KB5012670 Monthly Rollup for Windows Server 2012 R2 – April 12, 2022

The monthly rollup update for Windows Server 2012 R2 was released on 12th April, 2022. KB5012670 is the monthly rollup update that includes security changes and non-security improvements for the Windows Server 2012 R2. The monthly rollup updates are more comprehensive than the security-only updates for Windows Server 2012 R2. This is the reason that you must try to install monthly rollup updates on the Windows Server 2012 R2 on account of the exhaustive nature of these updates. We look at the key aspects of the monthly rollup update KB5012670 for Windows Server 2012 R2 below.

KB5014011 is the monthly rollup update for Windows Server 2012 R2 for the month of May. You may read more about the monthly rollup KB5014011 on this page.

Salient points about KB5012670 monthly rollup update for Windows Server 2012 R2:

  • KB5012670 is a monthly rollup update for April 2022. It supersedes the March month’s monthly rollup update for Windows Server 2012 R2 – KB5011564.
  • The monthly rollup update contains all the changes that are part of the security-only update for April 2022 for Windows Server 2012 R2. In other words, the KB5012670 monthly rollup update contains all the changes that are part of the KB5012639 security-only update.
  • Two Zero-day vulnerabilities affect Windows Server 2012 R2. Both are patched in the KB5012670 monthly rollup update.
  • Three critical Remote Code Execution threats with a CVSS score of 9.8 also impact the Windows Server 2012 R2. Two of these are fixed in the monthly rollup update KB5012670. Risk mitigation steps for the third vulnerability are shared below.
  • The password reset issue on Windows Server 2012 R2 is patched in KB5012670. You can read more about the issue in detail below.
  • The memory leak issue on Windows Server 2012 R2 has been fixed in KB5012670. The issue developed after the implementation of November 2021 updates on Windows Server 2012 R2.
  • Microsoft suggests upgrading the .NET Framework on the Windows Server 2012 R2 to resolve Active Directory issues.
  • SSU KB5012672 needs to be implemented on Windows Server 2012 R2 before installing the KB5012670 monthly rollup update.

Zero-day Vulnerabilities on Windows Server 2012 R2

There have been two zero-day vulnerabilities that are shared or disclosed by Microsoft as part of the April month’s security bulletin. Both vulnerabilities are shared below. These vulnerabilities are significant because they are publicly known or exploitation attempts have been already detected for these security risks. Therefore, it is pertinent to ask you to patch the Windows Server 2012 R2 with the monthly rollup update KB5012670 on an immediate basis.

We list the two zero-day vulnerabilities that affect Windows Server 2012 R2 below:

CVE-2022-26904 – CVSS 7 – Windows User Profile Service

KB5012639 security update and the KB5012670 monthly rollup update contain a fix for the zero-day vulnerability in the User Profile Service on Windows operating system across the server and desktop versions. The unintended consequence of this vulnerability may result in the attacker getting elevated privileges on the target computer. The vulnerability carries a CVSS score of 7 and has a ‘high impact’ on the associated infrastructure based on the Windows Server or Desktop operating systems. It could be exploited and lead to the elevation of privileges on Windows Server 2012 R2 servers.

CVE-2022-24521 – CVSS 7.8 – Windows Log File System Driver

This is the second zero-day vulnerability disclosed by Microsoft on 12th April. It affects the Windows Log File System Driver and can lead to ‘Elevation of Privileges’. It has not been publicly shared earlier. However, the vulnerability has been found to be under active exploitation attempts. It carries a CVSS score of 7.8, leading to a high-level impact on the target Windows 11. KB5012670 and KB5012639 resolve the security threat on Windows Server 2012 R2.

The security-only update for Windows Server 2012 R2 is KB5012639. You can read more about the KB5012639 security update on this page.

KB5012670 – Critical RCE Vulnerabilities on Windows Server 2012 R2

There have been a total of 117 vulnerabilities that have been shared as part of Microsoft’s security bulletin for the month of April 2022. We restrict our discussion to zero-day vulnerabilities and vulnerabilities that could pose a grave risk to your servers and IT infrastructure.

There are three RCE or Remote Code Execution threats that have been disclosed as part of the April security bulletin. We list the RCE vulnerabilities on Windows Server 2012 R2 below.

  • CVE-2022-26809 – RPC Runtime Library Remote Code Execution Vulnerability – This RCE vulnerability has a CVSS score of 9.8 Microsoft suggests blocking TCP port 445 to mitigate this vulnerability from external traffic. For the internal traffic, it is suggested to secure the SMB traffic. We feel that CVE-2022-26809 could pose a significant risk as it is ‘wormable’. Consider patching Windows Server 2012 R2 on priority. Also, it would be important to block the TCP port 445 on your firewall for protection against threats arising out of the external traffic hitting your network.
  • CVE-2022-24497 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 9.8. It can allow an attacker to send a malicious NFS protocol message to the vulnerable server and cause a Remote Code Execution. This vulnerability affects Windows Servers and systems that have the NFS enabled.

