KB5055526 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 8 April, 2025 under the ‘Patch Tuesday’ release cycle.
KB5055526 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5055527.
Salient points
- KB5055526 supersedes March 2025 cumulative update KB5053603.
- KB5055526 corresponds to server build 20348.3454. If you patched in March 2025, you are upgrading from build 3328 to 3454.
- A Zero-day vulnerability affects Windows Server 2022 and Windows Server 2022 Server Core installation. CVE-2025-26686 is the zero day vulnerability affecting TCP/IP stack and could lead to Remote Code Execution attacks.
- 76 security vulnerabilities have been reported in the April security bulletin for Windows Server 2022.
- The Servicing Stack Update corresponding to KB505526 is KB5055668 with build number corresponding to 20348.3440. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerability
There is a single zero-day vulnerability affecting Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| CVE | Title | Severity | CVSS | Type |
| CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | EoP |
Critical vulnerabilities
There are 76 reported vulnerabilities impacting Windows Server 2022. The 6 CRITICAL vulnerabilities affecting Windows Server 2022 are shared below. These vulnerabilities could lead to Remote Code Execution on unpatched servers.
| CVE | Title | CVSS | Type |
| CVE-2025-27491 | Windows Hyper-V | 7.1 | RCE |
| CVE-2025-27482 | Windows Remote Desktop Services | 8.1 | RCE |
| CVE-2025-27480 | Windows Remote Desktop Services | 8.1 | RCE |
| CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client | 8.1 | RCE |
| CVE-2025-26686 | Windows TCP/IP | 7.5 | RCE |
| CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) | 8.1 | RCE |
These vulnerabilities have been fixed in KB5055526 for Windows Server 2022 21H2 and 22H2 editions.
Download KB5055526
You may download the offline installer file for KB5055526 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2.Upon installation of KB5055526, the server would restart.
Changelog – KB5055526
The following changes or improvements are part of KB5055526 for Windows Server 2022 21H2 and 22H2 editions:
- [Daylight Saving Time (DST)] Update for the Aysen region in Chile to support the government DST change order in 2025. For more info about DST changes, see the Daylight Saving Time & Time Zone Blog.
- The update addresses security improvements for Windows Server 2022 and Windows Server 2022 Server Core installation.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.