KB5026363 is the latest cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. The update was released on 9th May under the ‘Patch Tuesday’ project of Microsoft.
KB5026363 has now been superseded by KB5027219 in June 2023. You can read more about KB5027219.
Let us look at the details of KB5026363 for Windows Server 2016 below.
Salient points about KB5026363
- KB5026363 is a cumulative update that supersedes KB5025228. KB50252228 was released in April 2023 and you can read more about it on this page for KB5025228.
- KB5026363 upgrades server build to 14393.5921. KB5025228 corresponds to server build 14393.5850.
- Servicing Stack Update KB5023788 needs to be deployed on the server prior to installing KB5026363. This SSU was released in March 2023.
- 18 security vulnerabilities have been reported for Windows Server 2016 as part of the May 2023 security bulletin of Microsoft.
- 5 of the stated vulnerability have ‘CRITICAL’ severity while 13 have ‘IMPORTANT’ severity levels.
- 3 Zero-day security threats affect Windows Server 2016. You can find details of these vulnerabilities in the vulnerability section below.
Download KB5026363
KB5026363 can be applied automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
If you choose any of these automated strategies for updating KB5026363, the Servicing Stack Update will be automatically patched prior to the deployment of KB5026363.
However, if you choose to install KB5026363 manually, you will need to ensure that the Servicing Stack Update is deployed prior to installing KB5026363.
Below, we have shared the catalog links for downloading the offline installer files for the Servicing Stack Update and the cumulative update.
- Download KB5023788 Servicing Stack Update from the Microsoft Update Catalog page – size of this update file is 11.7 MB.
- Download KB5026363 Cumulative Update from the Microsoft Update Catalog page – size of this update file is 1537.1 MB.
The following are direct download links for KB5023788 and KB5026363 for Windows Server 2016.
Servicing Stack Update will not cause a server reboot. Cumulative updates will take effect after the server reboot.
Vulnerabilities in Windows Server 2016 in May 2023
Out of 18 vulnerabilities reported by Microsoft for Windows Server 2016, we will cover 5 CRITICAL vulnerabilities below.
Additionally, the three zero-day threats are also listed in this section.
Zero-day vulnerabilities in Windows Server 2016
The three zero-day threats that affect Windows Server 2016 are listed below.
| Vulnerability | CVSS Score | Severity | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-24932 | 6.7 | IMPORTANT | Secure Boot Security Feature Bypass | In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine. As part of the fix, Microsoft suggests reading emails in plain text in Microsoft Outlook. |
| CVE-2023-29325 | 8.1 | CRITICAL | Remote Code Execution | In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine. As part of the fix, Microsoft suggests reading emails in plain text in Microsoft Outlook. |
| CVE-2023-29336 | 7.8 | IMPORTANT | Elevation of Privileges | An attacker who successfully exploited this vulnerability could bypass Secure Boot. The attacker needs to have physical access or Administrative rights to a target device. To patch this vulnerability, please read the instructions on this page. |
CRITICAL vulnerabilities Windows Server 2016
There are 5 CRITICAL vulnerabilities on Windows Server 2016. These threats were disclosed under the Patch Tuesday project of Microsoft.
The 5 CRITICAL vulnerabilities are shared below.
| Vulnerability | CVSS Score | Severity | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-24941 | 9.8 | CRITICAL | Remote Code Execution | This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Mitigation steps are shared in the Microsoft advisory for CVE-2023-24941. |
| CVE-2023-24943 | 9.8 | CRITICAL | Remote Code Execution | When Windows Message Queuing service is running in a Pragmatic General Multicast (PGM) Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. To mitigate risk, Microsoft recommends customers deploy newer technologies such as Unicast or Multicast server. Read more details of this vulnerability on the Microsoft advisory page. |
| CVE-2023-29325 | 8.1 | CRITICAL | Remote Code Execution | An attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine. To mitigate this vulnerability, Microsoft recommends users read email messages in plain text format |
| CVE-2023-24903 | 8.1 | CRITICAL | Remote Code Execution | This RCE vulnerability exists in Windows Secure Socket Tunneling Protocol (SSTP). To exploit this vulnerability, an attacker would need to send a specially crafted malicious SSTP packet to a SSTP server. This could result in remote code execution on the server side. |
| CVE-2023-28283 | 8.1 | CRITICAL | Remote Code Execution | This RCE vulnerability exists in Windows Lightweight Directory Access Protocol (LDAP). An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service. |
KB5026363 Changelog
The following changes have been made under the KB5026363 cumulative update on Windows Server 2016:
- This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022.
- This update addresses an issue that affects the Key Distribution Center (KDC) service. When the service stops on a local machine, signing in to all local Kerberos fails. The error is STATUS_NETLOGON_NOT_STARTED.
- This update addresses an issue that affects Microsoft Edge IE mode. The issue stops you from configuring add-ons.
Important links
- Microsoft release notes for KB5026363
- Zero-day initiative vulnerability coverage for May 2023 security updates
- Microsoft Update Catalog page for KB5026363
- Download file information for KB5026363 (downloads as a CSV file)
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.