HOWTO: Install the most recent Updates on your Domain Controllers

To address a known issue that affects Windows Servers that have the Domain Controller role, Microsoft has released an out-of-band update. After installing the November 2022 cumulative updates on Domain Controllers, you might experience Kerberos authentication issues due to the way Microsoft addressed CVE-2022-37966.

 

Microsoft Windows 2022

Regardless of having installed the November 8, 2022 update for Windows Server 2022 (KB5019081) or not, download the 313 MB weighing November 17, 2022 update for Windows Server 2022 (KB5021656) manually from the Microsoft Update Catalog and install it on the Domain Controllers. Reboot each Domain Controller after installation.

 

Microsoft Windows 2019

Regardless of having installed the November 8, 2022 update for Windows Server 2019 (KB5019966) or not, download the 594 MB weighing November 17, 2022 update for Windows Server 2019 (KB5021655) manually from the Microsoft Update Catalog and install it on the Domain Controllers. Reboot each Domain Controller after installation.

 

Microsoft Windows 2016

Regardless of having installed the November 8, 2022 update for Windows Server 2016 (KB5019964) or not, download the 1553 MB weighing November 17, 2022 update for Windows Server 2016 (KB5021654) manually from the Microsoft Update Catalog and install it on the Domain Controllers. Reboot each Domain Controller after installation.

 

Microsoft Windows 2012 R2

On each Domain Controller running Microsoft Windows 2012 R2, perform these steps:

Install the November 8, 2022 Monthly Rollup update for Windows Server 2012 R2 (KB5020023) or install the November 8, 2022 Security-only update for Windows Server 2012 R2 (KB5020010). Restart the Domain Controller.

Download the 36 MB weighing Out-of-band update for Windows Server 2012 R2: November 17, 2022 (KB5021653) manually from the Microsoft Update Catalog. Install it and restart the Domain Controller afterward.

 

Microsoft Windows 2012

On each Domain Controller running Microsoft Windows 2012, perform these steps:

Install the November 8, 2022 Monthly Rollup update for Windows Server 2012 (KB5020009) or install the November 8, 2022 Security-only update for Windows Server 2012 (KB5020003). Restart the Domain Controller.

Download the 35 MB weighing Out-of-band update for Windows Server 2012 (KB5021652) manually from the Microsoft Update Catalog. Install it and restart the Domain Controller afterward.

 

Microsoft Windows 2008 R2

On each Domain Controller running Microsoft Windows 2008 R2 with Service Pack 1, perform these steps:

Install the November 8, 2022 Monthly Rollup update for Windows Server 2008 R2 (KB5020000) or install the November 8, 2022 Security-only update for Windows Server 2008 R2 (KB5020010). Restart the Domain Controller.

Download the 38 MB weighing Out-of-band update for Windows Server 2008 R2: November 18, 2022 (KB5021651) manually from the Microsoft Update Catalog. Install it and restart the Domain Controller afterward.

 

Microsoft Windows 2008

On each Domain Controller running Microsoft Windows 2008 with Service Pack 2, perform these steps:

Install the November 8, 2022 Monthly Rollup update for Windows Server 2008 (KB5020019) or install the November 8, 2022 Security-only update for Windows Server 2008 (KB5020005). Restart the Domain Controller.

Download the 35 MB weighing Out-of-band update for Windows Server 2008 (KB5021657) manually from the Microsoft Update Catalog. Install it and restart the Domain Controller afterward.

Posted on November 18, 2022 by Sander Berkouwer in Active Directory, Security Updates, What's New

7 Responses to HOWTO: Install the most recent Updates on your Domain Controllers

  1.  

    Hello,

    If we previously didn't install November 8th, 2022, updates in our environment, how do we proceed?
    Should we install only the OOB patch alone on Windows 2012 R2 Domain Controllers or should we install some patches from November 8th, 2022, and then the OOB patch?

    Please advise.

    from Vinod November 23, 2022 at 4:01 AM

    • Hi Vinod,

      As mentioned in the 'Windows Server 2012 R2' section above:
      Install the November 8, 2022, update (KB502009 or KB5020003). Restart. Download the Out-of-band update (KB5021652). Install that. Restart.

      from Sander Berkouwer November 23, 2022 at 2:27 PM
       
  2.  

    Note that there is a memory lead side effect introduced by these updates. See https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1607-and-windows-server-2016?source=recommendations#2966msgdesc

    from Susan November 25, 2022 at 10:41 PM
  3.  

    Any updates on the Memory Leak issue?

    from Kai December 6, 2022 at 3:03 AM

    • Hi Kai,

      This is the latest information I have on this issue.

      from Sander Berkouwer December 7, 2022 at 8:49 AM
       
  4.  

    Are these memory leaks only on Domain Controllers running Windows Server 2016?

    from Doe December 6, 2022 at 5:39 PM

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.