KB5012596 is the cumulative update for Windows 10 version 1607. It was released by Microsoft as part of the ‘Patch Tuesday’ project on 12th April 2022. We look at the key aspects of KB5012596. We also discuss the various security vulnerabilities that affect Windows 10 version 1607.
Salient points about the KB5012596 cumulative security update:
- KB5012596 is a cumulative update. It supersedes KB5011495 cumulative update. KB5011495 was released in the month of March 2022.
- There are two zero-day vulnerabilities that affect Windows 10 version 1607. Both vulnerabilities are patched as part of the KB5012596 cumulative update.
- There are three Remote Code Execution threats that affect Windows 10 version 1607. Of these, one is of acute significance as it is wormable. Details of all three critical vulnerabilities are shared below.
- KB5012596 will push your operating system build to OS Build 14393.5066.
- KB5011570 is the latest Servicing Stack Update that needs to be deployed before deploying KB5012596 on Windows 10 version 1607.
KB5012596 – Zero-day Vulnerabilities on Windows 10 version 1607
Windows 10 version 1607 is impacted with two zero-day vulnerabilities. These security threats were disclosed by Microsoft as part of the security bulletin for the month of April 2022. The details of both vulnerabilities are mentioned below for your ready reference:
CVE-2022-26904 – CVSS 7 – Windows User Profile Service
KB5012596 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows 10.
Since this vulnerability is publicly known and is more likely to be exploited, we suggest deploying the KB5012596 security updates for April Patch Tuesday on a priority basis.
CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver
This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows 10. KB5012596 resolves the security threat on Windows 10.
KB5012596 Critical vulnerabilities causing Remote Code Execution on Windows 10 version 1607
There are three critical vulnerabilities that have a CVSS score of 9.8 and can lead to remote code execution on the target Windows 10 computers. We list the three vulnerabilities below. We also list the mitigation steps for one of these security threats.
- CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows 10 on priority.
- CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
- CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
Prerequisites for installing KB5012596 on Windows 10 version 1607
There is a single prerequisite for installing KB5012596 on Windows 10 version 1607. Servicing Stack Update (SSU) KB5011570 needs to be deployed before installing KB5012596 cumulative update.
If you are updating through the Windows Update program, you will get the SSU KB5011570 automatically at the time of installation.
If you are applying the KB5012596 cumulative update manually, you will need to deploy KB5011570 manually. KB5011570 has to be deployed prior to installing the KB5012596 security update. You can download the KB5011570 SSU from the Windows Update Catalog page.
- x86 file for KB5011570 is 5.4 MB in size. It can be downloaded from the catalog page.
- x64 file for KB5011570 is 11.6 MB in size. It can be downloaded from the catalog page.
Once the SSU has been deployed, you can install the KB5012596 cumulative update for Windows 10 version 1607.
How can I get KB5012596 for Windows 10 version 1607?
KB5012596 is available for patching through all the normal means of Windows Update.
- KB5012596 can be automatically deployed through the Windows Update program. SSU KB5011570 will also be deployed automatically prior to installing KB5012596.
- KB5012596 can be deployed automatically using the Microsoft Update for Business program.
- WSUS or Windows Server Update Service can import the KB5012596 and deploy it automatically on Windows 10 version 1607.
- KB5012596 can be manually deployed through the Microsoft Update Catalog. You can download the cumulative update from this page on the catalog site.
- x86 or 32-bit version update file for KB5012596 has a size of 832.6 MB. The MSU update file can be downloaded from this page.
- x64 version file for KB5012596 has a size of 1544.6 MB. The MSU update file can be downloaded from this page.
Other issues resolved in KB5012596 for Windows 10 version 1607
There are 2 issues that you need to be aware of.
- The password reset issue on Windows 10 may cause problems in resetting expired passwords. The expired password reset issue is resolved in the KB5012596 security update.
- The Recovery disks created out of the Backup and Restore program (Windows 7 app) in the Control Panel may fail to work. This issue remains unresolved as of now.
Summary
KB5012596 for Windows 10 version 1607 has had no post-deployment adverse effects. The cumulative update resolves two zero-day vulnerabilities. It needs the SSU KB5011570 prior to deployment on Windows 10 version 1607.
You may also like to read the following content related to Windows Updates:
- KB5012647 for Windows 10 version 1809 – April 12 2022
- KB5012591 for Windows 10 version 1909 – April 12 2022
- KB5012599 Security Update for Windows 10 – April 12 2022
- KB5012604 for Windows Server 2022 – April 12 2022
- KB5012647 Security Update for Windows Server 2019 – April 12 2022
- KB5012596 Security Update for Windows Server 2016 – April 12 2022
- Zero-day vulnerability in Microsoft April Updates
- Windows 10 March Updates – 8th March 2022
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.