KB5014692 is the cumulative update for Windows Server 2019 that was released on 14th June 2022. It supersedes the KB5013941 update from the month of May. We look at some of the significant points about the KB5014692 cumulative update for Windows Server 2019 below.
- KB5014692 – Salient points about KB5014692 for Windows Server 2019
- KB5014692 – Zero-day vulnerability on Windows Server 2019
- KB5014692 – Other vulnerabilities on Windows Server 2019
- KB5014692 – Prerequisites for installing KB5014692 on Windows Server 2019
- How can I deploy KB5014692 on Windows Server 2019?
- Summary for KB5014692
KB5014692 – Salient points about KB5014692 for Windows Server 2019
- KB5014692 is a cumulative update. It pushes Windows Server 2019 build to OS Build 17763.3046.
- KB5014692 supersedes KB5013941 cumulative update.
- KB5014692 also supersedes the emergency OOB or Out-of-band update KB5015018 for Windows Server 2019. KB5015018 was released on May 19. It contained a fix for authentication issues on domain controllers patched with KB5013941 cumulative update. If you did not apply the KB5015018 update on Windows Server 2019, you can skip it. All the changes contained in KB5015018 are a part of the KB5014692 cumulative update.
- In terms of risks, you need to be aware of vulnerabilities CVE-2022-30136, CVE02022-30139, CVE-2022-30163, and CVE-2022-30190. Details are shared below.
- Machines on your network may run into certification authentication issues unless you follow the recommended strategy of updating the servers with the June update. Details are shared below on the two alternatives shared by Microsoft.
- SSU KB5005112 released in August 2021 should already be deployed before deploying KB5014692. If you have not installed KB5005112, please implement it now.
- The size of the MSU update file for KB5005112 is a little over 571 MB.
You can read more about KB5013941 security update for Windows Server 2019 on this page.
KB5014692 – Zero-day vulnerability on Windows Server 2019
CVE-2022-30190 is a zero-day vulnerability that affects Windows Server 2019. The following are important points about the CVE-2022-30190 vulnerability in brief:
- CVE-2022-30190 affects Microsoft Windows Support Diagnostic (MSDT) tool.
- It can lead to Remote Code Execution attacks on the target Windows Server 2019.
- CVE-2022-30190 has a CVSS rating of 7.8.
- CVE-2022-30190 is publicly disclosed and it is being actively exploited.
- The vulnerability can allow the attacker to cause arbitrary code execution attacks on the target.
- Microsoft has also published mitigation steps on the blog entry for CVE-2022-30190.
This is what Microsoft has mentioned in the security blog entry:
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
The resolution for CVE-2022-30190 lies in patching Windows Server 2019 with KB5014692.
KB5014692 – Other vulnerabilities on Windows Server 2019
There are a few other vulnerabilities on Windows Server 2019. In all 60 vulnerabilities have been declared as part of various security updates in June 2022. The two vulnerabilities we are concerned about are:
CVE-2022-30136 – Windows Network File System Remote Code Execution
The details of CVE-2022-30136 are mentioned in brief below:
- CVE-2022-30136 is a critical vulnerability in the Windows Network File System. The threat could lead to Remote Code Execution attacks on the target.
- It has a CVSS rating of 9.8 with a critical impact on the infrastructure.
- Windows Network File System version 4.1 is impacted by this vulnerability. NFS version 2 and NFS version 3 are not affected by CVE-2022-20136.
- The mitigation steps suggested by Microsoft involve turning off the NFS version 4.1. This could lead to major consequences on the network. So, please plan accordingly.
- You will need to restart the NFS server after disabling NFS version 4.1.
- The mitigation strategy has been discussed in detail on the CVE-2022-30136 page on the Microsoft site.
CVE-2022-30139 – Windows LDAP Remote Code Execution
The details of CVE-2022-30139 are mentioned in brief below:
- CVE-2022-30139 affects Windows LDAP. It can lead to Remote Code Execution attacks on the target server.
- CVE-2022-30139 has a CVSS score of 7.5.
- The attack complexity of CVE-2022-30139 is rate AC: H and is considered complex.
- This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.
CVE-2022-30163 – Windows Hyper V Remote Code Execution
- CVE-2022-30163 is a critical vulnerability with a CVSS score of 8.5.
- An attacker could run a malicious application on Hyper V guest. It can cause the Hyper V host operating system to be targeted for remote code execution.
- The attack complexity is complex and rated as AC: H.
- This vulnerability is resolved in KB5014692 for Windows Server 2019.
KB5014692 – Prerequisites for installing KB5014692 on Windows Server 2019
SSU KB5005112 for Windows Server 2019
- Before deploying KB5014692, you need to make sure that the KB5005112 SSU update is already deployed. SSU KB5005112 was released in August 2021. So, if you have been patching the Windows Server 2019 regularly, you would have already deployed KB5005112 on the server.
- You can download KB5005112 from the Microsoft Update Catalog page here.
Certificate Authentication on Servers
- Microsoft suggests patching intermediate and application servers with the KB5014692 update before deploying KB5014692 on the domain controllers.
- Alternatively, use the registry editor on Windows Server 2019 to create a CertificateMappingMethods entry and set it to 0x1F. Deploy the June update KB5014692 before removing the CertificateMappingMethods entry.
Details of the certificate mapping issue are provided on the KB5014692 cumulative update page for Windows Server 2019.
How can I deploy KB5014692 on Windows Server 2019?
Windows Server 2019 can be patched with KB5014692 through all the normal channels of Windows Update.
- KB5014692 can be deployed through Windows Update automatically.
- KB5014692 can also be deployed through the Microsoft Update for Business.
- KB5014692 can be installed automatically through the WSUS or Windows Server Update Service on Windows Server 2019.
- To deploy KB5014692 manually, you can download KB5014692 through the Microsoft Update Catalog page for KB5014692.
The size of the MSU update file is 576.1 MB.
Summary for KB5014692
KB5014692 resolves security vulnerabilities on Windows Server 2019. KB5014692 replaces KB5013941 and KB5015018. SSU KB5005112 needs to be deployed prior to installing KB5014692. You will also need to pay heed to the order of updating KB5014692 on the target Windows Server 2019 server.
You can read more about the Windows Server updates below:
Helen is a geeky nerd who seeks to find and fix tech gaps in the latest gadgets. She is always on the lookout for resolving technical queries of users, and is an avid writer on technical subjects.