KB5026368 Cumulative Update for Windows 11 21H2

KB5026368 is May month’s cumulative update for Windows 11 version 21H2. This update addresses security vulnerabilities on Windows 11. It also contains product improvements.

KB5026368 was released on 9th May 2023.

Salient points

  • KB5026368 is a cumulative update that supersedes KB5025298 and KB5025224. KB5025224 was released under April’s ‘Patch Tuesday program. KB5025298 is a preview update that was released on 25th April 2023.
  • If you have not deployed KB5025298 yet, you can skip it and install KB5026368 directly. This is because KB5026368 contains all the changes that are part of the KB5025298 preview update.
  • Servicing Stack Update for Windows 11 is part of the cumulative update KB5026368. Separate installation of SSU is not needed for Windows 11 version 21H2.
  • Windows 11 21H2 for x64 systems are impacted by 20 security vulnerabilities. Four of these 20 vulnerabilities are of a ‘CRITICAL’ nature.
  • Windows 11 21H2 for ARM64 systems are impacted by 20 security vulnerabilities. Four of these vulnerabilities are of a ‘CRITICAL’ severity level.
  • You can download the KB5026368 for Windows 11 21H2 editions that correspond to x64 or ARM64 architecture.

Build information

  • Windows 11 21H2 build that corresponds to KB5026368 cumulative update for May 2023 is 22000.1936.
  • Windows 11 21H2 build that corresponds to KB5025298 preview update is 22000.1880.
  • Windows 11 21H2 build that corresponds to KB5025224 cumulative update for April 2023 is 22000.1817.

So, if you have patched Windows 11 21H2 with April month’s update, you will be migrating from build 1817 to 1936. If you already deployed the preview update KB5025298, then you will be migrating from build 1880 to 1936.

Servicing Stack Update

The Servicing Stack Update that maps to KB5026368 is 22000.1879. It is part of the cumulative update. Separate installation and download are not needed to patch the SSU on Windows 11 version 21H2.

The Servicing Stack Update for May 2023 contains 304 files in the complete changeset. You can download the CSV file containing all the files that comprise Servicing Stack Update 22000.1879 from this link.

Download KB5026368

Windows 11 21H2 cumulative update KB5026368 can be easily deployed through one of the following automated methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Service

The installation of cumulative updates is straightforward. The Servicing Stack Update is part of the cumulative update. It will be offered automatically as part of the complete update process.

If you were to patch KB5026368 manually, you can download the offline installer file for Windows 11 21H2 from the Microsoft Update Catalog page.

The offline installer files are available for x64 and ARM64 system architecture.

Below, we share the direct download link and the Microsoft Update Catalog page link for Windows 11 21H2 KB5026368.

Windows 11 computer will restart after deployment of KB5026368. So, please plan the change accordingly.


Out of 20 security vulnerabilities that affect Windows 11 21H2, there are 4 CRITICAL security vulnerabilities. We share a brief listing of these security vulnerabilities below.

VulnerabilityCVSS ratingImpactComments/affected module
CVE-2023-249439.8Remote Code Execution VulnerabilityWindows Pragmatic General Multicast (PGM)
CVE-2023-293258.1Remote Code Execution VulnerabilityWindows OLE
CVE-2023-282838.1Remote Code Execution VulnerabilityWindows Lightweight Directory Access Protocol (LDAP)
CVE-2023-249038.1Remote Code Execution VulnerabilityWindows Secure Socket Tunneling Protocol (SSTP)

You can read more about these security vulnerabilities by clicking on the CVE number for each vulnerability. This should take you to the Microsoft site and the page that contains details of the corresponding vulnerability.

Changelog KB5026368

KB5026368 encompasses KB5025298 preview update.

Additionally, the following improvement is part of the KB5026368 cumulative update for Windows 11 21H2:

  • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.

Post-deployment issues KB5026368

There are compatibility issues between KB5026368 and third-party apps that interfere with the working of explorer.exe.

After installing KB5026368, your Windows 11 computer may not restart if you have any of the following apps on the system:

  • ExplorerPatcher
  • StartAllBack

Microsoft suggests removing third-party apps from your Windows 11 computer for the seamless working of the computer.

Important links

For reference, you may consider reading the release notes of KB5026368. Here are some important links that may be of significance to your study:

You may also like to read May month’s cumulative updates for the following systems:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.