KB5018478 Security update for Windows Server 2012

KB5018478 is the security-only update for Windows Server 2012. This security update follows up with the previous security only update KB5017377. KB5017377 was released in September 2022. We look at the key aspects of KB5018478 below.

Salient points about KB5018478 for Windows Server 2012

  • KB5018478 is a stand alone security update. All the previous security updates for Windows Server 2012 ought to be deployed on the server prior to installing KB5018478.
  • KB5018478 has been followed with November month’s security-only update KB5020003. You can read more about KB5020003 on this page.
  • The server build post implementation of KB5018478 is 6.2.9200.23817.
  • KB5017377 is the security only update that was released in September 2022. You can read more about KB5017377 on this page.
  • You will need to install KB5018413 cumulative update for Internet Explorer before installing KB5018478 on Windows Server 2012.
  • The latest Servicing Stack Update (SSU) KB5016263 for Windows Server 2012 needs to be installed prior to installing KB5018478.
  • Language packs, if any, need to be deployed prior to installing KB5018478, or else you will need to reinstall the security update.
  • CVE-2022-41033 is the zero-day vulnerability that affects Windows Server 2012. It is patched in KB5018478.
  • There are ‘CRITICAL’ impact vulnerabilities that affect Windows Server 2012. Details of these vulnerabilities are shared below in the relevant section.
  • The size of the MSU update file for KB5018478 is 55.2 MB.
  • If you prefer to install the monthly rollup update for Windows Server 2012, you can find all the information for KB5018457 on this page.

Prerequisites for installing KB5018478 on Windows Server 2012

KB5018478 can be deployed on Windows Server 2012 after the following requirements have been fulfilled on the server:

KB5016263

You will need to deploy KB5016263 Servicing Stack Update for Windows Server 2012. The SSU will be offered automatically as part of the automated installation of the patch. Or, you can download the KB5016263 patch from the Microsoft Update Catalog page for KB5016263.

The size of the SSU KB5016263 is 9.8 MB only.

Servicing Stack Updates do not cause server reboot. So, KB5016263 will not lead to a server reboot.

KB5018413

KB5018413 is the cumulative update for Internet Explorer. It needs to be installed on the server prior to installing KB5018478. You can download KB5018413 from the Microsoft Update Catalog page for KB5018413.

The size of the cumulative update for Internet Explorer is 46.1 MB.

Language Packs

If you install a language pack after the deployment of KB5018478, you will need to reinstall the security update KB5018478. Therefore, Microsoft recommends that you must install language packs (if any) on Windows Server 2012 prior to deploying KB5018478.

Once these three prerequisites are complied with, you can install KB5018478 on Windows Server 2012.

Vulnerabilities on Windows Server 2012

There are 48 vulnerabilities that affect Windows Server 2012 as per the October month’s security bulletin. Out of these 48 vulnerabilities, there are 9 vulnerabilities that pose a ‘CRITICAL’ impact on the server. We list these vulnerabilities and the zero-day threat below.

The zero-day threat CVE-2022-41033 affects Windows Server 2012.

CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability

This is a CVSS 7.8 vulnerability with an ‘IMPORTANT’ severity rating. Windows Server 2012 and Windows Server 2012 Server Core installation are affected by this zero-day threat.

This is an ‘Elevation of Privileges’ vulnerability and an attacker could assume system privileges upon a successful attack. CVE-2022-41033 is already being exploited and is considered a zero-day threat.

Aside from the zero-day threat shared above, there are 9 ‘CRITICAL’ vulnerabilities on the Windows Server 2012 and Windows Server 2012 Server Core installation. Out of these 9 vulnerabilities:

  • 7 vulnerabilities are of the type ‘Remote Code Execution’
  • 1 vulnerability is an ‘Elevation of Privilege’ vulnerability
  • 1 vulnerability is of the type of ‘Spoofing’

We list these 9 ‘CRITICAL’ vulnerabilities below in a quick reference summary table:

VulnerabilityCVSS RatingComments
CVE-2022-220358.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-301988.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-346897.5Windows CryptoAPI Spoofing Vulnerability
CVE-2022-379767.8Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-336348.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-245048.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-410818.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-380008.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-380478.1Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVE-2022-41033 is already being exploited and therefore KB5018478 or the monthly rollup update for Windows Server 2012 ought to be installed on a priority basis.

How to deploy KB5018478 on Windows Server 2012?

KB5018478 can be deployed through Windows Server Update Service (WSUS) or through the Microsoft Update Catalog download.

WSUS is an automated solution that imports and installs the security update for Windows Server 2012.

You can deploy KB5018478 manually by downloading the MSU update file from the Microsoft Update Catalog page for KB5018478. Since you are downloading the catalog file, it is suggested that must have already deployed the following patches:

  • KB5016263
  • KB5018413
  • Install Language packs, if any, prior to installing KB5018478 on Windows Server 2012.

You may like to read more about Windows Updates below: