KB5020010 Security Update for Windows Server 2012 R2

KB5020010 is the security-only update for Windows Server 2012 R2. It was released on 8th November as part of Microsoft’s ‘Patch Tuesday’ project. We look at the key aspects of KB5020010 for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core Installation.

Salient points about KB5020010 for Windows Server 2012 R2

  • KB5020010 is a standalone security update that can be implemented on Windows Server 2012 R2 and Windows Server 2012 R2 Server Core Installation. The key part of knowing is that KB5020010 is not a cumulative update.
  • For full security coverage on Windows Server 2012 R2, you need to deploy all the previous security updates on Windows Server 2012 R2 prior to deploying KB5020010.
  • The last security-only update for Windows Server 2012 R2 was released on 11th October 2022. KB5018476 is October’s security update; you can read more about it on this page for KB5018476.
  • We recommend installing monthly rollup update KB5020023 instead of KB5020010 on Windows Server 2012 R2. This is because the monthly rollup update contains all the changes that are part of the security update KB5020010. And, you will not need to deploy the KB5019958 cumulative update for Internet Explorer because the monthly rollup update does contain the IE cumulative update as well.
  • Three zero-day threats affect Windows Server 2012 R2. Details of these vulnerabilities are mentioned for ready reference in the vulnerability section.
  • There are 26 vulnerabilities that affect Windows Server 2012 R2. Six of these have ‘CRITICAL’ severity levels. All these ‘CRITICAL’ severity threats are described in the vulnerability section below.
  • If you choose to deploy security update KB5020010 on Windows Server 2012 R2, you will need to also deploy the latest Servicing Stack Update KB5018922 on the Windows Server 2012 R2.
  • If a language pack is installed on Windows Server 2012 R2 after the deployment of KB5020010, you will need to reinstall the KB5020010 security update. Microsoft recommends installing language packs on the server prior to deploying KB5020010.

Install KB5020010 on Windows Server 2012 and Windows Server 2012 Server Core Installation

KB5020010 is a standalone update that can be installed using WSUS or through an offline installer file. We look at both options below.

You can use Windows Server Update Service or WSUS to import and deploy KB5020010 on Windows Server 2012. To deploy KB5020010 using WSUS you will need to configure WSUS as per the details below:

  • Product: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro
  • Classification: Security Updates

You can install KB5020010 manually through an offline installer file that is downloadable from the Microsoft Update Catalog. We share the catalog pages and the direct download links for KB5020010 below.

It may be pertinent to mention that before deploying KB5020010, you will also need to deploy the Servicing Stack Update KB5018922 and the IE Cumulative Update KB5019958 for Windows Server 2012 R2.

Direct Download of offline installer file for security updates for Windows Server 2012 R2

Update NameUpdate Size
Download KB5020010 for Windows Server 2012 R236.2 MB
Download KB5018922 for Windows Server 2012 R210.5 MB
Download KB5019958 for Windows Server 2012 R255 MB

Download security updates for Windows Server 2012 R2 from the Microsoft Update Catalog website

Update NameUpdate URLSize of the update
KB5020010Catalog page for KB502001036.2 MB
KB5018922Catalog page for KB501892210.5 MB
KB5019958Catalog page for KB501995855 MB

You may also need to understand that installing the Servicing Stack Update does not cause the server to reboot. However, KB5019958 and KB5020010 may require the server to restart.

Vulnerabilities in Windows Server 2012 – KB5020010

There are 26 vulnerabilities that have been shared for Microsoft Windows Server 2012 R2. Of these, there are 6 ‘CRITICAL’ severity vulnerabilities. The details of all 6 ‘CRITICAL’ vulnerabilities are shared below.

VulnerabilitySeverityCVSS ScoreImpactSummary
CVE-2022-41039CRITICAL8.1Remote Code ExecutionThe vulnerability affects Windows Point-to-Point Tunneling Protocol.
An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2022-41088CRITICAL8.1Remote Code ExecutionThe vulnerability affects Windows Point-to-Point Tunneling Protocol.
To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side.
CVE-2022-41128CRITICAL8.8Remote Code ExecutionThe vulnerability affects Windows Scripting Languages.
This vulnerability impacts the JScript9 scripting language. This vulnerability requires that a user with an affected version of Windows access a malicious server.
CVE-2022-41118CRITICAL7.5Remote Code ExecutionThis vulnerability affects Windows Scripting Languages.
This vulnerability impacts both the JScript9 and Chakra scripting languages. This vulnerability requires that a user with an affected version of Windows access a malicious server. IE cumulative update resolves the threat. It is part of the monthly rollup update. Security-only update needs to be topped up with the IE Cumulative Update for Windows Server 2012 R2.
CVE-2022-37966CRITICAL8.1Elevation of PrivilegesThis vulnerability affects Windows Kerberos RC4-HMAC. An attacker who successfully exploited this vulnerability could gain administrator privileges.
An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment.
CVE-2022-37967CRITICAL7.2Elevation of PrivilegesThis vulnerability affects Windows Kerberos. An authenticated attacker could leverage cryptographic protocol vulnerabilities in Windows Kerberos. If the attacker gains control on the service that is allowed for delegation, they can modify the Kerberos PAC to elevate their privileges. Aside from patching, please follow the instructions in KB5020805 document for complete security.

Zero-day vulnerabilities on Windows Server 2012 R2 – KB5020010

The three zero-day vulnerabilities on Windows Server 2012 R2 for the November security bulletin are shared below.

VulnerabilityCVSSImpactSummary
CVE-2022-410737.8Elevation of PrivilegesThis vulnerability affects Windows Print Spooler. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2022-411257.8Elevation of PrivilegesThis vulnerability affects Windows CNG Key Isolation Service. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2022-411288.8Remote Code ExecutionThe vulnerability affects Windows Scripting Languages.
This vulnerability impacts the JScript9 scripting language. This vulnerability requires that a user with an affected version of Windows access a malicious server.

Issues fixed and improvements in Windows Server 2012 under KB5020010

The following issues have been fixed and improvements made as part of KB5020010 for Windows Server 2012:

Post-deployment issues on Windows Server 2012 R2

Post-deployment of KB5020010 on Windows Server 2012 R2, you may experience domain join issues on Active Directory with the following error:

“0xaac (2732): NERR_AccountReuseBlockedByPolicy” occurs. Additionally, text stating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” might be displayed.

Microsoft is aware of the issue and is working on a permanent solution that is likely to be released in one of the future updates. However, Microsoft has published guidelines about the domain join issues on the KB5020276 document. You may read about the exact issue and workaround for domain join issues on the KB5020276 page.

For more details about the security update KB5020010, you may check out the release notes of Microsoft for KB5020010.