Microsoft Windows Server 2022 Update Version OS Build 20348.5024

Views
2

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

KB5091575 is an out-of-band cumulative update for Windows Server 2022, OS Build 20348.5024. It fixes a domain controller startup issue after KB5082142 and notes known issues affecting BitLocker recovery prompts, WSUS error details, and Remote Desktop warnings. Reference IDs: KB5070884, KB5087545, CVE-2025-59287.

Update Details

Security

  • Addresses a domain controller startup issue on multi-domain forests using Privileged Access Management (PAM), where LSASS could stop responding and prevent authentication and directory services.
  • WSUS synchronization error details are temporarily removed to address remote code execution vulnerability CVE-2025-59287.
  • Includes guidance related to Windows Secure Boot certificate expiration starting in June 2026.

Bug Fixes

  • Fixes domain controllers that could experience startup issues after installing KB5082142 and restarting.
  • Corrects Remote Desktop warning display issues in some multi-monitor, mixed-scaling setups; the issue is addressed in KB5087545.

Known Issues

  • Devices with an unrecommended BitLocker Group Policy configuration may prompt for the BitLocker recovery key on the first restart after installing this update.
  • WSUS does not display synchronization error details after installing KB5070884 or later updates.
  • Remote Desktop security warnings may not display correctly in some cases, especially with multiple monitors using different scaling settings.

Hints

  • Microsoft combines the latest servicing stack update (SSU) with the latest cumulative update (LCU) in this release.
  • If affected by the BitLocker issue, Microsoft recommends setting the TPM platform validation profile policy to Not Configured, running gpupdate /force, suspending BitLocker with manage-bde -protectors -disable C:, then re-enabling it with manage-bde -protectors -enable C:.
  • Administrators should review Windows Secure Boot certificate expiration guidance and prepare certificate updates before June 2026.
Product Information

Vendor: Microsoft

Product: Windows Server 2022

Version: OS Build 20348.5024

Release date: Apr 19, 2026

View All Updates