KB5022842: Windows Server 2022 Cumulative Update (February 2023)
The February 2023 Patch Tuesday cumulative update for Windows Server 2022 addresses 77 CVEs including three zero-days — CVE-2023-21823 (Windows Graphics Component RCE), CVE-2023-21715 (Office Security Bypass), and CVE-2023-23376 (Windows CLFS Driver EoP), all actively exploited.
CVE-2023-23376 (CLFS Driver EoP) combined with any code execution vulnerability allows attackers to immediately escalate to SYSTEM. This combination was observed in multiple ransomware deployments in January-February 2023. CVE-2023-21823 (Graphics Component) provides unauthenticated remote code execution on systems rendering attacker-controlled content.
KB5022842 patches three actively exploited zero-days in February 2023: CVE-2023-21823 (Windows Graphics Component RCE, requiring no privileges), CVE-2023-23376 (CLFS Driver EoP used by ransomware operators), and CVE-2023-21715 (Office Publisher security feature bypass). All three were confirmed exploited in the wild before the patch was released.
Probably yes if any of these apply:
Affected OS versions
The CLFS driver zero-day CVE-2023-23376 was observed by Microsoft in multiple ransomware attack chains during early 2023. Attackers would gain initial access via phishing, then use the CLFS driver vulnerability to escalate to SYSTEM, disable endpoint protection, and deploy ransomware — a pattern consistent with multiple threat actor groups including those behind Cl0p and LockBit ransomware.
Manual download
For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.
↗ Microsoft Update CatalogKB5022842Manual remediation steps
⏱ 30–60 minutes including rebootCheck if KB5022842 is Installed
Get-HotFix -Id KB5022842
Apply
Verify
Get-HotFix -Id KB5022842
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References