KB5012639 for Windows 2012 R2 – April 12, 2022

KB5012639 is the security-only update for Windows Server 2012 R2 version. It was released on 12th April, 2022. The security-only update provides the basic and essential security changes that are needed on Windows Server 2012 R2 to fix security issues and resolve key vulnerabilities that affect the Windows Server 2012 R2. Below, we look at the key aspects of the KB5012639 security only update for Windows Server 2012 R2.

KB5014001 is the security-only update for the month of May for Windows Server 2012 R2. You can read more about it on KB5014001 page here.

Salient points about KB5012639 for Windows Server 2012 R2:

  • KB5012639 is a security-only update for Windows Server 2012 R2.
  • All previous security updates need to be deployed on Windows Server 2012 R2 before you can deploy the KB5012639 security update.
  • You will need to deploy KB5011486 Internet Explorer Update prior to installing KB5012639 on Windows Server 2012 R2.
  • You will also need to deploy the SSU KB5012672 prior to installing KB5012639.
  • One of the significant improvements in KB5012639 is the resolution of memory leak issues on Windows Server 2012 R2. The memory leak issues resulted after the November 2021 updates on Windows Server 2012 R2.
  • The password reset issue on Windows Server 2012 R2 has been resolved in KB5012639. Password reset may fail on the Windows Server 2012 R2 with an Event-ID code of 37 in the events log.
  • There are two zero-day vulnerabilities that affect Windows Server 2012 R2.
  • There are three critical vulnerabilities that affect Windows Server 2012 R2. All these three critical vulnerabilities have a CVSS score of 9.8 and can lead to Remote Code Execution attacks.
  • The security-only update files are small in size and are available for the corresponding server versions.

For Windows Server 2012 Security-only update for April 2022, please follow the instructions given in the document for KB5012666 security-only update. You can find detailed instructions on this page.

KB5012639 – Zero-day vulnerabilities affecting Windows Server 2012 R2

Microsoft has disclosed two Zero-day vulnerabilities as part of the April month’s ‘Patch Tuesday’ updates. These vulnerabilities do impact the Windows Server 2012 R2. The resolution lies in patching the Windows Server 2012 R2 with the KB5012639 security-only update released on 12th April 2022. Both vulnerabilities are listed below for ready reference:

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

KB5012639 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The unintended consequence of this vulnerability may result in the attacker getting elevated privileges on the target computer. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows Server 2012 R2 servers.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows 11. KB5012639 resolves the security threat on Windows Server 2012 R2.

KB5012639 – Critical RCE Vulnerabilities on Windows Server 2012 R2

We will discuss three vulnerabilities that have CVSS rating of 9.8. These three critical vulnerabilities that could lead to Remote Code Execution attacks on the Windows Server 2012 R2. The three RCE vulnerabilities on Windows Server 2012 R2 are mentioned below for a ready reference point.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows Server 2012 R2 on priority. Also, it would be important to block the TCP port 445 on your firewall for protection against threats arising out of the external traffic hitting your network.
  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.

In particular, we need to focus on taking mitigation steps for the CVE-2022-26809 vulnerability. There have been active attempts to exploit this vulnerability.

The security-only update for Windows Server 2012 R2 for March 2022 is explained in detail on this page. KB5011564 security-only update is for Windows Server 2012 R2.

Prerequisite for KB5012639 for Windows Server 2012 R2

There are two prerequisites for installing KB5012639 security-only update on Windows Server 2012 R2.

  • KB5011486 is the cumulative update for Internet Explorer. It needs to be deployed before installing the KB5012639 security-only update for Windows Server 2012 R2. You can get the KB5011486 Internet Explorer cumulative update from the Microsoft Update Catalog site. KB5011486 can be downloaded from this page. The file size for x64 Windows Server 2012 R2 is 55 MB in size.
  • KB5012672 is the latest Servicing Stack Update that needs to be deployed prior to installing the KB5012639 security-only update. You can download KB5012672 from the Microsoft Update Catalog site. The update file is 10.4 MB in size for Windows Server 2012 R2. Download KB5012672 from this page for Windows Server 2012 R2.

How can I get KB5012639 for Windows Server 2012 R2?

KB5012639 is a security-only update for Windows Server 2012 R2. KB5012639 cannot be patched through Windows Update program because Windows Server 2012 R2 is end of mainstream support. There are a couple of options that will allow you to update the Windows Server 2012 R2.

  • KB5012639 can be applied using the WSUS or the Windows Server Update Service.
  • KB5012639 can be manually applied using the Microsft Update Catalog. You can download the KB5012639 security-only update for Windows Server 2012 R2 from the catalog page here. The update file for x64 Windows Server 2012 R2 is 55.3 MB in size. Before applying the KB5012639 security-only update, please do patch the KB5011486 Internet Explorer update and KB5012672 Servicing Stack Update for Windows Server 2012 R2.

.NET Framework Updates for Windows Server 2012 R2

January updates on Windows Server 2012 R2 broke the Active Directory Trust information functionality. The underlying .NET framework needs to be update with corresponding .NET update files to resolve the AD issues on Windows Server 2012 R2.

  • .NET framework 4.5.2 needs to be updated with the .NET update that is a part of KB5011261 update. It can downloaded from the catalog page for KB5011261 here. The size of the update file is 72.2 MB in size.
  • .NET framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 needs to be updated with KB5011263 file. It can be downloaded from the catalog page for KB5011263 here. The size of the update file is 376 KB.
  • .NET framework 4.8 needs to be updated with the KB5011266 update file. It can be downloaded from the catalog page for KB5011266 here. The update file is 359 KB in size.

Other issues resolved in KB5012639

There are multiple outstanding issues that have been resolved as part of the KB5012639 security-only update.

  • November 2021 updates caused memory leak issues on Windows Server 2012 R2. It resulted in degraded performance on the Windows Server 2012 R2. This issue has been resolved in KB5012639 for Windows Server 2012 R2.
  • You may experience issues in resetting passwords on Windows Server 2012 R2 with an Event ID error code of 37. This password reset issue is resolved in KB5012639.
  • Windows Server 2012 R2 may experience issues in joining domains that use disjointed DNS hostnames. This issue has been resolved in KB5012639.
  • Windows Media Center issues have been resolved in KB5012639. Some users may experience loss of Windows Media Center configuration data, and need to re-configure the Windows Media Center upon each restart.

Summary

KB5012639 security only update seeks to address vulnerabilities and bring in performance improvements on some of the outstanding issues. You need to patch the Windows Server 2012 R2 with all the previous security updates for Windows Server 2012 R2. You will need to be aware of the two zero-day vulnerabilities and three critical RCE vulnerabilities on the Windows Server 2012 R2.

You may also like to read the following content related to Windows Updates: