KB5014702 Cumulative Update for Windows Server 2016 – June 2022

Microsoft released the cumulative update KB5014702 for Windows Server 2016 on the 14th of June 2022. This update will push your Windows Server 2016 build to OS Build 14393.5192. We look at the key aspects of KB5014702 below.

You can read more about KB5015808 cumulative security update for Windows Server 2016 for the month of July 2022 on this page for KB5015808.

You can read about May month’s cumulative security update KB5013952 for Windows Server 2016 on this page.

Salient points about KB5014702 cumulative update for Windows Server 2016

  • KB5014702 is a cumulative update that supersedes KB5013952. KB5013952 is the cumulative update for the month of May 2022 that was released on 10th May 2022.
  • KB5014702 also supersedes the out-of-band update KB5015019. KB5015019 is an emergency patch released to fix authentication issues on Windows Server 2016 domain controllers. It was released on 19th May, 2022. If you have not deployed KB5015019 as yet, you can skip it. Installing KB5014702 will take care of KB5015019 as well.
  • The size of the MSU update file for x64 systems KB5014702 is 1571 MB.
  • Windows Server 2016 is impacted with critical vulnerabilities CVE-2022-30136 and CVE-2022-30139. It is also affected by the zero-day vulnerability CVE-2022-30190.
  • Servicing Stack Update KB5014026 needs to be deployed prior to installing KB5014702.
  • Before installing KB5014702 on domain controllers, deploy KB5014702 on the intermediate and application servers that pass the authenticated certificates to the domain controllers.

KB5014702 – Zero-day vulnerability on Windows Server 2016

KB5014702 contains a fix for the CVE-2022-30190 vulnerability. We lay out the information on CVE-2022-30190 in the list below.

  • CVE-2022-30190 is a zero-day vulnerability that is publicly disclosed and exploitation has been detected.
  • The CVSS score of CVE-2022-30190 is 7.8.
  • The vulnerability can lead to Remote Code Execution attacks. A remote attacker could deploy software on the impacted server. And, the attacker could access the server locally to cause threats to the infrastructure.

Here is what Microsoft has written about the CVE-2022-30190 and the recommended action to resolve the vulnerability:

On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. On Tuesday June 14, 2022, Microsoft issued Windows updates to address this vulnerability. Microsoft recommends installing the updates as soon as possible.

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.

You can read more about CVE-2022-30190 on Microsoft’s Security team’s blog here.

KB5014702 – Critical vulnerabilities on Windows Server 2016

There have been a total of 60 vulnerability disclosures as part of June month’s security updates across all the servers. Of this, we focus our attention on the two critical vulnerabilities that affect Windows Server 2016.

CVE-2022-30136 – Windows Network File System Remote Code Execution Vulnerability

  • This is a critical vulnerability with a CVSS score of 9.8. It can lead to remote code execution threats on the server.
  • Immediate patching of KB5014702 is needed to fix the vulnerability.
  • CVE-2022-30136 is more likely to be exploited.
  • The vulnerability lies in Network File Server version 4.1. NFS server version 2 and NFS server version 3 are not impacted by CVE-2022-30136.
  • Microsoft recommends taking mitigation efforts on Windows Server 2016 affected by the vulnerability.

Microsoft suggests disabling NFS 4.1 on a temporary basis until you have deployed the KB5014702 on Windows Server 2016. Disabling the NFS version 4.1 will cause an impact on the server and may break your network as well.

We suggest that you read the detailed mitigation strategy for CVE-2022-30136 on Microsoft’s vulnerability document.

CVE-2022-30139 – Windows LDAP Remote Code Execution vulnerability

  • CVE-2022-30139 has a CVSS score of 7.5.
  • The attack complexity for CVE-2022-30139 is complex as it is rated as AC: H.
  • This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.

The threat is resolved as part of the KB5014702 cumulative security update.

CVE-2022-30163 – Windows Hyper V

  • CVE-2022-30163 is a vulnerability with CVSS rating of 8.5.
  • It has a critical impact on the compromised server.
  • CVE-2022-30163 is a risk because it allows the attacker to take over low-level access to the Windows Hyper V operating system.
  • The unintended impact of this vulnerability could lead to a change in the scope of the network. The impact of this vulnerability can be far-reaching.
  • This vulnerability has been patched in KB5014702 for Windows Server 2016.

KB5014702 – Prerequisites for installing KB5014702 on Windows Server 2016

There are only two points that need to be taken care of. KB5014026 SSU update and the certificate authentication considerations for the server.

KB5014026_- SSU for Windows Server 2016

  • Deploy SSU or Servicing Stack Update KB5014026 on Windows Server 2016 before deploying KB5014702. KB5014026 will be automatically applied if you are using Windows Update for installing the patches automatically.
  • SSU KB5014026 can be manually downloaded from the KB5014026 page on the Microsoft Update catalog.
  • The size of the KB5014026 update file is only 11.6 MB.

KB5014702 – Certificate authentication issues

Microsoft recommends taking one of the following steps to ensure that the certificate authentication issues do not end up causing authentication issues on the intermediate servers.

  • Install KB5014702 on the intermediate and application servers that handle authentication certificates before deploying KB5014702 on the domain controllers.
  • Or, using the registry editor set the ‘CertificateMappingMethods’ to 0x1F. Apply the KB5014702 update on Windows Server 2016. Now, delete the registry entry you created above. You can read more about the registry entry on the page for KB5014754.
  • Taking one of these two steps should ensure that the certificate authentication issues do not affect Windows Server 2016 as part of the deployment process of the KB5014702 cumulative update.

How can I deploy KB5014702 on Windows Server 2016?

Windows Server 2016 supports all the normal update methods of Windows Update strategies.

  • KB5014702 can be deployed automatically on Windows Server 2016 using the Windows Update.
  • KB5014702 can also be deployed automatically on Windows Server 2016 using the Windows Update for Business.
  • KB5014702 can be deployed automatically using the WSUS or the Windows Server Update Service.
  • KB5014702 can be deployed manually through the Microsoft Update catalog. You can download KB5014702 from the Microsoft Update Catalog page here.

Summary for KB5014702

KB5014702 for Windows Server 2016 resolves zero-day and critical vulnerabilities published in June 2022. Besides the security vulnerability, KB5014702 also addresses a lot of bug fixes on Windows Server 2016. You can read more about the bug fixes on the KB5014702 document on the Microsoft website.