KB5020010 is the security-only update for Windows Server 2012 R2. It was released on 8th November as part of Microsoft’s ‘Patch Tuesday’ project. We look at the key aspects of KB5020010 for Windows Server 2012 R2 and Windows Server 2012 R2 Server Core Installation.
Salient points about KB5020010 for Windows Server 2012 R2
- KB5021296 becomes the December month’s security update for Windows Server 2012 R2. You can read more about KB5021296 on this page.
- KB5020010 is a standalone security update that can be implemented on Windows Server 2012 R2 and Windows Server 2012 R2 Server Core Installation. The key part of knowing is that KB5020010 is not a cumulative update.
- For full security coverage on Windows Server 2012 R2, you need to deploy all the previous security updates on Windows Server 2012 R2 prior to deploying KB5020010.
- The last security-only update for Windows Server 2012 R2 was released on 11th October 2022. KB5018476 is October’s security update; you can read more about it on this page for KB5018476.
- We recommend installing monthly rollup update KB5020023 instead of KB5020010 on Windows Server 2012 R2. This is because the monthly rollup update contains all the changes that are part of the security update KB5020010. And, you will not need to deploy the KB5019958 cumulative update for Internet Explorer because the monthly rollup update does contain the IE cumulative update as well.
- Three zero-day threats affect Windows Server 2012 R2. Details of these vulnerabilities are mentioned for ready reference in the vulnerability section.
- There are 26 vulnerabilities that affect Windows Server 2012 R2. Six of these have ‘CRITICAL’ severity levels. All these ‘CRITICAL’ severity threats are described in the vulnerability section below.
- If you choose to deploy security update KB5020010 on Windows Server 2012 R2, you will need to also deploy the latest Servicing Stack Update KB5018922 on the Windows Server 2012 R2.
- Besides installing KB5020010, you will also need to deploy Internet Explorer cumulative update KB5019958 on Windows Server 2012 R2.
- If a language pack is installed on Windows Server 2012 R2 after the deployment of KB5020010, you will need to reinstall the KB5020010 security update. Microsoft recommends installing language packs on the server prior to deploying KB5020010.
Install KB5020010 on Windows Server 2012 and Windows Server 2012 Server Core Installation
KB5020010 is a standalone update that can be installed using WSUS or through an offline installer file. We look at both options below.
You can use Windows Server Update Service or WSUS to import and deploy KB5020010 on Windows Server 2012. To deploy KB5020010 using WSUS you will need to configure WSUS as per the details below:
- Product: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro
- Classification: Security Updates
You can install KB5020010 manually through an offline installer file that is downloadable from the Microsoft Update Catalog. We share the catalog pages and the direct download links for KB5020010 below.
It may be pertinent to mention that before deploying KB5020010, you will also need to deploy the Servicing Stack Update KB5018922 and the IE Cumulative Update KB5019958 for Windows Server 2012 R2.
Direct Download of offline installer file for security updates for Windows Server 2012 R2
| Update Name | Update Size |
|---|---|
| Download KB5020010 for Windows Server 2012 R2 | 36.2 MB |
| Download KB5018922 for Windows Server 2012 R2 | 10.5 MB |
| Download KB5019958 for Windows Server 2012 R2 | 55 MB |
Download security updates for Windows Server 2012 R2 from the Microsoft Update Catalog website
| Update Name | Update URL | Size of the update |
| KB5020010 | Catalog page for KB5020010 | 36.2 MB |
| KB5018922 | Catalog page for KB5018922 | 10.5 MB |
| KB5019958 | Catalog page for KB5019958 | 55 MB |
You may also need to understand that installing the Servicing Stack Update does not cause the server to reboot. However, KB5019958 and KB5020010 may require the server to restart.
