January Security Update KB5009555 for Windows Server 2022

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

The January security update for Windows Server 2022 has been released. The update seeks to resolve security vulnerabilities and bugs on Windows Server 2022. Below, we share the links for downloading the KB5009555 for Windows Server 2022. This security update follows up on the previous security update KB5008223 that was released on 14th December 2021. The KB5009555 update takes your Windows Server 2022 build to 20348.469.

Security update KB5009555 has a single prerequisite before installation. You should have installed the service stack update KB5005039 that was released in the month of August 2021.

This update also requires a server reboot. So, we suggest that you must plan for the update to be implemented as part of a maintenance window.

KB5010796 Emergency update for Windows Server 2022

KB5010796 is an out of band emergency update that has been released by Microsoft on 17th January 2022. This emergency update will seek to fix issues that have been caused on the Windows Server 2022 after the deployment of the January security update KB5009555. KB5009555 was released on 11th January 2022. KB5010796 seeks to address the following issues on the Windows Server 2022:

  • boot loops on the domain controllers or other servers running on Windows Server 2022.
  • failed VPN connections through the Windows Server 2022.
  • failed Hyper VM or break in the virtualization layer after patching with KB5009555.
  • failed LDAP bindings on the Active Directory server after patching with KB5009555.
  • ReFS volume drives becoming RAW after installing KB5009555.

These issues have impacted multiple versions of Windows Servers, and the emergency update KB5010796 seeks to resolve the specific issues on Windows Server 2022.

Since this update is of the nature of an emergency update, manual action is needed to patch the servers with KB5010796. You can get the KB5010796 in one of the following ways:

  • Download it using the Microsoft Update catalog. The update weighs 210 MB in size.
  • Use Windows Update to download it manually from the Microsoft update site.
  • You can also import the emergency update into the Windows Server Update Service (WSUS) for a manual synchornization.

You can download the KB5010796 for Windows Server 2022 from the following link:

The update is of a standalone nature. If you skip it, the next month’s cumulative update should take care of the security update and the emergency update. If you have already patched your Windows Server 2022 with KB5009555, please do install KB5010796 on top of it to resolve the well-known issues with the January security updates for Windows Server 2022. If you have not installed KB5009555, you can patch with KB5010796 only.

For details about the best practices for handling out of band KB5010796 updates on Windows Server 2022, you may read the following page. If you are short on time, I will post an exercpt from the Windows Server 2022 note from this document:

This issue was resolved in the out-of-band update KB5010796. It is a cumulative update, so you do not need to apply any previous update before installing it. If you would like to install the update, you will need to Check for updates and select “Optional updates” and then select KB5010796. To get the standalone package for KB5010796, search for it in the Microsoft Update Catalog. You can import this update into Windows Server Update Services (WSUS) manually. See the Microsoft Update Catalog for instructions. Note KB5010796 will not install automatically.

Download KB5009555 for Windows Server 2022

The Windows Server 2022 security update KB5009555 can be downloaded from the Microsoft Update catalog site. The update KB5009555 can be downloaded from the following link of the Microsoft website:

Download KB5009555

The security update weighs 211.7 MB. And, it does need a server reboot. It will replace the following security updates on Windows Server 2022:

  • KB5003645 – security update for June 2021
  • KB5004243 – security update for July 2021
  • KB5004957 – cumulative update for July 2021
  • KB5005039 – cumulative update for August 2021
  • KB5005575 – cumulative update for September 2021
  • KB5005619 – cumulative update (preview) for September 2021
  • KB5006699 – cumulative update for October 2021
  • KB5006745 – cumulative update (preview) for October 2021
  • KB5007205 – cumulative update for November 2021
  • KB5007254 – cumulative update (preview) for November 2021
  • KB5008223 – cumulative update for December 2021
  • KB5010197 – cumulative update (preview) for January 2022

At a bare minimum, you ought to have installed the August security update KB5005039 before installing the current update KB5009555. If you missed any other security update on the way, this update will take care of the gaps on the way. If you have been installing all the security updates, then you will only download the current released security update of 211.7 MB. Otherwise, all the previous updates will get downloaded as part of the KB5009555 security update. This is the way updates work on the Windows Server 2022.

