- KB5026370: 2023-05 Cumulative Update for Microsoft server operating system for x64-based Systems
- KB5026362: 2023-05 Cumulative Update for Windows Server 2019 for x64-based Systems
- KB5026363: 2023-05 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5026415: 2023-05 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
Impacted Products:
- Microsoft Windows
- Microsoft Windows
- Microsoft Edge (Edge HTML-based)
- Microsoft Edge (Chromium-based)
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Visual Studio
- ASP.NET Core
- Chakra Core
- Online Services
- Microsoft Dynamics
- .NET Framework
- .NET Core
Please note the following information regarding the security updates:
- For information regarding enabling Windows 10, version 1809 features and later, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs. There is no change to the cumulative monthly security update
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
KB5026370 : Applies to: Windows 10 Enterprise 2019 LTSC; Windows 10 IoT Enterprise 2019 LTSC; Windows 10 IoT Core 2019 LTSC
Improvements
New! This update changes firewall settings. You can now configure application group rules.
This update addresses an issue that affects conhost.exe. It stops responding.
This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022.
This update addresses issues that affect the 32-bit version of Windows Calculator.
This update addresses an issue that affects apps that use DirectX on older Intel graphics drivers. You might receive an error from apphelp.dll.
The update addresses an issue that sends unexpected password expiration notices to users. This occurs when you set up an account to use “Smart Card is Required for Interactive Logon” and set “Enable rolling of expiring NTLM secrets”.
This update addresses an issue that affects Microsoft Edge IE mode. Pop-up windows open in the background instead of in the foreground.
This update addresses an issue that affects the software defined networking (SDN) virtual subnet. The delete operation creates an error. This stops the virtual subnet from being deleted.
The update addresses an issue that affects AzureService Fabric containers. This change is off by default. To enable the change, set Globals.RouteResolutionOrderConfig to TRUE. To propagate the value, move the primary node for VswitchService and SDNAPI. After you set the value, this change will apply to new and current network traffic routes.
This update addresses an issue that affects protected content. When you minimize a window that has protected content, the content displays when it should not. This occurs when you are using Taskbar Thumbnail Live Preview.
This update addresses an issue that affects mobile device management (MDM) customers. The issue stops you from printing. This occurs because of an exception.
This update addresses an issue that affects signed Windows Defender Application Control (WDAC) policies. They are not applied to the Secure Kernel. This occurs when you enable Secure Boot.
This update addresses an issue that affects the Windows Defender Application Control. The policy that blocks software using a hash rule might not stop the software from running.
This update addresses an Active Directory Federation Services (AD FS). You might need to retry authentication multiple times to sign in successfully.
This update addresses an issue that affects accounts that run the Set-AdfsCertificate command. The command fails. This occurs when an account does not have read permissions for the related Distributed Key Manager (DKM) container.
This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.
This update addresses an issue that affects the legacy Local Administrator Password Solution (LAPS) and the new Windows LAPS feature. They fail to manage the configured local account password. This occurs when you install the legacy LAPS .msi file after you have installed the April 11, 2023, Windows update on machines that have a legacy LAPS policy.
This update addresses an issue that affects SMB Direct. Endpoints might not be available on systems that use multi-byte character sets.
Symptom
After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.
Workaround
Please see VMware’s documentation to mitigate this issue.
Microsoft and VMware are investigating this issue and will provide more information when it is available.
KB5026362: Applies to Windows 10, version 1607, all editions; Windows Server 2016, all editions
Improvements
This update addresses an issue that affects conhost.exe. It stops responding.
This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022.
The update addresses an issue that affects the Remote Procedure Call Service (RPCSS). A lock order inversion causes a deadlock in it.
This update addresses an issue that affects the Key Distribution Center (KDC) service. When the service stops on a local machine, signing in to all local Kerberos fails. The error is STATUS_NETLOGON_NOT_STARTED.
This update addresses an issue that affects accounts that run the Set-AdfsCertificate command. The command fails. This occurs when an account does not have read permissions for the related Distributed Key Manager (DKM) container.
This update addresses an Active Directory Federation Services (AD FS). You might need to retry authentication multiple times to sign in successfully.
This update addresses an issue that affects SMB Direct. Endpoints might not be available on systems that use multi-byte character sets.
This update addresses an issue that might affect the Windows Local Administrator Password Solution (LAPS). It might fail. This occurs on versions of Windows Server 2019 that run Server Core. The error is 0x8007007f.
This update addresses an issue that affects apps that use DirectX on older Intel graphics drivers. You might receive an error from apphelp.dll.
This update addresses a race condition in Windows LAPS. The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.
This update addresses an issue that affects the legacy Local Administrator Password Solution (LAPS) and the new Windows LAPS feature. They fail to manage the configured local account password. This occurs when you install the legacy LAPS .msi file after you have installed the April 11, 2023, Windows update on machines that have a legacy LAPS policy.
KB5026363: Applies to Windows Server 2012; Windows Embedded 8 Standard
Improvements
This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022.
This update addresses an issue that affects the Key Distribution Center (KDC) service. When the service stops on a local machine, signing in to all local Kerberos fails. The error is STATUS_NETLOGON_NOT_STARTED.
This update addresses an issue that affects Microsoft Edge IE mode. The issue stops you from configuring add-ons.
KB5026415: Windows Server 2012 R2; Windows Embedded 8.1 Industry Enterprise; Windows Embedded 8.1 Industry Pro
This cumulative security update includes improvements that are part of update KB5025285 (released April 11, 2023). This update also makes improvements for the following issues:
By order of the Islamic Republic of Iran on September 22, 2022, daylight saving time (DST) will no longer be observed and the republic will remain on Iran Standard Time UTC+03:30.
Local Kerberos authentication fails if the local Key Distribution Center (KDC) service is stopped. Additionally, all local Kerberos logons fail with the error STATUS_NETLOGON_NOT_STARTED. After the Windows Monthly Rollup dated on or after November 8, 2022, is installed, Kerberos constrained delegation (KCD) fails with the error message KRB_AP_ERR_MODIFIED on Read/Write Domain Controllers.