KB5025230 is the latest cumulative update for Windows Server 2022 and Windows Server 2022 Server core installation. The patch has been released under the ‘Patch Tuesday’ project on 11th April 2023.
KB5025230 has now been replaced by KB5026370. KB5026370 was released on 9th May 2023 and you can read more about it here.
Key points about KB5025230
- KB5025230 is a cumulative update that supersedes KB5023705 cumulative update. KB5023705 was released in March 2023 and you can read more about KB5023705 here.
- KB5025230 corresponds to server build 20348.1668. KB5023705 maps to server build 20348.1607. When you upgrade from KB5023705, you will be progressing from build 1607 to 1668.
- 72 security vulnerabilities have been disclosed for Windows Server 2022 and Windows Server 2022 Server core installation in April month’s security bulletin. 6 of these are CRITICAL vulnerabilities.
- 3 zero-day threats affect Windows Server 2022 and Windows Server 2022 Server core installation.
- Servicing Stack Update 20348.1663 corresponds to KB5025230. However, the Servicing Stack Update is part of the cumulative update. Separate installation is not needed for the Servicing Stack Update on Windows Server 2022.
Download KB5025230 for Windows Server 2022
The manual deployment of KB5025230 can be planned through an offline installer file. The offline installer file is in MSU format. Since SSU installation is not needed on a separate basis, we just need to get the offline installer file to install KB5025230 on the server.
The direct download links for the KB5025230 update are shared hereunder.
| Security update | Download link | Size of the update |
|---|---|---|
| KB5025230 for 21H2 | Download KB5025230 | 321.3 MB |
| KB5025230 for 22H2 | Download KB5025230 | 321.3 MB |
The update files are available for the Windows Server 2022 21H2 and 22H2 versions.
An alternate approach to downloading the offline installer file is through the Microsoft Update catalog page for KB5025230.
You can see that both installer files are available on the catalog page. Depending on your server version, you can download the file for the 21H2 or 22H2 versions of Windows Server 2022.
You could use any of the following automated methods to deploy KB5025230 automatically:
- WSUS or Windows Server Update Service
- Windows Update
- Windows Update for Business
WSUS remains the preferred method to deploy security updates on Windows Server 2022.
Security vulnerabilities on Windows Server 2022
As part of the April month’s security bulletin, 72 security vulnerabilities have been disclosed for the Windows Server 2022 and Windows Server 2022 Server core installation. 6 of these vulnerabilities have a ‘CRITICAL’ severity. We have listed the CRITICAL vulnerabilities below. We have also shared the zero-day threats affecting Windows Server 2022 below.
Zero-day threats affecting Windows Server 2022
| CVE vulnerability | CVSS Severity | CVE Title | Impact |
|---|---|---|---|
| CVE-2022-43552 | 9.8 | Open Source Curl | Remote Code Execution |
| CVE-2013-3900 | 7.4 | WinVerifyTrust Signature Validation Vulnerability | Remote Code Execution |
| CVE-2023-28252 | 7.8 | Windows Common Log File System Driver | Elevation of Privilege Vulnerability |
CRITICAL vulnerabilities affecting Windows Server 2022
The six CRITICAL vulnerabilities that affect Windows Server 2022 and Windows Server 2022 Server core installation are given hereunder.
| Vulnerability | CVE Title | CVSS Score | Vulnerability scope |
|---|---|---|---|
| CVE-2023-21554 | Microsoft Message Queuing | 9.8 | Remote Code Execution |
| CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) | 9.8 | Remote Code Execution |
| CVE-2023-28231 | DHCP Server Service | 8.8 | Remote Code Execution |
| CVE-2023-28219 | Layer 2 Tunneling Protocol | 8.1 | Remote Code Execution |
| CVE-2023-28220 | Layer 2 Tunneling Protocol | 8.1 | Remote Code Execution |
| CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol | 7.5 | Remote Code Execution |
KB5025230 – Changelog
KB5025230 makes a lot of changes on the Windows Server 2022. However, the two most significant changes are the changes to the Microsoft Defender for Endpoints and the introduction of Windows Local Administrator Password Solution (LAPS).
A list of changes that are part of KB5025230 is shared below.
- New! This update adds many new features and improvements to Microsoft Defender for Endpoint. For more information, see Microsoft Defender for Endpoint.
- New! This update implements the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature. For more information, see By popular demand: Windows LAPS available now!
- This update addresses an issue that affects inbound remote Component Object Model (COM) activations. They fail. The error code is 0x80010111. This occurs if the client protocol version is less than 5.7.
- This update addresses an issue that affects Microsoft PowerPoint. It stops working on Azure Virtual Desktop (AVD). This occurs when you use Visual Basic for Applications (VBA).
- This update addresses an issue that affects Windows Search. Windows Search fails inside of Windows container images.
- This update affects the Arab Republic of Egypt. The update supports the government’s daylight saving time change order for 2023.
- This update addresses an issue that affects the Key Distribution Center (KDC) service. When the service stops on a local machine, signing in to all local Kerberos fails. The error is STATUS_NETLOGON_NOT_STARTED.
- This update addresses an issue that affects the Windows Remote Management (WinRM) client. The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service.
- This update addresses an issue that affects Desired State Configuration. It loses its previously configured options. This occurs if metaconfig.mof is missing.
- This update addresses compatibility issues that affect some printers. These printers use Windows Graphical Device Interface (GDI) printer drivers. These drivers do not completely adhere to GDI specifications.
- This update addresses a stack overflow condition that causes a device to stop working. This occurs when you call xxxDestroyWindow() in Kernel mode.
- This update addresses a rare issue that might cause an input destination to be null. This issue might occur when you attempt to convert a physical point to a logical point during hit testing. Because of this, the computer raises a stop error.
- This update addresses an issue that affects certain processors that have firmware Trusted Platform Modules (TPM). You cannot use Autopilot to set them up.
- This update addresses an issue that affects the Fast Identity Online 2.0 (FIDO2) PIN credential icon. It does not appear on the credentials screen of an external monitor. This occurs when that monitor is attached to a closed laptop.
- This update addresses an issue that affects a Clustered Shared Volume (CSV). The CSV fails to come online. This occurs if you enable BitLocker and local CSV managed protectors, and the system recently rotated the BitLocker keys.
- This update addresses an issue that affects Windows Server 2022 domain controllers. They stop working. This occurs when they process Lightweight Directory Access Protocol (LDAP) requests.
- This update addresses an issue that affects Administrator Account Lockout policies. GPResult and Resultant Set of Policy did not report them.
- This update addresses an issue that affects MySQL commands. The commands fail on Windows Xenon containers.
- This update addresses an issue that affects Windows Server Failover Clustering. If you configure a cloud witness, both sites think that the other side is down. This is a “split-brain” scenario.
Known issues in KB5025230
A couple of issues have been reported post-deployment of KB5025230 on Windows Server 2022. You can read more about the issues on Microsoft’s release notes for KB5025230. A brief listing of the issues is stated hereunder.
- After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.
- Updates released February 14, 2023 or later might not be offered from some Windows Server Update Services (WSUS) servers to Windows 11, version 22H2. The updates will download to the WSUS server but might not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded from Windows Server 2016 or Windows Server 2019.
We recommend checking out the solutions offered for both issues by Microsoft.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.