Does anyone have a reliable (download) source for Win 11 23H2?
Thanks
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Where do I get a copy of Win 11 23H2
- This topic has 18 replies, 10 voices, and was last updated 1 week ago.
Viewing 8 reply threadsAuthor-
I made some progress on locating a way to download Win 11 previous versions. Using the Ave Yo/ MediaCreation script, I was able to download 23H2. But when I use Rufus to create a bootable ISO installation on a USB thumb drive, I get this warning.
Recommendations?
-
Rufus gives the same warning for ISO files that are downloaded directly from Microsoft and, as the warning states (note: highlightling is mine):
will produce a “Security Violation” screen, when Secure Boot is enabled on a fully up to date UEFI system.
So, unless the PC you intend to use it on has Secure Boot enabled, it won’t cause a problem.
BTW, the fact even “official” Microsoft ISO downloads cause the same warning means Microsoft hasn’t even updated their own ISO files with a new version of the bootloader!
1 user thanked author for this post.
-
I just dealt with this when preparing a Windows 10 22H2 USB with Rufus.
Updated versions of Rufus warn about UEFI bootloaders that were revoked as part of dealing with the BlackLotus UEFI bootkit exploit, and Microsoft is not updating old ISOs with patched bootloaders.
The key phrase in that warning is “when Secure Boot is enabled on a fully up to date UEFI system“.
If you haven’t previously gone through IT pro level steps to revoke vulnerable bootloaders, or if you don’t use Secure Boot at all, you can ignore that warning from Rufus. Such a system will still trust the revoked bootloader and will boot that ISO just fine.
Last year, Susan recommended Consumer users not do anything about this, and shared more details (and links) in the Businesses section of the same alert.
https://www.askwoody.com/newsletter/ms-defcon-4-safe-for-now/
As I understand it, the situation has yet to be fully resolved.Oh, and I don’t think you have to worry about the “non reputable” part of the warning, as supposedly AveYo’s script fetches the official ISO from a Microsoft server.
1 user thanked author for this post.
-
-
Can I use these ISO to perform an UPGRADE from Windows 10 22H2 to Windows 11 23H2? I have some Win10 laptops that I would rather NOT get Windows 11 24H2 via the Microsoft Update route…
Thanks, Steve
1 user thanked author for this post.
Rufus gives the same warning for ISO files that are downloaded directly from Microsoft and, as the warning states (note: highlightling is mine):
will produce a “Security Violation” screen, when Secure Boot is enabled on a fully up to date UEFI system.
So, unless the PC you intend to use it on has Secure Boot enabled, it won’t cause a problem.
BTW, the fact even “official” Microsoft ISO downloads cause the same warning means Microsoft hasn’t even updated their own ISO files with a new version of the bootloader!
this is normal behavior for Rufus (aka. “by design”) only with ISOs for Win11 23H2, Win10 22H2 and older Windows versions. the “warning” does not show up with Win11 24H2 ISOs as the updated bootloaders are included in the 24H2 ISO images.
1 user thanked author for this post.
Can I use these ISO to perform an UPGRADE from Windows 10 22H2 to Windows 11 23H2? I have some Win10 laptops that I would rather NOT get Windows 11 24H2 via the Microsoft Update route…
You can use InControl (or TRV in GPEdit on Pro version) to set your Windows 10 to Windows 11 23H2 and just run Windows update.
-
-
Using InControl is easiest. Search this site for details.
cheers, Paul
1 user thanked author for this post.
-
See section 5 of AKB2000016 about setting up TRV in Win10. The Product Version = Windows 11 the Target Version = 23H2. There are screenshots linked at the bottom.
OR
Download InControl from GRC.
I would recommend you use one or the other, not both.
1 user thanked author for this post.
-
Isn’t there a way to specify Win 11 Pro 23H2 manually in Group Policy Edit?
Yes, TRV (Targeted Release Version) setting in GPEdit
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business
Select the Target Feature Update Version”.
Double-click on it, set it to Enabled, and specify the desired Windows version
1 user thanked author for this post.
And for those like me who forget this stuff, one reaches Group Edit via Win + R and then type gpedit.msc .
Or, just type GPEdit in the search box.
1 user thanked author for this post.
-
If you use TRV (or InControl) to trigger the update from Win10 to Win11, it will keep your files and apps AND the IDs as they are currently set up. It will preserve Local IDs if that’s what you currently have, or MS IDs if that’s what you have.
Where you have to worry is if you do a clean install you may have to go through the OOBE asking for the creation of new IDs.*Good idea to be sure the h/w drivers are up to date ahead of time.
Be sure your PCs are Win11 compatible AND be sure you have a current full disk image of each with a verified bootable Rescue disk made by the imaging software BEFORE you start. You will have 10 days to roll back if you have a problem.1 user thanked author for this post.
Viewing 8 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Latest Firefox requires Password on start up
by 2 minutes ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 3 hours, 16 minutes ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 1 hour ago
-
How Much Daylight have YOU Saved?
by 3 hours, 23 minutes ago
-
A brief history of Windows Settings
by 1 hour, 44 minutes ago
-
Thunderbolt is not just for monitors
by 2 hours, 56 minutes ago
-
Password Generators — Your first line of defense
by 6 hours, 50 minutes ago
-
AskWoody at the computer museum
by 2 hours, 17 minutes ago
-
Planning for the unexpected
by 26 minutes ago
-
Which printer type is the better one to buy?
by 5 hours, 1 minute ago
-
Upgrading the web server
by 3 hours, 26 minutes ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 22 hours, 30 minutes ago
-
Creating a Google account
by 21 hours, 16 minutes ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 1 day, 3 hours ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 1 day, 14 hours ago
-
AI *emergent misalignment*
by 1 day, 15 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 1 hour, 1 minute ago
-
Trouble signing out and restarting
by 16 hours, 34 minutes ago
-
Windows 7 MSE Manual Updating
by 2 days ago
-
Problem running LMC 22 flash drive
by 23 hours, 9 minutes ago
-
Outlook Email Problem
by 23 hours, 15 minutes ago
-
“Microsoft 365 Office All-in-One For Dummies, 3rd Edition FREE
by 1 day, 6 hours ago
-
Cant use Office 2013 – Getting error message about Office 2013
by 1 day, 23 hours ago
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
by 1 day, 23 hours ago
-
Windows 11 Insider Preview build 27808 released to Canary
by 3 days ago
-
Windows 11 Insider Preview Build 22635.5025 (23H2) released to BETA
by 3 days ago
-
Sysprep issue
by 3 days ago
-
Android Security Bulletin—March 2025
by 3 days, 2 hours ago
-
23h2: PIN TO START randomly available on right-click
by 3 days, 3 hours ago
-
Microsoft Defender
by 3 days, 8 hours ago
