KB5017367 Monthly Rollup Update for Windows Server 2012 R2

KB5017367 is the monthly rollup update for Windows Server 2012 R2. It was released on 13th September as part of September month’s ‘Patch Tuesday’ project. The monthly rollup update also includes the changes of standalone security only update for Windows Server 2012 R2. Let us have a look at the key elements of KB5017367 for Windows Server 2012 R2.

Topics covered on this page include:

  1. Salient points about KB5017367 for Windows Server 2012 R2.
  2. Prerequisites for installing KB5017367 monthly rollup update.
  3. Vulnerabilities resolved on Windows Server 2012 R2 in KB5017367 security update
  4. How to deploy KB5017367 on Windows Server 2012 R2
  5. Summary

Salient Points about KB5017367 for Windows Server 2012 R2

  • KB5017367 is a cumulative update. It contains changes from previous updates as well.
  • KB5017367 supersedes last month’s monthly rollup update for Windows Server 2012 R2. KB5016681 is the August month’s monthly rollup update. So, KB5017367 supersedes KB5016681. You can read more about KB5016681 on this page.
  • KB5017398 Servicing Stack Update needs to be deployed on Windows Server 2012 R2 before installing KB5017367.
  • The size of KB5017367 monthly rollup update is 567.2 MB.
  • Zero-day vulnerability, CVE-2022-37969, is resolved for Windows Server 2012 R2 in KB5017367. On a similar note, three CRITICAL severity vulnerabilities are also resolved in KB5017367.
  • KB5017367 is more exhaustive than the security-only update KB5017365. However, for security changes only, you could choose to deploy KB5017365 or KB5017367.
  • KB5017367 will cause a server reboot.

Prerequisites for installing KB5017367 on Windows Server 2012 R2

There are no dependencies for installing KB5017367, except for the installation or deployment of the Servicing Stack Update KB5017398 on Windows Server 2012 R2. KB5017398 needs to be deployed prior to installing KB5017367 on Windows Server 2012 R2.

  • KB5017398 will be automatically installed as part of automated installation of KB5017367 on Windows Server 2012 R2. If you are making use of Windows Update for installing KB5017367, KB5017398 shall be patched automatically at the time of installation of the updates. On a similar note, Microsoft Update and WSUS will automatically deploy the SSU KB5017398 as part of the update process for KB5017367.
  • KB5017398 can be manually downloaded from the Microsoft Update Catalog website page for KB5017398. The size of the update file is 10.5 MB.
  • Upon installing the Servicing Stack Update, there is no need of a server reboot.

Once you have installed KB5017398 on Windows Server 2012 R2, you can install the KB5017367 monthly rollup update on the server.

Vulnerabilities resolved in KB5017367 on Windows Server 2012 R2

There have been over 30 vulnerabilities that have been reported for Windows Server 2012 R2 as part of September’s security bulletin. Out of these, our focus is on the zero-day threat CVE-2022-37969 and the three vulnerabilities with CRITICAL severity. Details of these vulnerabilities are provided below for a ready reference:

Zero-day Vulnerability on Windows Server 2012 R2

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Server 2012 R2 is affected by a zero-day vulnerability that is tracked under CVE-2022-37969. The vulnerability carries a CVSS score of 7.8 and affects Windows Common Log File System Driver. Successful exploitation of this threat could allow the attacker access to SYSTEM privileges. The threat is patched in KB5017365 and KB5017367. It is an ‘Elevation of Privilege’ vulnerability on the Windows Server.

CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability has a CVSS rating of 9.8. It affects Windows Server 2012 R2 server that is running the IPSec service. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.

CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 is a critical ‘Remote Code Execution’ vulnerability with a CVSS rating of 9.8. It an lead to ‘Remote Code Execution’ attacks on the Windows Server 2012 R2. The vulnerability affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 IKE is unaffected by CVE-2022-34721.

CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability is a critical vulnerability with a CVSS score of 9.8 and can lead to Remote Code Execution attacks. The threat affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 of IKE Protocol is unaffected by CVE-2022-34722 vulnerability.

How can I deploy KB5017367 on Windows Server 2012 R2?

Unlike KB5017365, KB5017367 can be deployed using automated or manual methods.

  • KB5017367 can be installed on Windows Server 2012 R2 through the Windows Update program. This is automated installation of the patch. As part of the update process, SSU KB5017398 will be installed on the Windows Server 2012 R2 automatically.
  • Similar to Windows Update, if you choose Microsoft Update program to install the monthly rollup, the SSU will be automatically deployed.
  • WSUS or Windows Server Update Service can be used to pull the monthly rollup update KB5017367 automatically. The patch gets auto-installed on the server. To import the monthly rollup updates for Windows Server 2012 R2 using WSUS, you will need to set the Product type as ‘Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro’.

Apart from the automated options, you can also install KB5017367 manually.

  • For manual installation of KB5017367, you will need to download the monthly rollup update from the Microsoft Update Catalog website. The update can be downloaded from the Microsoft Update Catalog page for KB5017367.
  • The size of the update file is 567.2 MB.
  • Before deploying KB5017367 manually, please install the SSU KB5017398 manually. KB5017398 can be downloaded from the KB5017398 page on Microsoft Update Catalog.

Upon installation, you can validate the working of the server to watch out for any unintended impact on server performance.

Summary

KB5017367 includes the changes that are part of security-only update KB5017365. KB5017367 can be patched through all the regular Windows Update channels. Security threat, CVE-2022-37969, is patched in KB5017365 and KB5017367. You will need to install the Servicing Stack Update KB5017398 on Windows Server 2012 R2 as part of the update process.

You may like to read more about the latest Windows Updates below: