KB5015811 Cumulative Security Update for Windows Server 2019 – July 2022

KB5015811 is the cumulative security update released on 12th July 2022 as part of the ‘Patch Tuesday’ project for Windows Server 2019. We look at the key aspects of the KB5015811 cumulative security update for Windows Server 2019.

KB5015811 for Windows Server 2019 – Salient Points

• KB5015811 cumulative update supersedes the KB5014692 security update for Windows Server 2019. KB5014692 was released in June 2022.
• KB5015811 fixes the zero-day vulnerability CVE-2022-22047 that affects Windows Server 2019.
• KB5015811 also fixes a vulnerability in the Active Directory Federation Service that could cause an attacker to take domain administrator privileges.
• KB5015811 upgrades the build on Windows Server 2019 to 17763.3165.
• Servicing Stack Update KB5005112 needs to be deployed on Windows Server 2019 prior to deploying KB5015811.
• KB5015811 also contains the changes that were part of the optional update KB5014669. KB5014669 was released on 23rd June 2022. If you have not installed KB5014669 yet, you can skip it and install KB5015811 instead.
• The size of the MSU update file for KB5015811 is 576.9 MB.

You can read more about KB5014692 security update for Windows Server 2019 on this page.

KB5015811 for Windows Server 2019 – Prerequisites

Since KB5015811 is a cumulative update, it contains all the changes that are part of KB5014692 cumulative update and KB5014669 optional update. KB5014692 and KB5014669 were released by Microsoft in June 2022.

The only dependency is to install the KB5005112 Servicing Stack Update prior to installing KB5015811 on Windows Server 2019. You can download KB5005112 from the Microsoft Update Catalog page here. The size of the update file is 13.8 MB.

SSU updates do not lead to restart of the server. So, once you deploy KB5005112, the server will not restart. However, KB5015811 update may require a restart.

Vulnerabilities resolved in KB5015811 for Windows Server 2019

There are multiple vulnerabilities that we are interested in. The zero-day risk and those vulnerabilities that carry an enhanced risk of exploitation have been listed below for a ready reference. All these have been fixed in KB5015811 for Windows Server 2019.

CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability

• This vulnerability has a CVSS rating of 7.8. It is a zero-day threat as it is being exploited by attackers.
• The vulnerability could lead to an Elevation of Privileges for the attacker.
• It is already being exploited and could lead to the attacker gaining SYSTEM privileges.
• It has been officially fixed in KB5015811 for Windows Server 2019

CVE-2022-30220 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

• This vulnerability has a CVSS score of 7.8.
• It could cause Elevation of Privileges on the Windows Server 2016.
• It is more likely to be exploited.
• The attacker could gain SYSTEM privileges by exploiting this vulnerability.
• The threat has been officially fixed in KB5015811.

CVE-2022-30215 – Active Directory Federation Services Elevation of Privilege Vulnerability

• This vulnerability has a CVSS score of 7.5.
• But, the impact of this vulnerability is that the attacker could assume domain administrator privileges. The vulnerability is an Elevation of Privilege vulnerability.
• The attack complexity of the vulnerability is complex.
• It has been officially fixed in KB5015811 for Windows Server 2019.

CVE-2022-30202 – Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability

• This vulnerability has a CVSS score of 7.
• It is more likely to be exploited and can lead to Elevation of Privilege risk. The attacker could gain SYSTEM privileges.
• The attack complexity is complex for the vulnerability to be exploited on Windows Server 2016.
• It has been officially patched in KB5015811 for Windows Server 2019

CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability

• This vulnerability has a CVSS score of 7.8.
• The vulnerability requires local access to the box or SSH access to the box.
• The risk could cause an attacker to assume SYSTEM privileges.
• The attack complexity is low because once the attacker has local access, he could exploit the Windows Graphic Component to gain enhanced privileges.
• It has been officially fixed in KB5015811 for Windows Server 2019.

How do I deploy KB5015811 on Windows Server 2019?

KB5015811 can be deployed through all the regular channels of updates for Windows servers.

• KB5015811 can be deployed using Windows Update
• KB5015811 can be deployed using Microsoft Update for Business.
• KB5015811 can be imported and deployed through WSUS.
• You can deploy KB5015811 manually through the Microsoft Update Catalog. The MSU update file can be downloaded from this page for KB5015811.

If you deploying through Windows Update, the SSU KB5005112 will be offered automatically. Else, you will need to download KB5005112 manually to deploy on Windows Server 2019.

Summary for KB5015811 for Windows Server 2019

KB5015811 seeks to replace KB5014692 and KB5014669 for Windows Server 2019. The deploy is straightforward. There is a single dependency of the Servicing Stack Update KB5005112. KB5015811 contains a fix for the zero-day vulnerability CVE-2022-22047.

Early adopters of the KB5015811 cumulative security update for Windows Server 2019 have not reported any issues post deployment of the security update on server.

You may like to read more content related to Microsoft updates for Windows Servers in the pages given below:

• KB5015808 Cumulative Security Update for Windows Server 2016 – released July 12
• Microsoft Patch Tuesday vulnerabilities for 12th July 2022