KB5028168 is the latest cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 11th July under the Patch Tuesday project.
Salient points
- KB5028168 is a cumulative update that replaces or supersedes KB5027222. KB5027222 was released on 13th June 2023.
- KB5028168 corresponds to server build 17763.4645. The previous build for Windows Server 2019 was 17763.4499.
- KB5005112 is the Servicing Stack Update that must be already deployed before installing KB5028168. This SSU was released in August 2021. We expect that the SSU may have already been deployed as part of one of the earlier update cycles.
- 96 security vulnerabilities were disclosed in July month’s security bulletin for Windows Server 2019.
- 7 of these security vulnerabilities have a ‘CRITICAL’ impact on the server. 4 of these threats carry a CVSS score of 9.8.
- This update also strives to improve the performance of Desktop Windows Manager.
Download KB5028168
KB5028168 can be applied automatically using one of the following programs:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
WSUS remains the best way forward to apply the cumulative update. As part of the update process, SSU KB5005112 will be automatically applied prior to the deployment of KB5028168.
KB5028168 can also be deployed manually through an offline installer file. The offline installer file is available in an MSU extension and can be downloaded from the Microsoft Update Catalog page for KB5028168.
- Download Servicing Stack Update KB5005112 for Windows Server 2019 – the size of the update file is 13.8 MB.
- Download SSU KB5005112 from Microsoft Update Catalog
- Download cumulative update KB5028168 from Microsoft Update Catalog
- Direct download link for KB5028168 – the size of the update file is 610.7 MB.
The Servicing Stack Update never causes a server reboot. However, the latest cumulative update will lead to a server restart. So, it is best advised to set aside a change management schedule to implement the update on Windows Server 2019.
Vulnerabilities
96 security vulnerabilities have been disclosed for Windows Server 2019. 7 of these vulnerabilities have a ‘CRITICAL’ impact on the server.
CRITICAL Vulnerabilities on Windows Server 2019
The CRITICAL vulnerabilities are shared below.
CVE Details | Impact | CVSS Score | Severity | Comments |
---|---|---|---|---|
CVE-2023-35367 | Remote Code Execution | 9.8 | CRITICAL | Windows Routing and Remote Access Service (RRAS) are affected |
CVE-2023-35365 | Remote Code Execution | 9.8 | CRITICAL | Windows Routing and Remote Access Service (RRAS) are affected |
CVE-2023-35366 | Remote Code Execution | 9.8 | CRITICAL | Windows Routing and Remote Access Service (RRAS) are affected |
CVE-2023-32057 | Remote Code Execution | 9.8 | CRITICAL | Microsoft Message Queuing is affected |
CVE-2023-35352 | Security Feature Bypass | 7.5 | CRITICAL | Windows Remote Desktop is affected |
CVE-2023-35315 | Remote Code Execution | 8.8 | CRITICAL | Windows Layer-2 Bridge Network Driver is affected |
CVE-2023-35297 | Remote Code Execution | 7.5 | CRITICAL | Windows Pragmatic General Multicast (PGM) is affected |
Zero-day threats affecting Windows Server 2019
There are 6 security threats that have a zero-day threat level for Windows Server 2019. All these vulnerabilities are being exploited actively as we write this.
CVE Details | Impact | CVSS | Severity | Comments |
---|---|---|---|---|
CVE-2023-32046 | Elevation of Privilege Vulnerability | 7.8 | Important | Windows MSHTML Platform is affected |
CVE-2023-32049 | Security Feature Bypass Vulnerability | 8.8 | Important | Windows SmartScreen is affected |
CVE-2023-35311 | Security Feature Bypass Vulnerability | 8.8 | Important | Microsoft Outlook is affected |
CVE-2023-36874 | Service Elevation of Privilege Vulnerability | 7.8 | Important | Windows Error Reporting is affected |
CVE-2023-36884 | Remote Code Execution Vulnerability | 8.3 | Important | Office and Windows HTML are affected |
CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | 6.7 | Important | An attacker with physical access or Administrative rights to a target device could install an affected boot policy. |
Changelog KB5028168
KB5028168 introduces quite significant improvements as part of the cumulative update patch. Some of the more significant improvements and changes are listed below:
- There has been an improvement in the Desktop Window Manager performance.
- The memory leak issue affecting MSCTF.dll has been resolved.
- The memory issue with svchost.exe has been resolved. The memory issue affects svchost.exe when svchost.exe contains the User Access Logging Service (UALSVC).
- This update addresses an issue that affects a tib.sys driver. It does not load. This occurs when HyperVisor-protected Code Integrity (HVCI) is enabled.
- This update addresses an issue that affects all the registry settings under the Policies paths. They might be deleted. This occurs when you do not rename the local temporary user policy file during Group Policy processing.
- This update adds the ability to share cookies between Microsoft Edge IE mode and Microsoft Edge.
- The update addresses an issue that affects a site that is in Microsoft Edge IE mode. The site does not transition out of IE mode when it is expected.
- This update addresses an issue that affects Microsoft Edge IE mode. The text on the status bar is not always visible.
- The update addresses an intermittent issue that affects an audio stream. The issue disrupts the stream.
- This update addresses an issue that affects MySQL commands. The commands fail on Windows Xenon containers.
For additional changes, you can refer the release document for KB5028168.
Microsoft July 2023 Security Updates
- KB5028232 Monthly Rollup update for Windows Server 2012
- KB5028233 Security Update for Windows Server 2012
- KB5028223 Security Update for Windows Server 2012 R2
- KB5028228 Monthly Rollup Update for Windows Server 2012 R2
- KB5028169 Cumulative Update for Windows Server 2016
- KB5028168 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.