KB5018457 Monthly Rollup update for Windows Server 2012

KB5018457 is the monthly rollup update for Windows Server 2012. This rollup update is cumulative in nature and has been released on 11th October.

We look at some significant points that you ought to know before deploying KB5018457 on Windows Server 2012.

Salient points about KB5018457 for Windows Server 2012

  • KB5018457 is a cumulative update that contains all the changes of the standalone security update KB5018478 for Windows Server 2012 and Windows Server 2012 Server Core installation.
  • KB5018457 replaces the previous month’s monthly rollup update KB5017370.
  • KB5018457 has been replaced or superseded by KB5020009. KB5020009 was released on 8th November 2022. You can read more about KB5020009 on this page.
  • Servicing Stack Update KB5016263 for Windows Server 2012 needs to be deployed prior to installing KB5018457 on the server.
  • CVE-2022-41033 is the zero-day threat that affects Windows Server 2012 and Windows Server 2012 Server Core installation. This vulnerability is patched successfully in the KB5018457 monthly rollup update.
  • For remediation of security vulnerabilities on Windows Server 2012 or Windows Server 2012 Server Core installation, you may install KB508457 or KB5018478.

Prerequisites for installing KB5018457 on Windows Server 2012

You can install KB5018457 once you have deployed the Servicing Stack Update KB5016263 for Windows Server 2012. This SSU was released as part of the July updates on 12th July 2022.

If you are deploying KB5018457 through an automated update process, the SSU will be installed as part of the deployment process. There is no separate action required to be taken by the system administrator.

However, if you prefer an offline installer MSU update file, you can download the Servicing Stack update file for Windows Server 2012 and Windows Server 2012 from the Microsoft Update Catalog page for KB5016263.

The size of the update file is 9.8 MB and no server reboot happens post installation of the Servicing Stack Update.

Once the SSU has been deployed, you can deploy KB5018457 on Windows Server 2012.

How to deploy KB5018457 on Windows Server 2012?

KB5018457 can be deployed through one of the following automated processes:

  • Windows Update
  • WSUS or Windows Server Update Service

KB5018457 can be deployed manually by installing the patch through an MSU file. You can download the monthly rollup update for Windows Server 2012 from the Microsoft Update Catalog website.

Issues resolved in KB5018457 for Windows Server 2012

KB5018457 contains improvements and fixes for the following issues on Windows Server 2012:

Addresses an issue that leads to User Datagram Protocol (UDP) packet drops from Linux virtual machines (VMs).

Updates daylight saving time (DST) in Chile to start on September 11, 2022 instead of September 4, 2022.

Addresses a known issue in which file copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.

Source – Microsoft Release Notes for KB5018457

Vulnerabilities on Windows Server 2012 under KB5018457

There are 48 vulnerabilities that affect Windows Server 2012 as per the October month’s security bulletin. Out of these 48 vulnerabilities, there are 9 vulnerabilities that pose a ‘CRITICAL’ impact on the server. We list these vulnerabilities and the zero-day threat below.

The zero-day threat CVE-2022-41033 affects Windows Server 2012.

CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability

This is a CVSS 7.8 vulnerability with an ‘IMPORTANT’ severity rating. Windows Server 2012 and Windows Server 2012 Server Core installation are affected by this zero-day threat.

This is an ‘Elevation of Privileges’ vulnerability and an attacker could assume system privileges upon a successful attack. CVE-2022-41033 is already being exploited and is considered a zero-day threat.

Aside from the zero-day threat shared above, there are 9 ‘CRITICAL’ vulnerabilities on the Windows Server 2012 and Windows Server 2012 Server Core installation. Out of these 9 vulnerabilities:

  • 7 vulnerabilities are of the type ‘Remote Code Execution’
  • 1 vulnerability is an ‘Elevation of Privilege’ vulnerability
  • 1 vulnerability is of the type of ‘Spoofing’

We list these 9 ‘CRITICAL’ vulnerabilities below in a quick reference summary table:

VulnerabilityCVSS RatingComments
CVE-2022-220358.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-301988.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-346897.5Windows CryptoAPI Spoofing Vulnerability
CVE-2022-379767.8Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-336348.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-245048.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-410818.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-380008.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-380478.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability