionType policy to “Enabled” in the BitLocker CSP node in the Mobile Device Management (MDM), then the “Require Device Encryption” settings page on some devices may incorrectly show a “65000” error.
Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to Enabled and selecting either “full encryption” or “used space only“. Microsoft Intune is affected by this issue but third-party MDMs might also be affected.
Microsoft suggests setting the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to “Not configured” to mitigate this issue temporarily, while they work on a permanent fix.
Download and install KB5032189
This update can be installed through Windows Update and standalone installers.
We have given the direct download links to the standalone installers below, using which you can install the update on your respective Windows 10 version, or you can simply update to the latest build using Windows Update through the given guide below.
Offline installers
Click on the links below to download the KB article for your Windows 10 version.
| KB Article | Windows Version | Download |
|---|---|---|
| KB5032189 | Windows 10 22H2 | x64 x86 |
| KB5032189 | Windows 10 21H2 | x64 x86 |
To install the update, simply run the downloaded MSU file and Windows will automatically install the update. You can also extract the CAB file from the MSU file and install it.
To download any other updates related to any of the above, please check the Microsoft Catalog.
Windows Update
To install this update via Windows Update, you need to be running Windows 10 version 22H2 or 21H2 (with the supported edition). To check the version and edition of the operating system, type in “winver” in the Run Command box and press Enter.
Once you have the right OS version, perform the following steps to install KB5032189:
-
Navigate to the following:
Settings app >> Update and Security >> Windows Update
-
Click “Check for updates” on the right.
Check for pending updates You will now see the following update downloading and installing automatically:
2023-11 Cumulative Update for Windows 10 version 2XH2 for x64/x86-based Systems (KB5032189)
-
Click “Restart Now” when the update is ready for final installation.
Restart computer
Once the computer restarts, the update will be successfully installed. To confirm this, check the updated build number by typing in “winver” in the Run Command box.
Rollback/remove Windows 10 cumulative update
If you do not wish to keep the installed update for some reason, you can always roll back to the previous build of the OS. However, this can only be performed within the next 10 days after installing the new update.
To roll back after 10 days, you will need to apply this trick.
Cleanup after installing Windows updates
If you want to save space after installing Windows updates, you can run the following commands one after the other in Command Prompt with administrative privileges:
dism.exe /Online /Cleanup-Image /AnalyzeComponentStore
dism.exe /Online /Cleanup-Image /StartComponentCleanup
Block KB5032189 from installing
Since these are mandatory updates, they will download and install themselves on the schedule. If you want to block them from installing, temporarily or permanently, you can follow the steps below:
-
Download the “Show or hide updates” tool from Microsoft.
-
Run the utility and click Next to start the scanning process.
Show or hide updates -
Next, click the “Hide updates” button.
Hide updates -
Select the update(s) you want to block and click Next.
This automatically hides the update from Windows Update and it will not be installed during the next update process.
-
Click the Close button.
If you want to unhide or show hidden updates, run the tool again and select “Show hidden updates” instead of “Hide updates.” The rest of the process is the same.
Windows 10 Patch Tuesday History
| KB Article | OS Versions | Build | Release Date | Significant Changes | Announcement |
| KB5032189 | 22H2, 21H2 | 1904X.3693 | 14-Nov-23 | Fixes update installation issues, touchscreen, and Outlook issues. | Microsoft Announcement of KB5032189 |
| KB5031356 | 22H2, 21H2 | 1904X.3570 | 10-Oct-23 | Improved search box experience, animations to certain icons, several fixes and security patches | Microsoft Announcement of KB5031356 |
| KB5030211 | 22H2, 21H2 | 1904X.3448 | 12-Sep-23 | Fixes smart card authentication for domain joining, improves location detection, expands the rollout of notification badging for Microsoft accounts on the Start menu | Microsoft Announcement of KB5030211 |
| KB5029244 | 22H2, 21H2 | 1904X.3324 | 8-Aug-23 | Addresses VPN issues, makes notifications more reliable, and addresses critical Remote Code Execution vulnerabilities. | Microsoft Announcement of KB5029244 |
| KB5028166 | 22H2, 21H2 | 1904X.3208 | 11-Jul-23 | Improvements to Microsoft Defender for Endpoint, Printer Spooler, and others. | Microsoft Announcement of KB5028166 |
| KB5027215 | 22H2, 21H2 | 1904X.3086 | 13-Jun-23 | Ability to sync language and region settings, address issues with LSASS, and other security improvements | Microsoft Announcement of KB5027215 |
| KB5026361 | 22H2, 21H2, 20H2 | 1904X.2965 | 9-May-23 | The ability to sync language and region settings addresses issues with LSASS, other security improvements | Microsoft Announcement of KB5026361 |
| KB5025221 | 22H2, 21H2, 20H2 | 1904X.2846 | 11-Apr-23 | Ability to sync language and region settings addresses issues with LSASS, other security improvements | Microsoft Announcement of KB5025221 |
| KB5023696 | 22H2, 21H2, 20H2 | 1904X.2728 | 14-Mar-23 | Improved Windows Spotlight experience on the lock screen, fixed AD joining issue and others | Microsoft Announcement of KB5023696 |
| KB5022834 | 22H2, 21H2, 20H2 | 1904X.2604 | 14-Feb-23 | Fixes audio issues with IoT devices | Microsoft Announcement of KB5022834 |
| KB5022282 | 22H2, 21H2, 20H2 | 1904X.2486 | 10-Jan-23 | Microsoft ODBC SQL Server Driver connectivity issue resolved | Microsoft Announcement of KB5022282 |
| KB5021233 | 22H2, 21H2, 21H1, 20H2 | 1904X.2364 | 13-Dec-22 | -Search bar will now appear by default on the taskbar -Cortana won’t be pinned in the taskbar by default | Microsoft Announcement of KB5021233 |
| KB5019959 | 22H2, 21H2, 21H1, 20H2 | 1904X.2251 | 8-Nov-22 | Fixes to Microsoft Direct3D 9 and DCOM | Microsoft Announcement of KB5019959 |
