KB5048654 for Windows Server 2022 – December 2024

KB5048654 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 10 December, 2024 under the ‘Patch Tuesday’ release cycle.

Salient points

  • KB5048654 supersedes November 2024 cumulative update KB5046616.
  • KB5048654 corresponds to server build 20348.2966.
  • Windows Server 2022 is impacted by a zero-day vulnerability CVE-2024-49132.
  • 42 security vulnerabilities have been reported in December security bulletin for Windows Server 2022.
  • 17 of these 42 vulnerabilities have CRITICAL severity.
  • There is a CRITICAL vulnerability with CVSS score of 9.8. CVE-2024-49112 impacts Windows Lightweight Directory Access Protocol (LDAP) and could lead to Remote Code Execution attacks.
  • Windows Server 2022 is impacted by a zero-day vulnerability CVE-2024-49132. This is a ‘Remote Code Execution’ vulnerability impacting the Remote Desktop Services.
  • The Servicing Stack Update corresponding to KB5048654 is KB5044414 (20348.2750). This SSU was released in November 2024. No new SSU has been released in December 2024. If you installed the November security update on Windows Server 2022, the SSU installation has already been completed. We would like to reiterate that the SSU is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.

Download KB5048654

You may download the offline installer file for KB5048654 from the catalog site link shared below:

The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2.Upon installation of KB5048654, the server would restart.

Changelog – KB5048654

The following changes or improvements are part of KB5048654 for Windows Server 2022:

  • [Motherboard replacement] Fixed: Windows does not activate after you replace a motherboard. ​​​​​​​
  • This update addresses security of the operating system on Windows Server 2022.

Known issues

Microsoft has acknowledges an issue with OpenSSH that may occur after deployment of October 2024 cumulative update.

Issue description – some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.

Temporary Workaround – Microsoft is working on fix for the OpenSSH issue. In the interim, you may use the temporary workaround instructions released by Microsoft:

Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps:

  1. Open PowerShell as an Administrator.
  2. Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed.Use the following commands to update the permissions:$directoryPath = “C:\ProgramData\ssh” $acl = Get-Acl -Path $directoryPath $sddlString = “O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)” $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm(“All”)) Set-Acl -Path $directoryPath -AclObject $acl
  3. Repeat the above steps for C:\ProgramData\ssh\logs.
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.