KB5068840 Hotpatch for Windows Server 2022

KB5068840 is the hotpatch for Windows Server 2022 released on 11 November 2025 as part of the ‘Patch Tuesday’ project.

What version of Windows 2025 is KB5068840 security update for?

KB5068840 is available for Windows Server 2022 Datacenter edition or the Azure editions that are connected to the Azure Automanage platform.

Salient points

• KB5068840 is a hotpatch for Azure based Windows Server 2022 Datacenter edition.
• It addresses 32 security vulnerabilities in Windows Server 2025.
• KB5068840 corresponds to server build 20348.4346.
• KB5068840 also includes all changes that are part of the KB5070892 security update for WSUS released on 24 October 2025.
• KB5068786 is the Servicing Stack Update correponding to KB5068840 cumulative update.

How do I install KB5068840?

KB5068840 can be installed automatically through the Windows Update service. This hotpatch cannot be manually installed or downloaded from the catalog website.

If Windows Update is enabled on Windows Server 2022 connected to the Azure cloud, the update gets installed automatically. Being a hotpatch, KB5068840 does not cause a server reboot.

KB5068786 – Servicing Stack Update (SSU)

The Servicing Stack Update corresponding to KB5068840 is KB5068786. This SSU is inbuilt into the main security update KB5068840. Therefore, separate installation of KB5068786 is not needed.

Once the installation of the hotpatch is initiated on Windows Server 2022, the SSU installation precedes the installation of the main cumulative security update.

Security vulnerabilties

31 security vulnerabilities have been reported for Windows Server 2022 Datacenter edition in November security report released by Microsoft.

Zero-day vulnerability

One zero-day vulnerability affects Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.

One zero-day vulnerability has been reported for Windows Server 2019 in November 2025.

• CVE-2025-62215
• CVSS 3.1 – 7.1
• This vulnerability is confirmed zero-day vulnerability as it has been exploited and exploitation has been confirmed.
• The security vulnerability affects Windows Kernel.
• It could lead to Elevation of Privileges

Critical vulnerabilities

The November security bulletin for Windows Server 2022 reports 31 security vulnerabilities. The 2 CRITICAL vulnerabilities affecting Windows Server 2022 are shared below.

CVE-2025-60724	9.8	Remote Code Execution in GDI+.
CVE-2025-60716	7	Elevation of Privilege vulnerability in DirectX Graphics Kernel.

KB5068840 – Changelog

The following changes are part of the KB5068840 update for Windows Server 2022:

• This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.

Important Reminder – Secure Boot Services

It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface​​​​​​​ (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.

Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.