KB5018476 Security Update for Windows Server 2012 R2

KB5018476 is the security only update for Windows Server 2012 R2. It was released on 11th October as part of ‘October Patch Tuesday’ project. We review the main points about the KB5018476 for Windows Server 2012 R2 below.

Salient points about KB5018476 for Windows Server 2012 R2

  • KB5018476 is a standalone security update for Windows Server 2012 R2.
  • KB5018476 has now been followed up with the November security update KB5020010 for Windows Server 2012 R2. You can read more about KB5020010 on this page.
  • For full security coverage, all the previous standalone security only updates need to be deployed on the Windows Server 2012 R2. The last security update for Windows Server 2012 R2 is KB5017365 and it was released on 13th September 2022. You can read more about KB5017365 on this page.
  • CVE-2022-41033 is the zero day vulnerability that affects Windows Server 2012 R2. The threat is patched in KB5018476.
  • Before deploying KB5018476, you need to deploy the latest cumulative update for Internet Explorer KB5018413.
  • Servicing Stack Update that is relevant to KB5018476 is KB5018922. It would need to be installed on Windows Server 2012 R2 before installing KB5018476.
  • Language packs, if any, need to be installed on Windows Server 2012 R2 before deploying KB5018476.
  • You can also choose to install the monthly rollup update for Windows Server 2012 R2 instead of the standalone security update.

Prerequisites for installing KB5018476 on Windows Server 2012 R2

There are three prerequisites for installing KB5018476 on Windows Server 2012 R2.

Servicing Stack Update – KB5018922

The Servicing Stack Update KB5018922 corresponds to the security update KB5018476 for Windows Server 2012 R2. For automated deployments of KB5018476, SSU KB5018922 is installed automatically as part of the process.

For manual deployments, you can download KB5018922 from the Microsoft Update Catalog page for KB5018922. The size of the update file is 10.5 MB. SSU deployment will not cause a server reboot.

Cumulative Update for Internet Explorer KB5018413

Cumulative update for Internet Explorer KB5018413 can be downloaded from the Microsoft Update catalog page for KB5018413. The size of the update file is 55 MB.

Language Packs

Language packs, if any, need to be deployed on Windows Server 2012 R2 before deploying KB5018476 on Windows Server 2012 R2. If you install a language pack after installing KB5018476, the security update will need to be reinstalled on the server.

Security vulnerabilities on Windows Server 2012 R2

In all, Microsoft has shared 84 security vulnerabilities as part of the October security bulletin. Out of these, 44 vulnerabilities affect Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.

We look at the zero-day threat and the ‘CRITICAL vulnerabilities that affect Windows Server 2012 R2.

CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability

This is a CVSS 7.8 vulnerability with an ‘IMPORTANT’ severity rating. Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation are affected by this zero-day threat.

This is an ‘Elevation of Privileges’ vulnerability and an attacker could assume system privileges upon a successful attack. CVE-2022-41033 is already being exploited and is considered a zero-day threat.

Aside from the zero-day threat shared above, there are 9 ‘CRITICAL’ vulnerabilities on the Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation. Out of these 9 vulnerabilities:

  • 7 Remote Code Execution threats
  • 2 Elevation of Privileges threats
  • 1 Spoofing threat

The details of 9 vulnerabilities with a ‘CRITICAL’ impact on Windows Server 2012 R2 are shared in the quick reference summary table.

VulnerabilityCVSS RatingComments
CVE-2022-220358.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-301988.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-346897.5Windows CryptoAPI Spoofing Vulnerability
CVE-2022-379767.8Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-336348.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-245048.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-410818.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-380008.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-380478.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

How to deploy KB5018476 on Windows Server 2012 R2?

KB5018476 can be deployed using Windows Server Update Service (WSUS).

For manual installation, KB5018476 can be downloaded from the Microsoft Update Catalog page for KB5018476. The size of the update file is 64.8 MB.

Before deploying the security update on Windows Server 2012 R2, we need to make sure that the SSU KB5018922, KB5018413 cumulative update for Internet Explorer and language packs are deployed on the server.

Remember, you can choose to deploy the monthly rollup update for Windows Server 2012 R2 instead of the standalone security update KB5018476.

You may like to read more content related to Windows Updates below: