On June 20, 2024, Microsoft released an out-of-band update, KB5041054 (OS Build 20348.2529), for Windows Server 2022. This update specifically addresses a known issue affecting the BCryptSignHash API, which previously returned a "STATUSINVALIDPARAMETER" error when NULL padding input parameters were used for RSA signatures. This problem was particularly prevalent in environments utilizing Customer-Managed Keys (CMK), such as Azure Synapse dedicated SQL pools. (support.microsoft.com)

Background and Context

The BCryptSignHash API is a critical component in Windows cryptographic services, responsible for generating digital signatures using the RSA algorithm. The issue addressed by KB5041054 arose when NULL padding was employed in RSA signatures, leading to the "STATUSINVALIDPARAMETER" error. This error disrupted operations in scenarios where CMKs were in use, notably affecting Azure Synapse dedicated SQL pools. (support.microsoft.com)

Details of the Update

KB5041054 is a cumulative update that not only resolves the BCryptSignHash API issue but also includes quality improvements to the servicing stack. The servicing stack is essential for the installation of Windows updates, ensuring a robust and reliable update process. By enhancing the servicing stack, Microsoft aims to improve the overall stability and reliability of the update mechanism. (support.microsoft.com)

Implications and Impact

The release of KB5041054 is significant for organizations relying on Azure Synapse dedicated SQL pools and other services utilizing CMKs. By addressing the BCryptSignHash API issue, Microsoft has mitigated a critical vulnerability that could have led to operational disruptions. The inclusion of servicing stack improvements further enhances the system's ability to receive and install future updates seamlessly. (support.microsoft.com)

Known Issues and Workarounds

After installing this update, users might encounter difficulties when changing their user account profile picture, receiving an error message with error code 0x80070520. Microsoft has acknowledged this issue and is working on a resolution, advising users to contact Windows support for assistance. (support.microsoft.com)

Conclusion

Microsoft's proactive release of KB5041054 underscores its commitment to maintaining the security and reliability of Windows Server 2022. By promptly addressing the BCryptSignHash API issue and enhancing the servicing stack, Microsoft has provided a critical update that bolsters system stability and ensures a more robust update process for users.

References