KB5016623 is the latest cumulative update for Windows Server 2019. It was released on 9th August and contains a fix for the zero-day vulnerability as well. We lay out the key aspects of the cumulative update for Windows Server 2019 below.
You can read more about the September 2022 cumulative update KB5017315 for Windows Server 2019 on this page.
Salient points about KB5016623 for Windows Server 2019
- KB5016623 is the latest cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation.
- This cumulative update supersedes July month’s cumulative update KB5015811. You can read about KB5015811 on this page.
- KB5016623 also contains all the improvements that are part of KB5015880 optional update that was released on 21st July 2022. If you have not deployed KB5015880 yet, you can skip it and install KB5016623 directly. To read more about KB5015880, you may read the KB5015880 details on this page.
- The zero-day vulnerability CVE-2022-34713 is patched in KB5016623 cumulative update. Other vulnerabilities that pose substantial risk to the Windows Server 2019 are shared in detail below.
- KB5016623 for Windows Server 2019 will push the build on the server to 10.0.17763.3287.
- KB5016623 for Windows Server 2019 Server Core installation will push the build on the server to 10.0.17763.3284.
- The size of the MSU update file for KB5016623 is 583.3 MB.
- You need to deploy KB5005112 Servicing Stack Update on Windows Server 2019 prior to installing the KB5016623 cumulative update on Windows Server 2019. Details are covered in the prerequisites section.
Prerequisites for installing KB5016623 on Windows Server 2019
- Before installing KB5016623 on Windows Server, you need to ensure that the Servicing Stack Update for August 2021 is installed on the server. The SSU KB5005112 can be applied manually using the Microsoft Update Catalog.
- KB5005112 can be downloaded from the Microsoft Update Catalog page for KB5005112.
- The size of the KB5005112 update file is 13.8 MB only.
- When you apply the SSU, the server does not require a reboot.
Once the SSU KB5005112 is deployed on Windows Server 2019 and Windows Server 2019 Server Core installation, you can proceed with the deployment of KB5016623 as part of the August ‘Patch Tuesday’ project.
Vulnerabilities resolved in KB5016623 for Windows Server 2019
There is a single zero-day vulnerability CVE-2022-34713 that affects Windows Server 2019 and Windows Server 2019 Server Core installation. We list the vulnerabilities that carry enhanced levels of risk for the Windows Server 2019 and Windows Server 2019 Server Core installation.
CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This is a zero-day vulnerability with a CVSS rating of 7.8. The vulnerability has already been exploited by attackers. It calls for immediate patching through the KB5016623 security update for Windows Server 2019 and Windows Server 2019 Server Core installation.
CVE-2022-35793 – Windows Print Spooler Elevation of Privilege Vulnerability. This vulnerability has a CVSS rating of 7.3 One of the workarounds suggested by Microsoft involved disabling the print spooler service for remote inbound printing tasks.
CVE-2022-35761 – Windows Kernel Elevation of Privilege Vulnerability. This vulnerability has a CVSS rating of 8.4 and could lead an attacker to gain SYSTEM privileges on the exploited target machines.
CVE-2022-35756 – Windows Kerberos Elevation of Privilege Vulnerability. This vulnerability has a CVSS score of 7.8 and the attacker could assume domain administrator privileges.
CVE-2022-35755 – Windows Print Spooler Elevation of Privilege Vulnerability. This vulnerability has a CVSS rating of 7.3 and the workaround suggested is to disable the print spooler service on the server.
CVE-2022-35751 – Windows Hyper-V Elevation of Privilege Vulnerability – This vulnerability has a CVSS score of 7.8 and could cause the attacker to gain SYSTEM privileges. However, the attack complexity for the vulnerability is complex.
CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability – This vulnerability has a CVSS score of 7.8 and could cause an attacker to gain SYSTEM privileges.
How can I deploy KB5016623 on Windows Server 2019?
KB5016623 is available through all the regular Windows Update methods and channels.
- KB5016623 can be deployed on Windows Server 2019 through the Windows Update process.
- Windows Update for Business program can be used to deploy KB5016623 automatically on the server.
- WSUS or Windows Server Update Service can be used to install KB5016623 on the Windows Server 2019.
- Apart from these automated methods, you can install KB5016623 on Windows Server 2019 manually. To do so, you will need to download the MSU update file for x64 systems from the Microsoft Update Catalog. KB5016623 can be downloaded from this page on the Microsoft Update Catalog.
The size of the update file for KB5016623 is 583.3 MB.
It may be pertinent to mention that the server will need a reboot post deployment of KB5016623. So, it would be wise to plan the change as part of the maintenance windows for Windows Server 2019.
Issues resolved in KB5016623 for Windows Server 2019
- KB5016623 contains all the changes that are part of the improvements contained in KB5015880 optional update.
- KB5016623 also contains a fix for the LSASS issue that affects the servers that have been patched with the June cumulative updates. This issue occurs when the device performs a specific form of service for user (S4U) in a non-Trusted Computing Base (TCB) Windows service that runs as Network Service.
Summary
KB5016623 for Windows Server 2019 and Windows Server 2019 Server Core installation contain product improvements and security updates for the vulnerabilities disclosed in Microsoft’s security bulletin for August 2022. You need to ensure that KB5005112 is installed in the server prior to installing KB5016623. Zero-day vulnerability CVE-2022-34713 poses significant risk on Windows Server 2019.
You may like to read more about the August series Microsoft security updates below:
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.