Vulnerabilities in Windows Server 2012 – KB5020010
There are 26 vulnerabilities that have been shared for Microsoft Windows Server 2012 R2. Of these, there are 6 ‘CRITICAL’ severity vulnerabilities. The details of all 6 ‘CRITICAL’ vulnerabilities are shared below.
| Vulnerability | Severity | CVSS Score | Impact | Summary |
|---|---|---|---|---|
| CVE-2022-41039 | CRITICAL | 8.1 | Remote Code Execution | The vulnerability affects Windows Point-to-Point Tunneling Protocol. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2022-41088 | CRITICAL | 8.1 | Remote Code Execution | The vulnerability affects Windows Point-to-Point Tunneling Protocol. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side. |
| CVE-2022-41128 | CRITICAL | 8.8 | Remote Code Execution | The vulnerability affects Windows Scripting Languages. This vulnerability impacts the JScript9 scripting language. This vulnerability requires that a user with an affected version of Windows access a malicious server. |
| CVE-2022-41118 | CRITICAL | 7.5 | Remote Code Execution | This vulnerability affects Windows Scripting Languages. This vulnerability impacts both the JScript9 and Chakra scripting languages. This vulnerability requires that a user with an affected version of Windows access a malicious server. IE cumulative update resolves the threat. It is part of the monthly rollup update. Security-only update needs to be topped up with the IE Cumulative Update for Windows Server 2012 R2. |
| CVE-2022-37966 | CRITICAL | 8.1 | Elevation of Privileges | This vulnerability affects Windows Kerberos RC4-HMAC. An attacker who successfully exploited this vulnerability could gain administrator privileges. An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment. |
| CVE-2022-37967 | CRITICAL | 7.2 | Elevation of Privileges | This vulnerability affects Windows Kerberos. An authenticated attacker could leverage cryptographic protocol vulnerabilities in Windows Kerberos. If the attacker gains control on the service that is allowed for delegation, they can modify the Kerberos PAC to elevate their privileges. Aside from patching, please follow the instructions in KB5020805 document for complete security. |
Zero-day vulnerabilities on Windows Server 2012 R2 – KB5020010
The three zero-day vulnerabilities on Windows Server 2012 R2 for the November security bulletin are shared below.
| Vulnerability | CVSS | Impact | Summary |
|---|---|---|---|
| CVE-2022-41073 | 7.8 | Elevation of Privileges | This vulnerability affects Windows Print Spooler. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2022-41125 | 7.8 | Elevation of Privileges | This vulnerability affects Windows CNG Key Isolation Service. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2022-41128 | 8.8 | Remote Code Execution | The vulnerability affects Windows Scripting Languages. This vulnerability impacts the JScript9 scripting language. This vulnerability requires that a user with an affected version of Windows access a malicious server. |
Issues fixed and improvements in Windows Server 2012 under KB5020010
The following issues have been fixed and improvements made as part of KB5020010 for Windows Server 2012:
- Updates the daylight-saving time (DST) for Jordan to prevent moving the clock back 1 hour on October 28, 2022. Additionally, changes the display name of Jordan standard time from “(UTC+02:00) Amman” to “(UTC+03:00) Amman”.
- Addresses an issue where, after installing the January 11, 2022 or later update, the Forest Trust creation process fails to populate the DNS name suffixes into the trust information attributes.
- Addresses security vulnerabilities in the Kerberos and Netlogon protocols as outlined in CVE-2022-38023, CVE-2022-37966, and CVE-2022-37967. For deployment guidance, see the following articles:
Post-deployment issues on Windows Server 2012 R2
Post-deployment of KB5020010 on Windows Server 2012 R2, you may experience domain join issues on Active Directory with the following error:
“0xaac (2732): NERR_AccountReuseBlockedByPolicy” occurs. Additionally, text stating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” might be displayed.
Microsoft is aware of the issue and is working on a permanent solution that is likely to be released in one of the future updates. However, Microsoft has published guidelines about the domain join issues on the KB5020276 document. You may read about the exact issue and workaround for domain join issues on the KB5020276 page.
For more details about the security update KB5020010, you may check out the release notes of Microsoft for KB5020010.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.