Home/KB Catalog/KB5087545

KB5087545: Overview with user sentiment and feedback

Last Updated June 11, 2026

Probability of successful installation and continued operation of the machine

0%
20%
40%
60%
80%
100%
65%
Known Issues

Overview

KB5087545 is a cumulative security update for Windows Server 2022 released on May 12, 2026, with OS Build 20348.5139. This update combines the latest servicing stack update with cumulative quality improvements and security fixes from previous monthly releases, specifically incorporating updates from KB5082142 (April 14, 2026) and KB5091575 (April 19, 2026).

The update addresses multiple system components including Secure Boot certificate management, application calculation accuracy, daylight saving time adjustments, desktop responsiveness, and sign-in functionality. A significant focus of this release involves managing the transition of Secure Boot certificates that are set to expire in June 2026, with Microsoft implementing a phased rollout approach to ensure devices receive updated certificates only after demonstrating successful update signals.

This cumulative update is distributed through Windows Update, Windows Update for Business, and the Microsoft Update Catalog, with automatic synchronization available through Windows Server Update Services (WSUS) when properly configured. The update includes both security enhancements and non-security quality improvements designed to maintain system stability and security posture across Windows Server 2022 deployments.

General Purpose

KB5087545 serves as a comprehensive maintenance release for Windows Server 2022, delivering critical security patches alongside quality-of-life improvements. The update enhances Secure Boot certificate coverage through improved device targeting data, enabling a controlled phased deployment mechanism for organizations managing device fleets through Active Directory environments. New automation scripts are included to help IT professionals detect certificate update status and automate safe rollout procedures.

Beyond security measures, the update improves computational accuracy in applications and system components, particularly when processing very small numerical values, ensuring more consistent results across calculations. The release adds support for the 2023 daylight saving time changes in Egypt and addresses desktop responsiveness issues that previously caused interface delays and window freezing during routine operations. Additionally, the update resolves a Remote Desktop Connection security warning dialog rendering issue that occurred in multi-monitor environments with different scaling configurations following previous April updates.

General Sentiment

Community reception of KB5087545 presents a mixed picture. The update addresses legitimate technical issues and provides necessary security enhancements, which are generally viewed favorably by administrators focused on maintaining secure infrastructure. However, significant concerns have emerged regarding installation reliability, particularly affecting systems with specific language pack configurations.

Multiple users have reported installation failures with error code 0x80073701 (ERROR_SXS_ASSEMBLY_MISSING), specifically involving Polish language pack components on Windows Server 2022 Standard installations. These failures appear to stem from orphaned or incomplete superseded language pack components from previous updates, creating a dependency chain that the update cannot resolve. While Microsoft documentation suggests straightforward remediation paths, affected administrators report that standard troubleshooting procedures such as DISM component cleanup and health checks do not resolve the underlying issue, forcing some to consider in-place repair installations on production systems.

The BitLocker Group Policy issue affecting devices with specific TPM validation profiles and Secure Boot configurations adds another layer of concern, though this affects only a limited number of enterprise systems with non-standard configurations. The temporary removal of WSUS error reporting details to address a security vulnerability (CVE-2025-59287) has also drawn criticism from administrators who rely on detailed synchronization diagnostics.

Known Issues

  • BitLocker Recovery Key Requirement: Systems with unrecommended BitLocker Group Policy configurations specifying TPM platform validation profile for native UEFI firmware with PCR7 inclusion may require BitLocker recovery key entry on first restart after installation. This affects only systems meeting all specific conditions including Secure Boot State PCR7 Binding reported as "Not Possible" and presence of Windows UEFI CA 2023 certificate. Workaround involves removing the Group Policy configuration before installation and temporarily disabling BitLocker during the update process.
  • Language Pack Component Resolution Failure: Windows Server 2022 installations with superseded Polish (pl-PL) language pack components from previous updates may fail installation with error 0x80073701 when CBS engine attempts to resolve missing WinSxS deployment components. Standard DISM cleanup and health check procedures do not resolve this issue.
  • WSUS Error Reporting Limitation: Windows Server Update Services no longer displays synchronization error details in error reporting after installing KB5070884 or later updates. This functionality was temporarily removed to address Remote Code Execution Vulnerability CVE-2025-59287.
  • Microsoft Account Sign-In Issue: Some users may experience "no Internet" errors during Microsoft account sign-in to applications such as Microsoft Teams even when device connectivity is functional, following Windows updates released on or after March 10, 2026.

Disclaimer: We take measures to ensure that AI-generated content is of the highest possible quality, but we cannot guarantee its accuracy and recommend that users do their own independent research. Generated on 2026-06-11 07:20 PM

Back to Knowledge Base Catalog