KB5011560 for Windows 8.1 – March Updates

KB5011560 is a security only update for Windows 8.1 based systems. This update mitigates security threats on the Windows 8.1 operating system and brings in quality improvements to the operating system. Windows 8.1 has reached end of mainstream support. So, the security only updates need to be installed as standalone patches. These security updates are not cumulative. Before installing KB5011560 on Windows 8.1, you need to make sure that all the older security updates have been deployed on the server. You will also need to ensure that the IE cumulative update, KB5011486, is deployed before patching the KB5011560 security only update on the server.

Salient points about KB5011560 for Windows 8.1:

  • KB5011560 for Windows 8.1 is a security update, and it is not cumulative.
  • Please install previous security updates before deploying KB5011560.
  • Also, please deploy KB5011486 before deploying KB5011560 on Windows 8.1
  • The update file for x64 systems is 64.5 MB.
  • The update file for 32 bit x86 systems is 40.3 MB.
  • You can choose to skip this update and instead deploy the monthly rollup for Windows 8.1. The monthly rollup for Windows 8.1 is KB5011564. It is available for 32 bit and x64 systems.
  • There are 3 zero-day vulnerabilities in the March updates. Two of these affect Windows 8.1, 32 bit and x64 versions. These vulnerabilities are patched in KB5011560 and KB5011564. The third zero day vulnerability affects Visual Studio and .NET. Visual Studio and .NET security updates are available separately.
  • Upon installing KB5011560, the server may require a reboot.

Below, we discuss the vulnerabilities that affect Windows 8.1 We lay our focus on zero-day vulnerabilities and the ones that are more likely to be exploited. There have been a total of 71 vulnerabilities that have been disclosed as part of the March updates. You can read more about each of the vulnerabilities and the corresponding CVSS scores on this page.

Zero-day vulnerabilities resolved in KB5011560 for Windows 8.1

The three vulnerabilities that have been publicly disclosed and form zero-day threat matrix are listed below, with a brief description.

  • CVE-2022-21990 – this vulnerability affects Windows Server 8.1 32 bit and x64. It is a CVSS 8.8 remote code execution vulnerability on the Windows Remote Desktop Client software. It is mitigated in KB5011560 for Windows 8.1.
  • CVE-2022-24512 – .NET Remote Code Execution with CVSS score of 6.3. There is a separate patch for resolving the .NET vulnerability and is available through the .NET page and Visual Studio site of Microsoft.
  • CVE-2022-24459 – Elevation of Privilege vulnerability on Windows Fax and Scan Service. It has a CVSS score of 7.8 with high impact on the affected infrastructure. This vulnerability affects the Windows Server 8.1 32 bit and x64 systems as well. It is mitigated in KB5011560 for Windows 8.1.

No separate action is required to patch these zero-day vulnerabilities. We just need to make sure that the servers are patched appropriately.

Other vulnerabilities that affect Windows 8.1 32 bit and x64 systems

We write about the vulnerabilities that are more likely to be exploited and, therefore, can pose challenges to the security of the infrastructure comprising of Windows 8.1 systems.

  • CVE-2022-24502 – CVSS 4.3 – Windows HTML Platforms Security
  • CVE-2022-23299 – CVSS 7.8 – Elevation of Privilege on Windows PDEV.
  • CVE-2022-23294 – CVSS 8.8 – Remote Code Execution involving Windows Event Tracing.
  • CVE-2022-23285 – CVSS 8.8 – Remote Code Execution on Remote Desktop Client software.
  • CVE-2022-23253 – CVSS 6.5 – Denial of Service involving Point to Point tunneling protocol.

These vulnerabilities are patched as part of the KB5011560 security update and KB5011564 monthly rollup update.

Aside from the vulnerabilities shared above, there are other vulnerabilities with a potential impact on the Windows 8.1. Since these are less likely or unlikely to be exploited, we have not covered these in the present document.

How can I get KB5011560 for Windows 8.1?

KB5011560 is a security update that is available for update through WSUS and Microsoft Catalog channels. You cannot install KB5011560 using the Windows Update or Microsoft Update programs. This is on account of the current status of support for Windows 8.1.

KB5011560 can be automatically installed using WSUS. Set the WSUS product type to include –  Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro. If you are using WSUS, please do install KB5001403 SSU or Service Stack Update before installing KB5011560 on Windows 8.1. Also, install KB5011486 IE cumulative update before patching with KB5011560.

KB5011560 can be downloaded manually using the Microsoft Update catalog. The patch can be downloaded from this page. Choose the x86 update file of 40.3 MB for 32 bit systems. x64 systems should download the file of 64.5 MB. However, there are 2 caveats before you install KB5011560 on Windows 8.1. –

  • First, please download and install KB5001403 SSU on Windows 8.1. You can download it manually from the Microsoft catalog page. It is available for x86 and x64 systems as separate files.
  • Now, please download and install IE Cumulative update KB5011486 on the Windows 8.1 system. The IE cumulative update can be downloaded from this page on the Microsoft Update catalog. x86 file for Windows 8.1 is 29.5 MB. x64 file for Windows 8.1 is 55 MB.

Upon completing these 2 incidental steps, please proceed with deployment of KB5011560 on Windows 8.1. No adverse reports have been shared by adopters of the KB5011560 security only update for Windows 8.1

Summary

KB5011560 is a security update that needs to be given attention. It has patched 2 of the 3 zero-day vulnerabilities reported by Microsoft. Besides, it also patches 5 vulnerabilities that are more likely to be exploited and have a high impact on the target Windows 8.1 systems.

Do need to also make a note of the two supporting updates that need to be installed. KB5001403 and KB5011486 are equally significant before deploying KB5011560.

You may also like to read the following content related to Windows Updates: