KB5012647 Security Update for Windows Server 2019 – April 12 2022

The Patch Tuesday updates for April 2022 were released last night. KB5012647 is the latest cumulative update for Windows Server 2019. It also covers the Windows Server 2019 Server Core Installation. We look at the key aspects of the KB5012647 cumulative update. And, we discuss the zero-day vulnerabilities and other vulnerabilities that have been patched in KB5012647.

Salient Points about the KB5012647 cumulative update for Windows Server 2019

  • KB5012647 supersedes the KB5011503 security update for Windows Server 2019. KB5011503 was released on 8th March 2022.
  • There are 2 zero-day vulnerabilities that affect the Windows Server 2019. These have been patched in KB5012647.
  • KB5012647 will take your server build to OS Build 17763.2803.
  • The password reset issue on Windows Server 2019 has been resolved in KB5012647.
  • SSU KB5005112 needs to be deployed before installing the KB5012647 security update.
  • There are Remote Code Execution threats that have been disclosed by Microsoft; these are discussed below. The critical vulnerabilities are patched in the KB5012647 security update.
  • The update file for KB5012647 is 563.2 MB in size.

KB5013941 is the cumulative update for Windows Server 2019 for the month of May 2022. You can read more about KB5013941 on this page.

Zero-day vulnerabilities resolved in KB5012647 for Windows Server 2019

The two zero-day vulnerabilities resolved on Windows Server 2019 and Windows Server 2019 Server Core Installation are mentioned below:

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

KB5012647 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on the Windows Server 2019.

Since this vulnerability is publicly known and is more likely to be exploited, we suggest deploying the KB5012647 security updates for April Patch Tuesday on a priority basis.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows Server 2019. KB5012647 resolves the security threat on Windows Server 2019 and Windows Server 2019 (Server Core).

KB5012647 resolves Other Vulnerabilities – More Likely to be Exploited

There are other vulnerabilities that have been resolved in KB5012647.

  • CVE-2022-24474 – Windows Win32k Elevation of Privilege Vulnerability – CVSS 7.8 .
  • CVE-2022-24481 – Windows Common Log File System Driver Elevation of Privilege Vulnerability – CVSS 7.8.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – It has a critical severity with a CVSS score of 9.8.
  • CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability – It has a CVSS score of 7.8.
  • CVE-2022-26809 – Remote Procedure Call Runtime Remote Code Execution Vulnerability – This is a critical Remote Code Execution vulnerability with a CVSS score of 9.8. You can mitigate this vulnerability from external traffic by blocking TCP port 445 on the firewall. For the internal traffic, you will need to take steps to secure the SMB traffic.
  • CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability – CVSS 7.8.
  • CVE-2022-26914 – Win32k Elevation of Privilege Vulnerability – It has a CVSS score of 7.8.
  • CVE-2022-24542 – Windows Win32k Elevation of Privilege Vulnerability – It has a CVSS score of 7.8.
  • CVE-2022-24546 – Windows DWM Core Library Elevation of Privilege Vulnerability – It has a CVSS score of 7.8.
  • CVE-2022-24547 – Windows Digital Media Receiver Elevation of Privilege Vulnerability – CVSS 7.8.
  • CVE-2022-26914 – CVSS 7.8 – Elevation of Privileges on Win32K.

KB5012647 – Remote Code Execution Vulnerabilities on Windows Server 2019

KB5012647 also resolves RCE or Remote Code Execution vulnerabilities on Windows Server 2019.

These RCE vulnerabilities have critical severity or high-level impact on your infrastructure. The vulnerabilities of interest are mentioned below for a quick summary and action points:

  • CVE-2022-24497 – CVSS 9.8 – RCE on Windows Network File System.
  • CVE-2022-24541 – CVSS 8.8 – RCE on Windows Server Service.
  • CVE-2022-24500 – CVSS 8.8 – RCE on Windows SMB.
  • CVE-2022-26919 – CVSS 8.1 – RCE on Windows LDAP.
  • CVE-2022-22008 – CVSS 7.7 – RCE on Hyper-V.
  • CVE-2022-24537 – CVSS 7.7 – RCE on Hyper-V.

SSU KB5005112 for Windows Server 2019

The Servicing Stack Update (SSU) KB5005112 needs to be deployed on Windows Server 2019 before KB5012647 is deployed. If you are patching the cumulative update through Windows Update, the SSU update KB5005112 will be automatically patched before KB5012647 is patched.

If you intend to patch Windows Server 2019 manually through the Update Catalog, please install KB5005112 before installing the KB5012647. You can download the KB5005112 SSU from this page. The SSU update file is 11.8 MB in size.

How to get KB5012647 for Windows Server 2019?

KB5012647 cumulative security update is valid for Windows Server 2019 and Windows Server 2019 Server Core Installation. The update is available through all the normal channels of Windows Update.

  • KB5012647 can be automatically deployed using the Windows Update.
  • KB5012647 can also be automatically deployed on Windows Server 2019 using Windows Update for Business.
  • KB5012647 can be installed through the WSUS or Windows Server Update Service.
  • KB5012647 can be manually deployed using the Microsoft Update Catalog. You can download the MSU file from the catalog page. The update file is a little over 550 MB in size. You can download the KB5012647 update file for Windows Server 2019 from the following page.

KB5012647 – Other issues resolved for Windows Server 2019

KB5012647 resolves two outstanding issues that have been caused due to previous months’ updates. The January update and March update caused a couple of issues on the Windows Server 2019. Both issues have been resolved in KB5012647.

  1. CVE-2020-26784 vulnerability has been patched on the Clustered Shared Volume on Windows Server 2019 through the LCU KB5012647.
  2. Post-deployment of March updates, there were intermittent issues in resetting passwords after they expired. This issue has been fully patched in the April Update for Windows Server 2019 in KB5012647.
  3. Finally, the KB5012647 also resolved issues with DNS running on Windows Server 2019.

January updates also caused issues in Active Directory Forest trust information due to issues with the underlying .NET framework on Windows Server 2019. Microsoft has been suggesting that the .NET Framework on Windows Server 2019 should be updated to resolve the AD Forest issues. You can update the .NET Framework on Windows Server 2019 and Windows Server 2019 Server Core Installation using one of the following methods for the corresponding version of .NET on the server:

Summary

KB5012647 is of significance because of the two zero-day vulnerabilities. It supersedes KB5011503, the March month update. It also patches a few outstanding issues on Windows Server 2019. There are three vulnerabilities with a CVSS rating of 9.8 and a critical impact on the Windows Server 2019 infrastructure.

You may also like to read the following content related to Windows Updates: