KB5012591 for Windows 10 version 1909 – April 12 2022

KB5012591 latest cumulative update for Windows 10 has been released by Microsoft on 12th April 2022. KB5012591 is applicable for Windows 10 version 1909. Windows 10 versions 20H2, 21H1, and 21H2 have KB5012599. Windows 10 version 1607 has KB5012647. You need to be careful with the security updates corresponding to different versions of Windows 10.

Salient points about KB5012591 update for Windows 10 version 1909:

  • KB5012591 is the LCU for April and it supersedes the KB5011485 security update for March.
  • KB5012591 is applicable for Windows 10 version 1909. Other Windows 10 versions have different cumulative updates.
  • Windows 10 version 1909 is impacted by two zero-day vulnerabilities that have been disclosed in the April security bulletin by Microsoft.
  • Three critical vulnerabilities of CVSS score 9.8 impact Windows 10 version 1909. Mitigation steps for CVE-2022-26809 are mentioned below. The other two vulnerabilities are patched through the security update.
  • Before deploying KB5012591 on Windows 10 version 1909, you need to install the SSU KB5004748 on Windows 10 system.
  • MSU update file x64 Windows 10 is 591 MB; the update file for x86 Windows 10 is 364.3 MB and MSU update file for ARM64 is 669 MB.

KB5012591 – Zero-day vulnerabilities on Windows 10 version 1909

There are a couple of zero-day vulnerabilities that affect Windows 10 version 1909. Both are resolved in KB5012591. The details of zero-day vulnerabilities are mentioned below:

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

KB5012666 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows 10.

Since this vulnerability is publicly known and is more likely to be exploited, we suggest deploying the KB5012591 security updates for April Patch Tuesday on a priority basis.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows 10. KB5012591 resolves the security threat on Windows 10.

KB5012591 Critical vulnerabilities causing Remote Code Execution on Windows 10

There are three critical vulnerabilities that affect Windows 10 version 1909. We list these critical vulnerabilities below.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows 10 on priority.
  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.

In all, 117 vulnerabilities have been reported in this month’s security bulletin by Microsoft. Quite a few of these affect Windows 10 desktop operating system. Some are more likely to be exploited. For the purpose of our study, we have restricted our discussions to the zero-day threats and RCE vulnerabilities with ‘Critical’ severity for Windows 10.

Prerequisites for installing KB5012591 on Windows 10 version 1909

Before installing KB5012591 on Windows 10 version 1909, you need to deploy the Servicing Stack Update (SSU) KB5004748 on Windows 10 version 1909. The SSU update files are a little under 20 MB. You need to download the SSU file that corresponds to the architecture of the Windows 10 system (x64 or x86 or ARM64). If you are already running a newer SSU, you are already compliant with the prerequisite condition for Windows 10 version 1909.

The KB5004748 SSU can be downloaded from the Microsoft Update Catalog page here.

How can I get the KB5012591 update for Windows 10 version 1909?

KB5012591 can be applied using one of the following ways.

  • KB5012591 can be applied through the Windows Update automatically.
  • KB5012591 can also be applied using the Windows Update for Business.
  • KB5012591 can be installed using WSUS or the Windows Server Update Service.
  • KB5012591 can be manually downloaded from the Microsoft Update Catalog page here.

The update files should be downloaded from the Microsoft Catalog. You need to ensure that the files corresponding to the computer architecture are downloaded.

  • x86 MSU update file is 364.3 MB.
  • x64 MSU update file is 591 MB.
  • ARM64 MSU update file is 669 MB.

Outstanding unresolved issues on Windows 10 version 1909

Microsoft has confirmed that the Recovery Discs created with the Backup and Restore app will not work post-deployment of January 2022 updates. Third-party backup programs are unaffected. There is no fix that is available for the Recovery Discs issue at this point in time.

Summary

Windows 10 version 1909 will need to be patched with KB5012591. The current month’s patch assumes significance on account of the various vulnerabilities that have been patched as part of the update. There have been no adverse reports about the April update KB5012591 for Windows 10 version 1909.

You may like to read the following content related to Windows Updates: