Latest Windows Server 2022 Update Improves Protection Against Ransomware Attacks

Datacenter networking servers

Microsoft has released the optional patch (KB5016693) for Windows Server 2022. The new cumulative update brings enhancements to the Microsoft Defender for Endpoint, storage replication, file compression, and bug fixes.

First up, Microsoft Defender for Endpoint is getting some improvements that should make it better at preventing ransomware attacks on Windows Server machines. There is also a new feature that can compress all files (regardless of size) on devices with Server Message Block (SMB) Compression enabled.

In addition, Microsoft has addressed a bug that caused BitLocker performance issues on Windows Server 2022. This release also brings fixes for another problem with BitLocker that previously prevented certain devices from working properly. The company has resolved bugs affecting Windows Update and Remote Desktop Session.

What’s new in Windows Server 2022 build 20348.946

Here are all the improvements and bug fixes Microsoft listed in the release notes for the KB5016693 patch:

  • New! Enhances Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks.

  • New! Compresses a file regardless of its size if you have configured Server Message Block (SMB) Compression.

  • New! Improves storage replication that occurs over low bandwidth or congested wide area networks (WAN).

  • Addresses an issue that prevents the Startup Task API from working as expected for certain apps.

  • Addresses an issue that causes Kerberos authentication to fail. The error is 0xc000009a (STATUS_INSUFFICIENT_RESOURCES “Insufficient system resources exist to complete the API”). This occurs when a client uses the Remote Desktop Protocol (RDP) to connect to a device that has enabled Remote Credential Guard.

  • Addresses an issue that causes ServerAssignedConfigurations to be null in a few full configuration scenarios.

  • Addresses an issue that prevents a private virtual LAN (PVLAN) from providing tenant and virtual machine (VM) isolation.

  • Addresses an issue that delays a client’s acquisition of the Internet Protocol version 6 (IPv6) address for extended periods in an IPv6 environment.

  • Addresses a known issue that causes Microsoft Edge to stop responding when you use IE mode. This issue also prevents you from interacting with a dialog.

  • Addresses an issue that might generate error 0x1E when you shut down or restart a device.

  • Addresses an issue that affects the installation of Microsoft Store apps when you have enabled Control-flow Enforcement.

  • Addresses an issue that prevents virtualized App-V Microsoft Office applications from opening or causes them to stop working.

  • Addresses an issue that might cause the deployment of the Windows Hello for Business certificate to fail in certain circumstances after you reset a device.

  • Addresses an issue that degrades BitLocker performance.

  • Addresses an issue that might prevent Windows from taking ownership of a Trusted Platform Module (TPM) device.

  • Addresses an issue that might cause a Windows device that is using BitLocker to stop working.

  • Addresses an issue that causes the Resultant Set of Policy tool (Rsop.msc) to stop working when it processes 1,000 or more “File System” security settings.

  • Addresses an issue that might cause Remote Desktop Session licensing to display a 60-minute disconnection warning after reconnecting.

  • Addresses an issue that causes the Settings app to stop working on server domain controllers (DCs) when accessing the Privacy > Activity history page.

  • Addresses an issue that prevents devices from receiving an offer from Windows Update for the same extension driver when that extension driver is already installed without the base driver.

  • Addresses a race condition that causes the Local Security Authority Subsystem Service (LSASS) to stop working on Active Directory domain controllers. This issue occurs when LSASS processes simultaneous Lightweight Directory Access Protocol (LDAP) over Transport Layer Security (TLS) requests that fail to decrypt. The exception code is 0xc0000409 (STATUS_STACK_BUFFER_OVERRUN).

  • Addresses an issue that affects a lookup for a nonexistent security ID (SID) from the local domain using read-only domain controller (RODC). The lookup unexpectedly returns the STATUS_TRUSTED_DOMAIN_FAILURE error instead of STATUS_NONE_MAPPED or STATUS_SOME_MAPPED.

  • Addresses an issue that affects input and output in the Storport driver and might cause your system to stop responding.

As usual, IT admins can install this optional patch by heading to the Windows Update section of the Settings app in Windows Server 2022. Meanwhile, it’s also available to download on the Microsoft Update Catalog. Microsoft will ship these improvements and fixes to all users with Patch Tuesday updates on September 13.