KB5012599 Security Update for Windows 10 – April 12 2022

KB5012599 is the cumulative security update for Windows 10 versions 20H2, 21H1, and 21H2. The security update has been released on 12th April 2022. We look at the significant concepts of the KB5012599 LCU for the month of April 2022. In particular, please pay close attention to the various vulnerabilities that have been reported as part of the Microsoft security bulletin in April.

Salient points about KB5012599 for Windows 10:

  • KB5012599 is the latest cumulative update for Windows versions 20H2, 21H1, and 21H2.
  • KB5012599 supersedes March month’s security update KB5011487 for Windows 10. You can read about March updates on this page.
  • Windows 10 versions 20H2, 21H1, and 21H2 are affected by two zero-day vulnerabilities.
  • Windows 10 versions 20H2, 21H1, and 21H2 are also affected by three critical vulnerabilities that could lead to Remote Code Execution threats.
  • Before installing KB5012599, Windows 10 versions 20H2 and 21H1 need to be at least patched with LCU or cumulative update for May 2021, KB5003173 (May 2021). If Windows 10 is running LCU older than May 2021, please deploy the SSU KB5005260 (August 2021). The SSU files are a little under 20 MB. May 2021 LCU is well over 500 MB in size. If you have already deployed KB5011487, you can skip the installation of SSU.
  • Windows 10 version 20H2 build upgrades to 19042.1645; 21H1 build upgrades to 19043.1645, and 21H2 upgrades to build 19044.1645.
  • x86 update file for KB5012599 is 312.4 MB; x64 MSU update file is 661.4 MB and ARM64 MSU update file is 692.6 MB.

KB5012599 – Zero-day vulnerabilities resolved by LCU on Windows 10

Windows 10 versions 20H2, 21H1, and 21H2 are impacted by the Zero-day vulnerabilities disclosed by Microsoft. Both vulnerabilities have been fixed in this month’s security updates.

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

KB5012666 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows 10.

Since this vulnerability is publicly known and is more likely to be exploited, we suggest deploying the KB5012599 security updates for April Patch Tuesday on a priority basis.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows 10. KB5012599 resolves the security threat on Windows 10.

KB5012599 Critical vulnerabilities causing Remote Code Execution on Windows 10

There are three critical vulnerabilities that affect Windows 10 versions 20H2, 21H1, and 21H2. We list these critical vulnerabilities below.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows 10 on priority.
  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.

In all, 117 vulnerabilities have been reported in this month’s security bulletin by Microsoft. Quite a few of these affect Windows 10 desktop operating system. Some are more likely to be exploited. For the purpose of our study, we have restricted our discussions to the zero-day threats and RCE vulnerabilities with ‘Critical’ severity for Windows 10.

Prerequisites – KB5012599 for Windows 10

Before deploying KB5012599, you need to ensure one of the following 2 prerequisite conditions are fulfilled:

  • Windows 10 systems must have had a cumulative update of KB5003173 deployed. Anything LCU later than the May 2021 LCU KB5003173 needs to be on the system.
  • If Windows 10 is on LCU that is older than KB5003173, you can install the Servicing Stack Update (SSU) KB5005260. This will ensure that the KB5012599 can be installed without any incidental issues on the target computers. The SSU files are a little under 20 MB.
  • If Windows 10 is already running KB5011487, you need to take no pre-installation steps for installing KB5012599.

How can I get the KB5012599 update for Windows 10?

KB5012599 is available through all the regular Windows Update methods.

  • KB5012599 can be automatically downloaded using the Windows Update program.
  • KB5012599 can be automatically downloaded using the Windows Update for Business.
  • WSUS can be used to import the KB5012599 security update and deploy it on the Windows 10 versions 20H2, 21H1, and 21H2.
  • KB5012599 can be manually installed on Windows 10 systems. You can download the KB5012599 security update for Windows 10 versions 20H2, 21H1 or 21H2 from this page of the Microsoft Update Catalog. You need to exercise due diligence in downloading the MSU update file that corresponds with the Windows 10 version and the architecture of your computer (x86, x64 or ARM64).

Summary

KB5012599 for Windows 10 is significant for the various vulnerabilities fixed therein. Pay special attention to the mitigation steps for CVE-2022-26809. Deployment is straightforward and we have not heard of any post-deployment issues on Windows 10 systems that are patched with KB5012599.

You may also like to read more content related to Windows Updates: