KB5065432 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 9 September, 2025 under the ‘Patch Tuesday’ release cycle.
KB5065432 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5065425.
Salient points
- KB5065432 supersedes August 2025 cumulative update KB5063880.
- KB5065432 corresponds to server build 20348.4171.
- Single Zero-day vulnerability affects Windows Server 2022 and Windows Server 2022 Server Core installation.
- 54 security vulnerabilities have been reported in the September security bulletin for Windows Server 2022.
- 7 CRITICAL security vulnerabilities affect Windows Server 2022. Details of these are shared below.
- The Servicing Stack Update corresponding to KB5065432 is KB5065769 with build number corresponding to 20348.4160. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerability
There is one zero-day vulnerability which affects Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-55234 | 8.8 | Elevation of Privilege in Windows SMB | SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. |
Critical vulnerabilities
The September security bulletin for Windows Server 2022 reports 54 security vulnerabilities. The 7 CRITICAL vulnerabilities affecting Windows Server 2022 are shared below.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-53799 | 5.5 | Information disclosure | Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. |
| CVE-2025-53800 | 7.8 | Elevation of Privilege | No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| CVE-2025-54918 | 8.8 | Elevation of Privilege | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
| CVE-2025-55226 | 6.7 | Remote Code Execution | Concurrent execution using shared resource with improper synchronization (‘race condition’) in Graphics Kernel allows an authorized attacker to execute code locally. |
| CVE-2025-55224 | 7.8 | Remote Code Execution | Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Win32K – GRFX allows an authorized attacker to execute code locally. |
| CVE-2025-55236 | 7.3 | Remote Code Execution | Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. |
| CVE-2025-55228 | 7.8 | Remote Code Execution | Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Win32K – GRFX allows an authorized attacker to execute code locally. |
Download KB5065432
You may download the offline installer file for KB5065432 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5065432, the server would restart.
Changelog – KB5065432
The following changes or improvements are part of KB5065432 for Windows Server 2022 21H2 and 22H2 editions:
- This security update addresses security vulnerabilties on Windows Server 2022.
- [App compatibility (known issue)] Fixed: Addresses an issue that caused non-admin users to receive unexpected User Account Control (UAC) prompts when MSI installers perform certain custom actions. These actions might include configuration or repair operations in the foreground or background, during the initial installation of an application.
- [File server] This update enabled auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA. This allows customers to assess their environment and identify any potential device or software incompatibility issues before deploying the hardening measures that are already supported by SMB Server.
- [Input] Fixed: This update addresses an issue with the Chinese (Simplified) Input Method Editor (IME) where some extended characters appeared as empty boxes.
- [Performance] Fixed: This update addresses an issue where a single, oversized Certificate Revocation List (CRL) file slows down system performance. To improve speed and privacy, the system now plans to use smaller, partitioned CRLs.
Important Reminder – Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.