KB5068787 for Windows Server 2022 – November 2025

KB5068787 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 11 November, 2025 under the ‘Patch Tuesday’ release cycle.

KB5068787 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5068779.

Salient points

• KB5068787 supersedes October 2025 cumulative update KB5066782.
• KB5068787 corresponds to server build 20348.4405.
• KB5068787 also includes all changes that are part of the out of band or the OOB update KB5070884 released on 23 October 2025. It you did not install KB5070884 then, you can skip the installation and install KB5068787 instead.
• 63 security vulnerabilities have been disclosed by Microsoft in November 2025 across all its products.
• One Zero-day vulnerability affects Windows Server 2022 and Windows Server 2022 Server Core installation. Details of the zero-day are shared in the vulnerabilities section.
• 2 Critical security vulnerabilities impact Windows Server 2022. Details of critical vulnerabilities are provided in the corresponding section.
• There is a CVSS 9.8 vulnerability impacting Windows Server 2022. Please patch immediately.
• The Servicing Stack Update corresponding to KB5068787 is KB5068786 with build number corresponding to 20348.4400. Separate installation of the SSU or Servicing Stack is not needed.

Zero-day vulnerability

One zero-day vulnerability affects Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.

One zero-day vulnerability has been reported for Windows Server 2019 in November 2025.

• CVE-2025-62215
• CVSS 3.1 – 7.1
• This vulnerability is confirmed zero-day vulnerability as it has been exploited and exploitation has been confirmed.
• The security vulnerability affects Windows Kernel.
• It could lead to Elevation of Privileges

Critical vulnerabilities

The November security bulletin for Windows Server 2022 reports 31 security vulnerabilities. The 2 CRITICAL vulnerabilities affecting Windows Server 2022 are shared below.

CVE-2025-60724	9.8	Remote Code Execution in GDI+.
CVE-2025-60716	7	Elevation of Privilege vulnerability in DirectX Graphics Kernel.

Servicing Stack Update KB5068786

The Serving Stack Update for KB5068787 is KB5068786. The SSU file is included in the main cumulative update. Therefore, separate installation is not needed.

Download KB5068787

You may download the offline installer file for KB5068787 from the catalog site link shared below:

• Download KB5068787 from the Microsoft Update Catalog (412.8 MB)

The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5068787, the server would restart.

Changelog – KB5068787

The following changes or improvements are part of KB5068787 for Windows Server 2022 21H2 and 22H2 editions:

• This security update addresses security vulnerabilties on Windows Server 2022.
• [Security] Fixed: This update addresses an issue that affects Windows Server domain controllers using Microsoft Defender for Endpoint. After domain controller promotion, changes to registry permissions disrupted cloud-based communication.
• [Networking] Fixed: This update fixes an issue in the HTTP.sys request parser, a Windows component that reads and processes HTTP requests. The parser allowed a single line break within HTTP/1.1 chunk extensions, where the RFC 9112 standard requires a carriage return and line feed (CRLF) sequence to terminate each chunk. This can cause a parsing discrepancy when front end proxies are a part of the setup.
  
  To turn on strict parsing, use the following registry key:Registry Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Http\Parameters]Registry value: “HttpAllowLenientChunkExtParsing”=dword:00000000Data to be set: 0

Important Reminder – Secure Boot Services

It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface​​​​​​​ (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.

Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.