KB5017370 Monthly Rollup Update for Windows Server 2012

KB5017370 is the monthly rollup update for Windows Server 2012 and Windows Server 2012 Server Core Installation. It was released on 13th September as part of the Microsoft ‘Patch Tuesday’ project. We look at the key aspects and important points about KB5017370 for Windows Server 2012.

Salient points about KB5017370 for Windows Server 2012

  • KB5017370 is cumulative in nature. Unlike the standalone security-only updates for Windows Server 2012, KB5017370 contains changes from the previous updates as well.
  • KB5017370 also contains all the changes that are part of the KB5017377 security-only update for Windows Server 2012.
  • KB5017370 supersedes KB5016672. KB5016672 was released in August 2022. You can find or read more about KB5016672 on this page.
  • KB5017370 also supersedes Extended Security Update KB5017221 released in August 2022.
  • Zero-day vulnerability CVE-2022-37969 is resolved as part of the monthly rollup, KB5017370, for Windows Server 2012.
  • There are three critical Remote Code Execution vulnerabilities that affect Windows Server 2012. All these vulnerabilities are CVSS 9.8 rated and have a CRITICAL severity for the infrastructure.
  • The size of the MSU update file for KB5017370 is 411.6 MB.
  • Servicing Stack Update KB5016263 needs to be deployed on Windows Server 2012 prior to installing KB5017370 on the server.

Prerequisites for installing KB5017370 on Windows Server 2012

KB5017370 can be deployed on Windows Server 2012 without any significant requirements of prerequisite conditions. All that you need to do is to install the Servicing Stack Update KB5016263 on the server.

  • KB5016263 is a part of the automated Windows Update process. If you intend to deploy KB5017370 using Windows Update, the SSU will be automatically installed as part of the update process.
  • If you intend to deploy KB5017370 manually, you need to download the KB5016263 SSU from the Microsoft Update Catalog.
  • The size of the update file is 9.8 MB.
  • When you install the Servicing Stack Update, there are no server restarts.

Vulnerabilities resolved in KB5017370 on Windows Server 2012

Over 30 vulnerabilities have been shared for Microsoft Windows Server 2012 as part of the security bulletin for the month of September. Our focus remains on the zero-day threat CVE-2022-37969 and the three ‘CRITICAL’ vulnerabilities that pose significant threats to the infrastructure.

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Server 2012 is affected by a zero-day vulnerability that is tracked under CVE-2022-37969. The vulnerability carries a CVSS score of 7.8 and affects Windows Common Log File System Driver. Successful exploitation of this threat could allow the attacker access to SYSTEM privileges. The threat is patched in KB5017377 and KB5017370. It is an ‘Elevation of Privilege’ vulnerability on the Windows Server.

CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability has a CVSS rating of 9.8. It affects Windows Server 2012 server that is running the IPSec service. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.

CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 is a critical ‘Remote Code Execution’ vulnerability with a CVSS rating of 9.8. It an lead to ‘Remote Code Execution’ attacks on the Windows Server 2012. The vulnerability affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 IKE is unaffected by CVE-2022-34721.

CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability is a critical vulnerability with a CVSS score of 9.8 and can lead to Remote Code Execution attacks. The threat affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 of IKE Protocol is unaffected by CVE-2022-34722 vulnerability.

How can I deploy KB5017370 on Windows Server 2012?

KB5017370 is cumulative and can be deployed through regular Windows Update channels. We look at the suggested or recommended methods for updating KB5017370 on Windows Server 2012.

  • KB5017370 can be automatically deployed using Windows Update. SSU KB5016263 will be automatically installed as part of the process.
  • KB5017370 can also be deployed using Microsoft Update for Business.
  • WSUS or Windows Server Update Service can be used to pull the monthly update KB5017370. You will need the Product to be configured to pull updates for Windows Server 2012, Windows Embedded 8 Standard.

Apart from the automated update processes stated above, you can download KB5017370 through the Microsoft Update Catalog site.

  • KB5017370 can be downloaded from Microsoft Update Catalog page here.
  • The size of the MSU update file is 411.6 MB.
  • KB5016263 needs to be applied prior to KB5017370. That can be downloaded from this page.
  • Post-deployment of KB5017370, the Windows Server 2012 will need a reboot. Please plan for a maintenance window for the same.

Summary

KB5017370 is the monthly rollup update for Windows Server 2012. The update supersedes KB5016672. It resolved CVE-2022-37969 zero-day threat on the server. SSU KB5016263 needs to be deployed on the server prior to installing KB5017370.

You may like to read more content about Windows Updates below: