KB5022286 Cumulative Update for Windows Server 2019 – January 2023

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5022286 is the latest cumulative update that was released for Windows Server 2019 and Windows Server 2019 Server Core installation on 10th January 2023. This update is released under the ‘Patch Tuesday’ initiative of Microsoft.

Salient points about KB5022286 for Windows Server 2019

  • KB5022286 supersedes December 2022 month’s cumulative update KB5021237 for Windows Server 2019 and Windows Server 2019 Server Core installation. For the record, KB5021237 was released on 13th December 2022.
  • KB5022286 also contains all changes that are part of the out-of-band update KB5022254. KB5022254 was released as an emergency update on 20th December 2022.
  • If you did not deploy KB5022254 yet, you can skip that install. Instead, you can install KB5022286 right away.
  • Before deploying KB5022286, please ensure that the Servicing Stack Update from August 2021 KB5005112 is already deployed on the Windows Server 2019.
  • Direct download links for the offline installer files for KB5022286 are shared in this document for your ready reference.
  • KB5022286 corresponds to build version 17763.3887. KB5021237 corresponds to build version 17763.3770 and KB5022254 corresponds to build version 17763.3772.
  • KB5022286 resolves the ODBC SQL driver and database connectivity issues. The database connectivity issues started after deploying December 2022 month’s cumulative update.
  • 56 security vulnerabilities have been reported for January 2023 cumulative update for Windows Server 2019. 10 of these vulnerabilities have ‘CRITICAL’ severity and 46 vulnerabilities have ‘IMPORTANT’ severity levels.
  • CVE-2023-21549 and CVE-2023-21674 are zero-day threats that affect Windows Server 2019 and Windows Server 2019 Server core installation. Both vulnerabilities are patched in KB5022286.

Download KB5022286 for Windows Server 2019

KB5022286 can be deployed automatically through one of the following alternate processes:

  • Windows Update
  • Windows Update for Business
  • Windows Server Update Service or WSUS

You can also download the offline installer file for KB5022286. The offline installer file is available in the MSU extension. It can be used to manually deploy the KB5022286 update on Windows Server 2019.

Before deploying KB5022286, you will need to ensure that the Servicing Stack Update (SSU) KB5005112 is already deployed on the server. If KB5005112 has not been deployed yet, you can download it and install it prior to installing KB5022286.

KB5005112 installation does not lead to server reboot.

Cumulative Update/SSU UpdateDownload LinkSize of the update
KB5005112Download KB5005112 13.8 MB
KB5022286Download KB5022286596.5 MB

KB5022286 may lead to a server reboot on Windows Server 2019. Please schedule a change window for the effective deployment of the cumulative update on Windows Server 2019.

You may also visit the Microsoft Update catalog page for KB5022286 for more details about files that comprise the KB5022286 cumulative update for Windows Server 2019.

Vulnerabilities on Windows Server 2019 under KB5022286

There are 56 vulnerability disclosures in this month’s security bulletin for Windows Server 2019. Out of this, 10 vulnerabilities have a ‘CRITICAL’ severity level. These are listed below for your ready reference.

There are two zero-day threats that affect Windows Server 2019. The zero-day vulnerabilities are also listed in the table below.

CVE NumberImpact SeverityCVSS ScoreComments
CVE-2023-21549Elevation of PrivilegeCRITICAL8.8Windows SMB Witness Service
CVE-2023-21674Elevation of PrivilegeCRITICAL8.8Windows Advanced Local Procedure Call (ALPC)
CVE-2023-21535Remote Code ExecutionCRITICAL8.1Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-21543Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21546Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21548Remote Code ExecutionCRITICAL8.1Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-21551Elevation of PrivilegeCRITICAL7.8Microsoft Cryptographic Services
CVE-2023-21555Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21556Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21561Elevation of PrivilegeCRITICAL8.8Microsoft Cryptographic Services
CVE-2023-21679Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21730Elevation of PrivilegeCRITICAL7.8Microsoft Cryptographic Services

Changelog – KB5022286 for Windows Server 2019

KB5022286 cumulative update for Windows Server 2019 contains bug fixes, improvements, and issue fixes. The following changes are part of the KB5022286 cumulative update for Windows Server 2019:

  • New! This update provides the Quick Assist application for your client device
  • This update addresses an issue that might affect authentication. It might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if you do not set the encryption types or you disable the RC4 encryption type on the domain.
  • This update addresses an issue that affects cluster name objects (CNO) or virtual computer objects (VCO). Password reset fails. The error message is, “There was an error resetting the AD password… // 0x80070005”.
  • This update addresses an issue that affects Microsoft Defender for Endpoint. Automated investigation blocks live response investigations.
  • This update addresses a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.