KB5062572 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 8 July, 2025 under the ‘Patch Tuesday’ release cycle.
KB5062572 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5062570.
Salient points
- KB5062572 supersedes June 2025 cumulative update KB5060526.
- KB5062572 corresponds to server build 20348.3932.
- No Zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2022 Server Core installation.
- 82 security vulnerabilities have been reported in the July security bulletin for Windows Server 2022.
- 6 CRITICAL security vulnerabilities affect Windows Server 2022. Details of these are shared below.
- The Servicing Stack Update corresponding to KB5062572 is KB5062793 with build number corresponding to 20348.3920. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerability
There are no zero-day vulnerabilities affecting Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
A single zero-day vulnerability is disclosed in July security bulletin. This zero-day affects Microsoft SQL Server.
Critical vulnerabilities
The July security bulletin for Windows Server 2022 reports 82 security vulnerabilities. The 6 CRITICAL vulnerabilities affecting Windows Server 2022 are shared below.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-47981 | 9.8 | Remote Code Execution | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism – Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. |
| CVE-2025-47980 | 6.2 | Information disclosure | Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. |
| CVE-2025-36350 | 5.6 | Information disclosure | The vulnerability assigned to this CVE is in certain processor models offered by AMD. It impacts Transient Scheduler Attack in Store Queue. Corresponding AMD vulnerability is AMD-SB-7029. |
| CVE-2025-36357 | 5.6 | Information disclosure | The vulnerability assigned to this CVE is in certain processor models offered by AMD. Corresponding AMD vulnerability is AMD-SB-7029. |
| CVE-2025-48822 | 8.6 | Remote Code Execution | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. |
| CVE-2025-49735 | 8.1 | Remote Code Execution | An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target. |
Download KB5062572
You may download the offline installer file for KB5062572 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5062572, the server would restart.
Changelog – KB5062572
The following changes or improvements are part of KB5062572 for Windows Server 2022 21H2 and 22H2 editions:
- [DHCP Server (known issue] Fixed: An issue in which the DHCP Server service might intermittently stop responding and affects IP renewal for clients.
- [Language and character support] Fixed: An issue that affected some Chinese characters and experienced compliance issue with GB18030. These characters didn’t display correctly or weren’t accepted when using extended Unicode. A modern ICU-based solution now properly supports GB18030-2022 requirements.
- [Performance] Fixed: This update addresses an issue that prevented the complete removal of unused language packs and Feature on Demand packages, which previously led to unnecessary storage use and longer Windows Update installation times.
- [Microsoft RPC Netlogon protocol] This update includes a security hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access checks for a set of remote procedure call (RPC) requests. After this update is installed, Active Directory domain controllers will no longer allow anonymous clients to invoke some RPC requests through the Netlogon RPC server. These requests are typically related to domain controller location. Certain file and print service software can be affected, including Samba. If your organization uses Samba, please refer to the Samba release notes.
Simplifying technology, one step at a time.