In particular, we need to focus on taking mitigation steps for the CVE-2022-26809 vulnerability. There have been active attempts to exploit this vulnerability. And, there are attempts being made to spread the vulnerability as a wormable threat. It is, therefore, important to take mitigation steps for the CVE-2022-26809 vulnerability on Windows Server 2012 R2.

The monthly rollup update for Windows Server 2012 R2 for the March month can be found on this page for KB5011564. KB5012670 supersedes KB5011564 monthly rollup updates.

Prerequisites for installing KB5012670 on Windows Server 2012 R2

Servicing Stack Update KB5012672 for Windows Server 2012 R2 needs to be deployed before installing the KB5012670 monthly rollup update. The SSU KB5012672 is offered automatically during the Windows Update process for installing KB5012670.

However, if you intend to manually install KB5012670, please deploy KB5012672 prior to installing the KB5012670 monthly rollup update for Windows Server 2012 R2. You can download KB5012672 from the Microsoft Update Catalog site.

  • SSU KB5012672 for Windows Server 2012 R2 x64 version can be downloaded from this page. The size of the update file is 10.4 MB.

Once the SSU has been deployed on Windows Server 2012 R2, you can proceed with installing the KB5012670 monthly rollup for Windows Server 2012 R2.

How can I get the KB5012670 monthly update for Windows Server 2012 R2?

KB5012670 is available through all the regular means of updating Windows Server software.

  • KB5012670 can be automatically downloaded and applied through the Windows Update process.
  • KB5012670 can also be applied automatically through the Microsoft Update for Business.
  • WSUS or the Windows Server Update Service can be used to automatically import the KB5012670 update. Once imported, the update can be applied automatically on the Windows Server 2012 R2.

For all the automated methods, SSU KB5012672 is offered for implementation before the KB5012670 is deployed. You need to approve the installation of KB5012672 before installing the KB5012670 monthly update.

  • You can also implement KB5012670 manually. To manually install KB5012670 on the Windows Server 2012 R2, you will need to download it from the Microsoft Update catalog.
  • x64 version file for KB5012670 for Windows Server 2012 R2 can be downloaded from this catalog page for KB5012670. The update file is 554.9 MB in size and may take some time to download and install on the server.

Other issues resolved in KB5012670 on Windows Server 2012 R2

KB5012670 contains bug fixes, performance improvements, and vulnerabilities remediation. The following issues have been resolved in KB5012670 for Windows Server 2012 R2.

  • Post-deployment of March updates, a few system administrators have reported intermittent issues in resetting expired passwords. This password reset issue has been resolved in KB5012670 for Windows Server 2012 R2.
  • Some administrators may be unable to reset passwords on Windows Server 2012 R2. Event ID 37 may show up in the Events log. This password reset issue has also been resolved in KB5012670.
  • CVE-2020-26784 has been resolved in KB5012670. This vulnerability could lead to Denial of Service on the Clustered Shared Volume.
  • November 2021 updates for Windows Server 2012 R2 caused memory leak issues on the server. This caused the server to show degraded performance. The memory leak issue due to the PacRequestorEnforcement registry key has been resolved in KB5012670 for Windows Server 2012 R2.
  • Some users may report a loss of configuration data on Windows Media Center when the server restarts. The issue with Windows Media Center has also been fixed in KB5012670.
  • There has been a report of the servers’ inability to join domains when disjoint DNS names are used. The issue is fixed in KB5012670.

.NET Framework issues on Windows Server 2012 R2

January updates caused issues in setting or pulling in the Active Directory trust information in the AD forest. The cause of the issue is the underlying .NET framework on Windows Server 2012 R2. The AD issue has been fixed in the .NET updates that were crafted for specific versions of the .NET Framework running on Windows Server 2012 R2. We suggest patching the Windows Server 2012 R2 with the .NET Framework file that corresponds to the .NET version deployed on the Windows Server 2012 R2.

  • .NET Framework 4.5.2 needs to be updated with the .NET update that is a part of the KB5011261 update. It can be downloaded from the catalog page for KB5011261 here. The size of the update file is 72.2 MB in size.
  • .NET framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, or 4.7.2 needs to be updated with the KB5011263 file. It can be downloaded from the catalog page for KB5011263 here. The size of the update file is 376 KB.
  • .NET Framework 4.8 needs to be updated with the KB5011266 update file. It can be downloaded from the catalog page for KB5011266 here. The update file is 359 KB in size.

Summary

KB5012670 contains fixes for the two zero-day vulnerabilities on Windows Server 2012 R2. It supersedes the KB5011564 monthly update for Windows Server 2012 R2. There have been quite a few fixes in the monthly update KB5012670. And, it would be pertinent to update the .NET Framework on the Windows Server 2012 R2 for a seamless working of the Active Directory forest and trust relationship in the AD forest.

You may also like to read more about the Windows Updates below: