KB5039227 for Windows Server 2022 – June 2024

KB5039227 is the latest cumulative update for Windows Server 2022 released on 11 June 2024.

  • KB5039227 supersedes KB5037782 released on 14 May 2024.
  • If you installed KB5037782 in May 2024, only the incremental changes of KB5039227 will be downloaded and applied on the server. This, generally, is a very quick process.
  • KB5039227 corresponds to build OS Build 20348.2527. It replaces the previous build 20348.2461.
  • Servicing Stack Update 20348.2522 is included in the cumulative update KB5039227.
  • Separate installation of the SSU (Servicing Stack Update) is not needed for Windows Server 2022.
  • Post-deployment of KB5039227, you may be unable to change the profile picture of your user account.
  • 30 security vulnerabilities affect Windows Server 2022 as part of the June report released by Microsoft.
  • CVE-2024-30080 is a CRITICAL vulnerability with a CVSS score of 9.8. It affects the Microsoft Message Queuing.

KB5039227 can be installed manually or automatically. For automated installations, you can use one of the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Service

Manual installation can be completed by applying the update installer file. You can download the installer file in the MSU format from the Microsoft Update Catalog page. Or, you could use the installer file links shared in this post.

The Servicing Stack Update is part of the cumulative update KB5039227. Once you install KB5039277, the server will restart. So, please plan the change as part of an organized change management ticket.

30 security vulnerabilities affect Windows Server 2022 under the June month’s security report. Out of these, one is a CRITICAL vulnerability. It can cause ‘Remote Code Execution’ attacks.

The CRITICAL vulnerability affecting Windows Server 2022 is:

CVE-2024-30080 is a CRITICAL ‘Remote Code Execution’ vulnerability.

The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. To determine if your system is susceptible, check to see if the MSMQ HTTP-Support feature is enabled and if there is a service running named Message Queuing on the machine.

To exploit this vulnerability, an attacker would need to send a series of specially crafted MSMQ packets in a rapid sequence over HTTP to a MSMQ server. This could result in remote code execution on the server side.

  • New! This update affects Server Message Block (SMB) over Quick UDP Internet Connections (QUIC). It turns on the SMB over QUIC client certificate authentication feature. Admins can use it to restrict which clients can access SMB over QUIC servers. To learn more, see Configure SMB over QUIC client access control in Windows Server.
  • New! The LCU will no longer have the reverse differentials. The client will generate the playback delta. This change will help to reduce the LCU package size by about 20%. This change also offers a few advantages. It:
    • Reduces bandwidth usage
    • Provides faster downloads
    • Minimizes network traffic
    • Improves performance on slow connections.
  • This update affects the version of curl.exe that isin Windows. The version number is now 8.7.1.
  • This update addresses an issue that affects Outlook and OneNote. Their search function stops working. This occurs when you use Azure Virtual Desktop (AVD).
  • This update addresses an issue that affects lsass.exe. It stops responding. This occurs after you install the April 2024 security updates on Windows servers.
  • This update addresses an issue that affects Windows Hello for Business. You cannot use it to authenticate to Entra ID on certain apps. This occurs when you use Web Access Management (WAM).
  • This update addresses an issue that affects a Microsoft Entra ID account. Devices cannot authenticate a second one. This occurs after you install the Windows update, dated November 13, 2023.
  • This update addresses an issue that affects Microsoft Edge. The UI is wrong for the Internet Options Data Settings.
  • This update addresses an issue that affects Storage Spaces Direct (S2D) and Remote Direct Memory Access (RDMA). When you use them with SMBdirect in your networks, the networks fail. You also lose the ability to manage clusters.
  • This update addresses an issue that affects Containers. They do not move past the “ContainerCreating” status.
  • This update addresses an issue that might stop your system from resuming from hibernate. This occurs after you turn on BitLocker.
  • This update addresses an issue that affects Windows Defender Application Control (WDAC). The issue copies unsigned WDAC policies to the Extensible Firmware Interface (EFI) disk partition. It is reserved for signed policies. 
  • This update addresses an issue that affects Enhanced Fast Reconnect. It fails. This occurs when you use it with third-party remote desktop protocol (RDP) providers. 
  • This update addresses an issue that affects the Remote Desktop Session Host (RD Session Host). A deadlock occurs when a large number of users sign in.
  • This update addresses an issue that affects dsamain.exe. It stops responding. This occurs when the Knowledge Consistency Checker (KCC) runs evaluations.
  • This update addresses an issue that affects lsass.exe. It leaks memory. This occurs during a Local Security Authority (Domain Policy) Remote Protocol (LSARPC) call.
  • This update addresses an issue that affects the kernel stack. It might overflow. Because of this, VMs might shut down prematurely.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.