KB5014738 cumulative monthly rollup for Windows Server 2012 R2

KB5014738 is the monthly rollup update for Windows Server 2012 R2. It was released on the 14th of June and follows up with the KB5014011 monthly rollup update released in May 2022. We look at the key aspects of the KB5014738 cumulative update for Windows Server 2012 R2.

1. Salient points about KB5014738 for Windows Server 2012 R2
2. KB5014738 – Vulnerabilities on Windows Server 2012 R2
3. Prerequisites for installing KB5014738 on Windows Server 2012 R2
4. How to deploy KB5014738 on Windows Server 2012 R2?
5. Summary

Salient points about KB5014738 for Windows Server 2012 R2

• KB5014738 supersedes KB5014011 cumulative monthly rollup update for Windows Server 2012 R2.
• It also covers all the changes that were part of the out-of-band update KB5014986. KB5014986 was released on the 19th of May to resolve authentication issues on domain controllers. The issue was caused after the deployment of the KB5014011 monthly rollup update for Windows Server 2012 R2.
• If you did not deploy KB5014986 yet, you can skip it and instead deploy KB5014738 monthly rollup update for Windows Server 2012 R2.
• KB5014738 contains a fix for CVE-2022-30154 for the Microsoft File Server Shadow Copy Agent Service. You can read more about KB5015227 which explains the issue on this page.
• CVE-2022-30190, CVE-2022-30163, and CVE-2022-30136 are the vulnerabilities of interest for Windows Server 2012 R2. Details of each of these vulnerabilities are given in the vulnerability section below.
• SSU KB5014025 needs to be deployed on Windows Server 2012 R2 before deploying the KB5014738 monthly rollup update.
• There could be machine certificate authentication issues in the June updates. To prevent the issue, Microsoft has suggested two approaches for installing KB5014738. Details of both alternatives are given in the prerequisites section below.
• The size of the MSU update file for KB5014738 is 562.4 MB.
• KB5014738 can break the Wi-Fi hotspot function on Windows devices. At this point, there is no workaround for the impaired functionality. You will need to disable the Wi-Fi hotspot feature and use an alternative Internet source.

You can read more about May monthly rollup update for Windows Server 2012 R2 on the page for KB5014011 Monthly Rollup Update for Windows Server 2012 R2 – May 10, 2022.

KB5014738 – Vulnerabilities on Windows Server 2012 R2

We primarily discuss 3 vulnerabilities that are of significance for Windows Server 2012 R2.

CVE-2022-30190 – Windows Diagnostic Tool

• CVE-2022-30190 is a zero-day vulnerability that could lead to ‘Remote Code Execution’ attacks on the server.
• CVE-2022-30190 has a CVSS rating of 7.8.
• It is publicly disclosed and it is being exploited as well.
• The vulnerability resides in the Microsoft Windows Diagnostic Tool. When MSDT is called through a URL protocol, the attacker could access the system locally and cause arbitrary code execution on the server.
• You can resolve CVE-2022-30190 by applying KB5014738 monthly rollup or KB5014746 security update for Windows Server 2012 R2.
• Microsoft has also shared a mitigation plan that involves disabling the MSDT being called through the URL protocol. You can read more about the details of this mitigation plan on this page.

CVE-2022-30136 – Windows Network File System

• CVE-2022-30136 is a critical vulnerability with a CVSS rating of 9.8.
• The vulnerability affects Network File System version 4.1. NFS version 2 and NFS version 3 are unaffected by this vulnerability.
• You could disable NFS version 4.1. This will have a profound impact on the network services. Details of the process to disable NFS are listed on this page.
• You could resolve this vulnerability by deploying the KB5014738 monthly rollup update or KB5014746 security update on Windows Server 2012 R2.

CVE-2022-30163 – Windows Hyper V

• CVE-2022-30163 is a critical vulnerability that could lead to a Remote Code Execution threat.
• CVE-2022-30163 has a CVSS rating of 8.5.
• The vulnerability exists in the Windows Hyper V operating system.
• The attacker could access the Hyper V and gain low-level access to the underlying operating system.
• Using the Hyper V operating system, an attacker could cause arbitrary code execution on the server.
• The threat is resolved in the KB5014738 monthly rollup update and KB5014746 security update.

Prerequisites for installing KB5014738 on Windows Server 2012 R2

• KB5014025 is the Servicing Stack update. It needs to be deployed prior to installing KB5014738 on Windows Server 2012 R2. You can download KB5014025 through the Microsoft Update Catalog page for KB5014025. The size of the update file is 10.4 MB.
• To prevent machine certificate authentication issues, Microsoft suggests a couple of alternative approaches for implementing KB5014738 on Windows Server 2012 R2.
• Microsoft suggests installing the cumulative update on the application servers and non-domain controllers before installing it on the domain controllers.
• Or, you could use the registry editor to create a CertificateMappingMethods entry with a value of 0x1F. This should be done before deploying the June updates. Once the registry value has been created, you can deploy the update on the server. Post-deployment of the update, the registry entry can be removed. Details of the entire process can be checked from Microsoft’s release notes.

How to deploy KB5014738 on Windows Server 2012 R2?

• KB5014738 can be installed through Windows Update.
• KB5014738 can be deployed through Microsoft Update for Business.
• KB5014738 can also be deployed through the Windows Server Update Service or WSUS.
• KB5014738 can be deployed manually through the Microsoft Update Catalog. You can download the cumulative monthly rollup update from the Microsoft Update Catalog page for KB5014738.
• The size of the update file for KB5014738 is 562.4 MB.

Summary

KB5014738 is the monthly rollup update for Windows Server 2012 R2. It supersedes the KB5014011 monthly rollup update. Pay special attention to machine certificate authentication issues that may happen post-deployment of the June updates. It is recommended to follow the suggested process of updating KB5014738 on Windows Server 2012 R2.

You may also like to read more content related to June updates for Microsoft Windows Servers:

• KB5014747 monthly rollup cumulative update for Windows Server 2012
• KB5014678 Cumulative Update for Windows Server 2022
• KB5014692 Cumulative Update for Windows Server 2019
• KB5014702 Cumulative Update for Windows Server 2016 – June 2022
• KB5014741 Security Update for Windows Server 2012
• KB5014746 Security Update for Windows Server 2012 R2