Microsoft Windows Server 2022 Update Version OS Build 20348.5020

Views
2

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

KB5082142 for Windows Server 2022 updates OS Build 20348.5020 with security fixes, quality improvements, and new protections for Remote Desktop, Secure Boot, Kerberos, and vulnerable drivers. It also includes SSU KB5082137.

Update Details

Security

  • Adds known vulnerable kernel drivers to the Microsoft vulnerable driver blocklist.
  • Improves protection against phishing attacks using Remote Desktop (.rdp) files by showing connection settings before connecting and displaying a one-time warning.
  • Changes Kerberos KDC default encryption behavior to use AES-SHA1 for accounts without an explicit msds-SupportedEncryptionTypes attribute, related to CVE-2026-20833.
  • Disables WDS Hands-Free Deployment by default as a hardening change related to CVE-2026-0386.
  • Includes Secure Boot certificate rollout improvements and addresses a BitLocker Recovery issue after Secure Boot updates.

Bug Fixes

  • Improves audio reliability and reduces system unresponsiveness related to sound activity.
  • Improves system stability during large file operations.
  • Improves SMB compression over QUIC reliability to reduce timeouts.
  • Adds the Saudi Riyal currency symbol to Windows fonts.
  • Addresses an issue where devices might enter BitLocker Recovery after Secure Boot updates.

New Features

  • Introduces additional high-confidence device targeting data for phased Secure Boot certificate rollout.
  • Adds the new Saudi Riyal currency symbol to Windows fonts.

Known Issues

  • Domain controllers in forests with multiple domains using PAM might restart repeatedly after installation; resolved by out-of-band update KB5091575 or hotpatch KB5091576.
  • Some devices with an unrecommended BitLocker Group Policy configuration might prompt for the BitLocker recovery key on first restart.
  • WSUS does not display synchronization error details after KB5070884 or later updates.
  • Remote Desktop security warnings might not display correctly on some multi-monitor setups with mixed display scaling; addressed in KB5087545.

Hints

  • Windows Server 2022 servicing stack update KB5082137 (OS Build 20348.5021) is included.
  • Microsoft recommends auditing BitLocker group policies for explicit PCR7 inclusion before installing this update.
  • For affected BitLocker devices, remove the TPM platform validation policy, run gpupdate /force, then suspend and resume BitLocker to update bindings.
  • Devices enrolled in hotpatching should install OOB hotpatch update KB5091576 instead of KB5091575 for the domain controller issue.
  • Secure Boot certificates used by most Windows devices begin expiring in June 2026; Microsoft recommends reviewing CA update guidance.
Product Information

Vendor: Microsoft

Product: Windows Server 2022

Version: OS Build 20348.5020

Release date: Apr 14, 2026

View All Updates