KB5012604 for Windows Server 2022 – April 12 2022

The Patch Tuesday update for Windows Server 2022 was released on 12th April, 2022. KB5012604 is this month’s cumulative security update for the Windows Server 2022 and the Windows Server 2022 Server Core installation. We look at the key aspects of KB5012604 and also discuss the various vulnerabilities that should be of significance to you. Also, this security update KB5012604 is valid for Windows Server 2022 and the Windows Server 2022 Server Core Installation.

Salient points about KB5012604 for Windows Server 2022:

  • The cumulative update KB5012604 for Windows Server 2022 supersedes KB5011497.
  • Two zero-day vulnerabilities affect Windows Server 2022. Both are patched or resolved in KB5012604.
  • Three critical vulnerabilities of CVSS 9.8 score affect Windows Server 2022 and are patched in KB5012604.
  • The size of the KB5012604 file is 227.6 MB.
  • The intermittent issue with resetting expired passwords is resolved in KB5012604.
  • DoS on Clustered Shared Volume is resolved.
  • You will need to deploy Security update KB5005039 before installing KB5012604 on Windows Server 2022.

KB5013944 is the cumulative update for Windows Server 2022 for the month of May 2022. You can read more about the KB5013944 cumulative update on this page.

KB5012604 – Zero-day Vulnerabilities on Windows Server 2022

KB5012604 resolves the two zero-day vulnerabilities that impact Windows Server 2022. These vulnerabilities are mentioned below for your ready reference:

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

KB5012647 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on the Windows Server 2022.

Since this vulnerability is publicly known and is more likely to be exploited, we suggest deploying the KB5012604 security updates for April Patch Tuesday on a priority basis.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows Server 2022. KB5012604 resolves the security threat on Windows Server 2022 and Windows Server 2022 (Server Core).

KB5012604 – Critical RCE Vulnerabilities on Windows Server 2022

There are three critical vulnerabilities with Remote Code Execution risks for Windows Server 2022.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic.
  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers that have the NFS enabled.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers that have the NFS enabled.

In all, 117 vulnerabilities have been reported in this month’s security bulletin by Microsoft. Quite a few of these affect Windows Server 2022 as well. Some are more likely to be exploited. For the purpose of our study, we have restricted our discussions to the zero-day threats and RCE vulnerabilities with ‘Critical’ severity for Windows Server 2022.

Prerequisite for KB5012604 – Security Update KB5005039 for Windows Server 2022

The security update KB5005039 needs to be applied on Windows Server 2022 before installing KB5012604. This security update was released in August 2021. In most cases, you may have already installed this security update. However, if this update was not previously installed, please do so by downloading it from the Microsoft Update Catalog page here.

How can I get KB5012604 for Windows Server 2022?

KB5012604 can be applied on Windows Server 2022 through one of the following methods:

  • KB5012604 can be automatically applied using the Windows Update.
  • KB5012604 can be automatically applied using the Windows Update for Business.
  • KB5012604 can be patched through the WSUS or Windows Server Update Service.
  • KB5012604 can also be applied manually through the Windows Update Catalog Service. You can download the MSU file for Windows Server 2022 from the catalog page here.

KB5012604 – Other Issues resolved for Windows Server 2022

KB5012604 resolves a few outstanding issues on Windows Server 2022.

  • CVE-2020-26784 is a Denial of Service vulnerability that affects Clustered Shared Volume on Windows Server 2022. This has been patched in KB5012604.
  • Post-deployment of the March update, some administrators have experienced intermittent issues in resetting the expired passwords. The password reset issue has been resolved in KB5012604.

.NET Framework Issue

Post-deployment of the January updates, there have been issues in creating or setting the Active Directory Forest Trust information due to the underlying .NET Framework. Microsoft has suggested upgrading the .NET Framework on Windows Server 2022 to resolve the AD issues.

.NET Framework 4.8 on Windows Server 2022 needs to be patched with the .NET update that is available as part of the KB5011258. The update file can be downloaded from this page on Microsoft Update Catalog. The update file is 355 KB.

Summary

KB5012604 cumulative update for April 2022 resolves intermittent password issues and also takes care of the two zero-day vulnerabilities on Windows Server 2022. It is also strongly suggested to patch the .NET framework version 4.8 on Windows Server 2022 with the .NET update to resolve AD issues on Windows Server 2022.

You may also like to read the following content related to Windows Updates: