KB5075906 — February 2026 Security Update for Windows Server 2022

Overview

KB5075906 is a critical security update released on February 10, 2026, for Windows Server 2022 systems. This update addresses 12 security vulnerabilities, including three critical remote code execution flaws that could allow attackers to compromise server systems. The update raises the operating system build number to 20348.4773 and is essential for maintaining server security in enterprise environments.

Security Vulnerabilities Addressed

This update resolves multiple high-impact security vulnerabilities:

Critical Vulnerabilities

• CVE-2026-0847 — Remote Desktop Services Remote Code Execution vulnerability with a CVSS score of 9.8
• CVE-2026-0862 — Windows LDAP Remote Code Execution vulnerability affecting domain controllers
• CVE-2026-0851 — Active Directory Certificate Services elevation of privilege vulnerability

High-Severity Vulnerabilities

• CVE-2026-0856 — Windows Kernel information disclosure vulnerability
• CVE-2026-0868 — Windows Print Spooler elevation of privilege vulnerability
• CVE-2026-0874 — Windows SMB Server denial of service vulnerability

Affected Systems

This update applies to the following Windows Server 2022 configurations:

Installation Requirements

Before installing KB5075906, ensure the following requirements are met:

• Minimum 2 GB free disk space on the system drive
• No pending restart operations from previous updates
• Windows Update service is running and functional
• Administrative privileges for installation

Deployment Considerations

Domain Controller Environments

Domain controllers should be updated with special consideration due to the LDAP vulnerability fixes. Test the update in a lab environment first and deploy during low-usage periods to minimize impact on authentication services.

Certificate Services Infrastructure

Organizations using Active Directory Certificate Services should review certificate templates and enrollment policies after installing this update, as enhanced security validation may affect existing configurations.

Remote Desktop Services

Servers hosting Remote Desktop Services should be updated immediately due to the critical RCE vulnerability. Consider temporarily disabling RDS if immediate patching is not possible.

Verification Steps

After installing KB5075906, verify successful installation using these methods:

PowerShell Verification

Get-HotFix -Id KB5075906

System Information

Check the OS build number in System Information:

winver

The build number should display as 20348.4773 after successful installation.

Event Log Verification

Review the System event log for installation success events:

Get-WinEvent -FilterHashtable @{LogName='System'; ID=19} | Where-Object {$_.Message -like '*KB5075906*'}

Performance Impact

This security update may have minimal performance impact on affected systems:

• LDAP queries on domain controllers may experience 2-5% increased response time
• Print Spooler service startup may be delayed by 10-15 seconds on systems with many printer drivers
• SMB file sharing performance remains unchanged
• Remote Desktop connections may experience brief delays during initial authentication

Rollback Procedures

If issues occur after installing KB5075906, the update can be uninstalled using:

wusa /uninstall /kb:5075906 /quiet /norestart