- KB5010351: 2022-02 Cumulative Update for Windows Server 2019 for x64-based Systems
- KB5010359: 2022-02 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5010419: 2022-02 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
Impacted Products:
- Microsoft Windows
- Microsoft Windows
- Microsoft Edge (Edge HTML-based)
- Microsoft Edge (Chromium-based)
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Visual Studio
- ASP.NET Core
- Chakra Core
- Online Services
- Microsoft Dynamics
- .NET Framework
- .NET Core
Please note the following information regarding the security updates:
- For information regarding enabling Windows 10, version 1809 features and later, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs. There is no change to the cumulative monthly security update
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Known Issues:
KB5010351: Applies to: Windows 10 Enterprise 2019 LTSC Windows 10 IoT Enterprise 2019 LTSC Windows 10 IoT Core 2019 LTSC
Improvements and fixes
This security update includes quality improvements. Key changes include:
Addresses an issue that causes a Lightweight Directory Access Protocol (LDAP) modify operation to fail if the operation contains the SamAccountName and UserAccountControl attributes. The error message is, “Error: 0x20EF. The directory service encountered an unknown failure”.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
KB5010359: Applies to Windows 10, version 1607, all editions Windows Server 2016, all editions
This security update includes quality improvements. Key changes include:
Updates daylight savings time to start in February 2022 instead of March 2022 in Jordan.
Updates the phone number for Windows Activation for locales that have the wrong phone number.
Addresses an issue that causes Windows to stop working and generates the error, “IRQL_NOT_LESS_OR_EQUAL”.
Addresses an issue that causes the improper cleanup of Dynamic Data Exchange (DDE) objects. This prevents session teardown and causes a session to stop responding.
Addresses an access violation in IKEEXT.dll that occurs on Always On VPN (AOVPN) and DirectAccess servers. The exception code is 0xC000005.
Addresses an issue that affects Administrative Template settings you configure using a Group Policy Object (GPO). When you change the value of the policy setting to NOT CONFIGURED, the system fails to remove the previous setting. This issue is most noticeable for roaming user profiles.
Addresses a memory leak that occurs when you call WinVerifyTrust(). This issue occurs if verification fails for the first signature of a file that has multiple signatures.
Addresses a known issue that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2016 might not activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK) and after installing updates released April 22, 2021 or later.
Adds an audit event to Active Directory domain controllers that identifies clients that are not compliant with RFC 4456. For more information, see KB5005408: Smart card authentication might cause print and scan failures.
Addresses an issue that might cause Kerberos.dll to stop working within the Local Security Authority Subsystem Service (LSASS). This occurs when LSASS processes simultaneous Service for User (S4U) user-to-user (U2U) requests for the same client user.
Addresses an issue that causes a Lightweight Directory Access Protocol (LDAP) modify operation to fail if the operation contains the SamAccountName and UserAccountControl attributes. The error message is, “Error: 0x20EF. The directory service encountered an unknown failure”.
Symptom
After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.
Workaround
To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app.
Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.
For instructions on how to install this update for your operating system, see the KB articles listed below:
Windows Server 2022:
.NET Framework 4.8 KB5011258
KB5010419: Applies to: Windows Server 2012 Windows Embedded 8 Standard
Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as “C” releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the “B” or Update Tuesday release).
For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2
Improvements and fixes
This security update includes improvements and fixes that were a part of update KB5009624 (released January 11, 2022) and update KB5010794 (released January 17, 2022). Additionally, this update also addresses the following issues:
Updates daylight savings time to start in February 2022 instead of March 2022 in Jordan.
Addresses an issue in which virtual machines (VMs) on a Windows server that has Unified Extensible Firmware Interface (UEFI) enabled fail to start after installing the January 11, 2022 Windows update.
Addresses an issue in which Windows stops running with an IRQL_NOT_LESS_OR_EQUAL error.
Addresses an issue in which a Lightweight Directory Access Protocol (LDAP) modify operation that contains the SamAccountName together with the UserAccountControl attributes fails with “Error: 0x20EF The directory service encountered an unknown failure.”
Adds an audit event on Active Directory domain controllers that identifies clients that are not RFC-4456 compliant. For more information, see KB5005408—Smart card authentication might cause print and scan failures.
Symptom
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
After installing updates released January 11, 2022 or later updates, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.
Workaround
Do one of the following:
Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Microsoft is working on a resolution and will provide an update in an upcoming release.
To resolve this issue manually, apply the out-of-band updates for the version of .NET Framework used by the app.
Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog.
You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.
For instructions on how to install this update for your operating system, see the KB articles listed below:
Windows Server 2022:
.NET Framework 4.8 KB5011258
Windows Server 2019:
.NET Framework 4.8 KB5011257
.NET Framework 4.7.2 KB5011259
Windows Server 2016:
.NET Framework 4.8 KB5011264
.NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011329
Windows Server 2012 R2:
.NET Framework 4.8 KB5011266
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011263
.NET Framework 4.5.2 KB5011261
Windows Server 2012:
.NET Framework 4.8 KB5011265
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262
.NET Framework 4.5.2 KB5011260