KB5017315 Cumulative Update for Windows Server 2019

KB5017315 is the latest cumulative update for Windows Server 2019 and Windows Server 2019 Server Core Installation. The latest cumulative or security update has been released on 13th September as part of Microsoft’s ‘Patch Tuesday’ project. The update does patch the zero-day vulnerability that affects Windows Server 2019 and Windows Server 2019 Server Core Installation. We look at the key aspects of KB5017315 for Windows Server 2019.

Salient points about KB5017315 for Windows Server 2019

  • KB5017315 is a cumulative update. It supersedes KB5016623 cumulative update released in August 2022. You can read more about KB5016623 on this page.
  • KB5017315 also supersedes the optional update KB5016690. KB5016690 was released on 23rd August 2022. If you have not deployed KB5016690 yet, you can skip it. KB5017315 contains all the changes that are part of KB5016690.
  • The server build on Windows Server 2019 would move from 17763.3287 (August 2022 build) to 17763.3346 if you had patched KB5016690 optional update.
  • For this month, KB5017315 upgrades the build on Windows Server 2019 to 17763.3406.
  • The Servicing Stack Update for Windows Server 2019 is included as part of the KB5017315 cumulative update. No separate action is required to install SSU on the Windows Server 2019.
  • CVE-2022-37969 is the zero-day threat that affects Windows Server 2019 and Windows Server 2019 Server Core Installation. It is patched in KB5017315.
  • Windows Server 2019 and Windows Server 2019 Server Core Installation are affected by 3 critical vulnerabilities that have a CVSS rating of 9.8. Details of these vulnerabilities are given below.
  • The size of the MSU update file for KB5017315 is 591.7 MB.

Prerequisites for installing KB5017315 on Windows Server 2019

There is a single prerequisite for installing KB5017315. However, we would like to mention a few points that are worthy of attention:

  • Servicing Stack Updates for Windows Server 2019 and Windows Server 2019 Server Core installation are merged in the latest cumulative updates now. So, no separate installation of the SSU is required.
  • KB5005112 is the August 2021 Servicing Stack Update that needs to be installed prior to installing KB5017315 on Windows Server 2019 and Windows Server 2019 Server Core installation.
  • You can download KB5005112 from the Microsoft Update Catalog page for KB5005112. The size of the update file is 13.8 MB only.
  • There are no server reboots after installing KB5005112 on the Windows Server.

KB5017315 – Vulnerabilities on Windows Server 2019 and Windows Server 2019 Server Core Installation

Our primary focus is on zero-day threats and the ones that pose critical threats to the Windows Server and associated IT infrastructure. For the month of September 2022, we are listing four vulnerabilities below.

Zero-day Vulnerability on Windows Server 2019

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Server 2019 and Windows Server 2019 Server Core Installation are affected by a zero-day vulnerability that is tracked under CVE-2022-37969. The vulnerability carries a CVSS score of 7.8 and affects Windows Common Log File System Driver. Successful exploitation of this threat could allow the attacker access to SYSTEM privileges. The threat is patched in KB5017315. It is an ‘Elevation of Privilege’ vulnerability on the Windows Server.

Critical Vulnerabilities affecting Windows Server 2019

There are three critical vulnerabilities on Windows Server 2019 and Windows Server 2019 Server Core Installation. All these are CVSS 9.8 rated vulnerabilities that require you to take immediate action.

CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability

This vulnerability has a CVSS rating of 9.8. It affects Windows Server 2019 systems that are running the IPSec service. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.

CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 is a critical vulnerability with a CVSS rating of 9.8. It an lead to ‘Remote Code Execution’ attacks on the Windows Server 2019 and Windows Server 2019 Server Core Installation. The vulnerability affects version 1 of the Internet Key Exchange (IKE) Protocol. Version 2 IKE is unaffected by CVE-2022-34721.

CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This vulnerability is a critical vulnerability with a CVSS score of 9.8 and can lead to Remote Code Execution attacks. The threat affects version 1 of the Internet Key Exchange (IKE) Protocol. Version 2 of IKE Protocol is unaffected by CVE-2022-34722 vulnerability.

In all, there have been 43 vulnerability disclosures for Windows Server 2019 and Windows Server 2019 Server Core Installation. Aside from the three critical vulnerabilities we discussed above, there are 40 vulnerabilities that have an ‘IMPORTANT’ severity level.

How to deploy KB5017315 on Windows Server 2019?

KB5017315 can be deployed on Windows Server 2019 through all the regular update channels that are available.

  • KB5017315 can be deployed through Windows Update automatically.
  • You can deploy it automatically through WSUS or the Windows Server Update Service. You need to import the patch and set it for automated deployment.
  • KB5017315 can be deployed automatically through the Microsoft Update program.

KB5017315 can be deployed manually through the Microsoft Update Catalog website. You can download the KB5017315 cumulative update from the Microsoft Update Catalog page for KB5017315. SSU is part of the cumulative update.

Before deploying KB5017315 on Windows Server 2019, do ensure that you have installed KB5005112 on the server. It can be downloaded from the Microsoft Update Catalog site.

Summary

KB5017315 is significant for the vulnerabilities it patches. One zero-day threat and three CVSS 9.8 critical threats are resolved as part of KB5017315. No separate installation of Servicing Stack Update is needed as the SSU is merged into the cumulative update. KB5017315 supersedes KB5016623 and KB5016690 optional update for Windows Server 2019.

You may like to read more about Windows updates below: