KB5027225 is the latest cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 13th June 2023 as part of the ‘Patch Tuesday’ initiative of Microsoft.
Let us review the main points and download information of KB5027225 for Windows Server 2022.
Salient points about KB5027225
- KB5027225 supersedes KB5026370 cumulative update.
- KB5026370 was released on 9th May 2023. You can read more about KB5026370.
- KB5027225 corresponds to server build 20348.1787.
- If you are upgrading from KB5026370 to KB5027225, you are migrating from server build 20348.1726 to 20348.1787.
- Servicing Stack Update for KB5027225 is part of the cumulative update. SSU 20348.1780 is the Servicing Stack Update that is part of KB5027225. It is deployed automatically as part of the update process.
- 34 security vulnerabilities have been reported for Windows Server 2022 in June month’s security bulletin. 4 of these security vulnerabilities have a ‘CRITICAL’ severity; three vulnerabilities carry a CVSS score of 9.8.
- Two zero-day threats affect Windows Server 2022. These are shared in the vulnerability section below.
- It may be significant to know that the Windows Kernel vulnerability CVE-2023-32019 has been resolved in KB5027225.
Download KB5027225
Before proceeding with the discussion on the manual deployment of KB5027225, it may be a good idea to talk about the various automated methods available for updating the Windows stack.
You can apply KB5027225 automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
WSUS remains one of the most commonly used automated strategies for updating Windows server software.
Since the Servicing Stack Update is part of the main cumulative update for Windows Server 2022, we do not need to perform any separate installation of the SSU on the server.
The manual deployment process involves downloading the offline installer file. The offline installer file is available as an MSU file. You can download this offline installer from the Microsoft Update Catalog page for Windows Server 2022 21H2 edition or 22H2 edition.
The download links for the installer file are shared below.
- Download KB5027225 from Microsoft Update Catalog.
- Direct Download of KB5027225 offline installer file for Windows Server 21H2
- Direct Download of KB5027225 offline installer file for Windows Server 22H2
The installer files for Windows Server 2022 have a size of 329.3 MB.
Once you have deployed the MSU file on the Windows Server 2022, your server will restart for the update files to take effect.
Vulnerabilities
Out of 34 security vulnerabilities shared for Windows Server 2022, we will restrict our discussion to the two zero-day threats and 4 CRITICAL vulnerabilities.
These security vulnerabilities are shared hereunder.
| Vulnerability | CVSS Score | Severity | Type | |
|---|---|---|---|---|
| CVE-2023-24880 (Zero-day) | 4.4 | Moderate | Security Feature Bypass | An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. |
| CVE-2021-34527 (Zero-day) | 8.8 | Critical | Remote Code Execution | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| CVE-2023-29363 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32014 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32015 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
KB5027225 Changelog
The following changes or improvements are part of the KB5027225 cumulative update for Windows Server 2022:
- This update addresses an issue that affects servers that have Citrix and Ivanti as Remote Desktop Services (RDS) server. Signing in to them takes a very long time.
- This update addresses a resource conflict issue between two or more threads (known as a deadlock). This deadlock affects COM+ applications.
- This update addresses an issue that affects the Storage Spaces Direct (S2D) cluster. It might not come online. This occurs after a periodic password rollover. The error code is 1326.
- This update addresses a memory leak. It occurs every time you print a rich text document.
- This update addresses an issue that might affect the Domain Name System (DNS) suffix search list. When you configure it, the parent domain might be missing.
- This update changes the support phone number for Microsoft India for Windows activation.
- This update addresses an issue that might cause some systems to stop working. This occurs when you implement firewall logging.
- This update addresses an issue that might affect the Local Security Authority Subsystem Service (LSASS). It might close sporadically. The system logs the exception 0xc0000710 in the Application Error event 1000. Because of this, the domain controller restarts unexpectedly. This issue affects read-only DCs (RODC) that also run Microsoft Defender Advanced Threat Protection (ATP).
- This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019. To learn more, seeĀ KB5028407.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.