KB5011564 for Windows Server 2012 R2 – March Update

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5011564 is the monthly rollup update for Windows Server 2012 R2. It was released on 8th March 2022. This update contains security and non-security updates for the month of February and March. The security-only update for Windows Server 2012 R2 was also released for the month of March. KB5011560 is the security-only update that is applicable for Windows Server 2012 R2. If you have already deployed the security update KB5011560 on your server, only incremental changes will be installed on the server after you patch the server with KB5011564. This is because the security changes that are part of KB501560 for Windows Server 2012 R2 are automatically a part of the KB501564 monthly rollup update. KB5011564 monthly rollup update superseded KB5010215 and KB5010419.

Salient points about KB5011564 monthly rollup update:

  • Monthly rollup update KB5011564 supersedes KB5010215 and KB5010419.
  • The size of the update file is 549.8 MB.
  • KB5011564 update resolves two of the three zero day vulnerabilities disclosed for the month of March. Details of the vulnerabilities are mentioned below.
  • Before you deploy KB5011564 on the server, you will still need to install KB5001403 SSU or Servicing Stack Update.
  • If you are installing KB5011564 manually, please download KB5001403 and deploy it from the Microsoft update catalog.
  • If you are applying KB5011564 update automatically, KB5001403 will be installed automatically before KB5011564.
  • The server may need a reboot after implementing KB5011564.
  • .NET Framework issue on the Windows Server 2012 R2 can be resolved by updating the .NET Framework with an appropriate patch for the framework version.

Below, we look at the details of the KB5011564 monthly rollup update, the vulnerabilities therein, and the .NET Framework issues on Windows Server 2012 R2.

There have been 71 vulnerability disclosures for the month of March by Microsoft. Of these, 3 are zero-day vulnerabilities. A few have a high impact on the associated infrastructure. We look at the zero-day vulnerabilities and other high-impact vulnerabilities on Windows Server 2012 R2.

Zero-day vulnerabilities resolved in KB5011564

There are 3 zero-day vulnerabilities, out of which 2 directly affect the Windows Server 2012 R2. These vulnerabilities have been patched as part of KB5011560. The third zero-day is on the .NET stack.

  • CVE-2022-21990 – this vulnerability affects Windows Server 2012 R2 as well. It is a CVSS 8.8 remote code execution vulnerability on the Windows Remote Desktop Client software. It is mitigated in KB5011560 and KB5011564.
  • CVE-2022-24512 – .NET Remote Code Execution with CVSS score of 6.3. There is a separate patch for resolving the .NET vulnerability.
  • CVE-2022-24459 – Elevation of Privilege vulnerability on Windows Fax and Scan Service. It has a CVSS score of 7.8 with high impact on the affected infrastructure. This vulnerability affects the Windows Server 2012 R2 as well. It is mitigated in KB5011560 and KB5011564.

No separate action is needed to resolve the security vulnerabilities. Patching with KB5011564 takes care of the issue.

Other vulnerabilities resolved in KB5011564

Aside from the zero-day vulnerabilities shared above, there are a few high and medium-impact security vulnerabilities that are likely to be exploited if the server remains unpatched. The brief details of these vulnerabilities are shared below:

  • CVE-2022-24502 – CVSS 4.3 – Windows HTML Platforms Security
  • CVE-2022-23299 – CVSS 7.8 – Elevation of Privilege
  • CVE-2022-23294 – CVSS 8.8 – Remote Code Execution
  • CVE-2022-23285 – CVSS 8.8 – Remote Code Execution
  • CVE-2022-23253 – CVSS 6.5 – Denial of Service

All these five vulnerabilities affect Windows Server 2012 R2. Three of these vulnerabilities have a high severity level for the affected infrastructure. And, all are resolved in KB5011560 and KB5011564 for Windows Server 2012 R2. No separate patch or workaround is needed to resolve these security vulnerabilities on Windows Server 2012 R2.

How can I get the KB5011564 monthly rollup update for Windows Server 2012 R2?

KB5011564 is a monthly rollup update. It is available through all the normal channels of Windows Update.

  • KB5011564 can be downloaded and applied automatically through the Windows Update. If you choose to upgrade through Windows Update, the Service Stacking Update or KB5001403 SSU will be applied automatically.
  • KB5011564 can be downloaded and applied through WSUS or the Windows Server Update Service automatically.
  • KB5011564 can be downloaded manually from the Microsoft Update catalog. You can download the MSU file from the KB5011564 update catalog page here. The update file has a size of 549.8 MB.

Unlike the security-only update KB5011560, the KB5011564 update is more easily available. KB5011560 is a security-only update that can be manually downloaded from the catalog page.

.NET Framework update on Windows Server 2012 R2

January 2022 updates caused issues with the Active Directory trust relationships. These issues happened on account of the .NET Framework. Below, we have listed the .NET Framework and the patches that are available for Windows Server 2012 R2.

  • .NET Framework 4.8 needs to be patched with KB5011266. It is a 359 KB file. You can download it manually from the Microsoft Update catalog.
  • .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 needs to be patched with KB5011263. It is a small file of 376 KB. You can download this file from the Microsoft Update catalog for KB5011263.
  • .NET Framework 4.5.2 needs to be patched with KB5011261. This is a relatively bigger file of 72.2 MB size. You can download it from the Microsoft Update catalog for KB5011261.

Applying these .NET patches should resolve the Active Directory issues on the Windows Server 2012 R2.

Summary

KB5011564 is a monthly rollup update that must be given priority over the KB5011560 security-only update. It is significant on account of the zero-day gaps it closes. And, the vulnerabilities that are more likely to be exploited are also patched in KB5011564. Installing KB5011564 is a straightforward process as it can be applied automatically or manually. We do suggest closing the gaps on Windows Server 2012 R2 on an immediate basis.

You may also like to read the following content related to Windows Updates:

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.