KB5018476 is the security only update for Windows Server 2012 R2. It was released on 11th October as part of ‘October Patch Tuesday’ project. We review the main points about the KB5018476 for Windows Server 2012 R2 below.
Salient points about KB5018476 for Windows Server 2012 R2
- KB5018476 is a standalone security update for Windows Server 2012 R2.
- KB5018476 has now been followed up with the November security update KB5020010 for Windows Server 2012 R2. You can read more about KB5020010 on this page.
- For full security coverage, all the previous standalone security only updates need to be deployed on the Windows Server 2012 R2. The last security update for Windows Server 2012 R2 is KB5017365 and it was released on 13th September 2022. You can read more about KB5017365 on this page.
- CVE-2022-41033 is the zero day vulnerability that affects Windows Server 2012 R2. The threat is patched in KB5018476.
- Before deploying KB5018476, you need to deploy the latest cumulative update for Internet Explorer KB5018413.
- Servicing Stack Update that is relevant to KB5018476 is KB5018922. It would need to be installed on Windows Server 2012 R2 before installing KB5018476.
- Language packs, if any, need to be installed on Windows Server 2012 R2 before deploying KB5018476.
- You can also choose to install the monthly rollup update for Windows Server 2012 R2 instead of the standalone security update.
Prerequisites for installing KB5018476 on Windows Server 2012 R2
There are three prerequisites for installing KB5018476 on Windows Server 2012 R2.
Servicing Stack Update – KB5018922
The Servicing Stack Update KB5018922 corresponds to the security update KB5018476 for Windows Server 2012 R2. For automated deployments of KB5018476, SSU KB5018922 is installed automatically as part of the process.
For manual deployments, you can download KB5018922 from the Microsoft Update Catalog page for KB5018922. The size of the update file is 10.5 MB. SSU deployment will not cause a server reboot.
Cumulative Update for Internet Explorer KB5018413
Cumulative update for Internet Explorer KB5018413 can be downloaded from the Microsoft Update catalog page for KB5018413. The size of the update file is 55 MB.
Language Packs
Language packs, if any, need to be deployed on Windows Server 2012 R2 before deploying KB5018476 on Windows Server 2012 R2. If you install a language pack after installing KB5018476, the security update will need to be reinstalled on the server.
Security vulnerabilities on Windows Server 2012 R2
In all, Microsoft has shared 84 security vulnerabilities as part of the October security bulletin. Out of these, 44 vulnerabilities affect Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.
We look at the zero-day threat and the ‘CRITICAL vulnerabilities that affect Windows Server 2012 R2.
CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability
This is a CVSS 7.8 vulnerability with an ‘IMPORTANT’ severity rating. Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation are affected by this zero-day threat.
This is an ‘Elevation of Privileges’ vulnerability and an attacker could assume system privileges upon a successful attack. CVE-2022-41033 is already being exploited and is considered a zero-day threat.
Aside from the zero-day threat shared above, there are 9 ‘CRITICAL’ vulnerabilities on the Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation. Out of these 9 vulnerabilities:
- 7 Remote Code Execution threats
- 2 Elevation of Privileges threats
- 1 Spoofing threat
The details of 9 vulnerabilities with a ‘CRITICAL’ impact on Windows Server 2012 R2 are shared in the quick reference summary table.
| Vulnerability | CVSS Rating | Comments |
|---|---|---|
| CVE-2022-22035 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-30198 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-34689 | 7.5 | Windows CryptoAPI Spoofing Vulnerability |
| CVE-2022-37976 | 7.8 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-33634 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-24504 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-41081 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-38000 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-38047 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
How to deploy KB5018476 on Windows Server 2012 R2?
KB5018476 can be deployed using Windows Server Update Service (WSUS).
For manual installation, KB5018476 can be downloaded from the Microsoft Update Catalog page for KB5018476. The size of the update file is 64.8 MB.
Before deploying the security update on Windows Server 2012 R2, we need to make sure that the SSU KB5018922, KB5018413 cumulative update for Internet Explorer and language packs are deployed on the server.
Remember, you can choose to deploy the monthly rollup update for Windows Server 2012 R2 instead of the standalone security update KB5018476.
You may like to read more content related to Windows Updates below:
- KB5018478 Security update for Windows Server 2012
- KB5018421 Cumulative update for Windows Server 2022
- KB5018411 latest cumulative update for Windows Server 2016
- KB5018419 latest cumulative update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.