In the event, you run into any issues after updating the Windows Server 2022 with KB5009555 you can uninstall the latest security update. The update can be removed by selecting ‘View installed updates’ in the ‘Programs and Features’ Control Panel.

Issues with January Security Updates

January security updates have caused a few reported issues for Windows Server products. Some of these are mentioned below for ready reference.

  • Bootloop on the server after implementing the security updates. If your servers end up in a bootloop, your issue has been cuased by the recently deployed security update. Please take the server off the network and boot into the safe mode. Uninstall the update and re-connect to the network. This is happening on multiple server platforms, including the Windows Server 2012 Server Core and Windows Server 2012.
  • You may lose ReFS volumes after installing the security updates on the servers. The external USB drives may turn up as RAW after installing the security update. Or, the internal ReFS volumes may turn RAW after installing the security updates. You will need to uninstall the security update to get the ReFs volumes back up and running fine.
  • Hyper VM V may not work post-installation of the security update on Windows Server. Virtualization may show as disabled. Removing the installed security update resortores the Hyper VM functionality on the Windows servers. Virtual machines will boot up fine after uninstalling the security updates on the Windows Servers.

These issues may or may not affect your Windows Servers. It may be wise to plan for the maintenance time to get over all these issues if they strike one of your Windows Servers. Domain controllers ought to be updated after updating the non-domain controllers.

Install KB5009555 on Windows Server 2022 automatically

KB5009555 for Windows Server 2022 can also be installed automatically through one of the following approaches:

  • Windows Update program – the update will be downloaded and patched automatically on the Windows Server 2022.
  • Windows Update for Business – the update will be downloaded and installed automatically on the Windows Server 2022.
  • Windows Server Update Service – the update will be downloaded and installed automatically on the Windows Server 2022 if you have set the configuration to correspond with Product: Microsoft Server operating system-21H2 and Classification: Security Updates.

Bug fixes and Improvements in KB5009555 for Windows Server 2022

There is a couple of improvements that are made as part of the KB5009555 for Windows Server 2022. This update:

  • Addresses an issue that prevents Active Directory (AD) attributes from being written properly during a Lightweight Directory Access Protocol (LDAP) modify operation when you make multiple attribute changes. 
  • Addresses a known issue that affects Japanese Input Method Editors (IME). When you use a Japanese IME to enter text, the text might appear out of order or the text cursor might move unexpectedly in apps that use the multibyte character set (MBCS). This issue affects the Microsoft Japanese IME and third-party Japanese IMEs.

Known issues on KB5009555

Post installation of the KB5009555 security update on the Windows Server 2022, you may experience a significant issue that may affect users from using smart cards to authenticate to a Remote Desktop connection. The subset of users affected by this known issue may be small. If you run into this issue, you may:

  • restart the Windows device to get the issue sorted.
  • Use the Microsoft’s Known Issue Rollback. It may take up to 24 hours for the rollback to be effective.
  • Or, apply the group policy on the Windows Server 2022 that takes care of this issue. The group policy can be downloaded from this page.

Some system administrators have also shared feedback on the latest January security updates. The domain controllers seem to go in a reboot loop after installing the security updates from January. The issue has been reported on the Windows Server 2012. If you experience a similar reboot loop on your domain controller, please take the domain controller off the network. Boot into the safe mode and uninstall the latest patch. You can put the domain controller back in the network after uninstalling the patch.


  • KB5009555 security update follows up with the previous security update KB5008223 for Windows Server 2022.
  • The update weighs 211.7 MB, and a server reboot is needed.
  • You can download it from the Windows Catalog – KB5009555.
  • There is a known issue that may affect a miniscule percentage of users that make use of smart cards for authenticating to the Remote Desktop Connections.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.