The December security update for Windows Server 2016 has been released by Microsoft last week. The security update resolves 22 vulnerabilities, of which 3 are of critical impact for your Windows Server 2016 based infrastructure. The remaining 19 vulnerabilities have an important severity or impact on your infrastructure comprising of the Windows Server 2016 edition. Application of the security update KB5008207 will take your Windows Server 2016 build to version OS Build 14393.4825. Below, we list all the security vulnerabilities that have been resolved as part of the security update KB5008207. We also discuss the methods that can be used to deploy the security update KB5008207.
How can I get security update KB5008207 for Windows Server 2016?
The security update KB5008207 for Windows Server 2016 can be deployed in one of the following ways:
- KB5008207 can be deployed using the Windows Update program on your server
- KB5008207 can also be deployed using the Windows Update program for business.
- KB5008207 can be installed on the server using the Windows Server Update Service (WSUS).
- You can manually download the KB5008207 security update through the Microsoft Update Catalog. The updae weighs 1692 MB and can be downloaded from the Microsoft Update catalog on this page.
Do make sure you have change management or planned maintenance in place. The server may require a reboot during the update process.
What are the quality improvements that have been made in the KB5008207 security update?
The following quality improvements and bug fixes have been made as part of the security update KB5008207 for Windows Server 2016.
- Adds support for the cancellation of daylight savings time for the Republic of Fiji for 2021.
- Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.
- Addresses a known issue that might prevent apps, such as Kaspersky apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).
This security update has a known issue, pending resolution from Microsoft. The issue relates to the failure of the Key Management Services on Windows Server 2016 to activate the client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016.
Critical vulnerabilities resolved under KB5008207 on Windows Server 2016?
The KB5008207 security update resolves 3 critical vulnerabilities. All 3 vulnerabilities are prone to remote code execution. An attacker could deploy and execute malicious code on the vulnerable Windows Server 2016. The details of these vulnerabilities are mentioned below for your ready reference:
- CVE-2021-43215 – this is a remote code execution vulnerability with a CVSS score of 9.8. The CVSS score does suggest the nature of this vulnerability, and the fact that it requires immediate patching. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution.
- CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS). Windows Server 2016 is also affected with this vulnerability.
- CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching. This client software is a part of the Windows Server 2016 platform.
Apart from these 3 critical vulnerabilities, there are 19 other vulnerabilities that are of important severity. We discuss these important severity vulnerabilities below.
Remote code execution – important severity – Windows Server 2016 KB5008207
There are a couple of remote code execution vulnerabilities with ‘important’ impact or severity for Windows Server 2016. These vulnerabilities have been patched under the security update KB5008207. The details of these vulnerabilities are mentioned herein:
- CVE-2021-43232 – CVSS score of 7.8 and it affects the Windows Event Service.
- CVE-2021-43234 – CVSS score of 7.8 and it affects the Windows Fax Service.
There are not many details that are available on the CVE site for these vulnerabilities.
Information Disclosure vulnerabilities resolved under KB5008207 for Windows Server 2016
There are six information disclosure vulnerabilities that have been resolved under the security update KB5008207 for Windows Server 2016. These vulnerabilities are listed below for your ready reference:
- CVE-2021-43236 – CVSS score of 7.5 and affects Microsoft Messaging Queue.
- CVE-2021-43235 – CVSS score of 5.5 and affects the ‘Storage Spaces Controller’.
- CVE-2021-43227 – CVSS score of 5.5 and affects the ‘Storage Spaces Controller’.
- CVE-2021-43224 – CVSS score of 5.5 and affects the Windows Common Log File System Driver.
- CVE-2021-43222 – CVSS score of 7.5 and affects Microsoft Messaging Queue.
- CVE-2021-43216 – CVSS score of 6.5 and affects Microsoft Local Security Authority Server (lsasrv).
All these ‘information disclosure vulnerabilities are of a significant nature. Applying the KB5008207 patch for addressing these vulnerabilities on a Windows Server 2016 would be required as part of the compliance to IT security norms and rules.
Elevation of Privileges vulnerabilities resolved under KB5008207 for Windows Server 2016
There are eleven ‘elevation of privileges’ vulnerabilities that have been resolved on Windows Server 2016 as part of the security update KB5008207. These vulnerabilities and details are mentioned below for your ready reference.
- CVE-2021-43893 – CVSS score of 7.5 and affects the Windows Encrypting File System (EFS) .
- CVE-2021-43883 – CVSS score of 7.8 and affects Windows Installer.
- CVE-2021-43248 – CVSS score of 7.8 and affects Windows Digital Media Receiver.
- CVE-2021-43238 – CVSS score of 7.8 and affects Windows Remote Access.
- CVE-2021-43231 – CVSS score of 7.8 and affects Windows NTFS.
- CVE-2021-43230 – CVSS score of 7.8 and affects Windows NTFS.
- CVE-2021-43229 – CVSS score of 7.8 and affects Windows NTFS.
- CVE-2021-43226 – CVSS score of 7.8 and affects Windows Common Log File System Driver.
- CVE-2021-43223 – CVSS score of 7.8 and affects Windows Remote Access Connection Manager.
- CVE-2021-41333 – CVSS score of 7.8 and affects Windows Print Spooler.
- CVE-2021-43207 – CVSS score of 7.8 and affects Windows Common Log File System Driver.
All these ‘elevation of privileges’ vulnerabilities carry CVSS scores of 7.8, and have a significant impact on the infrastructure comprising of Windows Server 2016. These vulnerabilities should be patched on an immediate basis through the deployment of the security update KB5008207 for Windows Server 2016.
The security update KB5008207 for Windows Server 2016 carries a fix for significant vulnerabilities. It is therefore important that we must install the cumulative update KB5008207 on the Windows Server 2016, and keep the infrastructure up to speed with the latest security guidelines of Microsoft.
You may also like to read the following content related to Windows Updates:
- KB5026370 cumulative update for Windows Server 2022
- KB5026362 cumulative update for Windows Server 2019
- KB5026363 May 2023 cumulative update for Windows Server 2016
- KB5026415 Monthly rollup update for Windows Server 2012 R2
- Windows 10 Security Update for December – KB5008230
- Windows 11 Security Update for December – KB5008215
- Security Update for Windows Server 2012 R2 – KB5008285
- Microsoft Windows Server 2012 – KB5008255 – Security Update
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.