KB5012666 Security Update for Windows Server 2012 – April 12, 2022

The security update for Windows Server 2012 has been released by Microsoft on 12th April, 2022. KB5012666 is Microsoft’s ‘Patch Tuesday’ security update for Windows Server 2012. KB5012666 is just a security update and focuses on resolving security issues and threats on Windows Server 2012. A full update that contains security updates and non-security improvements is called the monthly rollup update for Windows Server 2012. It is your discretion if you wish to make use of the security-only update or the monthly rollup update. We suggest preferring the monthly rollup update over the security-only update.

For the purpose of this discussion, we restrict ourselves to the Windows Server 2012 security only update KB5012666.

KB5014018 is the security only update for Windows Server 2012 for the month of May 2022. You can read more about KB5014018 on this page.

Salient points about the KB5012666 security-only update:

  • KB5012666 is a security-only update. Before installing it, you need to ensure that the older security updates are already installed on Windows Server 2012. Security-only updates are mutually exclusive. March month’s security-only update KB5011486 should be already deployed on Windows Server 2012 prior to installing the KB5012666 update of April month.
  • SSU KB5011571 also needs to be deployed before installing KB5012666 on Windows Server 2012.
  • November 2021 updates on Windows Server 2012 caused a memory leak issue and degraded the performance of the server. This issue is sorted out in KB5012666.
  • Two zero-day vulnerabilities affect Windows Server 2012. Details are given below. Both are patched in KB5012666.
  • There are three critical vulnerabilities that can impact Windows Server 2012. All three carry a CVSS score of 9.8. One of these vulnerabilities is wormable and poses significant risks. Risk mitigation steps are mentioned below for CVE-2022-26809.
  • Since Windows Server 2012 is end of mainstream support, you need to be diligent in patching the server manually or through the WSUS.
  • The update file for x64 Windows Server 2012 is 47.6 MB only.

KB5012666 – Zero-day vulnerabilities on Windows Server 2012

Two zero-day vulnerabilities affect Windows Server 2012. Both are patched in the security update. The monthly rollup update for Windows Server 2012 also resolves these two zero-day threats. The details of both vulnerabilities are given below.

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

KB5012666 security update contains a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on the Windows Server 2012.

Since this vulnerability is publicly known and is more likely to be exploited, we suggest deploying the KB5012666 security updates for April Patch Tuesday on a priority basis.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows Server 2012. KB5012666 resolves the security threat on Windows Server 2012.

KB5012666 – Critical RCE Vulnerabilities on Windows Server 2012

There are three critical vulnerabilities with Remote Code Execution risks for Windows Server 2012. All these threats carry a CVSS score of 9.8. We are particularly concerned about the CVE-2022-26809 threat. CVE-2022-26809 requires you to take mitigation steps. The others are resolved as part of the security update KB5012666.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching the Windows Server 2012 on priority.
  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers that have the NFS enabled.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers that have the NFS enabled.

In all, 117 vulnerabilities have been reported in this month’s security bulletin by Microsoft. Quite a few of these affect Windows Server 2012 as well. Some are more likely to be exploited. For the purpose of our study, we have restricted our discussions to the zero-day threats and RCE vulnerabilities with ‘Critical’ severity for Windows Server 2012.

Prerequisite for KB5012666 – SSU KB5011571 for Windows Server 2012

Things become a bit complicated for Windows Server 2012 as it is the end of mainstream support. Before deploying KB5012666 on Windows Server 2012, please install the Servicing Stack Update KB5011571 on the server. The update file is a little under 10 MB. You can download it from the KB5011571 Microsoft Update Catalog page here.

Upon successful deployment of KB5011571, you can install the KB5012666 on Windows Server 2012.

How can I get KB5012666 for Windows Server 2012?

Windows Update is unavailable to patch security updates on Windows Server 2012. So, we are left with a couple of options to patch KB5012666 on Windows Server 2012.

  • WSUS or the Windows Server Update Service can be used to import the security update for Windows Server 2012 and deploy it on the target server.
  • You can download KB5012666 from the Microsoft Update Catalog page here. The x64 MSU file has a size of 47.6 MB.

.NET Framework Issue – Windows Server 2012

There have been issues in setting or reading the Active Directory Forest trust information after the deployment of the January updates. The underlying .NET Framework seems to have caused the issue. This issue has been resolved in the .NET patches released by Microsoft. Depending on the version of .NET Framework on Windows Server 2012, please consider patching the following .NET updates:

  • .NET Framework 4.5.2 should be patched with the KB5011260 file. The update file for x64 Windows Server 2012 is 54.3 MB in size. It can be downloaded from this page.
  • .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 should be patched with KB5011262. The update file for x64 Windows Server 2012 is 375 KB. It can be downloaded from this page.
  • .NET Framework 4.8 should be patched with the KB5011265 file. The update file for x64 Windows Server 2012 is 362 KB in size. It can be downloaded from this page.

Other Issues Resolved in KB5012666 for Windows Server 2012

There have been a few more issue resolutions on Windows Server 2012 in the KB5012666 security update.

  1. The issue with Windows Media Center losing its configuration is resolved.
  2. The memory leak issue resulting from November 2021 patch updates is resolved. This should improve server performance on Windows Server 2012.
  3. Password change or password reset issue is resolved in KB5012666. Password change may fail with an Event ID 37 logged in the events log.
  4. The issue with the ‘Access Denied’ message on specifying SPN (Service Principal Name) alias is resolved.
  5. The server may be unable to join the domain when using disjointed DNS names. This issue is resolved.

Summary

KB5012666 for Windows Server 2012 is a security only update that patches the zero-day and critical vulnerabilities in the month of April 2022. Before installing KB5012666, do make sure you have already installed March month’s security update KB5011486. And, the SSU KB5011571 is needed prior to installing the KB5012666 security update.

You may like to read more about the following content related to Windows Updates: