KB5010395 – Windows Server 2012 R2 – February Security Update

KB5010395 is the security update for Windows Server 2012 R2 version. The update has been released on 8th February and seeks to mitigate security risks on the Windows Server 2012 R2. This is a standalone security update and should be patched on the Windows Server 2012 R2 after the January security update has been implemented. We look at the details of the KB5010395 security update for Windows Server 2012 R2.

Salient points about KB5010395:

  • This update is a standalone security update.
  • Manual action is needed to install KB5010395 through Microsoft catalog. You can deploy it using WSUS as well.
  • The size of update is 54.3 MB.
  • This update resolves quite a few issues impending since the last security update of January.
  • Zero-day vulnerability CVE-2022-21984 not applicable to Windows Server 2012 R2.
  • Critical vulnerability CVE-2022-21907 not applicable to Windows Server 2012 R2.

Can I install KB5010395 on Windows Server 2012 R2 without installing KB5009595?

Both security updates, KB5010395 and KB5009595 are mutually exclusive. These are standalone security updates and fix different issues on the Windows Server 2012 R2. So, you will need to deploy KB5009595 before patching with KB5010395.

KB5009595 deployment caused many issues on the Windows Server 2012 R2. Some of these are mentioned below for your ready reference:

  • Boot loops on the domain controllers.
  • Inability of the virtual machines based on Hyper V virtualizatioin to work after deployment of KB5009595.
  • Failed LDAP bindings on the server.
  • ReFS volume drives, internal and external, became RAW.

For all the issues mentioned above, the system administrator could either

  • uninstall the KB5009595 from the Windows Server 2012 R2 or,
  • patch Windows Server 2012 R2 with an out of band update that fixed these issues. The out of band is available as KB5010794 security update for Windows Server 2012 R2.

For all practical reasons, your Windows Server 2012 R2 should be carrying KB5009595 or the out of band update KB5010794.

Aside from these, you will also need to patch the following two security updates before patching with KB5010395:

  • Install the SSU or Service Stack Update KB5001403. Since Windows Server 2012 R2 is end of mainstream support, you will need to download KB5001403 from the catalog page here. The update file is of 10.4 MB.
  • Upon installing the SSU, please install the Internet Explorer update KB5006671. Again, you will need to download it manually from the Microsoft Update catalog page for KB5006671. Choose the x64 file for Windows Server 2012 R2. It has a size of 54.9 MB.

These steps will comply with the prerequisites of installing the security update KB5010395 on your Windows Server 2012 R2.

How can I install KB5010395 on Windows Server 2012 R2?

Windows Server 2012 R2 is end of mainstream support. As a result, you cannot patch KB5010395 through automatic channels. Windows Update and Microsoft Update are unavailable for patching KB5010395 on Windows Server 2012 R2. This leaves us with the following two methods to install KB5010395 on the Windows Server 2012 R2:

  • You can install KB5010395 manually, through the Microsoft Update catalog. The KB5010395 update can be downloaded from the catalog page here. The update file for x64 Windows Server 2012 R2 is of 26.8 MB.
  • The alternative option is to import KB5010395 through the Windows Server Update Service (WSUS) and apply the security update on the server.

Early adopters of the security update suggest that February’s update is free of any incidental impact or issues on the server. So, you may apply this update on your convenience.

What vulnerabilities are resolved in KB5010395?

February updates from Microsoft have largely discussed 2 significant vulnerabilities:

CVE-2022-21907 – This is an HTTP Protocol stack vulnerability(http.sys) that can cause remote code execution attacks on the target server. This vulnerability carries a CVSS 9.8 score. It is marked critical in terms of impact on the affected infrastructure. However, this vulnerability does not affect Windows Server 2012 R2.

CVE-2022-21984 – This is another remote code execution vulnerability that affects the Microsoft DNS Server. It is also a zero-day attack vector that can be exploited by an attacker anytime to cause damage to the target infrastructure. This vulnerability carries a CVSS score of 8.8. However, this vulnerability does not affect Windows Server 2012 R2.

So, as for critical and zero-day vulnerabilities, the February update does not carry any risks for Windows Server 2012 R2.

What issues are resolved in KB5010395 for Windows Server 2012 R2?

The main issues that have been resolved in KB5010395 for Windows Server 2012 R2 are:

  • Issue with failed LDAP bindings has been resolved.
  • Issue with failure of virtual machines on Hyper V has been resolved.
  • Windows stop error with error message -IRQL_NOT_LESS_OR_EQUAL error has been resolved.
  • Jordan’s DST time has been updated to start from February instead of March.

There are also 2 known issues that you need to be aware of on the Windows Server 2012 R2:

  • Failure of file operations on a clustered shared volume with an error – STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). A temporary workaround for this issue suggests to carry out the file operations from a process with administrative privilege or perform the operations from a node without CSV ownership.
  • Active Directory trust information may not get set on account of issues in the underlying .NET framework. You will need to identify the .NET framework version and patch it with the corresponding update for the .NET framework:
  1. .NET framework 4.5.2 to be patched with .NET update under KB5011260. You can download the file manually and apply it on the Windows Server 2012 R2 from this catalog page. The size of the update file is 54.3 MB.
  2. .NET framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 to be patched with KB5011262. The update file can be downloaded from Microsoft catalog page here. The size of the update is 375 KB only.
  3. .NET framework 4.8 to be patched with KB5011265. This .NET update can be downloaded manually from the Microsoft Catalog page for Windows Server 2012 R2. The update file is 362 KB in size.

Aside from these resolved and unresolved issues, there are no concerns reported on KB5010395 for Windows Server 2012 R2.

Summary

KB5010395 is a security only update. Please patch it after updating Windows Server 2012 R2 with KB5009595 or KB5010794. The current month’s update, KB5010395, resolves quite a few issues that are incidental to the implementation of KB5009595. There are no reports of any complications on the Windows Server 2012 R2 after deployment of KB5010395.

You may also like to read the following content related to Windows Update: