KB5018474 Monthly rollup update for Windows Server 2012 R2

KB5018474 is the monthly rollup update for Windows Server 2012 R2 that was released on 11th October 2022. This ‘Patch Tuesday’ update is cumulative in nature. We review the significant elements of the KB5018474 update.

Salient points about KB5018474 for Windows Server 2012 R2

  • KB5018474 is a monthly rollup update that supersedes the KB5017367 update of September month.
  • KB5020023 is November month’s monthly rollup update that replaces KB5018474. You can read more about KB5020023 on this page.
  • KB5018474 contains all the changes that are part of the security-only update KB5018476 for Windows Server 2012 R2.
  • Zero-day vulnerability CVE-2022-41033 affects Windows Server 2012 R2. This is resolved in KB5018474.
  • Servicing Stack Update KB5018922 needs to be deployed on Windows Server 2012 R2 before deploying the KB5018474 update.
  • The size of the MSU installer for KB5018474 is 567.6 MB.

Prerequisites for installing KB5018474 on Windows Server 2012 R2

Servicing Stack Update KB5018922 for Windows Server 2012 R2 was released on 11th October 2022. The size of the update file is 10.5 MB.

If you are making use of Windows Update or WSUS for installing KB5018474, the SSU KB5018922 will be deployed automatically as part of the update process.

If you use an offline installer, you can download the MSU update file from the Microsoft Update Catalog page for KB5018922.

No server reboot happens after installing KB5018922 on the Windows Server 2012 R2.

You will also need to deploy the language packs before installing KB5018474. If you were to install language packs after rolling out the monthly update, you will need to redo the implementation of the monthly rollup update.

How to install KB5018474 on Windows Server 2012 R2?

KB5018474 can be deployed automatically on the Windows Server 2012 R2 through Windows Update or WSUS. SSU gets automatically deployed as part of the update process.

For offline installer MSU file, you can download the patch from the Microsoft Update Catalog page for KB5018474. Prior to installing KB5018474 through the offline installer, please deploy the KB5018922 Servicing Stack Update on Windows Server 2012 R2.

Issues resolved in KB5018474 for Windows Server 2012 R2

As per the release notes of KB5018474, Microsoft has stated that the following issues have been resolved.

Addresses an issue that leads to User Datagram Protocol (UDP) packet drops from Linux virtual machines (VMs).

Updates daylight saving time (DST) in Chile to start on September 11, 2022 instead of September 4, 2022.

Addresses a known issue in which file copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.

from Microsoft Release Notes

Vulnerabilities on Windows Server 2012 R2 under KB5018474

In all, Microsoft has shared 84 security vulnerabilities as part of the October security bulletin. Out of these, 44 vulnerabilities affect Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.

We look at the zero-day threat and the ‘CRITICAL vulnerabilities that affect Windows Server 2012 R2.

CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability

This is a CVSS 7.8 vulnerability with an ‘IMPORTANT’ severity rating. Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation are affected by this zero-day threat.

This is an ‘Elevation of Privileges’ vulnerability and an attacker could assume system privileges upon a successful attack. CVE-2022-41033 is already being exploited and is considered a zero-day threat.

Aside from the zero-day threat shared above, there are 9 ‘CRITICAL’ vulnerabilities on the Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation. Out of these 9 vulnerabilities:

  • 7 Remote Code Execution threats
  • 2 Elevation of Privileges threats
  • 1 Spoofing threat

The details of 9 vulnerabilities with a ‘CRITICAL’ impact on Windows Server 2012 R2 are shared in the quick reference summary table.

VulnerabilityCVSS RatingComments
CVE-2022-220358.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-301988.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-346897.5Windows CryptoAPI Spoofing Vulnerability
CVE-2022-379767.8Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-336348.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-245048.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-410818.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-380008.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-380478.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability