KB5012639 for Windows 8.1 – April 12, 2022

KB5012639 is the security-only update for Windows 8.1 that was released on 12th April 2022. The update is valid for x64 and 32 bit Windows 8.1. We look at the key aspects of the KB5012639 for Windows 8.1. We also look at the various vulnerabilities that affect Windows 8.1.

Salient points about KB5012639 for Windows 8.1:

  • KB5012639 is a security-only update for Windows 8.1. You will need to deploy prior security-only updates on Windows 8.1 before installing the KB5012639 security update.
  • The KB5012639 update is available for x64 and 32-bit system architectures.
  • Windows 8.1 systems are affected by two zero-day vulnerabilities.
  • Three critical Remote Code Execution vulnerabilities impact Windows 8.1. All these are CVSS 9.8 vulnerabilities.
  • KB5012639 is not available on Windows 8.1 through the Windows Update program.
  • Password reset issue on Windows 8.1 has been resolved in KB5012639.
  • The memory leak issue on Windows 8.1 has also been resolved as part of the KB5012639 security-only update.
  • KB5011486 cumulative update for Internet Explorer needs to be deployed on Windows 8.1 prior to installing KB5012639.
  • SSU KB5012672 needs to be deployed on Windows 8.1 prior to installing KB5012639.

KB5012639 – Zero-day vulnerabilities on Windows 8.1

Windows 8.1 is affected by two zero-day vulnerabilities. Both these vulnerabilities have been disclosed by Microsoft as part of the April security bulletin. The two zero-day vulnerabilities on Windows 8.1 are given below.

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

The KB5012639 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The unintended consequence of this vulnerability may result in the attacker getting elevated privileges on the target computer. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows 8.1.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows 8.1. KB5012639 resolves the security threat on Windows 8.1.

KB5012639 – Critical RCE Vulnerabilities on Windows 8.1

There have been a total of 117 vulnerabilities that have been shared as part of Microsoft’s security bulletin for the month of April 2022. We restrict our discussion to zero-day vulnerabilities and vulnerabilities that could pose a grave risk to your servers and IT infrastructure.

There are three RCE or Remote Code Execution threats that have been disclosed as part of the April security bulletin. We list the RCE vulnerabilities on Windows 8.1 below.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows 8.1 on priority. Also, it would be important to block the TCP port 445 on your firewall for protection against threats arising out of the external traffic hitting your network.
  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.

In particular, we need to focus on taking mitigation steps for the CVE-2022-26809 vulnerability. There have been active attempts to exploit this vulnerability. And, there are attempts being made to spread the vulnerability as a wormable threat. It is, therefore, important to take mitigation steps for the CVE-2022-26809 vulnerability on Windows 8.1.

Prerequisites before installing KB5012639 on Windows 8.1

Before installing KB5012639 on Windows 8.1, you need to deploy the following updates:

  • KB5011486 cumulative update for Internet Explorer needs to be installed before deploying KB5012639 on Windows 8.1.
  • x64 version of the KB5011486 file can be downloaded from this page. The file has a size of 55 MB.
  • 32 bit version of KB5011486 can be downloaded from this page. The file has a size of 29.5 MB.
  • KB5012672 Servicing Stack Update (SSU) needs to be deployed before installing KB5012639 on Windows 8.1.
  • x64 version of the update file for KB5012672 can be downloaded from this page. It has a size of 10.4 MB.
  • 32 bit version of the update file for KB5012672 can be downloaded from this page. The update file is 4.7 MB in size.

Once the cumulative update for Internet Explorer and the SSU are installed, you can install the KB5012639 on Windows 8.1.

How can I get KB5012639 for Windows 8.1?

Windows 8.1 is end of mainstream support. Therefore, the security update is not available through all the methods.

  • KB5012639 is not available for updates through the Windows Update program.
  • You can deploy KB5012639 through the WSUS or Windows Server Update Service. You will need to configure the WSUS to pull security updates for Windows 8.1.
  • KB5012639 can be deployed on Windows 8.1 manually through the Microsoft Update Catalog.

The update files for KB5012639 for Windows 8.1 can be downloaded as per the instructions below:

  • x64 version of KB5012639 for Windows 8.1 can be downloaded from the catalog page given here. The update file is 55.3 MB in size.
  • 32-bit version of KB5012639 for Windows 8.1 can be downloaded from the KB5012639 catalog page. The update file is 39 MB in size.

KB5012639 – Other issues resolved on Windows 8.1

  • November 2021 updates caused memory leak issues on Windows 8.1. This resulted in degraded performance on the Windows 8.1 systems. KB5012639 resolves memory leak issues on Windows 8.1 that were caused by PacRequestorEnforcement registry key in the November 2021 updates.
  • Password reset issues on account of Event ID 37 error are resolved in KB5012639 for Windows 8.1.
  • Issues related to inability to join domains that use disjoint DNS names are patched in the KB5012639 security update for Windows 8.1.
  • Windows Media Center issues are resolved in KB5012639 for Windows 8.1. Some users have reported losing configuration data on Windows Media Center upon system restart.

Summary

Windows 8.1 has received a security-only update for April 2022. KB5012639 is the update that patches April vulnerabilities. A few outstanding issues have also been resolved in KB5012639. You can install KB5012639 on Windows 8.1 through WSUS or the Microsoft Update Catalog.

You may like to read the following content related to Windows Updates: