KB5036896: Windows Server 2022 Cumulative Update (April 2024)
The April 2024 Patch Tuesday cumulative update for Windows Server 2022 addresses 149 CVEs — another record-high count. Includes critical fixes for Windows RPC, DNS Server, Hyper-V, and a SmartScreen bypass (CVE-2024-29988) that was actively exploited.
CVE-2024-29988 allows attackers to bypass Windows SmartScreen protections by crafting malicious files that evade the security check. This was being used in active malware distribution campaigns at time of release. Combined with the DNS and Hyper-V RCE vulnerabilities, unpatched Windows Server 2022 systems face multiple remote code execution attack paths.
KB5036896 addresses 149 CVEs across Windows Server 2022, the most in any Patch Tuesday to that date. CVE-2024-29988, a SmartScreen security bypass, was actively exploited in the wild at time of release. Additional critical vulnerabilities include Windows DNS Server RCE (CVE-2024-26221) and Windows Hyper-V RCE (CVE-2024-20680).
Probably yes if any of these apply:
Affected OS versions
Security vendors observed CVE-2024-29988 being used in phishing campaigns targeting enterprise users in March-April 2024. Attackers packaged malicious payloads in ZIP files with crafted metadata that caused SmartScreen to bypass the Mark of the Web check. Enterprise environments running Windows Server 2022 as RDS servers or jump boxes were exposed through user sessions.
Manual download
For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.
↗ Microsoft Update CatalogKB5036896Manual remediation steps
⏱ 30–60 minutes including rebootCheck if KB5036896 is Installed
Get-HotFix -Id KB5036896
Apply
Verify
Get-HotFix -Id KB5036896
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References