KB5016616 Cumulative Update for Windows Server 20H2 Server Core Installation

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5016616 is the cumulative update for Windows Server 20H2 Server Core Installation. It was released as part of the August series ‘Patch Tuesday’ project of Microsoft. The update was released on 9th August 2022. We share the key aspects of KB5016616 cumulative update for Windows Server 20H2 Server Core Installation.

Salient Points about KB5016616 for Windows Server 20H2 Server Core Installation

• KB5016616 is a cumulative update. It supersedes July month’s cumulative update KB5015807.

• KB5016616 also contains all the changes that are part of the preview update for Windows Server 20H2 Server Core Installation. KB5015878 is the preview update for Windows Server 20H2 Server Core Installation that was released on 26th July 2022.

• If you have not deployed KB5015878 yet, you can skip it. Instead, you can directly install the KB5016616 on Windows Server 20H2 Server Core Installation.

• CVE-2022-34713 is the zero-day vulnerability that affects Windows Server 20H2 Server Core Installation. It has been patched in KB5016616 cumulative update.

• The MSU update file for x64 systems is 702.1 MB. The size of the MSU update file for ARM64 systems is 737.3 MB.

• There are specific prerequisites that need to be complied with for installing KB5016616 on Windows Server 20H2 Server Core Installation. Do check the prerequisites section to find more details.

Prerequisites for installing KB5016616 on Windows Server 20H2 Server Core Installation

KB5016616 requires specific updates on the Windows Server 20H2 before it can be successfully patched on the server. We look at the two specific situation that require different responses from the system administrator.

WSUS Deployments

• For WSUS deployments, you need to have May 2021 or later cumulative update already deployed on Windows Server 20H2. KB5003173 is the May 2021 update. So, you should have KB5003173 or later cumulative update on Windows Server 20H2. Alternatively, you can patch Windows Server 20H2 with the standalone special Servicing Stack Update KB5005260.

• SSU KB5005260 can be downloaded from the Microsoft Update Catalog page for KB5005260. You will need to download files that are specific to the type of system.

• The size of SSU KB5005260 file for x64 systems is 14.8 MB.

• The size of SSU KB5005260 file for ARM64 systems is 13.7 MB.

• KB5005260 will not cause server reboot or restart. Servicing Stack Update can be installed directly without the hassles of server reboots.

Offline OS images

• For offline OS image servicing deployments, you should have March 2022 or later cumulative updates. KB5011543 is the cumulative update released in March 2022. So, you must have KB5011543 or later cumulative update on Windows Server 20H2 Server Core Installation. Alternatively, you can install the standalone Servicing Stack Update KB5014032 on Windows Server 20H2.

• Servicing Stack Update KB5014032 can be downloaded from the Microsoft Update Catalog page for KB5014032.

• The size of the MSU update file for KB5014032 for x64 Windows Server 20H2 is 15.1 MB.

• The size of the MSU update file for KB5014032 for ARM64 Windows Server 20H2 is 13.9 MB.

• Since KB5014032 is a Servicing Stack Update, server reboot is not required after patching with KB5014032.

Once you have patched the Windows Server 20H2 Server Core Installation, you can proceed with deployment of KB5016616.

Vulnerabilities resolved in KB5016616 for Windows Server 20H2 Server Core Installation

We look at the zero-day vulnerability and other vulnerabilities that are more likely to be exploited on the Windows Server 20H2 Server Core Installation. The details are shared below for your ready reference.

CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability – This vulnerability has a CVSS score of 7.8. It is actually a zero-day threat. It is being already exploited and is publicly disclosed. It is fixed in KB5016616 for Windows Server 20H2 Server Core installation.

CVE-2022-35793 – Windows Print Spooler Elevation of Privilege Vulnerability – This has a CVSS rating of 7.3. An attacker could gain SYSTEM privileges through the print spooler service. It is suggested that the print spooler service may be disabled to prevent this threat from being exploited by an attacker.

CVE-2022-35756 – Windows Kerberos Elevation of Privilege Vulnerability – The vulnerability has a CVSS rating of 7.8 and can lead to an attacker assuming domain administrator rights.

CVE-2022-35751 – Windows Hyper-V Elevation of Privilege Vulnerability – This vulnerability has a CVSS score of 7.8. An attacker could use Hyper V Guest to target Hyper V host and gain SYSTEM privileges.

CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability – This is a CVSS 7.8 rated vulnerability that can be used by an attacker to gain SYSTEM privileges. It affects Windows Server 20H2 Server Core Installation.

How can I deploy KB5016616 on Windows Server 20H2?

KB5016616 can be deployed through all the regular Windows Update channels. We look at the methods available for patching KB5016616.

• KB5016616 can be installed automatically through the Windows Update program.

• Microsoft Update for Business can be used to install KB5016616 on Windows Server 20H2 Server Core Installation.

• WSUS can be used to import the updates for Windows Server 20H2 Server Core Installation for automatic deployment.

• You can install KB5016616 on Windows Server 20H2 manually through the Microsoft Update Catalog. You can download the MSU update file for x64 or ARM64 Windows Server 20H2 Server Core Installation from the Microsoft Update Catalog page for KB5016616. The size of the MSU update file for x64 systems is 702.1 MB. The size of the MSU update file for ARM64 systems is 737.3 MB.

KB5016616 does require a server reboot. Please plan for the change in the maintenance window to prevent any major issues.

Issues resolved in KB5016616 for Windows Server 20H2

The following issues have been resolved in KB5016616 for Windows Server 20H2 Server Core Installation.

• LSASS issue on the server has been resolved in KB5016616. The issue rose for the first time after deployment of June 2022 cumulative updates.
• The issue with duplicate print queues has been resolved in KB5016616. Duplicate print queues would render the original print queue non-functional.
• Addresses a known issue that might prevent the Input Indicator and Language Bar from displaying in the notification area. This issue affects devices that have more than one language installed.

Summary

KB5016616 is the cumulative update that contains the preview update KB5015878 for Windows Server 20H2. It also superseded KB5015807 cumulative update. You will need to be careful of the prerequisite requirements before deploying KB5016616. And, finally, the zero-day threat CVE-2022-34713 is resolved in KB5016616.

Other ‘Patch Tuesday’ cumulative updates for the month of August 2022:

• KB5016627 Cumulative Update for Windows Server 2022
• KB5016684 Security Update for Windows Server 2012 – August 9 2022
• KB5016681 Monthly Rollup Update for Windows Server 2012 R2
• KB5016623 Cumulative Update for Windows Server 2019 – 9th August 2022
• KB5016622 Cumulative Update for Windows Server 2016 – August 9, 2022
• KB5016683 Security Update for Windows Server 2012 R2