KB5094128 for Windows Server 2022

KB5094128 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 9 June 2026 under the ‘Patch Tuesday’ release cycle.

KB5094128 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the updates are not available and you will need to upgrade to a version supported with monthly update.

Salient points

KB5094128 supersedes May 2026 cumulative update KB5087545.
KB5094128 corresponds to server build 20348.5256.
104 security vulnerabilities have been disclosed by Microsoft in June 2026 for Windows Server 2022.
Three Zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2022 Server Core installation.
21 Critical security vulnerabilities impact Windows Server 2022.
The Servicing Stack Update corresponding to KB5094128 is KB5094147 with build number corresponding to 20348.5251. Separate installation of the SSU or Servicing Stack is not needed.

Zero-day vulnerability

Three zero-day vulnerabilities affect Windows Server 2022. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.

CVE-2026-45586 – CVSS 7.8 – Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability
CVE-2026-49160 – CVSS 7.5 – HTTP.sys Denial of Service Vulnerability
CVE-2026-50507 – CVSS 6.8 – Windows BitLocker Security Feature Bypass Vulnerability

Critical vulnerabilities

The June security bulletin for Windows Server 2016 reports 104 security vulnerabilities. 21 of these vulnerabilities have CRITICAL severity. These vulnerabilities are listed below.

Servicing Stack Update KB5094147

The Serving Stack Update for KB5094128 is KB5094147. The SSU file is included in the main cumulative update. Therefore, separate installation is not needed.

Download KB5094128

You may download the offline installer file for KB5094128 from the catalog site link shared below:

Download KB5094128 from the Microsoft Update Catalog (541.4 MB)

The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2. Upon installation of KB5094128, the server would restart.

Changelog – KB5094128

The following changes or improvements are part of KB5094128 for Windows Server 2022 21H2 and 22H2 editions:

This security update addresses security vulnerabilties on Windows Server 2022.
[Secure Boot]
[App] This update improves visibility and reliability of device security by enabling real-time status updates for Secure Boot within the Windows Security app.
[File Explorer] This update improves File Explorer search, including support for Chinese text, and UTF 8–encoded files without a byte order mark (BOM). Text now displays more clearly and consistently across search results, Content view, and tooltips.
[Texts and Fonts] This update improves Windows fonts by adding the new Saudi Riyal currency symbol. This change helps keep text clear, accurate, and visually consistent across your Windows apps and experiences.

Important Reminder – Secure Boot Services

It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.

Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.

Rajesh Dhawan

Simplifying technology, one step at a time.