KB5016681 Monthly Rollup Update for Windows Server 2012 R2

KB5016681 is the latest monthly rollup update for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation. This update contains all the security and quality improvements for Windows Server 2012 R2. We look at the significant aspects of KB5016681 for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core below.

KB5017367 is the monthly rollup update for Windows Server 2012 R2 for the month of September 2022. You can read more about it on the KB5017367 page.

KB5017365 is the security-only update for Windows Server 2012 R2 for the month of September 2022. You can read more about it on the KB5017365 page.

Salient points about KB5016681 for Windows Server 2012 R2

  • KB5016681 is a cumulative update for Windows Server 2012 R2.
  • KB5016681 also contains all the changes that are part of the KB5016683 security only update for Windows Server 2012 R2 and Server Core version. KB5016683 has been released on 9th August as part of the ‘Patch Tuesday’ project of Microsoft.
  • KB5016681 works on build 6.3.9600.20520 for Windows Server 2012 R2.
  • Zero-day vulnerability CVE-2022-34713 affects Windows Server 2012 R2 and it is patched in KB5016681 and KB5016683 updates for the server. Other vulnerabilities that affect Windows Server 2012 R2 are mentioned below in the vulnerability section.
  • The size of the MSU update file for KB5016681 for x64 system is 565.3 MB.
  • Servicing Stack Update KB5016264 needs to be deployed prior to installing KB5016681 monthly rollup update.

Prerequisites for installing KB5016681 on Windows Server 2012 R2

There is a single prerequisite for installing KB5016681 on Windows Server 2012 R2.

  • You need to deploy Servicing Stack Update KB5016264 on Windows Server 2012 R2.
  • KB5016264 is offered automatically if you are going for automated patching of Windows Server 2012 R2.
  • The size of the update file for KB5016264 is 10.8 MB only.
  • Upon installation of the Servicing Stack Update KB5016264 on Windows Server 2012 R2, server does not need a reboot.

Once KB5016264 has been deployed on the server, you can proceed with installation of KB5016681 monthly rollup update for Windows Server 2012 R2.

Vulnerabilities affecting Windows Server 2012 R2 in August 2022

Our focus on vulnerabilities that affect Windows Server 2012 R2 is limited to zero-day threat and the ones that carry an enhanced level of risk for the Windows Server 2012 R2 installation. All these vulnerabilities have been reported as part of Microsoft’s security bulletin.

CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

This vulnerability has a CVSS score of 7.8. It is fixed in KB5016681 for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.

CVE-2022-35793 – Windows Print Spooler Elevation of Privilege Vulnerability

This has a CVSS rating of 7.3. An attacker could gain SYSTEM privileges through the print spooler service. It is suggested that the print spooler service may be disabled to prevent this threat from being exploited by an attacker.

CVE-2022-35756 – Windows Kerberos Elevation of Privilege Vulnerability.

The vulnerability has a CVSS rating of 7.8 and can lead to an attacker assuming domain administrator rights.

CVE-2022-35755 – Windows Print Spooler Elevation of Privilege Vulnerability

This vulnerability has a CVSS rating of 7.3. Windows Print Spooler service can be exploited to gain SYSTEM privileges. Disabling the print spooler service is the suggested workaround.

CVE-2022-35751 – Windows Hyper-V Elevation of Privilege Vulnerability

This vulnerability has a CVSS score of 7.8. An attacker could use Hyper V Guest to target Hyper V host and gain SYSTEM privileges.

CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability

This is a CVSS 7.8 rated vulnerability that can be used by an attacker to gain SYSTEM privileges. It affects Windows Server 2012 R2 and Windows Server 2012 R2 Server Core.

How can I deploy KB5016681 on Windows Server 2012 R2?

KB5016681 can be deployed through regular methods of Windows Update.

  • KB5016681 can be installed using Windows Update program.
  • KB5016681 can be automatically deployed using WSUS or the Windows Server Update Service.
  • You can deploy KB5016681 manually. To do so, you will need to download the MSU update file for KB5016681 from the Microsoft Update Catalog page. The size of the update file is 565.3 MB.

KB5016681 will lead to server reboot. So, you may want to plan a maintenance window to preempt any unwanted consequences. There have been no adverse reports yet post-deployment of KB5016681 by the early adopters of the patch.

Improvements in KB5016681 for Windows Server 2012 R2

  • Addresses an issue in which Speech and Network troubleshooters will not start.
  • Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. This issue affects devices that have installed Windows updates dated June 14, 2022 or later.
  • Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. If they do not comply, Active Directory domain controllers will not authenticate them. Mitigations that allowed non-compliant devices to authenticate will not exist after August 9, 2022. 

Summary

KB5016681 replaces the KB5015874 monthly rollup update for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation. Zero-day threat, CVE-2022-34713 is resolved as part of the KB5016681 update.

KB5016681 also contains all changes that are part of the security-only update KB5016683 for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.

You may also like to read about other Cumulative and Security Updates for August 2022 Patch Tuesday project of Microsoft as shared below: