CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.3%
**Caution:**If you intend to install this update on a domain controller (DC), we highly recommend that you install the February 8, 2022 security update instead. The February security update addresses a known issue that might cause some versions of Windows Server to restart unexpectedly.
11/19/20
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page.
This security update includes quality improvements. Key changes include:
Symptom | Workaround |
---|---|
After installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). Note This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, "Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information."Event Log entries related to activation are another way to tell that you might be affected by this issue. Open**Event Viewer on the client device that failed activation and go toWindows Logs **>Application. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following: |
The KMS client could not reach the KMS host.
The KMS host did not respond.
The client did not receive the response.
For more information on these event IDs, see Useful KMS client events - Event ID 12288 and Event ID 12289.| This issue is resolved in KB5010359.
After installing this update, IP Security (IPSEC) connections that contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.| This issue is resolved in KB5010790.
After installing this update on domain controllers (DCs), affected versions of Windows Servers might restart unexpectedly after receiving an Lsass.exe error.Note: On Windows Server 2016 and later, you are more likely to be affected when DCs are using Shadow Principals in Enhanced Security Admin Environment (ESAE) or environments with Privileged Identity Management (PIM).| This issue is resolved in KB5010790.
After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers Affected apps use the System.DirectoryServices API.| To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app.Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the KB articles listed below:
Windows Server 2022:
Windows Server 2019:
Windows Server 2016:
Windows Server 2012 R2:
Windows Server 2012:
KB5009546 is no longer available.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.3%