KB5049984 is the cumulative update for Windows Server 2022 Server Core installation version 23H2. It was released on 14 January, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5049984 supersedes December 2024 cumulative update KB5048653.
- KB5049984 corresponds to server build 25398.1369.
- Windows Server 2022 Server Core 23H2 edition is impacted by 2 zero-day vulnerabilities.
- 127 security vulnerabilities have been reported in January security bulletin for Windows Server 2022.
- 8 of these 127 vulnerabilities have CRITICAL severity.
- There is a CRITICAL vulnerability with CVSS score of 9.8. CVE-2025-21307 impacts Windows Reliable Multicast Transport Driver (RMCAST) and could lead to Remote Code Execution attacks.
- Another CRITICAL vulnerability with CVSS score of 9.8, CVE-2025-21311 impacts Windows NTLM V1 and could lead to Elevation of Privileges.
- Two zero-day vulnerabilities affect Windows Server 2022 Server Core installation 23H2 edition.
- Windows Themes Spoofing Vulnerability CVE-2025-21308 is a CVSS 6.5 vulnerability with a zero-day status.
- CVE-2025-21275 is a CVSS 7.8 zero-day vulnerability affecting Windows App Package Installer and may result in Elevation of Privilege Vulnerability.
- The Servicing Stack Update corresponding to KB5049984 is KB5050107 (25398.1360). We would like to reiterate that the SSU is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
Download KB5049984
You may download the offline installer file for KB5049984 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 23H2. Upon installation of KB5049984, the server would restart.
Changelog – KB5049984
The following changes or improvements are part of KB5049983 for Windows Server 2022:
- [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- [Virtual machine (VM)] Fixed: A Windows guest machine fails to start up. This occurs when you turn on nested virtualization on a host that supports AVX10.
- This update addresses security of the operating system on Windows Server 2022.
Known issues
The issue with OpenSSH was first reported after deployment of October 2024 cumulative update. This issue remains unresolved as of now.
Issue description – some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.
Temporary Workaround – Microsoft is working on fix for the OpenSSH issue. In the interim, you may use the temporary workaround instructions released by Microsoft:
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps:
- Open PowerShell as an Administrator.
- Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed.Use the following commands to update the permissions:$directoryPath = “C:\ProgramData\ssh” $acl = Get-Acl -Path $directoryPath $sddlString = “O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)” $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm(“All”)) Set-Acl -Path $directoryPath -AclObject $acl
- Repeat the above steps for C:\ProgramData\ssh\logs.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.