KB5071547 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 9 December, 2025 under the ‘Patch Tuesday’ release cycle.
KB5071547 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5071542.
Salient points
- KB5071547 supersedes December 2025 cumulative update KB5068787.
- KB5071547 corresponds to server build 20348.4529.
- 57 security vulnerabilities have been disclosed by Microsoft in December 2025 across all its products.
- Two Zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2022 Server Core installation. Details of the zero-day are shared in the vulnerabilities section.
- No Critical security vulnerabilities impact Windows Server 2022.
- The Servicing Stack Update corresponding to KB5071547 is KB5068786 with build number corresponding to 20348.4400. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerability
Two zero-day vulnerability affects Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2025-62221 | 7.8 | Elevation of Privilege Vulnerability IN Windows Cloud Files Mini Filter Driver |
| CVE-2025-54100 | 7.8 | Remote Code Execution Vulnerability in PowerShell (Windows) |
Critical vulnerabilities
The December security bulletin for Windows Server 2022 reports 33 security vulnerabilities. There are no CRITICAL vulnerabilities affecting Windows Server 2022.
Servicing Stack Update KB5068786
The Serving Stack Update for KB5071547 is KB5068786. The SSU file is included in the main cumulative update. Therefore, separate installation is not needed.
Download KB5071547
You may download the offline installer file for KB5071547 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5071547, the server would restart.
Changelog – KB5071547
The following changes or improvements are part of KB5071547 for Windows Server 2022 21H2 and 22H2 editions:
- This security update addresses security vulnerabilties on Windows Server 2022.
- [PowerShell 5.1] Invoke-WebRequest now includes a confirmation prompt with a security warning of script execution risk. You can choose to continue or cancel the request. For additional details, see CVE-2025-54100 and KB5074596: PowerShell 5.1: Preventing script execution from web content.
Important Reminder – Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.