KB5011560 Security Update for Windows 2012 R2 – March Update

KB5011560 is the ‘Path Tuesday’ update for the month of March for Windows Server 2012 R2. It was released on 8th March 2022. Before installing the KB5011560 security update on Windows Server 2012 R2, you need to make sure that all previous security updates are implemented on the server. The security-only updates are not inclusive and do not supersede the previous month’s updates. Below, we look at the significant vulnerabilities that affect the Windows Server 2012 R2 and the essential details of KB5011560.

Salient points about KB5011560 for Windows Server 2012 R2:

  • KB5011560 can be installed only if the previous security updates are installed on Windows Server 2012 R2.
  • You will need to install SSU KB5001403 and IE cumulative update KB5011486 prior to installing KB5011560 on Windows Server 2012 R2.
  • KB5011560 update file has a size of 64.5 MB.
  • No adverse reports after deployment of KB5011560 on Windows Server 2012 R2.
  • Server reboot may be needed. Please plan for it.
  • We do suggest updating the .NET Framework on your Windows Server 2012 R2 release.

What vulnerabilities are resolved in KB5011560 for Windows Server 2012 R2?

Microsoft has shared 71 vulnerabilities as part of the March update cycle. Out of these 71 vulnerabilities, there are 3 zero-day vulnerabilities. Over and above these zero-day risks, there are some vulnerabilities that have been publicly disclosed or are more likely to be exploited. The details of all these vulnerabilities are shared below in brief. This would help you appreciate the need for patching the Windows Server 2012 R2 on a priority basis.

Zero day vulnerabilities resolved in KB5011560

There are 3 zero-day vulnerabilities, out of which 2 directly affect the Windows Server 2012 R2. These vulnerabilities have been patched as part of KB5011560. The third zero-day is on the .NET stack.

  • CVE-2022-21990 – this vulnerability affects Windows Server 2012 R2 as well. It is a CVSS 8.8 remote code execution vulnerability on the Windows Remote Desktop Client software. It is mitigated in KB5011560.
  • CVE-2022-24512 – .NET Remote Code Execution with CVSS score of 6.3. There is a separate patch for resolving the .NET vulnerability.
  • CVE-2022-24459 – Elevation of Privilege vulnerability on Windows Fax and Scan Service. It has a CVSS score of 7.8 with high impact on the affected infrastructure. This vulnerability affects the Windows Server 2012 R2 as well. It is mitigated in KB5011560.

No separate action is required to patch these zero-day vulnerabilities. We just need to make sure that the servers are patched appropriately.

Other vulnerabilities resolved in KB5011560

Aside from the zero-day vulnerabilities shared above, there are a few high and medium-impact security vulnerabilities that are likely to be exploited if the server remains unpatched. The brief details of these vulnerabilities are shared below:

  • CVE-2022-24502 – CVSS 4.3 – Windows HTML Platforms Security
  • CVE-2022-23299 – CVSS 7.8 – Elevation of Privilege
  • CVE-2022-23294 – CVSS 8.8 – Remote Code Execution
  • CVE-2022-23285 – CVSS 8.8 – Remote Code Execution
  • CVE-2022-23253 – CVSS 6.5 – Denial of Service

All these five vulnerabilities affect Windows Server 2012 R2. Three of these vulnerabilities have a high severity level for the affected infrastructure. And, all are resolved in KB5011560 for Windows Server 2012 R2. No separate patch or workaround is needed to resolve these security vulnerabilities.

How can I get the KB5011560 for Windows Server 2012 R2?

Before you can install KB5011560 on Windows Server 2012 R2, there are two additional steps you need to perform.

  • Install the SSU update KB5001403. This update can be downloaded from the KB5001403 Microsoft catalog page here. The size of MSU update file is 10.4 MB.
  • Once you have installed the SSU, you need to install this month’s IE or Internet Explorer cumulative update KB5011486. The update can be downloaded from the catalog page here. The update file has a weight of 55 MB.

Upon installing both updates, you can install the KB5011560 security-only update on Windows Server 2012 R2.

  • KB5011560 is not available through Windows Update or Microsoft Update channels.
  • You can deploy KB5011560 using the WSUS or Windows Server Update Service. You will need to define the product as “Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro”.
  • KB5011560 can be deployed manually from the Microsoft update catalog. You can download KB5011560 for Windows Server 2012 R2 from this page. The update file is of 64.5 MB size.

The server may require a reboot after installing KB5011560.

.NET Framework Update on Windows Server 2012 R2

After installing the January updates, there have been issues in the Active Directory trust relationships in the AD forest. The mitigation of these issues has been provided as part of .NET updates for the environment running on your Windows Server 2012 R2. Depending on the .NET Framework running on your server, you will need to download the appropriate patch and apply it on your server.

  • .NET Framework 4.8 needs to be patched with KB5011266. The update file is 359 KB in size.
  • .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 need to be patched with KB5011263. The update file is 376 KB in size.
  • .NET Framework 4.5.2 needs to be patched with KB5011261. This update file is slightly heavier at 72.2 MB.

Once the .NET Framework has been patched, the issue on the Active Directory Forest gets resolved.

Summary

KB5011560 is a security-only update for Windows Server 2012 R2 for the month of March. Before installing it on the server, do ensure that you have the Service Stack Update KB5001403 is already installed and KB5011486 IE cumulative update is also installed. Early adopters of the KB5011560 security update have not shared any adverse effects after deploying March month’s KB5011560 update.

You may also like to read more about the following content related to Windows Server 2012 R2: