KB5051979 for Windows Server 2022 – Feb 2025

KB5051979 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 11 February, 2025 under the ‘Patch Tuesday’ release cycle.

Salient points

• KB5051979 supersedes January 2025 cumulative update KB5049983.
• KB5051979 corresponds to server build 20348.3207. If you patched in January 2025, you are upgrading from build 3091 to 3207.
• Windows Server 2022 is impacted by 3 zero-day vulnerabilities.
• 32 security vulnerabilities have been reported in February security bulletin for Windows Server 2022.
• 1 of these 32 vulnerabilities has CRITICAL severity.
• CVE-2025-21376 is the CRITICAL vulnerability CVSS score of 8.1. It could lead to Remote Code Execution in Windows Lightweight Directory Access Protocol (LDAP).
• Three zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2022 Server Core installation.
• CVE-2025-21391 (zero-day) is an Elevation of Privilege Vulnerability affecting Windows Storage. It has a CVSS score of 7.1.
• CVE-2025-21377 (zero-day) is an NTLM Hash Disclosure Spoofing with CVSS score of 6.5.
• CVE-2025-21418 (zero-day) is an Elevation of Privilege Vulnerability affecting Windows Ancillary Function Driver for WinSock. It has a CVSS score of 7.8.
• The Servicing Stack Update corresponding to KB5051979 is KB5050117 (20348.3081). The SSU is the same as the previous month’s SSU. We would like to reiterate that the SSU is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.

Download KB5051979

You may download the offline installer file for KB5051979 from the catalog site link shared below:

• Download KB5051979 from the Microsoft Update Catalog (381 MB)

The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2.Upon installation of KB5051979, the server would restart.

Changelog – KB5051979

The following changes or improvements are part of KB5051979 for Windows Server 2022:

• [Task Manager] Fixed: The CPU index number might be wrong when you set process affinity. This occurs on servers that have two or more non-uniform memory access (NUMA) nodes.
• [GB18030-2022] This update adds support for this amendment.
• [Memory leak] Fixed: Leaks occur when predictive input ideas show.
• [Device Health Attestation] Fixed: When you upgrade from Windows Server 2016, a crucial item is not there. Because of this, service fails.
• [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
• [Directory enumeration] Fixed: This might fail if a directory has symbolic links that have long target names.
• [Bind Filter Driver] Fixed: Your system might stop responding when it accesses symbolic links.
• [Digital/Analog converter (DAC) (known issue)] Fixed: You might experience issues with USB audio devices. This is more likely when you use a DAC audio driver based on USB 1.0. USB audio devices might stop working, which stops playback.
• [USB cameras] Fixed: Your device does not recognize the camera is on. This issue occurs after you install the January 2025 security update.
• [USB audio device drivers] Fixed: The code 10 error message, “This device cannot start” appears. This occurs when you connect to certain external audio management devices. ​​​​​​​

Known issues

There are 3 issues that have been acknowledged by Microsoft for Windows Server 2022 in February 2025.

Citrix environments.

Specific to the February 2025 security updates, Microsoft has reported an issue with installing the latest cumulative updates on Citrix environments.

Devices that have certain Citrix components installed might be unable to complete installation of the February 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. For workaround, you may see Citrix’s documentation.

OpenSSH issue

The issue with OpenSSH was first reported after deployment of October 2024 cumulative update. This issue remains unresolved as of now.

Issue description – some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.

Temporary Workaround – Microsoft is working on fix for the OpenSSH issue. In the interim, you may use the temporary workaround instructions released by Microsoft:

Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps:

1. Open PowerShell as an Administrator.
2. Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed.Use the following commands to update the permissions:$directoryPath = “C:\ProgramData\ssh” $acl = Get-Acl -Path $directoryPath $sddlString = “O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)” $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm(“All”)) Set-Acl -Path $directoryPath -AclObject $acl
3. Repeat the above steps for C:\ProgramData\ssh\logs.

System Guard Runtime Monitor Broker Service.

The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. As a workaround, Microsoft suggests the service can be safely disabled in order to prevent the error from appearing in Event Viewer. For full instructions, you can follow the release notes for KB5051979.