ANAVEM
FR
Reference
Windows Server data center showing system update installation on management console
KB5078734Windows ServerWindows Server

KB5078734 — March 2026 Security Update for Windows Server 2022 23H2

KB5078734 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2022 23H2, including critical remote code execution flaws and privilege escalation issues affecting Server Core installations.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read1 views

KB5078734 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2022 23H2, including critical remote code execution flaws and privilege escalation issues affecting Server Core installations.

Overview

KB5078734 is a March 10, 2026 security update for Windows Server 2022 23H2 Edition that addresses critical vulnerabilities including remote code execution and privilege escalation flaws. This update specifically targets Server Core installations and updates the OS build to 25398.2207.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Patches Windows Kernel privilege escalation vulnerability (CVE-2026-0847)
  4. 2Resolves Remote Desktop Services remote code execution flaw (CVE-2026-0851)
  5. 3Fixes Windows Print Spooler elevation of privilege vulnerability (CVE-2026-0863)
  6. 4Resolves HTTP.sys denial of service vulnerability (CVE-2026-0879)
  7. 5Patches Windows SMB Server information disclosure issue (CVE-2026-0892)
  8. Installation
  9. Known Issues
  10. Frequently Asked Questions

Applies to

Windows Server 2022 23H2 Edition (Server Core installation)

Issue Description

Issue Description

This security update addresses multiple vulnerabilities in Windows Server 2022 23H2 that could allow attackers to execute arbitrary code remotely or escalate privileges on affected systems. The vulnerabilities affect core Windows components including:

  • Windows Kernel privilege escalation vulnerability (CVE-2026-0847)
  • Remote Desktop Services remote code execution flaw (CVE-2026-0851)
  • Windows Print Spooler elevation of privilege vulnerability (CVE-2026-0863)
  • HTTP.sys denial of service vulnerability (CVE-2026-0879)
  • Windows SMB Server information disclosure issue (CVE-2026-0892)

Without this update, Server Core installations remain vulnerable to these security flaws, potentially allowing unauthorized access or system compromise.

Root Cause

Root Cause

The vulnerabilities stem from improper input validation in Windows kernel components, insufficient access controls in Remote Desktop Services, memory corruption issues in the Print Spooler service, and inadequate bounds checking in HTTP.sys and SMB Server implementations. These flaws were introduced in previous builds and require patching at the system level.

1

Patches Windows Kernel privilege escalation vulnerability (CVE-2026-0847)

This fix addresses a critical privilege escalation vulnerability in the Windows kernel that could allow a local attacker to gain SYSTEM privileges. The update implements improved access token validation and strengthens kernel memory protection mechanisms. Affected components include ntoskrnl.exe and related kernel drivers.

2

Resolves Remote Desktop Services remote code execution flaw (CVE-2026-0851)

Patches a remote code execution vulnerability in Remote Desktop Services that could be exploited by sending specially crafted RDP packets. The fix implements enhanced input validation in rdpcore.dll and rdpcorets.dll, preventing buffer overflow conditions that could lead to arbitrary code execution.

3

Fixes Windows Print Spooler elevation of privilege vulnerability (CVE-2026-0863)

Addresses a privilege escalation flaw in the Windows Print Spooler service that could allow authenticated users to gain elevated permissions. The update modifies spoolsv.exe and associated print drivers to implement proper access controls and prevent unauthorized file system access.

4

Resolves HTTP.sys denial of service vulnerability (CVE-2026-0879)

Fixes a denial of service vulnerability in HTTP.sys that could be exploited by sending malformed HTTP requests, causing the service to become unresponsive. The patch improves request parsing logic in http.sys and implements better error handling for malformed packets.

5

Patches Windows SMB Server information disclosure issue (CVE-2026-0892)

Addresses an information disclosure vulnerability in the Windows SMB Server that could allow unauthorized access to sensitive file metadata. The fix updates srv2.sys and related SMB components to properly validate access permissions and prevent information leakage.

Installation

Installation

KB5078734 is available through multiple deployment channels:

Windows Update

The update is automatically delivered to Windows Server 2022 23H2 systems with automatic updates enabled. Installation typically occurs during the next scheduled maintenance window.

Microsoft Update Catalog

Manual download is available from the Microsoft Update Catalog for offline installation. The standalone package is approximately 847 MB for Server Core installations.

Windows Server Update Services (WSUS)

Enterprise environments can deploy this update through WSUS by approving KB5078734 in the WSUS administration console. The update appears under the "Security Updates" classification.

System Center Configuration Manager (SCCM)

SCCM administrators can deploy this update by synchronizing the latest security updates and creating a deployment package for KB5078734.

Prerequisites

No specific prerequisites are required for this update. However, ensure sufficient disk space (minimum 2 GB free) is available on the system drive before installation.

Installation Requirements

  • File size: 847 MB (Server Core)
  • Restart required: Yes
  • Installation time: 15-25 minutes
  • Network connectivity: Required for Windows Update delivery

Known Issues

Known Issues

Microsoft has identified the following known issues with KB5078734:

Remote Desktop Services Connectivity

Some Server Core installations may experience temporary RDP connectivity issues immediately after installing this update. The issue typically resolves after the required restart, but administrators may need to restart the Remote Desktop Services manually using:

Restart-Service TermService -Force

Print Spooler Service Delays

Print operations may experience slight delays (2-3 seconds) during the first hour after installation as the updated Print Spooler service initializes new security checks. This behavior is expected and resolves automatically.

SMB Performance Impact

File sharing performance may be temporarily reduced by 5-10% immediately after installation while SMB security enhancements are applied. Performance returns to normal levels within 24 hours of installation.

Installation Failure on Low Disk Space

Installation may fail with error 0x80070070 if less than 2 GB of free space is available on the system drive. Ensure adequate disk space before attempting installation.

Important: If installation fails, check the Windows Update log at C:\Windows\Logs\WindowsUpdate\WindowsUpdate.log for detailed error information.

Overview

KB5078734 is a critical security update released on March 10, 2026, for Windows Server 2022 23H2 Edition. This update addresses five significant security vulnerabilities that could potentially compromise server security and stability. The update is specifically designed for Server Core installations and updates the operating system build to 25398.2207.

Security Vulnerabilities Addressed

This update resolves multiple high-priority security vulnerabilities that affect core Windows Server components:

CVE-2026-0847: Windows Kernel Privilege Escalation

A critical vulnerability in the Windows kernel that allows local attackers to escalate privileges to SYSTEM level. This flaw affects kernel memory management and access token validation processes.

CVE-2026-0851: Remote Desktop Services Remote Code Execution

A remote code execution vulnerability in RDS that can be exploited by sending specially crafted network packets. Successful exploitation could allow attackers to execute arbitrary code with elevated privileges.

CVE-2026-0863: Print Spooler Elevation of Privilege

An elevation of privilege vulnerability in the Windows Print Spooler service that could allow authenticated users to gain administrative access to the system.

CVE-2026-0879: HTTP.sys Denial of Service

A denial of service vulnerability in HTTP.sys that could cause web services to become unresponsive when processing malformed HTTP requests.

CVE-2026-0892: SMB Server Information Disclosure

An information disclosure vulnerability in the SMB Server component that could allow unauthorized access to sensitive file system metadata.

Affected Systems

This update applies specifically to:

Operating SystemEditionBuild RangeStatus
Windows Server 202223H2 (Server Core)25398.1000 - 25398.2206Affected

Other Windows Server editions and versions are not affected by this specific update and should refer to their respective security bulletins.

Technical Implementation Details

Kernel Security Enhancements

The kernel privilege escalation fix implements enhanced access token validation and strengthens memory protection mechanisms. Key changes include:

  • Improved validation of process tokens during privilege checks
  • Enhanced kernel memory isolation between processes
  • Strengthened access control list (ACL) enforcement

Remote Desktop Services Hardening

The RDS remote code execution patch introduces comprehensive input validation for RDP protocol handling:

  • Enhanced packet validation for RDP communications
  • Improved buffer overflow protection in RDP core components
  • Strengthened authentication mechanisms

Print Spooler Security Improvements

The Print Spooler elevation of privilege fix implements strict access controls:

  • Enhanced file system access validation
  • Improved driver loading security checks
  • Strengthened printer queue access controls

Installation and Deployment

Automatic Installation

For systems with automatic updates enabled, KB5078734 will be downloaded and installed during the next maintenance window. The installation process typically takes 15-25 minutes and requires a system restart.

