KB5075906 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 10 February 2026 under the ‘Patch Tuesday’ release cycle.
KB5075906 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5075897.
Salient points
- KB5075906 supersedes January 2026 cumulative update KB5073457.
- KB5075906 corresponds to server build 20348.4773.
- KB5075906 also includes changes included in out of band updates KB5077800 released on 17 January 2026 and KB5078136 released on 24 January 2026.
- 27 security vulnerabilities have been disclosed by Microsoft in February 2026 for Windows Server 2022.
- Five Zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2022 Server Core installation. Details of the zero-day are shared in the vulnerabilities section.
- No Critical security vulnerability impact Windows Server 2022. Details are shared below.
- The Servicing Stack Update corresponding to KB5075906 is KB5075905 with build number corresponding to 20348.5905. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerability
Five zero-day vulnerabilities affect Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2026-21510 | 8.8 | Security Feature Bypass Vulnerability in Windows Shell |
| CVE-2026-21513 | 8.8 | Security Feature Bypass Vulnerability in MSHTML Framework |
| CVE-2026-21519 | 7.8 | Elevation of Privilege Vulnerability in Desktop Window Manager |
| CVE-2026-21525 | 6.2 | Denial of Service Vulnerability in Windows Remote Access Connection Manager |
| CVE-2026-21533 | 7.8 | Elevation of Privilege Vulnerability in Windows Remote Desktop Services |
Critical vulnerabilities
No CRITICAL vulnerability affects Windows Server 2022 in February 2026.
Servicing Stack Update KB5075905
The Serving Stack Update for KB5075906 is KB5075905. The SSU file is included in the main cumulative update. Therefore, separate installation is not needed.
Download KB5075906
You may download the offline installer file for KB5075906 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5075906, the server would restart.
Changelog – KB5075906
The following changes or improvements are part of KB5075906 for Windows Server 2022 21H2 and 22H2 editions:
- This security update addresses security vulnerabilties on Windows Server 2022.
- [File Explorer] Fixed: This update addresses an issue where folder renaming with desktop.ini files in File Explorer isn’t work correctly. The LocalizedResourceName setting is ignored, so custom folder names don’t appear.
- [Fonts & Display] Updates the Chinese fonts to support the GB18030‑2022A standard for character coverage and display.
- [Graphics] Fixed: This update addresses an issue where certain GPU configurations might recently have experienced a system error related to dxgmms2.sys, resulting in the KERNEL_SECURITY_CHECK_FAILURE error.
- [OS Security (known issue)] Fixed: After installing the Windows security update released on or after January 13, 2026, some PCs which run Virtual Secure Mode (VSM) are unable to shut down or enter hibernation. Instead, the device restarts.
- [Networking] New! Windows Server now supports random shuffling of resource records in DNS Server responses. This helps reduce scenarios where a single resource record becomes overloaded because it appears first in the returned list.To enable, create a DWORD registry key named “RandomShuffle” at:Registry Key: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\ParametersData to be set: 1
To disable or erase the key:Data to be set to: 0
Important Reminder – Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.