KB5028168 Cumulative Update for Windows Server 2019

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5028168 is the latest cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 11th July under the Patch Tuesday project.

Salient points

  • KB5028168 is a cumulative update that replaces or supersedes KB5027222. KB5027222 was released on 13th June 2023.
  • KB5028168 corresponds to server build 17763.4645. The previous build for Windows Server 2019 was 17763.4499.
  • KB5005112 is the Servicing Stack Update that must be already deployed before installing KB5028168. This SSU was released in August 2021. We expect that the SSU may have already been deployed as part of one of the earlier update cycles.
  • 96 security vulnerabilities were disclosed in July month’s security bulletin for Windows Server 2019.
  • 7 of these security vulnerabilities have a ‘CRITICAL’ impact on the server. 4 of these threats carry a CVSS score of 9.8.
  • This update also strives to improve the performance of Desktop Windows Manager.

Download KB5028168

KB5028168 can be applied automatically using one of the following programs:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Service

WSUS remains the best way forward to apply the cumulative update. As part of the update process, SSU KB5005112 will be automatically applied prior to the deployment of KB5028168.

KB5028168 can also be deployed manually through an offline installer file. The offline installer file is available in an MSU extension and can be downloaded from the Microsoft Update Catalog page for KB5028168.

The Servicing Stack Update never causes a server reboot. However, the latest cumulative update will lead to a server restart. So, it is best advised to set aside a change management schedule to implement the update on Windows Server 2019.

Vulnerabilities

96 security vulnerabilities have been disclosed for Windows Server 2019. 7 of these vulnerabilities have a ‘CRITICAL’ impact on the server.

CRITICAL Vulnerabilities on Windows Server 2019

The CRITICAL vulnerabilities are shared below.

CVE DetailsImpactCVSS Score SeverityComments
CVE-2023-35367Remote Code Execution9.8CRITICALWindows Routing and Remote Access Service (RRAS) are affected
CVE-2023-35365Remote Code Execution9.8CRITICALWindows Routing and Remote Access Service (RRAS) are affected
CVE-2023-35366Remote Code Execution9.8CRITICALWindows Routing and Remote Access Service (RRAS) are affected
CVE-2023-32057Remote Code Execution9.8CRITICALMicrosoft Message Queuing is affected
CVE-2023-35352Security Feature Bypass7.5CRITICALWindows Remote Desktop is affected
CVE-2023-35315Remote Code Execution8.8CRITICALWindows Layer-2 Bridge Network Driver is affected
CVE-2023-35297Remote Code Execution7.5CRITICALWindows Pragmatic General Multicast (PGM) is affected

Zero-day threats affecting Windows Server 2019

There are 6 security threats that have a zero-day threat level for Windows Server 2019. All these vulnerabilities are being exploited actively as we write this.

CVE DetailsImpactCVSSSeverityComments
CVE-2023-32046Elevation of Privilege Vulnerability7.8ImportantWindows MSHTML Platform is affected
CVE-2023-32049Security Feature Bypass Vulnerability8.8ImportantWindows SmartScreen is affected
CVE-2023-35311Security Feature Bypass Vulnerability8.8ImportantMicrosoft Outlook is affected
CVE-2023-36874Service Elevation of Privilege Vulnerability7.8ImportantWindows Error Reporting is affected
CVE-2023-36884Remote Code Execution Vulnerability8.3ImportantOffice and Windows HTML are affected
CVE-2023-24932Secure Boot Security Feature Bypass Vulnerability6.7ImportantAn attacker with physical access or Administrative rights to a target device could install an affected boot policy.

Changelog KB5028168

KB5028168 introduces quite significant improvements as part of the cumulative update patch. Some of the more significant improvements and changes are listed below:

  • There has been an improvement in the Desktop Window Manager performance.
  • The memory leak issue affecting MSCTF.dll has been resolved.
  • The memory issue with svchost.exe has been resolved. The memory issue affects svchost.exe when svchost.exe contains the User Access Logging Service (UALSVC).
  • This update addresses an issue that affects a tib.sys driver. It does not load. This occurs when HyperVisor-protected Code Integrity (HVCI) is enabled.
  • This update addresses an issue that affects all the registry settings under the Policies paths. They might be deleted. This occurs when you do not rename the local temporary user policy file during Group Policy processing.
  • This update adds the ability to share cookies between Microsoft Edge IE mode and Microsoft Edge.
  • The update addresses an issue that affects a site that is in Microsoft Edge IE mode. The site does not transition out of IE mode when it is expected. 
  • This update addresses an issue that affects Microsoft Edge IE mode. The text on the status bar is not always visible.
  • The update addresses an intermittent issue that affects an audio stream. The issue disrupts the stream.
  • This update addresses an issue that affects MySQL commands. The commands fail on Windows Xenon containers.

For additional changes, you can refer the release document for KB5028168.

Microsoft July 2023 Security Updates

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.