KB5012650 Monthly Rollup for Windows Server 2012 – April 12, 2022

KB5012650 is the monthly rollup update for Windows Server 2012 that was released on 12th April, 2022. This monthly rollup update contains security and non-security changes for Windows Server 2012. We look at the key aspects of KB5012650.

KB5014017 is the monthly rollup update for Windows Server 2012 for May 2022. You may read more about KB5014017 on this page.

Salient points about KB5012650 Monthly Rollup Update for Windows Server 2012:

  • KB5012650 is the monthly rollup update that contains all the changes that are part of the security-only update for Windows Server 2012. KB5012666 is the security-only update for Windows Server 2012 for the month of April 2022.
  • KB5012650 supersedes KB5011535. KB5011535 is the monthly rollup update for Windows Server 2012 for March 2022.
  • Two Zero-day vulnerabilities affect Windows Server 2012. Both are patched as part of the KB5012650 monthly update.
  • Three RCE or Remote Code Execution threats impact Windows Server 2012. One of these requires you to take mitigation steps on the network. The other two are patched in KB5012650.
  • The password reset issue on Windows Server 2012 is resolved as part of KB5012650. The issue has affected Windows Server 2012 after the deployment of March updates.
  • November 2021 updates caused memory leak issues on Windows Server 2012. There has been an impact on the overall server performance on account of this. The memory leak issue has been resolved in KB5012650.
  • .NET Framework ought to be upgraded on the Windows Server 2012.
  • Servicing Stack Update KB5011571 needs to be deployed on Windows Server 2012 before deploying the KB5012650 monthly rollup update.

Zero-day Vulnerabilities on Windows Server 2012

There have been two zero-day vulnerabilities that are shared or disclosed by Microsoft as part of the April month’s security bulletin. Both vulnerabilities are shared below. These vulnerabilities are significant because they are publicly known or exploitation attempts have been already detected for these security risks. Therefore, it is pertinent to ask you to patch the Windows Server 2012 with the monthly rollup update KB5012650 on an immediate basis.

We list the two zero-day vulnerabilities that affect Windows Server 2012 below:

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

The KB5012650 monthly rollup update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The unintended consequence of this vulnerability may result in the attacker getting elevated privileges on the target computer. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows Server 2012 servers.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows Server 2012. KB5012650 resolves the security threat on Windows Server 2012.

KB5012666 is the security-only update for Windows Server 2012. You can read more about the KB5012666 update on this page. Full list of fixes and improvements is available on this page.

KB5012650 – Critical RCE Vulnerabilities on Windows Server 2012

There have been a total of 117 vulnerabilities that have been shared as part of Microsoft’s security bulletin for the month of April 2022. We restrict our discussion to zero-day vulnerabilities and vulnerabilities that could pose a grave risk to your servers and IT infrastructure.

There are three RCE or Remote Code Execution threats that have been disclosed as part of the April security bulletin. We list the RCE vulnerabilities on Windows Server 2012 below.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows Server 2012 on priority. Also, it would be important to block the TCP port 445 on your firewall for protection against threats arising out of the external traffic hitting your network.
  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.

In particular, we need to focus on taking mitigation steps for the CVE-2022-26809 vulnerability. There have been active attempts to exploit this vulnerability. And, there are attempts being made to spread the vulnerability as a wormable threat. It is, therefore, important to take mitigation steps for the CVE-2022-26809 vulnerability on Windows Server 2012.

Prerequisites for installing KB5012650 on Windows Server 2012

Servicing Stack Update KB5011571 for Windows Server 2012 needs to be deployed before installing the KB5012650 monthly rollup update. The SSU KB5011571 is offered automatically during the Windows Update process for installing KB5012650.

However, if you intend to manually install KB5012650, please deploy KB5011571 prior to installing the KB5012650 monthly rollup update for Windows Server 2012. You can download KB5011571 from the Microsoft Update Catalog site.

