KB5032198 is a cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. The update was released on 14 November as part of the ‘Patch Tuesday’ project of Microsoft.
Salient points
- KB5032198 has now been superseded by KB5033118 for Windows Server 2022 21H2 and 22H2 editions.
- KB5032198 is a cumulative update that supersedes the KB5031364 cumulative update.
- KB5031364 was released on 10 October 2023 and you can read more about it on this KB5031364 page.
- KB5032198 corresponds to server build 20348.2113. KB5031362 corresponds to build 20348.2031. If you had installed KB5031364, you would be transitioning from build 2031 to 2113.
- 20348.2084 is the Servicing Stack Update that corresponds to the KB5032198 update. The Servicing Stack Update for Windows Server 2022 is a part of the main cumulative update. Separate installation of Servicing Stack Update is not required on Windows Server 2022.
- 30 security vulnerabilities have been reported for Windows Server 2022 in the November 2023 security bulletin released by Microsoft.
- 2 of these security vulnerabilities have a CRITICAL severity level for Windows Server 2022.
- 1 Zero-day threat affects Windows Server 2019. CVE-2023-36033 is the zero-day threat impacting Windows DWM Core Library and could cause an ‘Elevation of Privilege’ attack.
Details of security vulnerabilities on Windows Server 2022 are listed in the vulnerabilities section below.
Download KB5032198
KB5032198 can be applied automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
WSUS remains the most preferred method to automatically deploy security and cumulative updates.
For automated deployments, the Servicing Stack Update 20348.2084 will be automatically installed as part of the installation of the KB5032198 update on Windows Server 2022.
For manual deployment of KB5032198, you will need to follow a 1-step process.
- Download and install KB5032198 cumulative update.
The download of the cumulative update can be completed from the Microsoft Update Catalog site. The installer is available as an offline installer file in the .MSU format for Windows Server 2022 version 21H2 and Windows Server 2022 version 22H2.
Download KB5032198
KB5032198 for Windows Server 2022 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download link below.
- Download KB5032198 from the Microsoft Update Catalog site
- Direct download link for KB5032198 for Windows Server 2022 version 22H2
- Direct download link for KB5032198 for Windows Server 2022 version 21H2
The size of the cumulative update KB5032198 file for the 21H2 and 22H2 versions of Windows Server 2022 is 367.2 MB. KB5032198 will cause a server reboot. Please plan for implementation as part of an organized change management process.
Vulnerabilities
30 security vulnerabilities affect Windows Server 2022 as part of the November 2023 security reports. 2 of these vulnerabilities are CRITICAL severity vulnerabilities. There is a single zero-day threat that affects Windows Server 2022.
The remaining 28 security vulnerabilities have IMPORTANT severity levels.
We have listed the CRITICAL vulnerabilities and the zero-day threat for Windows Server 2022 below.
Zero-day vulnerability
The zero-day vulnerabilities are publicly known and exploited vulnerabilities. Therefore, immediate patching needs to be carried out to mitigate the risk arising out of zero-day vulnerabilities within the IT infrastructure.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-36033 | 7.8 | IMPORTANT | Elevation of Privilege | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CRITICAL Vulnerabilities
The two CRITICAL security vulnerabilities on Windows Server 2022 are listed below.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-36397 | 9.8 | CRITICAL | Remote Code Execution | This threat impact the Windows Pragmatic General Multicast (PGM). When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
CVE-2023-36400 | 8.8 | CRITICAL | Elevation of Privilege | This vulnerability arises on account of Windows HMAC Key Derivation. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. |
KB5032198 Changelog
The following changes or improvements are part of the KB5032198 cumulative update for Windows Server 2022:
- This update addresses security issues for your Windows operating system.
- This update supports daylight saving time (DST) changes in Syria.
- This update addresses an issue that affects UI Automation and caching mode.
- This update affects Windows Autopilot profiles. The process to download the Windows Autopilot policy is more resilient. This helps when a network connection might not be fully initialized. This update increases the retry attempts when you try to download the Windows Autopilot profile.
- This update addresses an issue that causes your device to restart when you do not expect it. This occurs after you restore a system.
- This update affects user mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
- This update addresses an issue that affects Xenon or Argon containers. They do not start.
- This update affects Windows Server: Azure Edition. It is easier to view attestation failure notifications.
- This update addresses an issue that affects an Application Virtualization (App-V) environment. Copy operations within it stop working. This occurs after you install the April 2023 update.
- This update addresses an issue that blocks external connections. This occurs when you set up a Kubernetes load balanced service and turn on session affinity.
- This update addresses an issue that affects NCryptGetProperty(). Calling it with NCRYPT_KEY_TYPE_PROPERTY returns 0x1 instead of 0x20. This occurs when the key is a machine key.
- This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- This update addresses an issue that affects Windows LAPS. Its PasswordExpirationProtectionEnabled policy fails to turn on the setting.
- This update addresses an issue that affects the refsutil.exe inbox utility. Options, like salvage and leak, do not work well on Resilient File System (ReFS) volumes.
- This update addresses an issue that might affect a large reparse point. You might get a stop error when you use NTFS to access it. This issue occurs after a canceled FSCTL Set operation changes the reparse tag.
- This update addresses an issue that affects a machine that is used as a remote desktop session (RDS) host. An RDR_FILE_SYSTEM (0x27) stop error occurs. Because of this, everyone that uses RDS starts up from this machine.
- This update addresses a known issue that affects virtual machines (VMs) that run on VMware ESXi hosts. Windows Server 2022 might fail to start up. The affected VMs will receive an error with a blue screen and a stop code: PNP DETECTED FATAL ERROR.
November 2023 Cumulative or Security Updates
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.