KB5066782 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 14 October, 2025 under the ‘Patch Tuesday’ release cycle.
KB5066782 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5066780.
Salient points
- KB5066782 supersedes September 2025 cumulative update KB5065432.
- KB5066782 corresponds to server build 20348.4294.
- This security update is a major update as it addresses a whooping 103 security vulnerabilities.
- Four Zero-day vulnerability affects Windows Server 2022 and Windows Server 2022 Server Core installation. Details of these are shared in the vulnerabilities section.
- 3 Critical security vulnerabilities impact Windows Server 2022. Details of critical vulnerabilities are provided in the corresponding section.
- There is a CVSS 9.9 vulnerability in Microsoft Graphics Component. Please patch immediately.
- There is a CVSS 9.8 vulnerability in the WSUS service. Please patch immediately.
- The Servicing Stack Update corresponding to KB5066782 is KB5066781 with build number corresponding to 20348.4285. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerability
There are 4 zero-day vulnerability which affects Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| Vulnerability | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2025-24052 | 7.8 | Important | Elevation of Privileges affecting Windows Agere Modem Driver |
| CVE-2025-24990 | 7.8 | Important | Elevation of Privileges affecting Windows Agere Modem Driver |
| CVE-2025-47827 | 4.6 | Important | Secure Boot bypass in IGEL OS before 11 |
| CVE-2025-59230 | 7.8 | Important | Elevation of Privileges vulnerabity in remote access connection manager |
Critical vulnerabilities
The October security bulletin for Windows Server 2022 reports 103 security vulnerabilities. The 3 CRITICAL vulnerabilities affecting Windows Server 2022 are shared below.
It is important to note that there is a CVSS 9.9 and another one with CVSS 9.8 score; so, system administrators must patch KB5066782 immediately to protect against the security vulnerabilities.
| Vulnerability | CVSS | Description |
|---|---|---|
| CVE-2025-49708 | 9.9 | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-59287 | 9.8 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
| CVE-2016-9535 | 4.0 | LibTIFF Heap Buffer Overflow Vulnerability |
Servicing Stack Update KB5066781
The Serving Stack Update for KB5066782 is KB5066781. The SSU file is included in the main cumulative update. Therefore, separate installation is not needed.
Download KB5066782
You may download the offline installer file for KB5066782 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5066782, the server would restart.
Changelog – KB5066782
The following changes or improvements are part of KB5066782 for Windows Server 2022 21H2 and 22H2 editions:
- This security update addresses security vulnerabilties on Windows Server 2022.
- [Networking (known issue)] Fixed: This update addresses an issue where you might not be able to connect to shared files and folders if you’re using the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP NetBIOS (NetBT). This can happen after installing update KB5065432.
- [PowerShell] Fixed: This update addresses an issue that affects PowerShell Remoting and Windows Remote Management (WinRM), where commands might time out after 10 minutes.
- [Stability issue] Fixed: This update addresses an issue observed in rare cases after installing the May 2025 security update and subsequent updates causing devices to experience stability issues. Some devices became unresponsive and stopped responding in specific scenarios.
- [System services and reliability] Fixed: Addresses an issue that caused McpManagement service to appear without a description on Windows.
- [Compatibility] This update removes the ltmdm64.sys driver. Fax modem hardware dependent on this specific driver will no longer work in Windows.
Important Reminder – Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.