KB5017377 Security Update for Windows Server 2012 – released 13th September 2022

KB5017377 is a security-only update for Windows Server 2012. This update is not cumulative in nature. Therefore, it is important to know how to go about patching the security updates on Windows Server 2012 and Windows Server 2012 R2. You could choose to deploy the monthly rollup update for Windows Server 2012 instead of the security-only update. We look at the important security aspects of KB5017377 for Windows Server 2012 below.

Salient points about KB5017377 for Windows Server 2012

  • Security only updates for Windows Server 2012 are minimal in nature as these contain the basic security changes to resolve security issues on the server. You can also call these as standalone updates for Windows servers.
  • Security only updates for Windows Server 2012 are not cumulative in nature. For full support coverage, you must have deployed all the previous security updates on Windows Server 2012.
  • The size of the MSU update file for security only update KB5017377 is just 31.5 MB.
  • Before deploying KB5017377 on Windows Server 2012, you need to deploy the Servicing Stack Update (SSU) KB5016263.
  • The previous security only update for Windows Server 2012 was released in August 2022. KB5016684 is the security-only update that was released in August 2022.

Prerequisites for installing KB5017377 on Windows Server 2012

KB5017377 is not a cumulative update. It is a standalone security update that addresses security threats that have been unveiled over the previous month. Therefore, ideally speaking, for full support on Windows Server 2012 you need to undertake the following steps.

  • All the previous security updates for Windows Server 2012 need to be deployed on the server. This should include previous month’s security only update KB5016684. You can read more about KB5016684 on this page.
  • Servicing Stack Update needs to be deployed prior to installing KB5017377. In this case, we need to deploy KB5016263 SSU for Windows Server 2012.
  • Post deployment of the Servicing Stack Update KB5016263, there is no need of a server reboot.

Once you have deployed KB5016263, you can proceed with installing the KB5017377 security update on Windows Server 2012.

Vulnerabilities resolved in KB5017377 for Windows Server 2012

For Windows Server 2012, there are 35 vulnerabilities in September 13th security bulletin released by Microsoft. Out of these, we have a zero-day threat CVE-2022-37969. We also have 3 Remote Code Execution threats that affect Windows Server 2012. All these RCE threats are of ‘CRITICAL’ severity with CVSS rating score of 9.8.

We list the zero-day threat and the three CRITICAL vulnerabilities for your ready reference below:

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Server 2012 is affected by a zero-day vulnerability that is tracked under CVE-2022-37969. The vulnerability carries a CVSS score of 7.8 and affects Windows Common Log File System Driver. Successful exploitation of this threat could allow the attacker access to SYSTEM privileges. The threat is patched in KB5017377. It is an ‘Elevation of Privilege’ vulnerability on the Windows Server.

CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability has a CVSS rating of 9.8. It affects Windows Server 2012 server that is running the IPSec service. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.

CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 is a critical ‘Remote Code Execution’ vulnerability with a CVSS rating of 9.8. It an lead to ‘Remote Code Execution’ attacks on the Windows Server 2012. The vulnerability affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 IKE is unaffected by CVE-2022-34721.

CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This ‘Remote Code Execution’ vulnerability is a critical vulnerability with a CVSS score of 9.8 and can lead to Remote Code Execution attacks. The threat affects version 1 of the Internet Key Exchange (IKE) ProtocolVersion 2 of IKE Protocol is unaffected by CVE-2022-34722 vulnerability.

How to deploy KB5017377 for Windows Server 2012?

KB5017377 cannot be deployed automatically through the Windows Update program. If you intend to deploy this automatically, you can use WSUS or Windows Server Update Service. You will need to setup WSUS for the product category – Windows Server 2012, Windows Embedded 8 Standard.

KB5017377 can be manually patched using the Microsoft Update Catalog website. The security-only update for Windows Server can be downloaded from the KB5017377 page on the Microsoft Update Catalog website. We will like to reiterate that KB5016263 Servicing Stack Update ought to be patched before installing KB5017377.

Summary

KB5017377 is the security only update for Windows Server 2012 that can be installed swiftly. The update file is small in size. There are 35 vulnerabilities that have been resolved in KB5017377. In particular, the 3 Remote Code Execution threats and the zero-day vulnerability are also patched. Before deploying KB5017377, do install the KB5016263 Servicing Stack Update on Windows Server 2012.

You may like to read more content related to Windows Servers below: