KB5026372 cumulative update for Windows 11 22H2

KB5026372 is May month’s cumulative update for Windows 11 version 22H2. The update was released on 9th May 2023 under the Patch Tuesday program of Microsoft.

Key points

  • KB5026372 is the cumulative update for Windows 11 version 22H2. It supersedes KB5025305 and KB5025239 updates.
  • KB5025305 is a preview update that was released on April 25, 2023. All changes that are part of the KB5025305 update are automatically part of the KB5026372 cumulative update.
  • KB5025239 was released in April 2023 under the ‘Patch Tuesday’ project.
  • Servicing Stack Update for Windows 11 version 22H2 is included in the cumulative update KB5026372. Separate installation of SSU is not required for Windows 11 computers.
  • 19 security vulnerabilities affect Windows 11 version 22H2 for the x64 edition. This is as per May month’s security bulletin. 4 of these vulnerabilities carry a ‘CRITICAL’ severity level.
  • 19 security vulnerabilities affect the ARM64 edition of Windows 11 22H2. 4 of these vulnerabilities have a ‘CRITICAL’ severity.
  • You could install KB5026372 automatically or through patching of an offline installer file.

Build information

The following builds correspond to the latest cumulative update, preview update, and previous month’s cumulative update for Windows 11 22H2 edition.

  • KB5026372 or May month’s cumulative update corresponds to Windows 11 version 22H2 build 22621.1702.
  • KB5025305 preview update corresponds to Windows 11 version 22H2 build 22621.1635.
  • KB5025239 preview update corresponds to Windows 11 version 22H2 build 22621.1555.

For upgrades from KB5025239, you will migrate from build 1555 to 1702. For upgrades from KB5025305 to KB5026372, you are migrating from 1635 to 1702.

Servicing Stack Update

Servicing Stack Update for Windows 11 version 22H2 is included in the cumulative update KB5026372. The Servicing Stack Update version 22621.1626 corresponds to KB5026372.

Separate installation of the Servicing Stack Update is not required for Windows 11 22H2 computers.

You can find more information about all the files that comprise the 22621.1626 Servicing Stack Update by downloading a CSV file from this page.

Download KB5026372

KB5026372 can be applied automatically using one of the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Service

For manual deployments, KB5026372 can be installed using an offline installer file. The offline installer file is in MSU format.

The offline installer file can be downloaded for x64 or ARM64 editions from the Microsoft Update Catalog page for KB5026372. We have shared the catalog links and the direct download links for the x64 and ARM64 installer files for KB5026372.

Upon deployment, Windows 11 system will reboot to complete the Windows Update process.

Vulnerabilities in Windows 11

There are 19 security vulnerabilities that affect the x64 and ARM64 editions for Windows 11 version 22H2. We have shared the four CRITICAL security vulnerabilities below.

VulnerabilityCVSS ratingImpactComments/affected module
CVE-2023-249439.8Remote Code Execution VulnerabilityWindows Pragmatic General Multicast (PGM)
CVE-2023-293258.1Remote Code Execution VulnerabilityWindows OLE
CVE-2023-282838.1Remote Code Execution VulnerabilityWindows Lightweight Directory Access Protocol (LDAP)
CVE-2023-249038.1Remote Code Execution VulnerabilityWindows Secure Socket Tunneling Protocol (SSTP)

You can find more information about these security vulnerabilities by clicking each vulnerability above.

KB5026372 Changelog

The following changes or improvements are part of the KB5026372 cumulative update for Windows 11 version 22H2.

  • This update affects the Kernel-mode Hardware-enforced Stack Protection security feature. The update adds more drivers to the database of drivers that are not compatible with it. A device uses this database when you enable this security feature in the Windows Security UI and it loads the drivers.
  • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.

Post-deployment issues after KB5026372

The following post-deployment issues have been reported after installing the KB5026372 cumulative update:

  • Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Provisioning packages are .PPKG files which are used to help configure new devices for use on business or school networks. Provisioning packages which are applied during initial setup are most likely to be impacted by this issue. For more information on provisioning packages, please see Provisioning packages for Windows.
  • After installing this update, some apps might have intermittent issues with speech recognition, expressive input, and handwriting when using Chinese or Japanese languages. Affected apps might sometimes fail to recognize certain words or might be unable to receive any input from speech recognition or affected input types. This issue is more likely to occur when apps are using offline speech recognition.

A final resolution is awaited for both issues. We expect that a resolution may be offered as part of a future cumulative update.

Important links

The following pages or links will be useful in getting more details about Windows 11 version 22H2 security updates.

You may also like to read more about the additional cumulative updates for the month of May 2023 below:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.