KB5012592 is April month’s cumulative update for Windows 11. The cumulative update includes the changes made as part of the preview update KB5011563 released in March 2022. We look at the key aspects of the KB5012592 cumulative update.
Salient points about KB5012592 for Windows 11:
- KB5012592 supersedes KB5011493 cumulative update. KB5011493 was released in March as part of the ‘Patch Tuesday’ release.
- KB5012592 also includes the improvements that were introduced as part of the preview update for Windows 11 – KB5011563.
- KB5012592 update files are available for x64 and ARM64 architecture.
- Windows 11 is impacted by two zero-day vulnerabilities. These are patched in KB5012592. Details of these Zero-day vulnerabilities are shared below.
- Three Remote Code Execution vulnerabilities affect Windows 11 deployments. These RCE vulnerabilities carry CVSS scores of 9.8. Details of these RCE vulnerabilities are shared below.
- Upon successful installation of KB5012592, the Windows 11 build on your computer will change to OS Build 22000.613.
KB5012592- Zero Day vulnerabilities on Windows 11
KB5012592 resolves the two zero-day vulnerabilities disclosed in Windows 11. These vulnerabilities are publicly disclosed and are more likely to be exploited. We list both the Zero-day vulnerabilities on Windows 11 below.
CVE-2022-26904 – CVSS 7 – Windows User Profile Service
KB5012592 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The unintended consequence of this vulnerability may result in the attacker getting elevated privileges on the target computer. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows 11 based computers.
Since this vulnerability is publicly known and is more likely to be exploited, we suggest deploying the KB5012596 security updates for April Patch Tuesday on a priority basis.
CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver
This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows 11. KB5012592 resolves the security threat on Windows 11.
KB5012592 Critical RCE vulnerabilities Windows 11
There are three critical vulnerabilities that have a CVSS score of 9.8 and can lead to remote code execution on the target Windows 11 computers. We list the three vulnerabilities below. We also list the mitigation steps for one of these security threats.
- CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows 11 on priority. Also, it would be important to block the TCP port 445 on your firewall for protection against threats arising out of the external traffic hitting your network.
- CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
- CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
CVE-2022-26809 is being exploited and is a major risk. Therefore, it is important to take the mitigation steps for CVE-2022-26809. And, deployment of KB5012592 on an immediate basis is required.
Prerequisites before installing KB5012592 on Windows 11
There are no dependencies for installing KB5012592 on Windows 11. This means that you can deploy the KB5012592 without any associated prerequisites of a Servicing Stack Update. No SSU installation is needed prior to KB5012592 installation on Windows 11.
How can I get the KB5012592 for Windows 11?
Windows 11 updates are available through all the regular means.
- KB5012592 can be downloaded and applied automatically through the Windows Update process.
- KB5012592 can be also deployed using Microsoft Update for Business.
- WSUS can be used to import and deploy the KB5012592 security update on Windows 11 computers.
- KB5012592 can be deployed manually through the Microsoft Update Catalog. The MSU update files are available for x64 and ARM64 platforms.
- KB5012592 MSU update file for x64 systems is 248.6 MB in size. It can be downloaded from the Microsoft Update Catalog page here.
- KB5012592 MSU update file for ARM64 systems is 304.4 MB in size. It can be downloaded from the Microsoft Update Catalog page here.
You can download the MSU file that corresponds to the x64 or ARM64 based systems of Windows 11.
Other issues in KB5012592 for Windows 11 – April 2022
KB5012592 security release also confirms an issue with the Recovery Disks that have been created using the ‘Back and Restore’ program on your Windows 11 computer. Microsoft is aware of the issue and a fix is in the works. As of writing this, the issue with Recovery Disks remains unresolved.
There have been no adverse reports about KB5012592 cumulative update for Windows 11.
Summary
KB5012592 is a simple and straightforward cumulative update for Windows 11. It brings in security changes and non-security improvements on the Windows 11 computers. There are no prerequisites before installing the KB5012592 cumulative update for Windows 11.
You may also like to read the following content related to Windows Updates:
- KB5011493 for Windows 11 – March Update
- KB5012596 Cumulative Update for Windows 10 version 1607 – April 12 2022
- KB5012647 for Windows 10 version 1809 – April 12 2022
- KB5012591 for Windows 10 version 1909 – April 12 2022
- KB5012599 Security Update for Windows 10 – April 12 2022
- KB5012604 for Windows Server 2022 – April 12 2022
- KB5012647 Security Update for Windows Server 2019 – April 12 2022
- KB5012596 Security Update for Windows Server 2016 – April 12 2022
- Zero-day vulnerability in Microsoft April Updates
- Windows 10 March Updates – 8th March 2022
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.