- KB5022286: 2023-01 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems
- KB5022289: 2023-01 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5022352: 2023-01 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
Impacted Products:
- Microsoft Windows
- Microsoft Windows
- Microsoft Edge (Edge HTML-based)
- Microsoft Edge (Chromium-based)
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Visual Studio
- ASP.NET Core
- Chakra Core
- Online Services
- Microsoft Dynamics
- .NET Framework
- .NET Core
Please note the following information regarding the security updates:
- For information regarding enabling Windows 10, version 1809 features and later, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs. There is no change to the cumulative monthly security update
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Known Issues:
KB5022286: Applies to Windows 10 Enterprise 2019 LTSC Windows 10 IoT Enterprise 2019 LTSC Windows 10 IoT Core 2019 LTSC
Improvements
New! This update provides the Quick Assist application for your client device.
This update addresses an issue that might affect authentication. It might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if you do not set the encryption types or you disable the RC4 encryption type on the domain.
This update addresses an issue that affects cluster name objects (CNO) or virtual computer objects (VCO). Password reset fails. The error message is, “There was an error resetting the AD password… // 0x80070005”.
This update addresses an issue that affects Microsoft Defender for Endpoint. Automated investigation blocks live response investigations.
This update addresses a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.
Symptom
After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.
Workaround
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue.
For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
KB5022289: Applies to Windows 10, version 1607, all editions Windows Server 2016, all editions
Improvements
New! This update provides the Quick Assist application for your client device.
This update addresses an issue that might affect authentication. It might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if you do not set the encryption types or you disable the RC4 encryption type on the domain.
This update addresses an issue that affects cluster name objects (CNO) or virtual computer objects (VCO). Password reset fails. The error message is, “There was an error resetting the AD password… // 0x80070005”.
This update introduces a Group Policy that enables and disables HTML Application (HTA) files. If you enable this policy, it stops you from running HTA files. If you disable or do not configure this policy, you can run HTA file. To configure this Group Policy:
Open the Group Policy Editor.
Select Computer Configuration > Administrative Templates > Windows Components > Internet Explorer.
Double-click Turn on DisableHTMLApplication.
Select Enabled.
To save the policy setting, select OK or Apply.
This update addresses a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.
Symptom
After installing this update, apps that use ODBC connections through Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might not connect. Additionally, you might receive an error in the app, or you might receive an error from the SQL Server. Errors you might receive include the following messages:
The EMS System encountered a problem. Message: [Microsoft][ODBC SQL Server Driver] Protocol error in TDS Stream.
The EMS System encountered a problem. Message: [Microsoft][ODBC SQL Server Driver] Unknown token received from SQL Server.
To decide whether you are using an affected app, open the app that connects to a database. Open a Command Prompt window, type the following command and then press Enter:
tasklist /m sqlsrv32.dll
If the command lists a task, then the app might be affected.
KB5022352: Applies to Windows Server 2012 Windows Embedded 8 Standard
This cumulative security update includes improvements that are part of update KB5021294 (released December 13, 2022). This update also makes improvements for the following issues:
Authentication might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if encryption types are not set or if RC4 Encryption type is disabled on the domain.
Starting in this release, we are displaying a modal dialog box to remind users about the End of Support for Windows 8.1 in January 2023. This reminder does not appear on managed devices that run Windows 8.1 Pro or Windows 8.1 Enterprise.
Resolves a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.
Improvements
This cumulative security update includes improvements that are part of update KB5020023 (released November 8, 2022) and update KB5021653 (released November 17, 2022). This update also makes improvements for the following issues:
By order of the Fijian government, Fiji will not observe daylight saving time (DST) in 2022. Therefore, clocks do not change by an hour at 02:00 on November 13, 2022.
A memory leak in the Local Security Authority Subsystem Service (LSASS.exe) occurs on Windows domain controllers. This issue is known to occur after installing Windows updates dated November 8, 2022, or later.
Symptoms
After this update or a later Windows update is installed, domain join operations might be unsuccessful and error “0xaac (2732): NERR_AccountReuseBlockedByPolicy” occurs. Additionally, text stating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” might be displayed.
Affected scenarios include some domain join or re-imaging operations where a computer account was created or pre-staged by a different identity than the identity used to join or re-join the computer to the domain.
Next step
We have added guidance to KB5020276 and are evaluating whether optimizations can be made in a future Windows Update. This guidance will be updated as soon as those changes are released.