KB5010351 – Windows Server 2019 – February Cumulative Update

Cumulative update for the Windows Server 2019 has been released by Microsoft on 8th February. Early adopters of the cumulative update have reported a seamless installation. No issues have been reported after updating the Windows Server 2019 with KB5010351. We look at the details of the latest cumulative update for Windows Server 2019. This update supersedes the last month’s KB5009557 and the out of band update -KB5010791 for Windows Server 2019.

You may download the KB5010351 directly from the Microsoft Update Catalog link. The size of this update is 559 Mb.

Salient points about KB5010351:

  • This update is cumulative.
  • The update weighs 559 Mb in size.
  • The update supercedes January update -KB5009557.
  • Out of the 2 critical vulnerabilities reported in Feburary, you will need to check the HTTP Protocol Stack vulnerability through the registry on Windows Server 2019. Details are given below.
  • Zero-day DNS vulnerability does not apply to the Windows Server 2019. However, it is worth reading about it. It is a CVSS 8.8 vulnerability with significant impact on the affected servers.
  • The stable build number after updating Windows Server 2019 with KB5010351 will be OS Build 17763.2565.

Can I install KB5010351 without installing January cumulative updates for Windows Server 2019?

The latest update KB5010351 is a cumulative update for Windows Server 2019. If you did not install the KB5009557 January update or KB5010791 out of band update, you can still go ahead and install the KB5010351 cumulative update on Windows Server 2019. KB5010351 supersedes KB5009557.

Microsoft has clearly stated that this update will replace the January update and the out-of-band update KB5010791. It has also been stated on the patch document that this update will download incremental changes if you have already deployed the previous month’s cumulative updates and the out of band updates.

There were many issues that were caused after implementing KB5009557 cumulative updates on Windows Server 2019 in January. To resolve those issues, Microsoft had released an out of band update KB5010791. This update resolved the issues that had arisen out of implementing KB5009557.

Installing the latest cumulative update should not take much time. The update file weighs 559 MB. Last month’s cumulative updates had a size of 556.9 MB. So, if you had implemented the January updates on Windows Server 2019, you will download the incremental changes from the previous update.

How to install KB5010351 on Windows Server 2019?

KB5010351 is available through all the normal channels. You can install KB5010351 in one of the following four regular ways:

  • KB5010351 can be installed using the Windows Update service.
  • KB5010351 can be installed using Windows Update for Business.
  • KB5010351 can also be installed by importing the update in the Windows Server Update Service or WSUS. You will need to configure WSUS to work on Windows Server 2019 product and import the security updates as part of the process.
  • KB5010351 can also be downloaded from the Microsoft Update Catalog page for Windows Server 2019.

There have been no issues reported in this month’s update for Windows Server 2019. However, we still suggest running the updates on staging servers before hitting the production servers. If you do not have a staging environment, you may start by patching the Windows Server 2019 servers with the least significance on your network.

Vulnerabilities resolved for Windows Server 2019

  • There is a critical vulnerability that you need to be aware of. CVE-2022-21907 lies in the HTTP Protocol Stack or http.sys and it can be used to cause a Remote Code Execution attack on the vulnerable servers. This vulnerability does not affect Windows Server 2019. However, Microsoft wants you to check the presence of DWORD EnableTrailerSupport in the registry hive location of

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

  • The other critical vulnerability on the February updates is on the Microsoft Defender for IoT devices. This affects the Azure framework. So, your Windows Server 2019 does not have this vulnerability.

If the DWORD EnableTrailerSupport exists on the registry hive, please delete it from the registry to clear this vulnerability from your Windows Server 2019 server.

  • There is a Zero-day vulnerability on the DNS with a CVSS rating of 8.8 that you need to be aware of. CVE-2022-21984 has a CVSS score of 8.8 and affects the DNS services. It could lead to Remote Code Execution as an attacker could compromise the server running the DNS and cause malicious code to execute on the server. This vulnerability does not affect the Windows Server 2019.

On the vulnerability side of things, Windows Server 2019 needs to be checked for the presence of critical vulnerabilities that can be resolved manually (see above). Zero-day vulnerability does not apply to Windows Server 2019.

What bugs or fixes have been resolved in KB5010351 on Windows Server 2019?

KB5010351 resolves the issue with failed LDAP bindings. Microsoft has posted the below on the updates website for Microsoft Windows Server 2019.

Addresses an issue that causes a Lightweight Directory Access Protocol (LDAP) modify operation to fail if the operation contains the SamAccountName and UserAccountControl attributes. The error message is, “Error: 0x20EF. The directory service encountered an unknown failure”.

What known issues should I be aware of in KB5010351 on Windows Server 2019?

1. The newest issue that you need to be aware of is the issue with .NET framework on Windows Server 2019. After deploying January updates, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information may not work.

The remedy for this issue lies in updating the .NET framework as per the following update details:

  • KB5011259 for fixing issues in .NET framework version 4.7.2 on Windows Server 2019. This is an out of band update. Please deploy it manually on the Windows Server 2019 from the Microsoft Update catalog page.
  • KB5011257 for fixing issues in .NET framework version 4.8 on Windows Server 2019. This is an out of band update. Please deploy it manually on the Windows Server 2019 from this Microsoft Update catalog page.

2. Cluster services may fail on the server due to the ‘Cluster Network Driver’ not being found. Per Microsoft, this issue occurs because of an update to the PnP class drivers used by this service.  After about 20 minutes, you should be able to restart your device and not encounter this issue.

Summary

The cumulative update KB5010351 for Windows Server 2019 has not posed any issues post-deployment by early adopters of the security update. The update superseded the January updates for Windows Server 2019. You need to pay special attention to a critical vulnerability with a score of 9.8 that may need to be manually investigated and mitigated.

You may also like to read more about the Microsoft updates for February and January: