KB5023705 is the latest cumulative update for Windows Server 2022 and Windows Server 2022 Server core installation. The update was released on 14th March under Microsoft’s ‘Patch Tuesday’ project.
Key points about KB5023705 for Windows Server 2022
– KB5023705 is a cumulative update that supersedes KB5022842. KB5022842 was released on February 14, 2023. You can read more about KB5022842 on this page.
– The server build 20348.1607 corresponds to KB5023705. Server build 20348.1547 corresponds to KB5022842. Assuming you have adhered to the update cycle, implementing KB5023705 implies an upgrade from build 1547 to 1607.
– The Servicing Stack update for Windows Server 2022 is part of the cumulative update. Separate installation of the Servicing Stack Update is not needed on Windows Server 2022. For the record, the Servicing Stack Update version 20348.1601 corresponds to KB5023705.
– Windows Server 2022 and Windows Server 2022 Server core installation are affected by 54 security vulnerabilities. The latest Microsoft security bulletin for March 2023 contains details of the vulnerabilities. Of these 54 security vulnerabilities, 8 are CRITICAL severity level. 45 vulnerabilities carry an IMPORTANT severity rating and 1 has the MODERATE severity rating. We have covered the 8 CRITICAL vulnerabilities below in the vulnerability section.
– The domain join issue on Active Directory finds a resolution in cumulative update KB5023705. The issue occurred after the deployment of the October 2022 cumulative update on the server. Microsoft had been working on a permanent solution for the issue and had published an interim fix in the KB5020276 update.
Download KB5023705 for Windows Server 2022
KB5023705 can be deployed manually through an offline installer file. The offline installer file is available in the MSU extension. It can be downloaded from the Microsoft Update Catalog site.
Since SSU is built into the cumulative update, we are not talking about manual deployment of the Servicing Stack Update for Windows Server 2022.
The installer files are available for Windows Server 2022 versions 21H2 and 22H2.
Below, we have shared the Microsoft Update catalog page link and the direct download link for KB5023705.
- Download KB5023705 from Microsoft Update Catalog – the downloadable file size is of 319.8 MB for versions 21H2 and 22H2.
- Direct Download link for KB5023705 for Windows Server 2022 21H2 edition
- Direct Download link for KB5023705 for Windows Server 2022 22H2 edition
In addition to the manual deployment option, you can also install KB5023705 automatically through one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
The automated installation includes the Servicing Stack Update deployment.
Vulnerabilities on Windows Server 2022 under KB5023705
We mentioned about 54 security vulnerabilities that affect Windows Server 2022 and Windows Server 2022 Server core installation. Over here, we list the 8 security vulnerabilities that have a CRITICAL severity level.
| Vulnerability | CVSS | Impact | Brief description |
|---|---|---|---|
| CVE-2023-23415 | 9.8 | Remote Code Execution | An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket. |
| CVE-2023-21708 | 9.8 | Remote Code Execution | To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. |
| CVE-2023-23392 | 9.8 | Remote Code Execution | In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. This threat affects the HTTP Protocol Stack on Windows Server 2022. |
| CVE-2023-1017 | 8.8 | Elevation of Privileges | By leveraging malicious TPM commands from a guest VM to a target running Hyper-V, an attacker can cause an out of bounds write in the root partition. |
| CVE-2023-1018 | 8.8 | Elevation of Privileges | This vulnerability is on the TPM2.0 Module Library. |
| CVE-2023-23416 | 8.4 | Remote Code Execution | For successful exploitation, a malicious certificate needs to be imported on an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system. The vulnerability affects Windows Cryptographic services. |
| CVE-2023-23404 | 8.1 | Remote Code Execution | This is a RCE on the Windows Point-to-Point Tunneling Protocol. |
| CVE-2023-23411 | 6.5 | Denial of Service | Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. This vulnerability affects Windows Hyper-V. |
KB5023705 for Windows Server 2022 – Changelog
The following issue fixes and improvements have been reported by Microsoft for KB5023705:
- This update addresses an issue that stops hyperlinks from working in Microsoft Excel.
- This update implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.
- This update addresses an issue that affects the registry size. It grows very large. This occurs because the registry entries are not removed when users sign out of an Azure Virtual Desktop (AVD) environment that uses FSlogix.
- This update affects the United Mexican States. This update supports the government’s daylight saving time change order for 2023.
- This update addresses an issue that affects the Get-WinEvent cmdlet. It fails. The system throws InvalidOperationException.
- This update addresses an issue that affects Azure Active Directory (Azure AD). Using a provisioning package for bulk provisioning fails.
- This update addresses an issue that affects the Routing and Remote Access Service (RRAS). RRAS cannot accept any new incoming virtual private network (VPN) connections.
- This update addresses an issue that occurs when an access control policy denies you access to a resource. When you sign out, the system does not delete the POST Security Assertion Markup Language (SAML) Request cookie. This stops you from choosing other resources the next time you sign in.
- This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This occurs after you run Sysprep on a domain-joined machine.
- This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’” For more information, see KB5020276.
- This update addresses an issue that affects Storage Replication setup. Setup might fail on machines that use non En-US locales.
- This update addresses an issue that affects cluster name object (CNO) repairs. This issue stops you from using Failover Clustering to repair a CNO on an Azure virtual machine (VM).
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.