KB5016672 Monthly Rollup Update for Windows Server 2012

KB5016672 is the monthly rollup update for Windows Server 2012 and Windows Server 2012 Server Core Installation. KB5016672 was released on 9th August 2022. We look at the key aspects about KB5016672 for Windows Server 2012 and Windows Server 2012 Server Core Installation. These updates have been released as per the ‘Patch Tuesday’ project of Microsoft.

KB5017370 is the monthly rollup update for Windows Server 2012 for the month of September 2022. You can read more about it here.

Salient points about KB5016672 for Windows Server 2012

  • KB5016672 is a monthly rollup update and it is cumulative in nature. Unlike the security only update KB5016684, monthly rollup updates contains all changes from the previous rollup updates. Security only updates are standalone updates.
  • KB5016672 also contains all the changes that are part of the security update KB5016684 for Windows Server 2012 and Windows Server 2012 Server Core Installation.
  • KB5015863 was the last monthly rollup update for Windows Server 2012 that was released on 12th July 2022. All changes and improvements that are part of KB5015863 are part of the KB5016672 update.
  • Zero-day vulnerability CVE-2022-34713 affects Windows Server 2012. This threat is resolved in the monthly rollup update KB5016672 for Windows Server 2012.
  • Servicing Stack Update KB5016263 for Windows Server 2012 needs to deployed on the server along with KB5016672 monthly rollup update for the month of August.
  • The size of the MSU update file for KB5016672 is 411.4 MB.
  • KB5016672 can be installed on Windows Server 2012 through all the regular Windows Update methods.
  • The server will need a reboot post deployment of KB5016672.
  • KB5016672 will push the build on Windows Server 2012 to 6.2.9200.23817.

Prerequisites for installing KB5016672 on Windows Server 2012

  • There is a single dependency for installing KB5016672 on Windows Server 2012. The latest SSU or Servicing Stack Update KB5016263 needs to be deployed as part of the update process for KB5016672.
  • KB5016263 is offered to you automatically as part of Windows Update process. If you intend to install KB5016672 manually, then you can install KB5016263 manually. KB5016263 must be installed prior to installing KB5016672 on the server.
  • You can download KB5016263 from the Microsoft Update Catalog site. The size of the MSU update for SSU KB5016263 is 9.8 MB.
  • When you install SSU KB5016263, there is no need of a server restart.

Once KB5016263 has been deployed on Windows Server 2012, you can move ahead with installing KB5016672 on the server.

Vulnerabilities resolved in KB5016672 for Windows Server 2012

There have been over 120 vulnerability disclosures as part of the Microsoft security bulletin. We focus on the zero-day vulnerabilities and the vulnerabilities or threats that are more likely to be exploited. The following vulnerabilities affect Windows Server 2012 and Windows Server 2012 Server Core installation as part of August updates:

CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

This vulnerability has a CVSS score of 7.8. It is fixed in KB5016672 for Windows Server 2012 and Windows Server 2012 Server Core installation.

CVE-2022-35793 – Windows Print Spooler Elevation of Privilege Vulnerability

This has a CVSS rating of 7.3. An attacker could gain SYSTEM privileges through the print spooler service. It is suggested that the print spooler service may be disabled to prevent this threat from being exploited by an attacker.

CVE-2022-35756 – Windows Kerberos Elevation of Privilege Vulnerability

The vulnerability has a CVSS rating of 7.8 and can lead to an attacker assuming domain administrator rights.

CVE-2022-35751 – Windows Hyper-V Elevation of Privilege Vulnerability

This vulnerability has a CVSS score of 7.8. An attacker could use Hyper V Guest to target Hyper V host and gain SYSTEM privileges.

CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability

This is a CVSS 7.8 rated vulnerability that can be used by an attacker to gain SYSTEM privileges. It affects Windows Server 2012 and Windows Server 2012 Server Core.

How can I deploy KB5016672 on Windows Server 2012?

KB5016672 can be deployed on the Windows Server 2012 through all the regular channels of Windows Update. We look at the ways in which you can update Windows Server 2012 below.

  • KB5016672 can be installed on Windows Server 2012 through Windows Update.
  • KB5016672 can be installed on Windows Server 2012 through WSUS or Windows Server Update Service.
  • KB5016672 can be deployed on Windows Server 2012 manually through the Microsoft Update Catalog site. You can download KB5016672 from the Microsoft Update Catalog page for KB5016672. The size of the update file for KB5016672 is 411.4 MB only. Before installing KB5016672 on Windows Server 2012 manually, please do ensure you have installed KB5016263 SSU manually on the server.

As usual, you can uninstall the update from the server if you run into any issues on the server post deployment of updates.

Improvements in KB5016672 for Windows Server 2012

The following changes and improvements are part of the KB5016672 monthly update for Windows Server 2012.

  • Addresses an issue in which Speech and Network troubleshooters will not start.
  • Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. This issue affects devices that have installed Windows updates dated June 14, 2022 or later. This issue occurs when the device performs a specific form of service for user (S4U) in a non-Trusted Computing Base (TCB) Windows service that runs as Network Service.
  • Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. If they do not comply, Active Directory domain controllers will not authenticate them.

Summary

KB5016672 supersedes KB5015863 cumulative update for Windows Server 2012. It contains all changes that are part of security update for Windows Server 2012 KB5016684. The security update KB5016684 was released on 9th August 2022 for Windows Server 2012. KB5016263 is the SSU that needs to be deployed on Windows Server 2012 and Windows Server 2012 Server Core installation. Zero-day threat CVE-2022-34713 is also resolved as part of KB5016672 for Windows Server 2012.

Other ‘Patch Tuesday’ cumulative updates for the month of August 2022: