KB5010342 for Windows Server 20H2 – February Update from Microsoft

The cumulative update for Windows Server version 20H2 has been released by Microsoft. It supersedes the January month’s cumulative update KB5009543 and seeks to resolve key vulnerabilities reported in the February security update. This update will push the build on Windows Server 20H2 to 10.0.19042.1526.

We look at the key elements of this update, and the significant vulnerabilities that have been taken care of in this cumulative update.

Salient features of KB5010342 for Windows Server 20H2 Server Core:

  • KB5010342 is cumulative.
  • x64 file has a size of 656.6 MB
  • AMD64 update file has a size of 686 MB.
  • This update is significant because of the CVE-21984 and CVE-21907 vulnerabilities. Details of vulnerabilities are listed below.
  • Early adopters of the cumulative update have pointed at no post-deployment contingencies.

Can I install KB5010342 without installing KB5009543 for Windows Server 20H2?

Yes, the KB5010342 cumulative update can be directly applied to the Windows Server version 20H2 Server Core installation. This includes situations wherein some system administrators may not have patched the server with January updates on account of the various issues that happened post-deployment of January updates.

Ideally, you should have patched Windows Server 20H2 with KB5009543. Understandably, there were issues post-deployment of KB5009543. Some of these issues included:

  • Boot loops on domain controllers
  • Failure of virtual machines based on Hyper V virtualization layer.
  • ReFS volume drives became raw. This affected internal and external drives.
  • VPN connections failed across multiple client machines of different configuration and operating system deployments.
  • LDAP bindings started to fail.

Post deployment of the KB5009543, the issues were resolved through uninstallation of the KB5009543 update by a few administrators. However, Microsoft released out of band updates -KB5010793 for the Windows Server 20H2 version. These emergency updates resolved a few issues that occurred post-deployment of KB5009543. KB5010793 superseded KB5009543.

So, we have the following 2 situations (assuming you are proactive in patching Windows Server 20H2, and it was patched last in December 2021 or January 2022):

  • Your last patch on Windows Server 20H2 is KB5008212 from December 2021. Feel free to patch directly with KB5010342 on the Windows Server 20H2.
  • Your last patch on Windows Server 20H2 is KB5010793 (out of band update). Feel free to patch with KB5010342. Only the incremental changes after the KB5010793 out of band updates will be downloaded and patched on the target server.

Thankfully, there have been no issues in this month’s update cycle of Microsoft security updates.

What vulnerabilities affect the Windows Server version 20H2?

Two significant vulnerabilities require attention for the February update cycle. Both these vulnerabilities affect the Windows Server version 20H2 Server Core installation. We share brief details of these vulnerabilities below.

CVE-2022-21984 – This is a zero-day vulnerability with a CVSS score of 8.8. The vulnerability lies in the Microsoft DNS Server that can be exploited to cause a Remote Code Execution attack on the target. The current month’s patch resolves the issue for the Windows Server 20H2 Server Core. Please do plan for an emergency maintenance window for patching the server. This vulnerability is wormable and is under active exploitation by the threat elements.

CVE-2022-21907 – This vulnerability is CVSS 9.8 critical vulnerability. This vulnerability lies in the HTTP Protocol Stack (http.sys). It can be exploited to launch Remote Code Execution attacks on the target systems. Given the nature of this security vulnerability, we advise patching the Windows Server 20H2 Server Core on priority.

KB5010342 for Windows Server 20H2 Server Core installation assumes significance in the light of these vulnerabilities. Both vulnerabilities are patched in the latest cumulative update KB5010342.

How can I install KB5010342 on Windows Server 20H2?

KB5010342 is a normal cumulative update. It is, therefore, available through all the normal update channels of Microsoft.

  • KB5010342 can be deployed automatically through Windows Update.
  • KB5010342 can be deployed through Windows Update for Business.
  • Windows Server Update Service (WSUS) can be used to automatically fetch the KB5010342 for the Windows Server 20H2.
  • KB5010342 can be manually downloaded from the Microsoft update catalog page. Choose a file that corresponds to your server type x64 or ARM64.
  • Direct download link for the update file for Windows Server 20H2 x64 – KB5010342 for x64. This update file is of 656.6 MB size.
  • Direct download link for the update file for Windows Server 20H2 ARM64 – KB5010342 for ARM64. This update file is of 686 MB size.

Early adopters of KB5010342 for Windows Server version 20H2 have indicated that this month’s update has not caused any incidental issues.

If you run into any issues with the update, you can uninstall it. However, we suggest patching the staging server before trying to patch production servers. A good update policy should focus on patching non-production servers before going live with the patches on production servers.

Summary

KB5010342 for Windows Server 2012 (Server Core Installation) is a straightforward cumulative update. It seeks to replace the previous month’s updates and resolve security vulnerabilities that include the two high impact and critical vulnerabilities.

You may like to read content related to Windows Updates in the following pages: