Full Report
Microsoft has released the KB5055518 cumulative update for Windows 10 22H2 and Windows 10 21H2, with nine changes or fixes. [...]
Analysis Summary
# Vulnerability: Printing Fixes and System Temporary File Security Improvements in Windows 10 Update (KB5055518)
## CVE Details
- CVE ID: N/A (This article describes a non-security quality update that addresses general functionality and known issues, not a specific vulnerability with a CVE.)
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: Windows 10
- Versions: Builds 19044.5737 and 19045.5737 (Specific to the KB5055518 update release timeframe)
- Configurations: All users receiving the cumulative update KB5055518 are affected regarding the fixes and known issues outlined below.
## Vulnerability Description
This update package (KB5055518) primarily addresses functional issues, most notably:
1. **Printing Issue Fix**: Resolves an issue where users experienced random text appearing or corrupted printouts, including scenarios where white pages appeared instead of actual thumbnails during printing jobs.
2. **Temporary File Security Enhancement**: Enables system processes to store temporary files in a secure directory (`C:\Windows\SystemTemp`) when calling `GetTempPath2` API or using .NET's `GetTempPath` API, mitigating the risk of unauthorized access to temporary files.
3. **EEA Search Provider Updates**: Updates Windows Search in the European Economic Area (EEA) regarding web search provider discoverability and default browser handling for search results.
## Exploitation
- Status: N/A (This is a quality/non-security update.)
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Potential reduction of risk due to secure handling of temporary files.
- Integrity: Restored integrity for printing functionalities.
- Availability: Minor impact improvement via resolving printing bugs.
## Remediation
### Patches
- **KB5055518**: Installs OS builds 19044.5737 and 19045.5737, which contain the fixes.
### Workarounds
For users experiencing known issues *after* updating, or conflicts with other software:
1. **Citrix SRA Conflict**: If the Windows update fails or reverts due to Citrix Session Recording Agent (SRA) version 2411 being installed:
* Stop the **Session Recording Monitoring service**.
* Install the Microsoft security update.
* Enable the **Session Recording Monitoring service**.
2. **Event Viewer Error**: EventViewer may show an Event 7023 error regarding `SgrmBroker.exe` termination. This can be safely ignored as `SgrmBroker.exe` currently serves no purpose in the OS.
## Detection
- **Indicators of Compromise**: N/A (Focus is on functional improvements/bug fixes).
- **Detection Methods and Tools**: Monitor successful installation of Update KB5055518. Verify printing reliability and check for the absence of the `GetTempPath` temporary file access issues. For legacy known issues, monitor Event Viewer for Event ID 7023 related to `SgrmBroker.exe` (though these are expected and benign post-update).
## References
- Vendor Advisories:
* KB5055518 support bulletin: hxxps://support.microsoft.com/en-us/topic/april-8-2025-kb5055518-os-builds-19044-5737-and-19045-5737-6329246b-63bb-4d0a-9e95-e22926fbbe51
* KB5053643 preview update bulletin: hxxps://support.microsoft.com/en-us/topic/march-25-2025-kb5053643-os-build-19045-5679-preview-3fd3cc5d-2757-4092-ac0e-bb0e9c295861
* Citrix support bulletin for workarounds: hxxps://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US