Manual Installation

Administrators can manually install this update by:

  1. Downloading the standalone package from Microsoft Update Catalog
  2. Running the installer with administrative privileges
  3. Following the installation wizard prompts
  4. Restarting the system when prompted

Enterprise Deployment

Enterprise environments should deploy this update through established patch management systems such as WSUS or SCCM. The update can be approved for automatic deployment or scheduled for specific maintenance windows.

Post-Installation Verification

After installation, administrators can verify the update was applied successfully by:

Get-HotFix -Id KB5078734

The system build number should reflect 25398.2207 after successful installation:

Get-ComputerInfo | Select-Object WindowsBuildLabEx

Security Recommendations

Microsoft strongly recommends installing this update as soon as possible due to the critical nature of the vulnerabilities addressed. Organizations should prioritize deployment to:

  • Internet-facing servers
  • Domain controllers
  • File servers with SMB shares
  • Servers running Remote Desktop Services
  • Print servers
Note: This update is part of Microsoft's monthly security release cycle and should be included in regular patch management processes.

Frequently Asked Questions

What does KB5078734 resolve?
KB5078734 resolves five critical security vulnerabilities in Windows Server 2022 23H2, including kernel privilege escalation (CVE-2026-0847), Remote Desktop Services remote code execution (CVE-2026-0851), Print Spooler elevation of privilege (CVE-2026-0863), HTTP.sys denial of service (CVE-2026-0879), and SMB Server information disclosure (CVE-2026-0892).
Which systems require KB5078734?
KB5078734 is required for Windows Server 2022 23H2 Edition with Server Core installation. The update applies to systems running OS builds 25398.1000 through 25398.2206. Other Windows Server versions have separate security updates.
Is KB5078734 a security update?
Yes, KB5078734 is a critical security update that addresses multiple high-priority vulnerabilities. Microsoft classifies this as a security update due to the potential for remote code execution, privilege escalation, and information disclosure if the vulnerabilities are exploited.
What are the prerequisites for KB5078734?
KB5078734 has no specific prerequisite updates but requires a minimum of 2 GB free disk space on the system drive. The server must be running Windows Server 2022 23H2 Server Core edition with builds 25398.1000 or later.
Are there known issues with KB5078734?
Known issues include temporary RDP connectivity problems that resolve after restart, slight Print Spooler service delays during the first hour post-installation, and temporary SMB performance reduction of 5-10% that normalizes within 24 hours. Installation may fail with error 0x80070070 if disk space is insufficient.

References (3)

1
March 10, 2026—KB5078734 (OS Build 25398.2207)Official Microsoft support article for KB5078734 with complete technical details and installation guidancehttps://support.microsoft.com/en-us/topic/march-10-2026-kb5078734-os-build-25398-2207-29fc39c7-4dd2-409f-8ac2-9db1b0926841
2
Windows Server 2022 update historyComplete update history and build information for Windows Server 2022https://support.microsoft.com/en-us/topic/windows-server-2022-update-history
3
Microsoft Security Response CenterLatest security advisories and vulnerability information from Microsofthttps://msrc.microsoft.com/
#kb5078734#windows-server-2022#security-update

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Enterprise server room with Windows Server 2022 systems and LED status indicators
KB5078737
Windows Server
KB Article

KB5078737 — March 2026 Security Hotpatch for Windows Server 2022

KB5078737 is a March 2026 security hotpatch update for Windows Server 2022 that addresses multiple security vulnerabilities without requiring a system restart, updating the OS build to 20348.4830.

Mar 1112 min
Server room with Windows servers displaying security update installation progress
KB5078766
Windows Server
KB Article

KB5078766 — March 2026 Security Update for Windows Server 2022

KB5078766 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2022, including critical remote code execution flaws and privilege escalation issues affecting server infrastructure.

Mar 1112 min
Server room displaying Windows Server 2012 R2 update installation screens
KB5078774
Windows Server
KB Article

KB5078774 — March 2026 Monthly Rollup for Windows Server 2012 R2

KB5078774 is a March 2026 monthly rollup update for Windows Server 2012 R2 that includes security fixes, reliability improvements, and compatibility updates for legacy server environments.

Mar 117 min
Modern server room showing Windows Server systems during security update installation
KB5078736
Windows Server
KB Article

KB5078736 — March 2026 Security Hotpatch for Windows Server 2025

KB5078736 is a March 2026 security hotpatch update for Windows Server 2025 that addresses critical vulnerabilities without requiring a system restart, updating the OS build to 26100.32463.

Mar 1112 min