KB5012647 for Windows 10 version 1809 – April 12 2022

KB5012647 security update covers Windows 10 version 1809. The ‘Patch Tuesday’ update for April 2022 resolves security risks and vulnerabilities that have been disclosed by Microsoft. KB5012599 is the cumulative update for Windows 10 versions 20H2, 21H1, and 21H2. KB5012591 is the cumulative update for Windows 10 version 1909. We look at the key aspects of the KB5012647 update for Windows 10 version 1809.

Salient points about KB5012647 for Windows 10 version 1809:

  • KB5012647 for Windows 10 version 1809 supersedes KB5011503. KB5011503 was released in March 2022.
  • KB5012647 is applicable for Windows 10 version 1909.
  • Two Zero-day vulnerabilities affect Windows 10 version 1909. Both have been disclosed in this month’s security bulletin by Microsoft. Both are patched in KB5012647.
  • Three critical vulnerabilities with Remote Code Execution threats are applicable to Windows 10 version 1809. Mitigation steps for CVE-2022-26809 are given below. The other two are patched in KB5012647.
  • The password reset issue has been resolved for Windows 10 in KB5012647. More details are shared below.
  • You will need SSU KB5005112 or later on the Windows 10 version 1809 system prior to installing the KB5012647 update.

KB5012591 – Zero-day vulnerabilities on Windows 10 version 1909

There are a couple of zero-day vulnerabilities that affect Windows 10 version 1809. Both are resolved in KB5012647. The details of zero-day vulnerabilities are mentioned below for Windows 10 version 1809:

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

KB5012647 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows 10.

Since this vulnerability is publicly known and is more likely to be exploited, we suggest deploying the KB5012647 security updates for April Patch Tuesday on a priority basis.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows 10. KB5012647 resolves the security threat on Windows 10.

KB5012647 Critical vulnerabilities causing Remote Code Execution on Windows 10 version 1809

There are three critical vulnerabilities that affect Windows 10 version 1809. All these critical vulnerabilities can lead to RCE or Remote Code Execution on the target Windows 10 computers. We list these critical vulnerabilities below.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows 10 on priority.

  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.

  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.

Prerequisites before installing KB5012647 on Windows 10 version 1809

Prerequisite conditions imply that before installing the monthly patch or security update, you need to make sure that a particular SSU or cumulative security update is already deployed on the target Windows 10 machine. For the April update KB5012647 for Windows 10 version 1809, you need to make sure that the computers have deployed the Servicing Stack Update KB5005112. If you have previously installed this SSU, no further action is needed before installing KB5012647 on Windows 10 version 1809. KB5005112 was released by Microsoft in August 2021. If you follow an aggressive patching policy, you would have already had the KB5005112 installed on Windows 10.

If KB5005112 is not deployed on the Windows 10 computer (check from Update History under Windows Update), you will need to install it prior to installing the KB5012647 security update for Windows 10 version 1809. The SSU KB5005112 for Windows 10 version 1809 can be downloaded from the Microsoft Update Catalog page for KB5005112.

You will see three update files on the Catalog page:

  • x86 or 32 bit Windows 10 version 1809 – The update file is 6.2 MB in size.
  • x64 Windows 10 version 1809 – The update file is 13.8 MB in size.
  • AMR64 Windows 10 version 1809 – The update file is 17.1 MB in size.

Choose the update file that corresponds to your computer architecture and operating system.

How can I get KB5012647 for Windows 10 version 1809?

KB5012647 for Windows 10 version 1809 is available for regular patching through one of the following ways:

  • KB5012647 on Windows 10 version 1809 can be downloaded automatically using the Windows Update program.
  • KB5012647 on Windows 10 version 1809 can be automatically downloaded and applied using the Microsoft Update for Business.
  • KB5012647 can also be applied automatically to the Windows 10 version 1809 system. WSUS can be used to import the patch and apply on the target system.
  • KB5012647 can be installed manually through the Microsoft Update Catalog. You can download the MSU update file that corresponds to the architecture of your computer.

KB5012647 for Windows 10 version 1809 will supersede KB5011503 cumulative update and KB5011551 preview update.

Other Issues Resolved in KB5012647 for Windows 10 version 1809

There has been a single issue fix in KB5012647 for Windows 10 version 1809.

  • Post-deployment of March Updates, a few administrators experienced intermittent issues in resetting passwords that had expired. The password reset issue is fixed in April month’s security update for Windows 10 version 1809.

Aside from this issue, there have been no additional known issues or bugs to write about.

Summary for KB5012647

KB5012647 for Windows 10 version 1809 is a simple install. You need to make sure that the SSU KB5005112 is already deployed before installing the KB5012647 update. There have been no adverse reports after installation of the KB5012647 cumulative update on Windows 10 version 1809.

You may also like to read more content related to Windows Updates: