About

KB5015874 Monthly Rollup for Windows Server 2012 R2

The monthly rollup update for Windows Server 2012 R2 was released on 12th July. KB5015874 is the monthly cumulative update for Windows Server 2012 R2. It includes security improvements and quality improvements for the Windows Server 2012. We look at the key aspects of KB5015874 for Windows Server 2012 R2.

Salient points about KB5015874 for Windows Server 2012 R2

  • KB5015874 is a monthly rollup update. It is cumulative in nature.
  • KB5015874 contains all the changes and security improvements that are part of the KB5015877 security-only update for Windows Server 2012 R2. KB5015877 was released on 12th July 2022. You can read more about KB5015877 on this page for KB5015877.
  • KB5015874 also supersedes June month’s monthly rollup update for Windows Server 2012 R2. KB5014738 is the monthly rollup update for the month of June and you can read about it on this page for KB5014738.
  • Before deploying KB5015874 on Windows Server 2012 R2, you need to install the latest Servicing Stack Update (SSU) KB5016264.
  • The size of the MSU update file for KB5015874 for Windows Server 2012 R2 is 564 MB.
  • You can also choose to deploy security only update KB5015877 for Windows Server 2012 R2.

Prerequisites for installing KB5015874 on Windows Server 2012 R2

There is a single dependency for installing KB5015874 on Windows Server 2012 R2. You ought to deploy the latest Servicing Stack Update KB5016264. Here is how you can install KB5016264 on the Windows Server 2012 R2:

  • If you intend to deploy KB5015874 automatically through Windows Update or WSUS, the latest SSU for Windows Server 2012 R2 will be offered to you automatically as part of the overall update process.
  • If you intend to deploy KB5015874 manually through the Microsoft Update Catalog, you will need to make sure that the SSU KB5016264 is installed prior to deployment of KB5015874. KB5016264 can be downloaded from the Microsoft Update Catalog page for KB5016264.
  • The size of the MSU update file for KB5016264 is 10.8 MB only.
  • As is the case with other Servicing Stack Updates, KB5016264 will not cause server reboot or restart.

Once you have installed KB5016264 on Windows Server 2012 R2, you can proceed with the deployment process of KB5015874. Do remember that installing KB5015874 may lead to server reboot. We do suggest using a change ticket to deploy KB5015874.

Security threats resolved in KB5015874 for Windows Server 2012 R2

The following vulnerabilities have been disclosed as part of July month’s security bulletin in the ‘Patch Tuesday’ project. These vulnerabilities have been resolved in KB5015874.

CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability

  • This is a zero-day vulnerability that affects Windows Server 2012 R2 and has a CVSS rating of 7.8.
  • The vulnerability could lead to an Elevation of Privileges for the attacker and the attacker could gain SYSTEM privileges.

CVE-2022-30220 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • This vulnerability has a CVSS score of 7.8 that could cause Elevation of Privilege.
  • It is more likely to be exploited and the attacker could gain SYSTEM privileges by exploiting this vulnerability.

CVE-2022-30215 – Active Directory Federation Services Elevation of Privilege Vulnerability

  • This vulnerability has a CVSS score of 7.5 with attack complexity being complex.
  • But, the impact of this vulnerability is that the attacker could assume domain administrator privileges. The vulnerability is an Elevation of Privilege vulnerability.

CVE-2022-30202 – Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability

  • This vulnerability has a CVSS score of 7.
  • It is more likely to be exploited and can lead to Elevation of Privilege risk. The attacker could gain SYSTEM privileges. The attack complexity for this vulnerability is complex.

CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability

  • This vulnerability has a CVSS score of 7.8.
  • The vulnerability requires local access to the box or SSH access to the box.
  • The risk could cause an attacker to assume SYSTEM privileges.
  • The attack complexity is low because once the attacker has local access, he could exploit the Windows Graphic Component to gain enhanced privileges.

How can I install KB5015874 on Windows Server 2012 R2?

KB5015874 can be installed on Windows Server 2012 R2 through all the regular methods of server updates. Obviously, you will need a valid support contract with Microsoft.

  • KB5015874 can be installed automatically through the Windows Update program.
  • KB5015874 can also be installed automatically through the Microsoft Update program.
  • You can deploy KB5015874 through the WSUS or Windows Server Update Service. You will need to set the WSUS to use the Product classification of  Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro.
  • Finally, KB5015874 can be deployed manually through the Microsoft Update Catalog. The update file for KB5015874 can be downloaded from Windows Server 2012 R2 from this KB5015874 page. Do make sure that the SSU KB5016264 is already deployed on Windows Server 2012 R2 before installing the KB5015874 monthly rollup update.

Improvements made in KB5015874 for Windows Server 2012 R2

The following improvements have been made as part of the KB5015874 monthly rollup update for Windows Server 2012 R2:

  • Inability to use Internet through Wi-Fi Hotspot issue has been resolved. The issue started after deployment of June 2022 security or monthly rollup updates on Windows Server 2012 R2.
  • Internet access issues through Windows Server using Routing and Remote Access Service (RRAS) are resolved in KB5015874.
  • The issue with applications failing to run after activating AppLocker published rule is also resolved.
  • Failed NTLM authentication on domain controllers through external trusts is resolved. This issue occurs if the DC is in a non-root domain and does not hold the global catalog (GC) role. The issue was reported after deployment of January 2022 or later updates on the server.
  • Connection issues when you are trying to access EFS files over WebDAV protocol are resolved as well.
  • Microsoft has also introduced a dialog box that states the End of Support (EOS) warning for Windows 8.1 in January 2023. You will continue to receive these alerts once in 35 days. The alert will not show up on Managed Pro and Enterprise devices Windows Embedded 8.1 Industry Enterprise and Windows Embedded 8.1 Industry Pro devices.

These improvements in the monthly rollup for Windows Server 2012 R2 address some well known issues that have risen in the past on account of other security and monthly rollup updates.

Summary

KB5015874 monthly rollup update is an update that brings in many issues to a closure. There have been some quality improvements as well. KB5015874 is available for patching through all the regular means of Windows Update process. We do suggest installing the monthly rollup update. You may also install security-only update for Windows Server 2012 R2. But, a monthly rollup update must be always given a preference due to the cumulative nature of monthly rollup updates.

You may also like to read more about Windows Updates for July 2022 below: