KB5070312 is a non-security preview update for Windows 11 version 23H2 that moves systems to OS Build 22631.6276. It focuses on small but concrete reliability fixes and ships together with a new servicing stack update (SSU KB5071963), rather than adding visible new features.
KB5070312 scope and lifecycle context
| Item | Value |
|---|---|
| Product | Windows 11, version 23H2 (all editions) |
| KB number | KB5070312 |
| OS Build after install | 22631.6276 |
| Release date | 2025‑11‑20 |
| Update type | Non-security, optional preview (“D-week”) |
| Included servicing stack update | KB5071963 (servicing stack build 22621.6265) |
| Official support page | KB5070312 on Microsoft Support |
Windows 11 uses an annual feature update cadence with monthly cumulative updates layered on top. Version 23H2 entered general availability in October 2023 and has since received a long chain of monthly security and preview releases listed in the Windows 11 release history. By late 2025, Home and Pro editions of 23H2 have reached the end of servicing, while Enterprise, Education, IoT Enterprise, and Enterprise multi‑session editions continue receiving updates until November 10, 2026.
KB5070312 lands in that late-service window as an optional quality update. It does not deliver security fixes; those remain in the monthly “B-week” releases. Instead, it tidies up a few stubborn bugs that show up in everyday workflows and in Azure Virtual Desktop deployments, and refreshes the servicing stack so future cumulative updates install more reliably.
Secure Boot certificates and upcoming expiration
Alongside the fixes, the update carries an important heads-up about Windows Secure Boot certificates. The certificates used by most Windows devices are scheduled to start expiring in June 2026. Once those older certificates lapse, devices that have not been updated to trust the newer certificate chain can run into serious problems at boot.
If firmware and OS components are not updated in time, affected devices can:
- Fail to boot securely under Secure Boot policies.
- Lose the ability to verify some boot-time components.
- Miss future Secure Boot–related security updates.
Device owners and IT departments need a planned rollout of updated Secure Boot certificates, coordinated with OEM firmware updates and Windows updates. Detailed preparation steps and timelines are available on Microsoft’s Secure Boot certificate expiration documentation, which also explains how certificate authorities and OEMs are involved in the refresh.
End of servicing for Windows 11 version 22H2 and 23H2
KB5070312 also reiterates a separate lifecycle point: Windows 11 version 22H2 is nearing the end of its support path. Enterprise and Education editions of 22H2 stop receiving non‑security preview updates from June 26, 2025, and continue to receive security updates only until October 14, 2025. After that, 22H2 is out of servicing and no longer receives any security updates.
For 23H2, the situation is split by edition:
| Version | Editions | End of servicing |
|---|---|---|
| Windows 11 version 23H2 | Home, Pro, Pro Education, Pro for Workstations | Reached end of servicing in November 2025 |
| Windows 11 version 23H2 | Enterprise, Education, IoT Enterprise, Enterprise multi‑session | End of servicing on 2026‑11‑10 |
| Windows 11 version 22H2 | Enterprise, Education | Preview updates end 2025‑06‑26; all servicing ends 2025‑10‑14 |
The message is blunt: staying protected means moving to a supported Windows 11 release such as 24H2 or 25H2. Optional previews like KB5070312 can improve day‑to‑day behavior, but they do not extend the security lifetime of an unsupported edition.
KB5070312: specific fixes and changes
KB5070312 itself is compact. The changelog highlights four functional fixes plus the bundled servicing stack update.
| Area | Change type | What it fixes | Who it affects most |
|---|---|---|---|
| Country and Operator Settings Asset (COSA) | Fix / profile refresh | Updates mobile operator profiles for certain carriers. | Devices with built‑in cellular (WWAN/eSIM) connectivity. |
| File Explorer | Bug fix | Explorer sometimes ignored mouse clicks until the app was closed and reopened. | All users who saw sporadic Explorer unresponsiveness. |
| File management (.tar extraction) | Bug fix | Extraction failed when file or folder names inside a .tar used more than 34 commonly used Chinese characters. | Users handling Chinese‑language archives and scripts. |
| Group Policy and Configuration | Bug fix | HideRecommendedSection policy did not hide recommendations in Windows 11 Enterprise multi‑session (for example, Azure Virtual Desktop). |
IT admins managing AVD and other multi‑session deployments. |
| Servicing stack (KB5071963) | Reliability update | Improves the component that installs Windows updates. | All devices installing Windows updates. |
There are no known issues listed for this release.
File Explorer fix: clicks that go nowhere
One of the most visible issues addressed here is a bug where File Explorer would occasionally stop responding to mouse clicks. Standard actions like opening a folder, selecting a file, or using the context menu could suddenly do nothing until Explorer was closed and restarted.
That kind of intermittent UI failure is easy to dismiss as “my system being weird,” but at scale it drives helpdesk tickets and frustrates users who live in Explorer all day. KB5070312 corrects this behavior so mouse interactions should register consistently without requiring users to kill and relaunch the process.
Tip: If you still see Explorer misbehaving after installing the update, restarting explorer.exe from Task Manager remains a quick way to recover while you investigate other causes such as shell extensions or third‑party overlays.
.tar extraction and Chinese filenames
The file management fix is more niche but important for global teams. On affected systems, extracting a .tar archive could fail if filenames or folder names inside the archive contained more than 34 commonly used Chinese characters.
That is a very specific threshold, but once hit it breaks a common interchange format between platforms like Linux, macOS, and Windows. Engineers and content teams working with Chinese‑language assets, scripts, or backups risked failed extractions and confused users.
With KB5070312 installed, the built‑in extraction behavior for such archives is corrected so those longer Chinese names no longer cause extraction errors.
COSA updates for mobile operators
COSA (Country and Operator Settings Asset) controls how Windows configures and presents mobile networks: carrier names, default APNs, roaming behaviors, and other provisioning details. When those profiles lag behind carrier changes, devices with WWAN or eSIM can encounter connection issues or display stale operator information.
KB5070312 refreshes COSA profiles for “certain mobile operators” so that affected devices get current settings without requiring manual carrier configuration. This is largely invisible when it works, but it smooths out headaches for users who rely on cellular connectivity on laptops and tablets.
Group Policy fix for Azure Virtual Desktop and multi‑session
The most clearly enterprise‑focused change targets Windows 11 Enterprise multi‑session environments such as Azure Virtual Desktop (AVD). Admins can use the HideRecommendedSection policy to remove the Recommended section from the Start experience, keeping shared or controlled desktops clean and predictable.
In affected 23H2 multi‑session setups, that policy was not honored: recommendations continued to appear even when configured via Group Policy or through the MDM Configuration Service Provider (CSP). KB5070312 restores correct behavior so that when the policy is enabled, recommendations stop showing for users in those AVD sessions.
For organizations with tightly managed UX baselines or those in regulated environments, having that control back is significant. It means you can again rely on the documented policy settings to shape Start for pooled and multi‑session desktops.
Servicing stack update KB5071963
The servicing stack is the part of Windows that applies updates. If the servicing stack itself is out of date or in a bad state, cumulative updates can fail in strange ways: install loops, cryptic error codes, or rollbacks during reboot.
KB5070312 bundles the servicing stack update KB5071963 (version 22621.6265). The support note emphasizes a few behaviors:
- The SSU is installed together with the latest cumulative update (LCU) as a single package.
- The SSU portion cannot be removed once installed.
- If you need to roll back the cumulative update, you must remove only the LCU portion using Deployment Image Servicing and Management (DISM).
To identify and remove the LCU package, the documented sequence is:
DISM /online /get-packages
DISM /online /remove-package /PackageName:<LCU-package-name>
Running the Windows Update Standalone Installer (wusa.exe) with the /uninstall switch against this combined package does not work, because it cannot remove an SSU. If you manage rollback paths for critical environments, treat the SSU as permanent and plan recovery at the image or backup level, not by attempting to back out the servicing stack.
How to install KB5070312
KB5070312 is offered through several standard channels and is explicitly marked as an optional preview. Nothing is pushed automatically to consumer devices; administrators choose when to deploy it.
| Channel | Availability | How to get it |
|---|---|---|
| Windows Update (consumer / unmanaged) | Available as an optional update | Go to Settings > Update & Security > Windows Update and use the “Optional updates available” section to install. |
| Windows Update for Business | Not included automatically | Changes will roll into the next security update; preview is skipped for WUfB by default. |
| Microsoft Update Catalog | Available as a standalone package | Download the MSU from the KB5070312 page on the Update Catalog and deploy manually or via scripts. |
| Windows Server Update Services (WSUS) | Manual import | Use WSUS’s Microsoft Update Catalog integration to import KB5070312 and approve it for the desired computer groups. |
Note: Devices that already have previous cumulative updates installed will only download and install the delta content contained in this package.
Should you install this preview update?
Because KB5070312 is not a security update, it is safe to be selective.
- Good reasons to install: you are seeing the File Explorer click issue; you handle archives with long Chinese filenames; you manage AVD or Windows 11 Enterprise multi‑session desktops and rely on the
HideRecommendedSectionpolicy; or you want the latest servicing stack for smoother future updates. - Good reasons to wait: your 23H2 systems are stable, you do not depend on any of the specific fixes, and you prefer to adopt changes only once they roll into a regular “B-week” cumulative security update.
For unmanaged Home and Pro devices already past end of servicing on 23H2, the higher priority is moving to Windows 11 version 24H2 or 25H2 rather than chasing optional previews on an unsupported baseline. For managed Enterprise and Education fleets still within servicing, KB5070312 fits well into a standard pilot ring: validate on a small group, watch for regressions, then decide whether to promote to broader deployment or wait for the corresponding security rollup.
Handled with that kind of staging, KB5070312 provides a straightforward set of quality fixes and keeps the servicing stack current, while the larger strategic move remains clear: get 23H2 devices onto a supported Windows 11 release well before Secure Boot certificates start expiring in mid‑2026.
