KB5017305 Cumulative Update for Windows Server 2016 – released 13th September 2022

Microsoft has released the latest cumulative update (security update) for Windows Server 2016. KB5017305 is the latest cumulative update for Windows Server 2016 that has been released on 13th September 2022. The cumulative update or security update has been released as part of the ‘Patch Tuesday’ project of Microsoft. KB5017305 resolves the zero-day vulnerability, CVE-2022-37969 on the Windows Server 2016 and Windows Server 2016 Server Core Installation. We look at the key aspects of KB5017305 for Windows Server 2016 and Windows Server 2016 Server Core Installation below.

Salient Points of KB5017305 for Windows Server 2016

  • KB5017305 is a cumulative update. It supersedes KB5016622 that was released in August 2022. If you need more details of KB5016622, you may check the KB5016622 page here.
  • The previous server build number was 10.0.14393.5291. This will change after implementing KB5017305 to 10.0.14393.5356.
  • This update resolves vulnerabilities on Windows Server 2016. The zero-day threat that affects Windows Server 2016 and Windows Server 2016 Server Core Installation includes CVE-2022-37969. This security vulnerability has also been resolved in the KB5017305 cumulative update.
  • Before installing KB5017305 on Windows Server 2016, you may want to ensure that the latest servicing stack update is already deployed on the server. KB5017095 is the latest Servicing Stack Update for Windows Server 2016.
  • The size of the MSU update file for KB5017305 is 1552.8 Mb. It can be downloaded from the Microsoft Update Catalog page.
  • Upon installing KB5017305, your server will need a reboot.
  • KB5017305 works well for Windows Server 2016 and Windows Server 2016 Server Core Installation.

Prerequisites for installing KB5017305 on Windows Server 2016

There are no specific prerequisites for installing KB5017305 on Windows Server 2016 or Windows Server 2016 Server Core Installation. But, the latest Servicing Stack Update, KB5017095, for Windows Server 2016 needs to be deployed prior to deploying the KB5017305 cumulative update.

  • KB5017095 will be automatically deployed on Windows Server 2016 as part of the update process if you are using the ‘Windows Update’ for patching KB5017305. No further action is required from your side. The same process will hold for installing KB5017305 in automated method.
  • If you intend to apply KB5017305 manually, then you will need to install KB5017095 before deployment of KB5017305 on Windows Server 2016.

KB5017095 Servicing Stack Update for Windows Server 2016 can be downloaded from the KB5017095 page on the Microsoft Update Catalog website. The size of the MSU update file for the SSU KB5017095 is 11.6 MB only. No server reboot is needed as part of deployment of a Servicing Stack Update.

Vulnerabilities resolved in KB5017305 for Windows Server 2016

Zero-day Vulnerability in September updates

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Server 2016 and Windows Server 2016 Server Core Installation are affected by a zero-day vulnerability that is tracked under CVE-2022-37969. The vulnerability carries a CVSS score of 7.8 and affects Windows Common Log File System Driver. Successful exploitation of this threat could allow the attacker access to SYSTEM privileges. The threat is patched in KB5017305. It is an ‘Elevation of Privilege’ vulnerability on the Windows Server.

Critical Vulnerabilities affecting Windows Server 2016

There are three critical vulnerabilities on Windows Server 2016. These vulnerabilities have been shared as part of September month’s security update from Microsoft.

CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability

This vulnerability has a CVSS rating of 9.8. It affects Windows Server 2016 systems that are running the IPSec service. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.

CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 is a critical vulnerability with a CVSS rating of 9.8. It an lead to ‘Remote Code Execution’ attacks on the Windows Server 2016 and Windows Server 2016 Server Core Installation. The vulnerability affects version 1 of the Internet Key Exchange (IKE) Protocol. Version 2 IKE is unaffected by CVE-2022-34721.

CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This vulnerability is a critical vulnerability with a CVSS score of 9.8 and can lead to Remote Code Execution attacks. The threat affects version 1 of the Internet Key Exchange (IKE) Protocol. Version 2 of IKE Protocol is unaffected by CVE-2022-34722 vulnerability.

There are other vulnerabilities that affect Windows Server 2016 and Windows Server 2016 Server Core Installation. Our focus, as in the past, remains on the zero-day threats or threats that pose critical threat levels to the Windows Servers and associated IT infrastructure.

How can I deploy KB5017305 on Windows Server 2016?

KB5017305 can be deployed on Windows Server 2016 through all the regular channels of Microsoft Updates.

  • You can deploy KB5017305 on Windows Server 2016 automatically through the Windows Update process.
  • KB5017305 can be automatically deployed on Windows Server 2016 using the Microsoft Update program.
  • WSUS or Windows Server Update Service can be used to import and deploy KB5017305 on Windows Server 2016 automatically.
  • You can also patch KB5017305 on Windows Server 2016 manually. For this, you need to download KB5017305 from the Microsoft Update Catalog page for KB5017305.

It may be pertinent to mention that implementing KB5017305 on Windows Server 2016 or Windows Server Core Installation 2016 will lead to a server restart. So, you may need to plan for a scheduled maintenance window for installing KB5017305 on Windows Server 2016.

Also, before using Microsoft Update Catalog to download the KB5017305 file, you will need to also download the update file for the Servicing Stack Update KB5017095.

The size of the MSU update file for KB5017305 is 1552.8 MB. The size of the SSU update file is 11.6 MB. Both files are available for manual download through the Microsoft Update Catalog website.

Summary

KB5017305 has been released as part of the September month’s ‘Patch Tuesday’ project. It resolves security threats that have been shared by Microsoft in the security bulletin. SSU KB5017095 needs to be deployed on the server before installing KB5017305 on the server. Also, you may need to be aware of the zero-day threat and 3 critical threats that affect Windows Server 2016 and Windows Server 2016 Server Core Installation.