- KB5022840: 2023-02 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems
- KB5022838: 2023-02 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5022899: 2023-02 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
Impacted Products:
- Microsoft Windows
- Microsoft Windows
- Microsoft Edge (Edge HTML-based)
- Microsoft Edge (Chromium-based)
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Visual Studio
- ASP.NET Core
- Chakra Core
- Online Services
- Microsoft Dynamics
- .NET Framework
- .NET Core
Please note the following information regarding the security updates:
- For information regarding enabling Windows 10, version 1809 features and later, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs. There is no change to the cumulative monthly security update
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
KB5022840: Applies to: Windows 10 Enterprise 2019 LTSC Windows 10 IoT Enterprise 2019 LTSC Windows 10 IoT Core 2019 LTSC
Improvements
This security update includes improvements. When you install this KB:
New! It updates the text and web link for Windows Admin Center (WAC) notifications. These appear after you sign- in to the desktop unless you have turned them off. The WAC notifications highlight the available Windows Server management options.
This update addresses an issue that affects searchindexer.exe. It randomly stops you from signing in or signing out.
This update affects HTML dialogs in Microsoft Edge IE mode. Administrators can now reset the zoom for HTML dialogs to the default.
This update addresses an issue that affects dialogs in IE Mode.
This update addresses an issue that affects Microsoft Edge when it is in IE Mode. The titles of pop-up windows and tabs are wrong.
This update addresses an issue that affects certain Internet of Things (IoT) devices. They lose audio.
This update addresses an issue that affects local Kerberos authentication. It fails if the local Key Distribution Center (KDC) service is not active.
This update addresses an issue that affects Windows Server 2022. Phone activation of a Key Management Services (KMS) key does not work.
This update affects Active Directory (AD). It improves the replication performance of AD in large environments.
This update addresses an issue that affects the Resilient File System (ReFS) MSba tag. The issue causes a nonpaged pool leak.
This update addresses an issue that affects the Resilient File System (ReFS). The issue causes high nonpaged pool usage, which depletes system memory.
KB5022838: Applies to Windows 10, version 1607, all editions Windows Server 2016, all editions
This update addresses an issue that puts domain controllers (DC) in a restart loop. This occurs because the Local Security Authority Subsystem Service (LSASS) stops responding. The error is 0xc0000374. LSASS stops responding if you populate KrbTGT with the AltsecID on accounts that read-write and read-only DCs use.
This update affects HTML dialogs in Microsoft Edge IE mode. Administrators can now reset the zoom for HTML dialogs to the default.
This update addresses an issue that affects AppV. It stops file names from having the correct letter case (uppercase or lowercase).
This update addresses an issue that affects certain Internet of Things (IoT) devices. They lose audio.
This update addresses an issue that affects searchindexer.exe. It randomly stops you from signing in or signing out.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
KB5022899: Applies to: Windows Server 2012 Windows Embedded 8 Standard
Improvements
This cumulative security update includes improvements that are part of update KB5022352 (released January 10, 2023).
This update contains miscellaneous security improvements to internal Windows OS functionality. No specific issues are documented for this release.
Symptoms
After this update or a later Windows update is installed, domain join operations might be unsuccessful and error “0xaac (2732): NERR_AccountReuseBlockedByPolicy” occurs. Additionally, text stating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” might be displayed.
Affected scenarios include some domain join or re-imaging operations where a computer account was created or pre-staged by a different identity than the identity used to join or re-join the computer to the domain.
Next step
We have added guidance to KB5020276 and are evaluating whether optimizations can be made in a future Windows Update. This guidance will be updated as soon as those changes are released.