KB5015807 Cumulative Security Update for Windows Server 20H2

KB5015807 security update for Windows Server 20H2 (Server Core Installation) has been released on 12th July 2022. The update is cumulative in nature and replaces the previous month’s cumulative update for Windows Server 20H2. We look at the key aspects of the Windows Server 20H2 cumulative update for July 2022.

Salient Points – KB5015807 for Windows Server 20H2 Server core Installation

  • KB5015807 supersedes KB5014669 cumulative update. KB5014699 was released in the month of June 2022.
  • KB5015807 also replaces the out of band update KB5016139 released on 20th June 2022.
  • KB5015807 also contains all the changes that are part of the optional update KB5014666 released for Windows Server 20H2. KB5014666 was released on 28th June 2022.
  • Windows Server 20H2 is affected by CVE-2022-22047. It is a zero day vulnerability that is fixed in KB5015807 cumulative update.
  • There are a few other significant vulnerabilities that affect Windows Server 20H2 and are listed below for ready reference.
  • For WSUS or Microsoft Update Catalog deployments, you need to install SSU KB5005260 if you have not installed any cumulative update KB5003173 or later.
  • For offline OS images, you need to have deployed KB5011543 or later update on Windows Server 20H2. Or else, you will need to deploy SSU KB5014032 to bring the server up to speed with the update requirement.
  • The size of the x64 update file for KB5015807 is 693.9 MB. The size of the ARM64 update file for KB5015807 is 728.6 MB.

Prerequisites – KB5015807 cumulative update for Windows Server 20H2

There are a couple of prerequisites for deploying KB5015807 on the Windows Server 20H2.

  • For offline OS images, you must have installed the cumulative update KB501543 for March 2022 or later. If you have not installed March 2022 or later cumulative update on Windows Server 20H2, you can install the Servicing Stack Update KB5014032.
  • KB5014032 can be downloaded from the Microsoft Update Catalog.
  • The size of x64 update file is 15.1 MB. The size of ARM64 files is 13.9 MB.
  • Installing the SSU will not cause the server to restart.
  • If you use WSUS or Microsoft Update Catalog for installing the security updates, you will need to ensure that the KB5015807 is installed after checking for the SSU requirement.
  • You need to deploy KB5003173 cumulative update or later cumulative update before installing KB5015807. KB5003173 was released in May 2021. So, you must have a cumulative update from May 2021 or later before you can install KB5015807 on Windows Server 20H2. If the current status of cumulative updates on Windows Server 20H2 pre-dates May 2021, you can install the August 2021 Servicing Stack Update KB5005260.
  • KB5005260 SSU can be downloaded from the Microsoft Update Catalog.
  • The size of the x64 update file for KB5005260 is 14.8 MB. The size of the ARM64 update file for KB5005260 is 13.7 MB.
  • Installing the SSU does not lead to server reboot.

Apart from these pre-requisites, there are no additional requirements for installing KB5015807 on Windows Server 20H2.

Vulnerabilities resolved in KB5015807 for Windows Server 20H2

Windows Server 20H2 Server Core Installation is affected by multiple vulnerabilities. The ones that are more likely to be exploited are listed below. Zero-day threat is also mentioned for a ready reference for system administrators.

CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability

  • This is a zero-day vulnerability that affects Windows Server 20H2 with CVSS rating of 7.8.
  • The vulnerability could lead to an Elevation of Privileges for the attacker and could lead to the attacker gaining SYSTEM privileges.

CVE-2022-30220 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • This vulnerability has a CVSS score of 7.8 that could cause Elevation of Privilege.
  • It is more likely to be exploited and the attacker could gain SYSTEM privileges by exploiting this vulnerability.

CVE-2022-30215 – Active Directory Federation Services Elevation of Privilege Vulnerability

  • This vulnerability has a CVSS score of 7.5.
  • But, the impact of this vulnerability is that the attacker could assume domain administrator privileges. The vulnerability is an Elevation of Privilege vulnerability.
  • The attack complexity of the vulnerability is complex.

CVE-2022-30202 – Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability

  • This vulnerability has a CVSS score of 7.
  • It is more likely to be exploited and can lead to Elevation of Privilege risk. The attacker could gain SYSTEM privileges.
  • The attack complexity is complex for the vulnerability to be exploited.

CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability

  • This vulnerability has a CVSS score of 7.8.
  • The vulnerability requires local access to the box or SSH access to the box.
  • The risk could cause an attacker to assume SYSTEM privileges.
  • The attack complexity is low because once the attacker has local access, he could exploit the Windows Graphic Component to gain enhanced privileges.

CVE-2022-30216- Service Tampering Vulnerability

  • It is a CVSS 8.8 vulnerability.
  • For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service.
  • The vulnerability affects Windows Server 20H2 and is fixed in KB5015807.

How to deploy KB5015807 on Windows Server 20H2

KB5015807 can be deployed on Windows Server 20H2 through all the regular channels of Windows Updates.

  • Windows Update can be used to deploy KB5015807 automatically.
  • Microsoft Update for Business can be used to deploy KB5015807 on Windows Server 20H2.
  • WSUS or Windows Server Update Service can be used to import and install cumulative update KB5015807 on Windows Server 20H2.
  • You can deploy KB5015807 manually through the Microsoft Update Catalog. KB5015807 can be downloaded from the Microsoft Update Catalog page here. You will need to download the file that corresponds to x64 or the ARM64 platform.

Summary

KB5015807 is July month’s security update for Windows Server 20H2. You need to be wary of the prerequisites for installing KB5015807 on the server. Also, you need to be aware of the zero-day vulnerability and the Active Directory Federation Services vulnerability on Windows Server 20H2.

There are no known issues that have been reported after installation of KB5015807 on Windows Server 20H2 Server Core Installation.

You may also like to read more content related to Windows Server updates below: