KB5015808 Cumulative Security Update for Windows Server 2016 – released July 12

KB5015808 is the cumulative security update for Windows Server 2016 that has been released on 12th July. In other words, KB5015808 is the LCU for the ‘Patch Tuesday’ project for the month of July 2022. We look at the important points, prerequisites and installation instructions for KB5015808 below.

KB5015808 – Salient points for Windows Server 2016 Latest Cumulative Security Update.

• KB5015808 supersedes KB5014702. KB5014702 is the cumulative update for the month of June and was released on 14th June 2022. You can read more about the KB5014702 security update on this page.
• KB5015808 will upgrade the build on Windows Server 2016 to OS Build 14393.5246.
• KB5015808 will need the Servicing Stack Update KB5016058 to be installed. If you are using Windows Update or WSUS, the SSU will automatically get downloaded as part of the upgrade process. For the manual upgrade through Microsoft Catalog, please download the KB5016058 SSU.
• Zero-day vulnerability CVE-2022-22047 affects Windows Server 2016 and is resolved in KB5015808. This vulnerability could be exploited to cause an Elevation of Privilege on the target machine.
• There are a few other vulnerabilities that carry enhanced risk for Windows Server 2016. These are mentioned in the document below.
• The size of MSU update file for KB5015808 is 1562.9 MB for the x64 based systems.
• The Wi-Fi hotspot issue has been resolved in KB5015808 security update.

Prerequisites for KB5015808 on Windows Server 2016

• KB5015808 is a cumulative update and replaces KB5014702 for Windows Server 2016.
• There are no specific prerequisites for installing KB5015808. You will need to deploy KB5016058 Servicing Stack Update before deploying KB5015808 on Windows Server 2016.
• KB5016058 will be offered automatically as part of the upgrade process through Windows Update or WSUS.
• You can download KB5016058 directly from the Microsoft Catalog website. The size of the update file is 11.6 MB.
• SSU KB5016058 will not need a restart after deployment.

Vulnerabilities resolved in KB5015808 for Windows Server 2016

There is a single zero-day vulnerability that affects Windows Server 2016. Apart from the zero-day vulnerability, there are a few vulnerabilities that are more likely to be exploited.

CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability

• This vulnerability has a CVSS rating of 7.8.
• The vulnerability could lead to an Elevation of Privileges for the attacker.
• It is already being exploited and could lead to the attacker gaining SYSTEM privileges.
• It has been officially fixed in KB5015808 for Windows Server 2016

CVE-2022-30220 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

• This vulnerability has a CVSS score of 7.8.
• It could cause Elevation of Privileges on the Windows Server 2016.
• It is more likely to be exploited.
• The attacker could gain SYSTEM privileges by exploiting this vulnerability.
• The threat has been officially fixed in KB5015808.

CVE-2022-30215 – Active Directory Federation Services Elevation of Privilege Vulnerability

• This vulnerability has a CVSS score of 7.5.
• But, the impact of this vulnerability is that the attacker could assume domain administrator privileges. The vulnerability is an Elevation of Privilege vulnerability.
• The attack complexity of the vulnerability is complex.
• It has been officially fixed in KB5015808 for Windows Server 2016.

CVE-2022-30202 – Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability

• This vulnerability has a CVSS score of 7.
• It is more likely to be exploited and can lead to Elevation of Privilege risk. The attacker could gain SYSTEM privileges.
• The attack complexity is complex for the vulnerability to be exploited on Windows Server 2016.
• It has been officially patched in KB5015808 for Windows Server 2016

CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability

• This vulnerability has a CVSS score of 7.8.
• The vulnerability requires local access to the box or SSH access to the box.
• The risk could cause an attacker to assume SYSTEM privileges.
• The attack complexity is low because once the attacker has local access, he could exploit the Windows Graphic Component to gain enhanced privileges.
• It has been officially fixed in KB5015808 for Windows Server 2016.

How to deploy KB5015808 on Windows Server 2016?

KB5015808 can be deployed automatically or manually.

• Windows Update can be used to automatically download and deploy KB5015808 on Windows Server 2016.
• Microsoft Update for Business can be used for automatically patching the KB5015808 update on Windows Server 2016.
• WSUS can be used to import and deploy KB5015808 on Windows Server 2016.
• You can also apply the KB5015808 on Windows Server 2016 through Microsoft Update Catalog. The MSU update of 1562.9 MB can be downloaded from the Microsoft Catalog page for KB5015808. If you plan to patch manually, do ensure you also install KB5016058 Servicing Stack Update.

Summary for KB5015808

KB5015808 is a straight forward cumulative update for Windows Server 2016. It resolves the Wi-Fi hotspot issue wherein a few computers may not be able to make use of the Wi-Fi hotspot after deploying the June month’s KB5014702 update.

There have been no adverse reports as yet about KB5015808 by the early adopters of the KB5015808 on Windows Server 2016.

You may like to read more about July month security updates from Microsoft in the pages below:

• Microsoft Patch Tuesday vulnerabilities for 12th July 2022
• KB5014702 Cumulative Update for Windows Server 2016 – June 2022