KB5028997: Windows Server 2022 Cumulative Update (July 2023)
The July 2023 cumulative update for Windows Server 2022 addresses 130 vulnerabilities — the highest count for a single Patch Tuesday to that date. Includes fixes for Windows Routing and Remote Access Service (RRAS) remote code execution vulnerabilities.
Servers with RRAS (VPN/routing) enabled and missing KB5028997 are exposed to unauthenticated remote code execution via six separate CVEs. Additionally, Windows Message Queuing (MSMQ) vulnerabilities in this update allow RCE over port 1801 if MSMQ is enabled.
KB5028997 addresses 130 CVEs in a record-breaking July 2023 Patch Tuesday. Notable patches include six RRAS remote code execution vulnerabilities (CVE-2023-35365 through CVE-2023-35367), all rated Critical, which allow unauthenticated attackers to execute code remotely on servers with RRAS enabled.
Probably yes if any of these apply:
Affected OS versions
An infrastructure team running Windows Server 2022 VPN gateways with RRAS does not apply the July 2023 patches within their 30-day SLA. A threat actor scans for internet-facing RRAS servers and identifies the unpatched systems. The six RRAS RCE vulnerabilities provide multiple attack paths to gain initial access to the internal network without credentials.
Manual download
For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.
↗ Microsoft Update CatalogKB5028997Manual remediation steps
⏱ 30–60 minutes including rebootCheck if KB5028997 is Installed
Get-HotFix -Id KB5028997
Check RRAS Exposure (if delayed patching)
# Check if RRAS is running
Get-Service RemoteAccess | Select-Object Status, StartType
# If exposed and cannot patch immediately — disable RRAS
# Stop-Service RemoteAccess -Force
Apply
Verify
Get-HotFix -Id KB5028997
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References