KB5015808: Windows Server 2022 Cumulative Update (July 2022)
The July 2022 cumulative update for Windows Server 2022 addresses 84 vulnerabilities, the most in a single Patch Tuesday to that point. Includes critical fixes for Windows Server Service, CSRSS, and RPC Runtime.
CVE-2022-22047 (Windows CSRSS) was being exploited in the wild at the time of release and allows privilege escalation to SYSTEM. Servers missing KB5015808 are exposed to this actively exploited flaw alongside 83 additional vulnerabilities.
KB5015808 addresses 84 security vulnerabilities across Windows Server 2022 in the July 2022 Patch Tuesday cycle. Critical patches include fixes for Windows Server Service (CVE-2022-22029), Remote Procedure Call Runtime (CVE-2022-22038), and the Windows Client/Server Runtime Subsystem (CVE-2022-22047), the last of which was actively exploited at time of release.
Probably yes if any of these apply:
Affected OS versions
A managed service provider running Windows Server 2022 for clients misses the July 2022 patch window due to a scheduling conflict. Two of their clients are subsequently compromised via CVE-2022-22047, which threat actors used as part of a privilege escalation chain. The CSRSS vulnerability requires no special access — just local code execution, which attackers already had from a phishing payload.
Manual download
For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.
↗ Microsoft Update CatalogKB5015808Manual remediation steps
⏱ 30–60 minutes including rebootCheck if KB5015808 is Installed
Get-HotFix -Id KB5015808
Check for Actively Exploited CVE-2022-22047 Specifically
# This CVE was exploited at time of release — prioritise this patch
Get-HotFix | Where-Object {$_.HotFixID -in @('KB5015808','KB5015811')}
Apply
Verify
Get-HotFix -Id KB5015808
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References