KB5022286 Cumulative Update for Windows Server 2019 – January 2023

KB5022286 is the latest cumulative update that was released for Windows Server 2019 and Windows Server 2019 Server Core installation on 10th January 2023. This update is released under the ‘Patch Tuesday’ initiative of Microsoft.

Salient points about KB5022286 for Windows Server 2019

• KB5022286 supersedes December 2022 month’s cumulative update KB5021237 for Windows Server 2019 and Windows Server 2019 Server Core installation. For the record, KB5021237 was released on 13th December 2022.

• KB5022286 also contains all changes that are part of the out-of-band update KB5022254. KB5022254 was released as an emergency update on 20th December 2022.

• If you did not deploy KB5022254 yet, you can skip that install. Instead, you can install KB5022286 right away.

• Before deploying KB5022286, please ensure that the Servicing Stack Update from August 2021 KB5005112 is already deployed on the Windows Server 2019.

• Direct download links for the offline installer files for KB5022286 are shared in this document for your ready reference.

• KB5022286 corresponds to build version 17763.3887. KB5021237 corresponds to build version 17763.3770 and KB5022254 corresponds to build version 17763.3772.

• KB5022286 resolves the ODBC SQL driver and database connectivity issues. The database connectivity issues started after deploying December 2022 month’s cumulative update.

• 56 security vulnerabilities have been reported for January 2023 cumulative update for Windows Server 2019. 10 of these vulnerabilities have ‘CRITICAL’ severity and 46 vulnerabilities have ‘IMPORTANT’ severity levels.

• CVE-2023-21549 and CVE-2023-21674 are zero-day threats that affect Windows Server 2019 and Windows Server 2019 Server core installation. Both vulnerabilities are patched in KB5022286.

Download KB5022286 for Windows Server 2019

KB5022286 can be deployed automatically through one of the following alternate processes:

• Windows Update
• Windows Update for Business
• Windows Server Update Service or WSUS

You can also download the offline installer file for KB5022286. The offline installer file is available in the MSU extension. It can be used to manually deploy the KB5022286 update on Windows Server 2019.

Before deploying KB5022286, you will need to ensure that the Servicing Stack Update (SSU) KB5005112 is already deployed on the server. If KB5005112 has not been deployed yet, you can download it and install it prior to installing KB5022286.

KB5005112 installation does not lead to server reboot.

Cumulative Update/SSU Update	Download Link	Size of the update
KB5005112	Download KB5005112	13.8 MB
KB5022286	Download KB5022286	596.5 MB

KB5022286 may lead to a server reboot on Windows Server 2019. Please schedule a change window for the effective deployment of the cumulative update on Windows Server 2019.

You may also visit the Microsoft Update catalog page for KB5022286 for more details about files that comprise the KB5022286 cumulative update for Windows Server 2019.

Vulnerabilities on Windows Server 2019 under KB5022286

There are 56 vulnerability disclosures in this month’s security bulletin for Windows Server 2019. Out of this, 10 vulnerabilities have a ‘CRITICAL’ severity level. These are listed below for your ready reference.

There are two zero-day threats that affect Windows Server 2019. The zero-day vulnerabilities are also listed in the table below.

CVE Number	Impact	Severity	CVSS Score	Comments
CVE-2023-21549	Elevation of Privilege	CRITICAL	8.8	Windows SMB Witness Service
CVE-2023-21674	Elevation of Privilege	CRITICAL	8.8	Windows Advanced Local Procedure Call (ALPC)
CVE-2023-21535	Remote Code Execution	CRITICAL	8.1	Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-21543	Remote Code Execution	CRITICAL	8.1	Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21546	Remote Code Execution	CRITICAL	8.1	Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21548	Remote Code Execution	CRITICAL	8.1	Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-21551	Elevation of Privilege	CRITICAL	7.8	Microsoft Cryptographic Services
CVE-2023-21555	Remote Code Execution	CRITICAL	8.1	Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21556	Remote Code Execution	CRITICAL	8.1	Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21561	Elevation of Privilege	CRITICAL	8.8	Microsoft Cryptographic Services
CVE-2023-21679	Remote Code Execution	CRITICAL	8.1	Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21730	Elevation of Privilege	CRITICAL	7.8	Microsoft Cryptographic Services

Changelog – KB5022286 for Windows Server 2019

KB5022286 cumulative update for Windows Server 2019 contains bug fixes, improvements, and issue fixes. The following changes are part of the KB5022286 cumulative update for Windows Server 2019:

• New! This update provides the Quick Assist application for your client device. 
• This update addresses an issue that might affect authentication. It might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if you do not set the encryption types or you disable the RC4 encryption type on the domain.
• This update addresses an issue that affects cluster name objects (CNO) or virtual computer objects (VCO). Password reset fails. The error message is, “There was an error resetting the AD password… // 0x80070005”.
• This update addresses an issue that affects Microsoft Defender for Endpoint. Automated investigation blocks live response investigations.
• This update addresses a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.