KB5034769 for Windows Server 2022 – 23H2 edition

KB5034769 is the latest cumulative update for Windows Server 2022 23H2 edition. It was released on February 13 2024. It was released under the ‘Patch Tuesday’ project of Microsoft.

  • KB5034769 is a cumulative update that supersedes the KB5034130 update.
  • KB50334130 is the cumulative update for Windows Server 2022 23H2 edition. You can read details of the KB5034130 cumulative update on the KB5034130 page.
  • KB5034130 corresponds to the server build 25398.643.
  • KB5034769 corresponds to the server build 25398.709.
  • Upgrading from KB5033383 to KB5034130 implies you are upgrading from build 643 to build 709.
  • Servicing Stack Update 25398.700 corresponds to KB5034769. This Servicing Stack Update was released in February 2024.
  • The Servicing Stack Update for Windows Server 2022 23H2 edition is part of the cumulative update. Separate installation of the SSU is not needed on Windows Server 2022 23H2 edition.
  • Windows Server 2022 23H2 edition is affected by 42 security vulnerabilities.
  • Two CRITICAL security vulnerabilities impact Windows Server 2022 23H2 edition.
  • A single zero-day threat also affects Windows Server 2022 23H2 edition.

KB5034769 can be applied automatically using one of the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Services

WSUS remains the most preferred method to automatically deploy security and cumulative updates.

For automated deployments, the Servicing Stack Update 25398.709 will be automatically installed as part of the installation of the KB5034769 cumulative update on Windows Server 2022 23H2 edition.

For manual deployment of KB5034769, you will need to follow a 1-step process.

  • Download and install KB5034769 cumulative update.

The download of the cumulative update can be completed from the Microsoft Update Catalog site. The installer is available as an offline installer file in the .MSU format for Windows Server 2022 version 23H2.

KB5034769 for Windows Server 2022 version 23H2 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download link below.

The size of the cumulative update KB5034769 file for the 23H2 version of Windows Server 2022 is 94 MB. KB5034769 will cause a server reboot. Please plan for implementation as part of an organized change management process.

If you have already deployed KB5034130 on the Windows Server 2022 23H2 edition, only the incremental changes of KB5034769 will be downloaded and installed as part of the update process. This process will be swift and short.

42 security vulnerabilities affect the Windows Server 2022 23H2 edition. This is based on the February 2024 security reports. 2 of these vulnerabilities are CRITICAL severity vulnerabilities.

We have listed the CRITICAL vulnerabilities for Windows Server 2022 23H2 edition below.

The two CRITICAL security vulnerabilities on Windows Server 2022 23H2 edition are listed below.

CVE detailsCVSSSeverityImpactDescription
CVE-2024-213578.1CRITICALRemote Code ExecutionThis vulnerability affects Windows Pragmatic General Multicast (PGM).

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Windows Pragmatic General Multicast (PGM) produces multicast traffic that runs on layer 4 and is routable. Therefore this vulnerability can be exploited over the network.

An attacker could exploit this vulnerability by sending specially crafted malicious traffic directed at a vulnerable server.
CVE-2024-206846.5CRITICALDenial of ServiceThis could lead to Windows Hyper-V Denial of Service Vulnerability.

Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.

There is a single zero-day threat that affects Windows Server 2022 23H2 edition.

CVE detailsCVSSSeverityImpactDescription
CVE-2024-214128.1IMPORTANTSecurity Feature BypassAn unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link.

The following changes or improvements are part of the KB5034769 cumulative update for Windows Server 2022 23H2 edition:

  • New! This update affects software defined networking (SDN). You can now deploy SDN on Windows failover clustering. Service Fabric SDN deployment remains in support.
  • This update addresses a handle leak in Windows Management Instrumentation (WMI) provider traces. Because of this, WMI commands fail at a random stage when you deploy a cluster.
  • This update addresses an issue that affects remote direct memory access (RDMA) performance counters. They do not return networking data on VMs in the right way.
  • This update addresses an issue that affects fontdrvhost.exe. It stops responding when you use Compact Font Format version 2 (CFF2) fonts.
  • This update addresses an issue that affects clusters. It stops you from registering a cluster using Network ATC. This occurs after you set the proxy to use Network ATC. The issue also stops a preset proxy configuration from clearing.
  • This update addresses a memory leak in TextInputHost.exe. The leak might cause text input to stop working on devices that have not restarted for many days.
  • This update addresses an issue that affects touchscreens. They do not work properly when you use more than one monitor.
  • This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
  • This update affects Unified Extensible Firmware Interface (UEFI) Secure Boot systems. It adds a renewed signing certificate to the Secure Boot DB variable. You can now opt for this change.
  • This update addresses an issue that occurs after you run a Push-button reset. You cannot set up Windows Hello facial recognition. This affects devices that have Windows Enhanced Sign-in Security (ESS) turned on.
  • This update addresses an issue that affects the download of device metadata. Downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS are now more secure.
  • This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.
  • This update addresses an issue that affects the Certificate Authority snap-in. You cannot select the “Delta CRL” option. This stops you from using the GUI to publish Delta CRLs.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.