KB5017365 Security Update for Windows Server 2012 R2

KB5017365 is the latest security-only update for Windows Server 2012 R2. KB5017365 was released on 13th September as part of Microsoft’s ‘Patch Tuesday’ project. We look at the key aspects of KB5017365 for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation below.

Topics covered on this page include:

  1. Salient points about KB5017365 for Windows Server 2012 R2.
  2. Prerequisites for installing KB5017365
  3. Vulnerabilities resolved on Windows Server 2012 R2 in KB5017365 security update
  4. How to deploy KB5017365 on Windows Server 2012 R2
  5. Summary

Salient Points about KB5017365 for Windows Server 2012 R2

  • KB5017365 is a standalone security-only update. It is not cumulative in nature.
  • For full security coverage, we suggest that all the previous security updates for Windows Server 2012 R2 or Windows Server 2012 R2 Server Core Installation must be already deployed on the server. This means that the last installed security update on Windows Server 2012 R2 should be KB5016681. KB5016681 is the security update for Windows Server 2012 R2 for the month of August 2022. You can read more about KB5016681 on this page.
  • Windows Server 2012 R2 and Windows Server 2012 R2 Server Core are affected by zero-day vulnerability CVE-2022-37969. This threat is an Elevation of Privilege threat that is publicly disclosed. It is already being exploited by attackers.
  • Apart from the zero-day threat, Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation are affected by three CRITICAL vulnerabilities that carry a CVSS score of 9.8. These have been patched in KB5017365 security update.
  • KB5017398 is the Servicing Stack Update that needs to be deployed on Windows Server 2012 R2 prior to installing KB5017365. Details are given below.
  • The size of the MSU update file for KB5017365 is only 40.2 MB. Since this is a standalone update, the security update contains minimal changes.

Prerequisites for installing KB5017365 on Windows Server 2012 R2 or Windows Server 2012 R2 Server Core

There are a couple of prerequisites that are recommended to be followed while installing KB5017365 on Windows Server 2012 R2 or Windows Server 2012 R2 Server Core Installation.

  • We suggest that you must deploy all the previous security updates on Windows Server 2012 R2 and Windows Server 2012 R2 Server Core for complete security coverage. The last security update for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core was released in August 2022. KB5016681 must be installed prior to installing KB5017365.
  • You will also need to deploy the latest cumulative update for Internet Explorer on Windows Server 2012 R2. KB5016618 is the cumulative update for Internet Explorer. This update can be downloaded from the KB5016618 page on Microsoft Update Catalog website. This size of KB5016618 update file is 55 MB. Upon installing KB5016618, your Windows server may require a reboot.
  • KB5017398 is the Servicing Stack Update that needs to be installed prior to installing KB5017365 on Windows Server 2012 R2. You can download KB5017398 from the KB5017398 page on Microsoft Update Catalog website. This size of the update file is 10.5.
  • Servicing Stack Updates do not need server reboot.
  • Once KB5016618 and KB5017398 are installed on Windows Server 2012 R2, you can proceed with the installation of KB5017365 on Windows Server 2012 R2.

Vulnerabilities resolved in KB5017365 for Windows Server 2012 R2

There are 35 vulnerability disclosures for Windows Server 2012 R2 edition in the September month’s security bulletin. A similar number of threats affect Windows Server 2012 R2 Server Core Installation.

Our focus for Windows Server security is on zero-day threats. We also cover those vulnerabilities that have a ‘CRITICAL’ severity level. Apart from the zero-day vulnerability, Windows Server 2012 R2 and Windows Server 2012 R2 Server Core are affected by 3 ‘CRITICAL’ severity vulnerabilities. We list each of these below in brief.

Zero-day Vulnerability on Windows Server 2012 R2

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Server 2012 R2 is affected by a zero-day vulnerability that is tracked under CVE-2022-37969. The vulnerability carries a CVSS score of 7.8 and affects Windows Common Log File System Driver. Successful exploitation of this threat could allow the attacker access to SYSTEM privileges. The threat is patched in KB5017365. It is an ‘Elevation of Privilege’ vulnerability on the Windows Server.

CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability has a CVSS rating of 9.8. It affects Windows Server 2012 R2 server that is running the IPSec service. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.

CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 is a critical ‘Remote Code Execution’ vulnerability with a CVSS rating of 9.8. It an lead to ‘Remote Code Execution’ attacks on the Windows Server 2012 R2. The vulnerability affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 IKE is unaffected by CVE-2022-34721.

CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability is a critical vulnerability with a CVSS score of 9.8 and can lead to Remote Code Execution attacks. The threat affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 of IKE Protocol is unaffected by CVE-2022-34722 vulnerability.

How can I deploy KB5017365 on Windows Server 2012 R2?

Since this is a security-only update, you cannot use Windows Update program to install KB5017365 on Windows Server 2012 R2.

For automated installation, you can use the WSUS or Windows Server Update Service. You will need to setup WSUS to pull security updates for the category – Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro.

You can install KB5017365 manually. For this, you will need to download the update file from the Microsoft Update Catalog website. You can download the security update from KB5017365 page on the catalog website. The size of the update file is 40.2 MB. The server may require a restart post-deployment of the security update.

It may be pertinent to mention over here that before deploying KB5017365 on Windows Server 2012 R2, please ensure that you have deployed KB5016618 and KB5017398. Information about both these updates has already been shared in the document.

Summary

KB5017365 is the security only or standalone update for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core Installation. The update requires SSU KB5017398 and cumulative update for Internet Explorer KB5016618. Also, all the previous security updates for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core Installation should have already been deployed on the servers.

You may like to read more about Windows updates on the following pages: