KB5087545 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 12 May 2026 under the ‘Patch Tuesday’ release cycle.
KB5087545 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5087541.
Salient points
- KB5087545 supersedes April 2026 cumulative update KB5082142.
- KB5087545 corresponds to server build 20348.5139.
- 57 security vulnerabilities have been disclosed by Microsoft in April 2026 for Windows Server 2022.
- No Zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2022 Server Core installation.
- Five Critical security vulnerabilities impact Windows Server 2022.
- The Servicing Stack Update corresponding to KB5087545 is KB5089140 with build number corresponding to 20348.5120. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerability
No zero-day vulnerabilities affect Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
Critical vulnerabilities
Five CRITICAL vulnerabilities affect Windows Server 2022 in May 2026. Brief details of these are shared for ready reference.
| Vulnerability | CVSS | Impact | Comments |
|---|---|---|---|
| CVE-2026-32161 | 7.5 | Remote Code Execution | Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network. |
| CVE-2026-35421 | 7.8 | Remote Code Execution | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. |
| CVE-2026-40402 | 9.3 | Remote Code Execution | Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. |
| CVE-2026-40403 | 8.8 | Remote Code Execution | Heap-based buffer overflow in Windows Win32K – GRFX allows an authorized attacker to execute code locally. |
| CVE-2026-41089 | 9.8 | Remote Code Execution | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. |
Servicing Stack Update KB5089140
The Serving Stack Update for KB5087545 is KB5089140. The SSU file is included in the main cumulative update. Therefore, separate installation is not needed.
Download KB5087545
You may download the offline installer file for KB5087545 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5087545, the server would restart.
Changelog – KB5087545
The following changes or improvements are part of KB5087545 for Windows Server 2022 21H2 and 22H2 editions:
- This security update addresses security vulnerabilties on Windows Server 2022.
- [Secure Boot] With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
- [App] This update improves the accuracy and reliability of calculations used by apps and system components. Users and developers should see more consistent results, especially when working with very small values.
- [Daylight saving time (DST)] This update supports the 2023 DST change for the Arab Republic of Egypt.
- [Desktop] This update improves how the Windows Server interface responds during everyday use. Users should notice smoother interactions and fewer instances where windows stop responding.
- [Sign-In] After you install the Windows update released on or after March 10, 2026, some users might experience an issue signing in to apps with a Microsoft account. Even when the device has a working Internet connection, a “no Internet” error appears during sign in and prevents access to Microsoft services and apps such as Microsoft Teams.
- [Remote Desktop (known issue)] Fixed: This update addresses an issue that affects the Remote Desktop Connection security warning dialog. The dialog could render incorrectly in multi-monitor scenario when the monitors had different scaling set. This might occur after installing the April 2026 (KB5082142) security update. For more information, see Understanding security warnings when opening Remote Desktop (RDP) files.
Important Reminder – Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.