KB5017316 for Windows Server 2022 – released 13th September 2022

KB5017316 is the latest cumulative update for Windows Server 2022 and Windows Server 2022 Server Core Installation. The security update takes care of the zero-day threat on Windows Server 2022. We look at some key aspects of the KB5017316 cumulative update for Windows Server 2022 and Windows Server 2022 Server Core editions below.

Salient points about KB5017316 for Windows Server 2022

  • KB5017316 is a cumulative update that supersedes August month’s cumulative update. KB5016627 was the cumulative update released as part of August month’s ‘Patch Tuesday’ efforts. You can read more about KB5016627 on this page.
  • KB5017316 also contains all the changes that are part of the optional update KB5016693 for Windows Server 2022. The package for KB5016693 was released on 16th August 2022.
  • If you have not deployed KB5016693 yet, you can skip it and install KB5017315 on the server.
  • This update pushes the server build to version 20348.1006. August cumulative update has pushed the build of Windows Server 2022 to 20348.887.
  • In all, there have been 44 vulnerability disclosures for Windows server 2022 as part of September month’s security bulletin. Out of these, 41 vulnerabilities carry the ‘IMPORTANT’ severity levels and 3 are of ‘CRITICAL’ severity.
  • We focus on the zero-day threat and critical vulnerabilities on Windows Server 2022 that are resolved or patched in KB5017316. CVE-2022-37969 is the zero-day threat on Windows Server 2022.
  • There are three critical CVSS 9.8 vulnerabilities on the Windows Server 2022 and Windows Server 2022 Server Core edition.
  • The size of the update file is 270.9 MB.
  • Servicing Stack Update or SSU is merged into the cumulative update for Windows Server 2022. So, you do not require to install any Servicing Stack Update before installing the main security update KB5017316. The Servicing Stack Update version for Windows Server 2022 is 20348.945. SSU contains 155 files as part of the update.

Prerequisites for installing KB5017316 on Windows Server 2022

There are no prerequisites for installing KB5017316. Deployment is a straight forward process. Since the SSU is combined into the latest cumulative update, no separate action is needed to install the SSU or any other update.

Vulnerabilities resolved in KB5017316 for Windows Server 2022

As mentioned above, there have been 44 vulnerability disclosures in this month’s ‘Patch Tuesday’ security bulletin for Microsoft Windows Server 2022. Our focus is on the zero-day threat and three ‘CRITICAL’ vulnerabilities that pose a risk to Windows Server 2022 and Windows Server 2022 Server Core Installation. We list these vulnerabilities for your ready reference.

Zero-day Vulnerability on Windows Server 2022 and Windows Server 2022 Server Core Installation

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Server 2022 and Windows Server 2022 Server Core Installation are affected by a zero-day vulnerability that is tracked under CVE-2022-37969. The vulnerability carries a CVSS score of 7.8 and affects Windows Common Log File System Driver. Successful exploitation of this threat could allow the attacker access to SYSTEM privileges. The threat is patched in KB5017316. It is an ‘Elevation of Privilege’ vulnerability on the Windows Server.

Critical Vulnerabilities affecting Windows Server 2022 and Windows Server 2022 Server Core Installation

The three ‘CRITICAL’ vulnerabilities with CVSS scores of 9.8 are listed below:

CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability

This vulnerability has a CVSS rating of 9.8. It affects Windows Server 2022 and Windows Server 2022 Server Core Installation systems that are running the IPSec service. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.

CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 is a critical vulnerability with a CVSS rating of 9.8. It an lead to ‘Remote Code Execution’ attacks on the Windows Server 2022 and Windows Server 2022 Server Core Installation. The vulnerability affects version 1 of the Internet Key Exchange (IKE) Protocol. Version 2 IKE is unaffected by CVE-2022-34721.

CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This vulnerability is a critical vulnerability with a CVSS score of 9.8 and can lead to Remote Code Execution attacks. The threat affects version 1 of the Internet Key Exchange (IKE) Protocol. Version 2 of IKE Protocol is unaffected by CVE-2022-34722 vulnerability.

How to deploy KB5017316 on Windows Server 2022?

Deployment of KB5017316 is a straight-forward process. The latest cumulative update is available through all the regular channels of Windows Server updates.

  • You can use the Windows Update program to update KB5017316 on Windows Server 2022. This is an automated process.
  • Or, you could use the Microsoft Update program to deploy KB5017316 automatically.
  • WSUS or Windows Server Update Service also allows you to deploy KB5017316 automatically. WSUS needs to be configured to pull the latest cumulative updates for Windows Server 2022. The product category is ‘Microsoft Server operating system-21H2’.

Apart from the automated patching of KB5017316, you can install KB5017316 manually through the Microsoft Update Catalog website.

  • You can download the MSU file for KB5017316 update from the Microsoft Update Catalog page here.
  • The size of this MSU update file is 270.9 MB.
  • Upon deployment, the server may require a reboot. Therefore, we suggest a maintenance windows to install KB5017316 on Windows Server 2022.

Since the cumulative update includes SSU as well, you can uninstall the security update through the following process:

  • Find out the name of the package that was installed as the latest cumulative update. Identify the LCU package name by using the DISM /online /get-packages command.
  • Once you know the package name of the LCU, you can uninstall it using the DISM/Remove-Package command on the command line.

Summary

KB5017316 for Windows Server 2022 and Windows Server 2022 Server Core Installation can be installed through any recommended Windows Update processes. The cumulative security update contains a fix for 3 critical and one zero-day threat on the Windows Server 2022 and Windows Server 2022 Server Core Installation.

There are no specific prerequisites for installing KB5017316. But, we do suggest arranging a maintenance windows to carry out the deployment of KB5017316.

You may like to read the following Windows Update documents: