KB5027222 is the latest cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 13th June 2023 as part of the ‘Patch Tuesday’ project.
We look at the details of KB5027222 below.
KB5027222 has now been superseded by KB5028168. You can read more about KB5028168 on this page.
Salient points about KB5027222
- KB5027222 supersedes KB5026362. KB5026362 was released in May 2023. You can read more about KB5026362 on this page.
- KB5027222 corresponds to server build 17763.4499.
- While upgrading from KB5026362 to KB5027222, you will upgrade from build 4377 to 4499.
- The Windows Kernel issue reported under CVE-2023-32019 has been resolved in KB5027222.
- You require Servicing Stack Update KB5005112 on Windows Server 2019 prior to installing KB5027222. This SSU was released in August 2021. So, there is a strong chance you would have already deployed it as part of previous updates.
- 32 security vulnerabilities affect Windows Server 2019 and Windows Server 2019 Server core installation. 4 of these vulnerabilities have a ‘CRITICAL’ severity level. And, three CRITICAL vulnerabilities carry a CVSS score of 9.8.
- 2 Zero-day threats affect Windows Server 2019. These are covered in the vulnerability section below.
Download KB5027222
KB5027222 can be deployed automatically using one of the following ways:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
Before patching KB5027222 manually, ensure that you have already deployed KB5005112 Servicing Stack Update. If KB5005112 is not deployed, you can download the installer file from one of the following links:
- Download KB5005112 from the Microsoft Update Catalog – the size of this update file is 13.8 MB only.
- Download the KB5005112 installer file directly
For manual deployments, you can download the offline installer file for KB5027222. This installer file is available in the MSU extension. You can download it directly from the Microsoft Update Catalog page.
- Download KB5027222 from the Microsoft Update Catalog page. The update file size is 599.2 MB and is available for x64 platforms.
- Download the KB5027222 installer directly
Servicing Stack Update does not cause a server reboot. The cumulative update file is a full update file. It is strongly suggested to implement it on production servers in a phased manner and under the ‘Change management’ schedule.
Vulnerabilities
Zero-day threats and CRITICAL threats affecting Windows Server 2019 are shared in brief below.
| Vulnerability | CVSS Score | Severity | Type | |
|---|---|---|---|---|
| CVE-2023-24880 (Zero-day) | 4.4 | Moderate | Security Feature Bypass | An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. |
| CVE-2021-34527 (Zero-day) | 8.8 | Critical | Remote Code Execution | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| CVE-2023-29363 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32013 | 6.5 | Critical | Denial of Service | Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. |
| CVE-2023-32014 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32015 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
Given these security vulnerabilities that affect Windows Server 2019, it is strongly suggested to deploy KB5027222 on a priority basis.
KB5027222 Changelog
The following changes or improvements are part of the KB5027222 for Windows Server 2019:
- This update addresses an issue that affects the touch keyboard. The touch keyboard Intermittently fails to open.
- This update addresses security issues for your Windows operating system.
- This update addresses an issue that affects the Storage Spaces Direct (S2D) cluster. It might not come online. This occurs after a periodic password rollover. The error code is 1326.
- This update addresses an issue that affects the Appx State Repository. When you remove a user profile, the cleanup is incomplete. Because of this, its database grows as time passes. This growth might cause delays when users sign in to multi-user environments like FSLogix.
- This update addresses an issue that affects the Windows Remote Management (WinRM) client. The client returns an HTTP server error status (500). This error occurs when it runs a transfer job in the Storage Migration Service.
- This update addresses an issue that affects signed Windows Defender Application Control (WDAC) policies. They are not applied to the Secure Kernel. This occurs when you enable Secure Boot.
- This update addresses an issue that might affect the Local Security Authority Subsystem Service (LSASS). It might close sporadically. The system logs the exception 0xc0000710 in the Application Error event 1000. Because of this, the domain controller restarts unexpectedly. This issue affects read-only DCs (RODC) that also run Microsoft Defender Advanced Threat Protection (ATP).
- This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.