KB5028169 is the latest cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. The update is part of the July month’s ‘Patch Tuesday’ project.
KB5028169 has been superseded by the August 2023 cumulative update KB5029242. You can read more about the KB5029242 update on this page.
- KB5028169 is a cumulative update that supersedes KB5027219. KB5027219 was released in June as part of the June update cycle.
- You can read more about June month’s cumulative update KB5027219 on this page.
- KB5028169 also contains all changes that are part of the out of band (OOB) update KB5028623 released on 23rd June 2023. If you did not apply the OOB update yet, you can skip it and go straight to KB5028169. All changes that are part of KB5028623 are included in the KB5028169 cumulative update.
- KB5028169 corresponds to server build 14393.6185. The previous server build for June cumulative update was 14393.5989. The OOB update corresponds to server build 14393.5996.
- Servicing Stack Update KB5023788 needs to be deployed prior to installing KB5028169. This is a newer SSU as it was released on 14th March 2023. So, do ensure that it has already been patched.
- Performance issues with Desktop Windows Manager (DWM) have been addressed in this update.
- 87 security vulnerabilities have been disclosed for Windows Server 2016 in July month’s security bulletin. 6 of these vulnerabilities have a ‘CRITICAL’ severity level.
- Four security vulnerabilities have a CVSS score of 9.8. Details of these threats are shared in the vulnerability section.
- Six zero-day threats that affect Windows Server 2016 are also shared in the zero-day threat section below.
KB5028169 can be automatically applied using any one of the following programs:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
WSUS remains the most preferred method to patch Windows Servers.
KB5028169 can be applied manually by installing an offline installer file. The offline installer file is in the MSU extension.
The offline installer file can be downloaded from the Microsoft Update Catalog page for KB5028169. Since SSU KB5023788 is also required as part of the installation, we will need to download the offline installer file for the Servicing Stack Update.
- Download KB5023788 SSU for Windows Server 2016 from Microsoft Update Catalog – This SSU was released in March 2023 and the file size is 11.7 MB.
- Download KB5028169 cumulative update for Windows Server 2016 – The size of the installer file for KB5028169 is 1642.5 MB.
The direct download links for the patch files are shared below.
Upon installation of the Servicing Stack Update, the server will not reboot. However, the installation of cumulative updates will be complete after the server reboot.
We always recommend scheduling a planned change management process to implement cumulative updates on Windows servers.
There are 87 vulnerabilities that have been disclosed for Windows Server 2016. We restrict our discussion to CRITICAL vulnerabilities and zero-day threats below.
CRITICAL vulnerabilities on Windows Server 2016
|CVE Details||Impact||CVSS Score||Severity||Comments|
|CVE-2023-35367||Remote Code Execution||9.8||CRITICAL||Windows Routing and Remote Access Service (RRAS) are affected|
|CVE-2023-35365||Remote Code Execution||9.8||CRITICAL||Windows Routing and Remote Access Service (RRAS) are affected|
|CVE-2023-35366||Remote Code Execution||9.8||CRITICAL||Windows Routing and Remote Access Service (RRAS) are affected|
|CVE-2023-32057||Remote Code Execution||9.8||CRITICAL||Microsoft Message Queuing is affected|
|CVE-2023-35352||Security Feature Bypass||7.5||CRITICAL||Windows Remote Desktop is affected|
|CVE-2023-35297||Remote Code Execution||7.5||CRITICAL||Windows Pragmatic General Multicast (PGM) is affected|
Zero-day threats on Windows Server 2016
The following zero-day vulnerabilities affect Windows Server 2016 as per July month’s security bulletin:
|CVE-2023-32046||Elevation of Privilege Vulnerability||7.8||Important||Windows MSHTML Platform is affected|
|CVE-2023-32049||Security Feature Bypass Vulnerability||8.8||Important||Windows SmartScreen is affected|
|CVE-2023-35311||Security Feature Bypass Vulnerability||8.8||Important||Microsoft Outlook is affected|
|CVE-2023-36874||Service Elevation of Privilege Vulnerability||7.8||Important||Windows Error Reporting is affected|
|CVE-2023-36884||Remote Code Execution Vulnerability||8.3||Important||Office and Windows HTML are affected|
|CVE-2023-24932||Secure Boot Security Feature Bypass Vulnerability||6.7||Important||An attacker with physical access or Administrative rights to a target device could install an affected boot policy.|
The following changes or improvements are part of the KB5028169 cumulative update for Windows Server 2016:
- This update addresses an issue that affects all the registry settings under the Policies paths. They might be deleted. This occurs when you do not rename the local temporary user policy file during Group Policy processing.
- This update affects the Desktop Window Manager (DWM). It improves its reliability.
- This update improves several simplified Chinese fonts and the Microsoft Pinyin Input Method Editor (IME). They now support GB18030-2022. Characters in the Standard Chinese Characters List (GB18030-2022 implementation level 2) are available in Microsoft Yahei (regular, light, and bold), Dengxian (optional font: regular, light, and bold), and Simsun. The Simsun Ext-B font (GB18030-2022 implementation level 3) now supports Unicode CJK Unified Ideographs Extensions E and F.
Microsoft July 2023 Security Updates
- KB5028232 Monthly Rollup update for Windows Server 2012
- KB5028233 Security Update for Windows Server 2012
- KB5028223 Security Update for Windows Server 2012 R2
- KB5028228 Monthly Rollup Update for Windows Server 2012 R2
- KB5028169 Cumulative Update for Windows Server 2016
- KB5028168 Cumulative Update for Windows Server 2019
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.