KB5021237 Cumulative Update for Windows Server 2019 – December 2022

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5021237 is the latest cumulative update for Windows Server 2019. It has been released as part of the ‘Patch Tuesday’ project of Microsoft on 13th December 2022. We look at some significant points about the KB5021237 cumulative update below. We also discuss the security vulnerabilities reported in Microsoft’s security bulletin for December 2022.

Salient points about KB5021237 for Windows Server 2019

  • KB5021237 has been superseded by KB5022286 for Windows Server 2019. You can read more about KB5022286 on this page.
  • KB5021237 is a cumulative update that supersedes KB5019966 cumulative update for November 2022.
  • KB5021237 also contains all the changes that are part of the KB5021655 out-of-band update for Windows Server 2019.
  • KB5021237 corresponds to server build 17763.3770. If you deployed the November patch KB5019966, you would be migrating or upgrading from server build 17763.3650 to 17763.3770.
  • OOB update KB5021655 corresponds to server build 17763.3653 and while upgrading from KB5021655 to KB5021237, you would be moving from build 17763.3653 to 17763.3770.
  • Microsoft recommends installing KB5005112 Servicing Stack Update (SSU) prior to installing KB5021237 on Windows Server 2019.
  • CVE-2022-44698 is the zero-day vulnerability that affects Windows Server 2019. This threat has been patched in the KB5021237 cumulative update.
  • Servicing Stack Update 17763.3641 corresponds to KB5021237 and is included as part of the cumulative update. No separate installation of the SSU for December 2022 is needed. This still does not alter the requirements to install KB5005112 SSU from August 2021. So, please do install KB5005112 on Windows Server 2019.
  • KB5021237 is also valid for the Windows Server 2019 Server Core installation.

You can read more about November 2022 cumulative update KB5019966 on this page.

Downloads for KB5021237 for Windows Server 2019

If you intend to patch KB5021237 manually, you can download the offline installer files for Windows Server 2019. The offline installer files are available in the MSU format.

  • we need to download the Servicing Stack Update KB5005112 before deploying KB5021237
  • we will then download the cumulative update KB5021237 for Windows Server 2019

The offline installer files for KB5005112 and KB5021237 can be downloaded from the Microsoft Update Catalog pages for KB5005112 and KB5021237.

Cumulative Update/SSUDownload link for UpdatesSize of the update
KB5005112Download KB5005112 for Windows Server 201913.8 MB
KB5021237Download KB5021237 for Windows Server 2019594.2 MB

Improvements and bug fixes in KB5021237

The following improvements and bug/issue fixes have been reported as part of the KB5021237 cumulative update:

  • This update addresses an issue that might affect applications that run on the Windows Lock Down Policy (WLDP). They might stop working.
  • This update addresses an issue that affects remote networks. This issue stops you from reconnecting to them using DirectAccess.
  • This update addresses a known issue that might affect the Local Security Authority Subsystem Service (LSASS.exe). It might leak memory on Windows domain controllers. This issue might occur when you install Windows updates dated November 8, 2022, or later. In our case, this implies KB5019966 as KB5019966 was released on 8th November 2022.

Security vulnerabilities for Windows Server 2019

  • There have been 26 security vulnerability disclosures for Windows Server 2019 in December 2022.
  • There are 3 CRITICAL security vulnerabilities in Windows Server 2019. These vulnerabilities are ‘Remote Code Execution’ threats.
  • Apart from these 3 CRITICAL RCE threats, there are 3 additional Remote Code Execution threats.

The three CRITICAL Remote Code Execution threats are mentioned below:

VulnerabilityCVSS ScoreSeverityImpact
CVE-2022-410768.5CRITICALRemote Code Execution
CVE-2022-446768.1CRITICALRemote Code Execution
CVE-2022-446708.1CRITICALRemote Code Execution

Installation or deployment of KB5021237 for Windows Server 2019

You could deploy KB5021237 automatically through one of the following recommended methods:

  • WSUS or Windows Server Update Service
  • Windows Update program
  • Windows Update for Business

We have already covered the manual installation of KB5021237 through the offline installer files above. The MSU installer files can be downloaded from the Microsoft Update Catalog page for KB5021237.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.