KB5035857 is the latest cumulative update for Windows Server 2022 21H2 and 22H2 editions. It was released on March 12, 2024 under the ‘Patch Tuesday’ project of Microsoft.
Salient points
- KB5035857 is a cumulative update that supersedes the KB5034770 update.
- KB5034770 is the cumulative update for Windows Server 2022 21H2 and 22H2 editions.
- KB5035857 corresponds to the server build 20348.2340.
- KB5034770 corresponds to the server build 20348.2322.
- Upgrading from KB5034770 to KB5035857 implies you are upgrading from build 2322 to build 2340.
- Servicing Stack Update 20348.2334 corresponds to KB503857. This Servicing Stack Update was released in March 2024. This is a new SSU and will be offered as part of the installation of KB5035857.
- The Servicing Stack Update for Windows Server 2022 21H2 and 22H2 editions is part of the cumulative update. Separate installation of the SSU is not needed on Windows Server 2022 21H2 and 22H2 editions.
- Windows Server 2022 21H2 and 22H2 editions are affected by 37 security vulnerabilities.
- Two CRITICAL security vulnerabilities impact Windows Server 2022 21H2 and 22H2 editions.
Download KB5035857
KB5035857 can be applied automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
WSUS remains the most preferred method to automatically deploy security and cumulative updates.
For automated deployments, the Servicing Stack Update 20348.2334 will be automatically installed as part of the installation of the KB5035857 cumulative update on Windows Server 2022 21H2 and 22H2 editions.
For manual deployment of KB5035857, you will need to follow a 1-step process.
- Download and install KB5035857 cumulative update.
The download of the cumulative update can be completed from the Microsoft Update Catalog site. The installer is available as an offline installer file in the .MSU format for Windows Server 2022 version 21H2 and 22H2.
Download KB5035857
KB5035857 for Windows Server 2022 version 21H2 and 22H2 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download links shared below.
- Download KB5035857 from the Microsoft Update Catalog site
- Direct download link for KB5035857 for Windows Server 2022 version 21H2
- Direct download link for KB5035857 for Windows Server 2022 version 22H2
- The size of the cumulative update KB5035857 file for the 21H2 version of Windows Server 2022 is 394.5 MB.
- The size of the cumulative update KB5035857 file for the 22H2 version of Windows Server 2022 is 394.5 MB
- KB5035857 will cause a server reboot. Please plan for implementation as part of an organized change management process.
If you have already deployed KB5034770 on the Windows Server 2022 21H2 and 22H2 editions, only the incremental changes of KB5035857 will be downloaded and installed as part of the update process. This process will be swift and short.
Vulnerabilities
37 security vulnerabilities affect the Windows Server 2022 21H2 and 22H2 editions. This is based on the March 2024 security reports. 2 of these vulnerabilities are CRITICAL severity vulnerabilities.
We have listed the CRITICAL vulnerabilities and the zero-day threats for Windows Server 2022 21H2 and 22H2 editions below.
CRITICAL Vulnerabilities
The two CRITICAL security vulnerabilities on Windows Server 2022 21H2 and 22H2 editions are listed below.
| CVE details | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2024-21407 | 8.1 | Remote Code Execution | The threat affects Windows Hyper-V. This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. |
| CVE-2024-21408 | 5.5 | Denial of Service | This Denial of service threat affects |
KB5035857 Changelog
The following changes or improvements are part of the KB5035857 cumulative update for Windows Server 2022 21H2 and 22H2 editions
- The update affects Active Directory domains that host mobile device management (MDM) providers. They can transition from “Compatibility mode” to the strong certificate mapping “Enforcement mode.” To do this, they can allow an Active Directory Key Distribution Center (KDC) to read user security identifiers (SID) from the Subject Alternative Name (SAN). Then, the providers can populate those values. To learn more, see:
- KB5014754: Certificate-based authentication changes on Windows domain controllers
- Preview of SAN URI for Certificate Strong Mapping for KB5014754
- CVE-2022-34691, CVE-2022-26931, and CVE-2022-26923
- This update addresses an issue that affects the touch keyboard. It might not show during out-of-box experience (OOBE).
- This update addresses an issue that makes the troubleshooting process fail. This occurs when you use the Get Help app.
- This update addresses an issue that affects Remote Desktop Web Authentication. You might not be able to connect to sovereign cloud endpoints.
- This update affects HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. Your device can now set and maintain the correct default permissions.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.