KB5082142 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 14 April 2026 under the ‘Patch Tuesday’ release cycle.
KB5082142 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5082060.
Salient points
- KB5082142 supersedes March 2026 cumulative update KB5078766.
- KB5082142 corresponds to server build 20348.5020.
- 113 security vulnerabilities have been disclosed by Microsoft in Macrh 2026 for Windows Server 2022.
- No Zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2022 Server Core installation.
- Four Critical security vulnerabilities impact Windows Server 2022.
- The Servicing Stack Update corresponding to KB5082142 is KB5082137 with build number corresponding to 20348.5021. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerability
No zero-day vulnerabilities affect Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
Critical vulnerabilities
Four CRITICAL vulnerabilities affect Windows Server 2022 in April 2026.
| Vulnerability | CVSS | Impact | Comments |
|---|---|---|---|
| CVE-2026-33824 | 9.8 | Remote Code Execution | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. |
| CVE-2026-33826 | 8 | Remote Code Execution | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. |
| CVE-2026-33827 | 8.1 | Remote Code Execution | Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows TCP/IP allows an unauthorized attacker to execute code over a network. |
| CVE-2026-32157 | 8.8 | Remote Code Execution | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
Servicing Stack Update KB5082137
The Serving Stack Update for KB5082142 is KB5082137. The SSU file is included in the main cumulative update. Therefore, separate installation is not needed.
Download KB5082142
You may download the offline installer file for KB5082142 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5082142, the server would restart.
Changelog – KB5082142
The following changes or improvements are part of KB5082142 for Windows Server 2022 21H2 and 22H2 editions:
- This security update addresses security vulnerabilties on Windows Server 2022.
- [Connectivity] This update improves the reliability of audio features in Windows, helping reduce system unresponsiveness related to sound or audio activity.
- [Kernel] This update improves system stability during large file operations. Users should experience fewer unexpected interruptions while working with or transferring large files.
- [Kerberos protocol] This update changes the default DefaultDomainSupportedEncTypes value for Kerberos Key Distribution Center (KDC) operations to leverage AES-SHA1 for accounts that do not have an explicit msds-SupportedEncryptionTypes Active Directory attribute defined. For more information see, How to manage Kerberos KDC usage of RC4 for service account ticket issuance changes related to CVE-2026-20833.
- [Networking] This update improves reliability when Windows uses SMB compression over QUIC. After you install this update, SMB compression requests over QUIC complete more consistently, reducing the likelihood of timeouts and supporting smoother, more dependable performance.
- [Remote Desktop] This update improves protection against phishing attacks that use Remote Desktop (.rdp) files. When you open an .rdp file, Remote Desktop shows all requested connection settings before it connects, with each setting turned off by default. A one-time security warning also appears the first time you open an .rdp file on a device. For more information, see Understanding security warnings when opening Remote Desktop (RDP) files.
- [Secure Boot]
- With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
- This update addresses an issue where the device might enter BitLocker Recovery after the Secure Boot updates.
- [Texts and Fonts] This update improves Windows fonts by adding the new Saudi Riyal currency symbol. This change helps keep text clear, accurate, and visually consistent across your Windows apps and experiences.
- [Windows Deployment Services (WDS)] This update disables the “Hands-Free Deployment” feature in WDS by default and is no longer a supported feature. For more information about this change, see Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance related to CVE-2026-0386.
Important Reminder – Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.