KB5026372 is May month’s cumulative update for Windows 11 version 22H2. The update was released on 9th May 2023 under the Patch Tuesday program of Microsoft.
Key points
- KB5026372 is the cumulative update for Windows 11 version 22H2. It supersedes KB5025305 and KB5025239 updates.
- KB5025305 is a preview update that was released on April 25, 2023. All changes that are part of the KB5025305 update are automatically part of the KB5026372 cumulative update.
- KB5025239 was released in April 2023 under the ‘Patch Tuesday’ project.
- Servicing Stack Update for Windows 11 version 22H2 is included in the cumulative update KB5026372. Separate installation of SSU is not required for Windows 11 computers.
- 19 security vulnerabilities affect Windows 11 version 22H2 for the x64 edition. This is as per May month’s security bulletin. 4 of these vulnerabilities carry a ‘CRITICAL’ severity level.
- 19 security vulnerabilities affect the ARM64 edition of Windows 11 22H2. 4 of these vulnerabilities have a ‘CRITICAL’ severity.
- You could install KB5026372 automatically or through patching of an offline installer file.
Build information
The following builds correspond to the latest cumulative update, preview update, and previous month’s cumulative update for Windows 11 22H2 edition.
- KB5026372 or May month’s cumulative update corresponds to Windows 11 version 22H2 build 22621.1702.
- KB5025305 preview update corresponds to Windows 11 version 22H2 build 22621.1635.
- KB5025239 preview update corresponds to Windows 11 version 22H2 build 22621.1555.
For upgrades from KB5025239, you will migrate from build 1555 to 1702. For upgrades from KB5025305 to KB5026372, you are migrating from 1635 to 1702.
Servicing Stack Update
Servicing Stack Update for Windows 11 version 22H2 is included in the cumulative update KB5026372. The Servicing Stack Update version 22621.1626 corresponds to KB5026372.
Separate installation of the Servicing Stack Update is not required for Windows 11 22H2 computers.
You can find more information about all the files that comprise the 22621.1626 Servicing Stack Update by downloading a CSV file from this page.
Download KB5026372
KB5026372 can be applied automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
For manual deployments, KB5026372 can be installed using an offline installer file. The offline installer file is in MSU format.
The offline installer file can be downloaded for x64 or ARM64 editions from the Microsoft Update Catalog page for KB5026372. We have shared the catalog links and the direct download links for the x64 and ARM64 installer files for KB5026372.
- Download KB5026372 from the Microsoft Update Catalog page. (please download the x64 or ARM64 file)
- Direct download KB5026372 for x64 systems – the size of this update file is 275 MB.
- Direct download KB5026372 for ARM64 systems – the size of this update file is 388.6 MB.
Upon deployment, Windows 11 system will reboot to complete the Windows Update process.
Vulnerabilities in Windows 11
There are 19 security vulnerabilities that affect the x64 and ARM64 editions for Windows 11 version 22H2. We have shared the four CRITICAL security vulnerabilities below.
| Vulnerability | CVSS rating | Impact | Comments/affected module |
|---|---|---|---|
| CVE-2023-24943 | 9.8 | Remote Code Execution Vulnerability | Windows Pragmatic General Multicast (PGM) |
| CVE-2023-29325 | 8.1 | Remote Code Execution Vulnerability | Windows OLE |
| CVE-2023-28283 | 8.1 | Remote Code Execution Vulnerability | Windows Lightweight Directory Access Protocol (LDAP) |
| CVE-2023-24903 | 8.1 | Remote Code Execution Vulnerability | Windows Secure Socket Tunneling Protocol (SSTP) |
You can find more information about these security vulnerabilities by clicking each vulnerability above.
KB5026372 Changelog
The following changes or improvements are part of the KB5026372 cumulative update for Windows 11 version 22H2.
- This update affects the Kernel-mode Hardware-enforced Stack Protection security feature. The update adds more drivers to the database of drivers that are not compatible with it. A device uses this database when you enable this security feature in the Windows Security UI and it loads the drivers.
- This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.
Post-deployment issues after KB5026372
The following post-deployment issues have been reported after installing the KB5026372 cumulative update:
- Using provisioning packages on Windows 11, version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the Out Of Box Experience might not finish or might restart unexpectedly. Provisioning packages are .PPKG files which are used to help configure new devices for use on business or school networks. Provisioning packages which are applied during initial setup are most likely to be impacted by this issue. For more information on provisioning packages, please see Provisioning packages for Windows.
- After installing this update, some apps might have intermittent issues with speech recognition, expressive input, and handwriting when using Chinese or Japanese languages. Affected apps might sometimes fail to recognize certain words or might be unable to receive any input from speech recognition or affected input types. This issue is more likely to occur when apps are using offline speech recognition.
A final resolution is awaited for both issues. We expect that a resolution may be offered as part of a future cumulative update.
Important links
The following pages or links will be useful in getting more details about Windows 11 version 22H2 security updates.
- Microsoft release notes for KB5026372
- Microsoft Update Catalog page for KB5026372
- File information for KB5026372 in CSV file format
- File information for Servicing Stack Update 22621.1626.
You may also like to read more about the additional cumulative updates for the month of May 2023 below:
- KB5026409 Security Update for Windows Server 2012 R2
- KB5026411 security update for Windows Server 2012
- KB5026419 cumulative update for Windows Server 2012
- KB5026415 Monthly rollup update for Windows Server 2012 R2
- KB5026370 cumulative update for Windows Server 2022
- KB5026362 cumulative update for Windows Server 2019
- KB5026363 May 2023 cumulative update for Windows Server 2016
- KB5026368 Cumulative Update for Windows 11 21H2
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.