The cumulative update for Windows Server 2022 23H2 edition was released on November 14 2023. It was released under the ‘Patch Tuesday’ project of Microsoft.
- KB5032202 has now been superseded by KB5033383 cumulative update in December 2023. You can read more about the KB5033383 on the KB5033383 page.
- KB5032202 is the first cumulative update for Windows Server 2022 23H2 edition.
- KB5032202 corresponds to the server build 25398.531.
- Servicing Stack Update 25398.521 corresponds to KB5032202. The Servicing Stack Update is part of the cumulative update. Separate installation of the SSU is not needed on Windows Server 2022 23H2 edition.
- Windows Server 2022 23H2 edition is affected by 30 security vulnerabilities.
- Two CRITICAL security vulnerabilities impact Windows Server 2022 23H2 edition.
- The zero-day threat affects Windows Server 2022 23H2 edition. The same has been discussed below in the vulnerability section.
Download KB5032202 for Windows Server 2022 23H2 edition
KB5032202 can be applied automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
WSUS remains the most preferred method to automatically deploy security and cumulative updates.
For automated deployments, the Servicing Stack Update 25398.521 will be automatically installed as part of the installation of the KB5032202 update on Windows Server 2022.
For manual deployment of KB5032202, you will need to follow a 1-step process.
- Download and install KB5032202 cumulative update.
The download of the cumulative update can be completed from the Microsoft Update Catalog site. The installer is available as an offline installer file in the .MSU format for Windows Server 2022 version 23H2.
KB5032202 for Windows Server 2022 version 23H2 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download link below.
- Download KB5032202 from the Microsoft Update Catalog site
- Direct download link for KB5032202 for Windows Server 2022 version 23H2
The size of the cumulative update KB5032202 file for the 23H2 version of Windows Server 2022 is 86.4 MB. KB5032202 will cause a server reboot. Please plan for implementation as part of an organized change management process.
30 security vulnerabilities affect Windows Server 2022 as part of the November 2023 security reports. 2 of these vulnerabilities are CRITICAL severity vulnerabilities. There is a single zero-day threat that affects Windows Server 2022 version 23H2.
The remaining 28 security vulnerabilities have IMPORTANT severity levels.
We have listed the CRITICAL vulnerabilities and the zero-day threat for Windows Server 2022 below.
The zero-day vulnerabilities are publicly known and exploited vulnerabilities. Therefore, immediate patching needs to be carried out to mitigate the risk arising out of zero-day vulnerabilities within the IT infrastructure.
|Elevation of Privilege
|An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
The two CRITICAL security vulnerabilities on Windows Server 2022 are listed below.
|Remote Code Execution
|This threat impact the Windows Pragmatic General Multicast (PGM).
When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.
|Elevation of Privilege
|This vulnerability arises on account of Windows HMAC Key Derivation.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The following changes or improvements are part of the KB5032202 cumulative update for Windows Server 2022:
- This update supports daylight saving time (DST) changes in Syria.
- This update changes the spelling of Ukraine’s capital from Kiev to Kyiv.
- This update addresses an issue that affects an Application Virtualization (App-V) environment. Copy operations within it stop working. This occurs after you install the April 2023 update.
- This update addresses an issue that blocks external connections. This occurs when you set up a Kubernetes load balanced service and turn on session affinity.
- This update affects the Windows Kernel Vulnerable Driver Blocklist, DriverSiPolicy.p7b. It adds drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- This update addresses an issue that affects Windows LAPS. Its PasswordExpirationProtectionEnabled policy fails to turn on the setting.
November 2023 Cumulative or Security Updates
- KB5032196 Cumulative Update for Windows Server 2019
- KB5032197 Cumulative Update for Windows Server 2016
- KB5032198 Cumulative Update for Windows Server 2022
- KB5032202 Cumulative Update for Windows Server 2022 23H2 edition
- KB5032247 Monthly Rollup Update for Windows Server 2012
- KB5032249 Monthly Rollup for Windows Server 2012 R2
- KB5032190 Windows 11 22H2 and 23H2 Editions
- KB5032192 for Windows 11 21H2 edition
- KB5032189 for Windows 10 21H2 and 22H2 versions
- KB5032196 for Windows 10 version 1809
- KB5032197 for Windows 10 version 1607
October 2023 Security Updates
You may be interested in reading more about other October 2023 security or cumulative updates shared below:
- KB5031358 Cumulative Update for Windows 11 version 21H2
- KB5029377 Security Update for SQL Server 2019 GDR
- KB5031354 Cumulative Update for Windows 11 version 22H2
- KB5031356 for Windows 10
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.