Full Report
Microsoft has released the KB5053606 cumulative update for Windows 10 22H2 and Windows 10 21H2, which fixes numerous bugs, including one preventing SSH connections. [...]
Analysis Summary
# Vulnerability: Windows 10 SSH Service Failure
## CVE Details
- CVE ID: N/A (This update primarily addresses functional fixes and known issues, not a specific security vulnerability with a published CVE in the provided text.)
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: Windows 10
- Versions: Not explicitly enumerated, but addressed by Update KB5053606 on applicable Windows 10 builds.
- Configurations: Systems using the OpenSSH service where the OpenSSH Daemon (`sshd.exe`) fails to start.
## Vulnerability Description
A known issue in previous Windows updates caused the OpenSSH service to fail to start, preventing users from initiating SSH connections. The issue resulted in lack of detailed logging when the failure occurred, requiring manual execution of the `sshd.exe` process to verify status.
## Exploitation
- Status: Not applicable/Functional Issue (The text describes an operational failure, not a security exploit.)
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Low (Indirect, if SSH is required for secure communication)
- Integrity: Low (Indirect, if SSH is required for secure communication)
- Availability: Medium (Direct impact on the availability of the OpenSSH server functionality)
## Remediation
### Patches
- Specific Fix: Windows 10 Update **KB5053606** fixes the OpenSSH failure issue. (Also references KB5052077 preview update bulletin for related context for Feb 2025).
### Workarounds
This specific OpenSSH issue appears to be fully resolved by the patch; no explicit workaround is provided for the SSH failure itself.
**Note on a Related Interoperability Issue:**
If Citrix Session Recording Agent (SRA) version 2411 is installed, the January 2025 security update (presumably the predecessor to KB5053606 if this is March) may fail to install or revert.
* **Workaround for Citrix SRA:** Stop the Session Recording Monitoring service, install the Microsoft security update, and then re-enable the service.
## Detection
- Indicators of Compromise: Failure of the OpenSSH service to start automatically, requiring manual start of `sshd.exe`.
- Detection methods and tools: Monitoring the status of the OpenSSH service or observing missing connection attempts.
**Note on Another Unrelated Event Log Issue:**
The System Guard Runtime Monitor Broker service might incorrectly log an Event 7023 error citing `SgrmBroker.exe` termination. Microsoft states this error is benign and does not impact functionality; it will be fixed in future updates.
## References
- Vendor Advisories: [KB5053606 support bulletin](https://support.microsoft.com/en-us/topic/march-11-2025-kb5053606-os-builds-19044-5608-and-19045-5608-8beab4af-42c8-4469-9273-d241597431c3)
- Citrix Support: [CTX692505](https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US)