KB5034770 for Windows Server 2022 – Feb 2024

KB5034770 is the latest cumulative update for Windows Server 2022 21H2 and 22H2 editions. It was released on February 13, 2024 under the ‘Patch Tuesday’ project of Microsoft.

KB5035857 supersedes KB5034770. You can read about the latest changes on the KB5035857 page.

  • KB5034770 is a cumulative update that supersedes the KB5034129 update.
  • KB5034770 is the cumulative update for Windows Server 2022 21H2 and 22H2 editions.
  • KB5034129 corresponds to the server build 20348.2227.
  • KB5034770 corresponds to the server build 20348.2322.
  • Upgrading from KB5034129 to KB5034770 implies you are upgrading from build 2227 to build 2322.
  • Servicing Stack Update 20348.2305 corresponds to KB5034770. This Servicing Stack Update was released in February 2024. This is a new SSU and will be offered as part of the installation of KB5034770.
  • The Servicing Stack Update for Windows Server 2022 21H2 and 22H2 editions is part of the cumulative update. Separate installation of the SSU is not needed on Windows Server 2022 21H2 and 22H2 editions.
  • Windows Server 2022 21H2 and 22H2 editions are affected by 40 security vulnerabilities.
  • Two CRITICAL security vulnerabilities impact Windows Server 2022 21H2 and 22H2 editions.
  • Two zero-day vulnerabilities also impact the Windows Server 2022. Details of these vulnerabilities are shared in the relevant section.

KB5034770 can be applied automatically using one of the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Services

WSUS remains the most preferred method to automatically deploy security and cumulative updates.

For automated deployments, the Servicing Stack Update 20348.2305 will be automatically installed as part of the installation of the KB5034770 cumulative update on Windows Server 2022 21H2 and 22H2 editions.

For manual deployment of KB5034770, you will need to follow a 1-step process.

  • Download and install KB5034770 cumulative update.

The download of the cumulative update can be completed from the Microsoft Update Catalog site. The installer is available as an offline installer file in the .MSU format for Windows Server 2022 version 21H2 and 22H2.

KB5034770 for Windows Server 2022 version 21H2 and 22H2 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download links shared below.

  • The size of the cumulative update KB5034770 file for the 21H2 version of Windows Server 2022 is 371.6 MB.
  • The size of the cumulative update KB5034770 file for the 22H2 version of Windows Server 2022 is 371.6 MB
  • KB5034770 will cause a server reboot. Please plan for implementation as part of an organized change management process.

If you have already deployed KB5034129 on the Windows Server 2022 21H2 and 22H2 editions, only the incremental changes of KB5034770 will be downloaded and installed as part of the update process. This process will be swift and short.

40 security vulnerabilities affect the Windows Server 2022 21H2 and 22H2 editions. This is based on the February 2024 security reports. 2 of these vulnerabilities are CRITICAL severity vulnerabilities. Another two are zero-day threats that affect Windows Server 2022.

We have listed the CRITICAL vulnerabilities and the zero-day threats for Windows Server 2022 21H2 and 22H2 editions below.

The two CRITICAL security vulnerabilities on Windows Server 2022 21H2 and 22H2 editions are listed below.

CVE detailsCVSSSeverityImpactDescription
CVE-2024-213577.5CRITICALRemote Code ExecutionThis vulnerability affects Windows Pragmatic General Multicast (PGM).

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Windows Pragmatic General Multicast (PGM) produces multicast traffic that runs on layer 4 and is routable. Therefore this vulnerability can be exploited over the network.

An attacker could exploit this vulnerability by sending specially crafted malicious traffic directed at a vulnerable server.
CVE-2024-206846.5CRITICALDenial of ServiceThis could lead to Windows Hyper-V Denial of Service Vulnerability.

Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.

The following zero-day threats impact the Windows Server 2022:

CVE detailsCVSSSeverityImpactDescription
CVE-2024-213517.6IMPORTANTSecurity Feature BypassWhen you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. 

An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience.
CVE-2024-214128.1IMPORTANTSecurity Feature BypassAn unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link.

The following changes or improvements are part of the KB5034770 cumulative update for Windows Server 2022 21H2 and 22H2 editions

  • This update addresses an issue that affects remote direct memory access (RDMA) performance counters. They do not return networking data on VMs in the right way.
  • This update addresses an issue that affects fontdrvhost.exe. It stops responding when you use Compact Font Format version 2 (CFF2) fonts.
  • This update addresses a memory leak in ctfmon.exe.
  • This update addresses a memory leak in TextInputHost.exe.
  • This update addresses an issue that affects protected content. It stops cross-process windows from being created. Because of this update, you can keep using out-of-process hosting for things like WebView2 under protected, top-level windows.
  • This update addresses an issue that affects touchscreens. They do not work properly when you use more than one monitor.
  • This update addresses an issue that affects Windows Defender Application Control (WDAC). Its “allow” policies might block some binaries from running.
  • This update affects Unified Extensible Firmware Interface (UEFI) Secure Boot systems. It adds a renewed signing certificate to the Secure Boot DB variable. You can now opt for this change.
  • This update addresses an issue that affects the download of device metadata. Downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS are now more secure.
  • This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.
  • This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
  • This update addresses an issue that affects the Certificate Authority snap-in. You cannot select the “Delta CRL” option. This stops you from using the GUI to publish Delta CRLs.
  • This update addresses an issue that affects a local account. You cannot sign in to an account that Windows LAPS manages. This occurs if you set the “Require Smart Card for Interactive Logon” policy.
  • This update addresses an issue that affects Server Message Block (SMB) connections. They disconnect when all of the following are true:
    • You change the client and server encryption cipher list from the default values.
    • The client and server do not have any ciphers in common.
    • SMB encryption is not in use.
    • A multi-channel configuration, such as RDMA, is in place.
  • The update addresses an issue that affects SMB over a Quick UDP Internet Connection (QUIC). It stops responding if port 445 is blocked.
  • This update changes a setting in Active Directory Users & Computers. By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.

January 2024 Cumulative or Security Updates

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.