  • SSU KB5011571 for Windows Server 2012 x64 version can be downloaded from this page. The size of the update file is 9.7 MB.

Once the SSU has been deployed on Windows Server 2012, you can proceed with installing the KB5012650 monthly rollup for Windows Server 2012.

You can read about the March month’s monthly rollup update for Windows Server 2012 on this page for KB5011535. Full list of changes and improvements for KB5011535 is available on the page.

How can I get the KB5012650 monthly update for Windows Server 2012?

KB5012650 is available through all the regular means of updating Windows Server software.

  • KB5012650 can be automatically downloaded and applied through the Windows Update process.
  • KB5012650 can also be applied automatically through the Microsoft Update for Business.
  • WSUS or the Windows Server Update Service can be used to automatically import the KB5012650 update. Once imported, the update can be applied automatically on the Windows Server 2012.

For all the automated methods, SSU KB5011571 is offered for implementation before the KB5012650 is deployed. You need to approve the installation of KB5011571 before installing the KB5012650 monthly update.

  • You can also implement KB5012650 manually. To manually install KB5012650 on Windows Server 2012, you will need to download it from the Microsoft Update catalog.
  • x64 version file for KB5012650 for Windows Server 2012 can be downloaded from this catalog page for KB5012650. The update file is 400.5 MB in size and may take some time to download and install on the server.

Other issues resolved in KB5012650 on Windows Server 2012

KB5012650 contains bug fixes, performance improvements, and vulnerabilities remediation. The following issues have been resolved in KB5012650 for Windows Server 2012.

  • Post-deployment of March updates, a few system administrators have reported intermittent issues in resetting expired passwords. This password reset issue has been resolved in KB5012650 for Windows Server 2012.
  • Some administrators may be unable to reset passwords on Windows Server 2012. Event ID 37 may show up in the Events log. This password reset issue has also been resolved in KB5012650.
  • CVE-2020-26784 has been resolved in KB5012650. This vulnerability could lead to Denial of Service on the Clustered Shared Volume.
  • November 2021 updates for Windows Server 2012 caused memory leak issues on the server. This caused the server to show degraded performance. The memory leak issue due to the PacRequestorEnforcement registry key has been resolved in KB5012650 for Windows Server 2012.
  • Some users may report a loss of configuration data on Windows Media Center when the server restarts. The issue with Windows Media Center has also been fixed in KB5012650.
  • There has been a report of the servers’ inability to join domains when disjoint DNS names are used. The issue is fixed in KB5012650.

.NET Framework issues on Windows Server 2012

January updates caused issues in setting or pulling in the Active Directory trust information in the AD forest. The cause of the issue is the underlying .NET framework on Windows Server 2012. The AD issue has been fixed in the .NET updates that were crafted for specific versions of the .NET Framework running on Windows Server 2012. We suggest patching the Windows Server 2012 with the .NET Framework file that corresponds to the .NET version deployed on the Windows Server 2012.

  • .NET Framework 4.5.2 needs to be updated with the .NET update that is a part of the KB5011260 update. It can be downloaded from the catalog page for KB5011260 here. The size of the update file is 54.3 MB in size.
  • .NET framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, or 4.7.2 needs to be updated with the KB5011262 file. It can be downloaded from the catalog page for KB5011262 here. The size of the update file is 375 KB.
  • .NET Framework 4.8 needs to be updated with the KB5011265 update file. It can be downloaded from the catalog page for KB5011265 here. The update file is 362 KB in size.

Summary

If given a choice, you must prefer installing the monthly rollup update instead of the security-only update. KB5012650 contains a lot of fixes for outstanding issues. Zero-day threats and CVSS 9.8 threats are taken care of in the monthly rollup update. The April month’s updates supersede the March month’s cumulative updates. No adverse reports have been shared by the system administrators who have implemented the KB5012650 monthly rollup update on Windows Server 2012.

You may also like to read more about the Windows Updates below: