KB5021294 becomes the latest monthly rollup update for Windows Server 2012 R2. It was released on 13th December as part of Microsoft’s ‘Patch Tuesday’ project. We will look at the details of KB5021294 below.
Salient points about KB5021294 for Windows Server 2012 R2
- KB5022352 supersedes KB5021294 for Windows Server 2012 R2. It was released on 10th January 2023.
- KB5021294 is a cumulative update that supersedes November month’s monthly rollup update KB5020023.
- KB5021294 also contains all changes that are part of the out-of-band (OOB) update KB5021653. KB5021653 was released to resolve domain join issues on the server.
- All the security changes that are part of the security-only update KB5021296 are also included in KB5021294. Therefore, it is always recommended to install a monthly rollup update instead of the security-only update.
- Servicing Stack Update KB5018922 corresponds to the monthly rollup update KB5021294. As a recommended process, the Servicing Stack Update (SSU) KB5018922 must be deployed prior to installing KB5021294.
- There have been reports of post-deployment domain join issues and issues in connecting to the database through the Microsoft ODBC SQL Server driver. A brief description of the problems is shared below.
- The latest security bulletin from Microsoft lists 19 vulnerabilities on Windows Server 2012 R2. Out of these, there are three vulnerabilities that carry a ‘CRITICAL’ severity for the affected infrastructure.
- You can read more about November month’s monthly rollup update on this page for KB5020023.
- KB5021294 corresponds to server build 6.3.9600.20721 for Windows Server 2012 R2.
Download KB5021294 for Windows Server 2012 R2
KB5021294 can be applied manually on Windows Server 2012 R2. For this, you can use the offline installer file that comes in MSU format. The MSU format files for the Servicing Stack Update and the monthly rollup update can be downloaded from the corresponding Microsoft Update Catalog pages listed below:
You could choose to download the installer files directly from the links shared below:
| Monthly Rollup/SSU Updates | Download updates | Update size |
|---|---|---|
| KB5018922 | Download KB5018922 | 10.5 MB |
| KB5021294 | Download KB5021294 | 569.6 MB |
Apart from the manual deployment of KB5021294, you could always use one of the automated approaches to installing KB5021294.
Installing KB5021294 through automated methods
Since KB5021294 is a cumulative monthly rollup update, you can easily deploy it on the server using one of the following methods:
- Windows Update
- WSUS or Windows Server Update Service
- Microsoft Update
If you use one of the automated methods, the SSU update KB5018922 will be automatically offered as part of the deployment process of KB5021294.
Post-deployment issues after KB5021294 on Windows Server 2012 R2
There have been reports of two issues that could arise out of the deployment of KB5021294 on Windows Server 2012 R2.
You may run into domain join issues on Windows Server 2012 R2 after installing KB5021294. This is what Microsoft has shared in the release notes:
After this update or a later Windows update is installed, domain join operations might be unsuccessful and error “0xaac (2732): NERR_AccountReuseBlockedByPolicy” occurs. Additionally, text stating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” might be displayed.
Microsoft is working on a permanent fix for the domain join issues. In the interim, Microsoft has published more details about the issue that is being tracked under KB5020276.
The second issue is the consequent database connectivity issues. If you are making use of a Microsoft SQL Server driver connector to connect to the database, you may run into connectivity issues after installing KB5021294. Here is a brief description of the issue that has been shared by Microsoft in the release notes:
After installing this update, apps which use ODBC connections through Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might not connect. Additionally, you might receive an error in the app, or you might receive an error from the SQL Server. Errors you might receive include the following messages:
- The EMS System encountered a problem.
Message: [Microsoft][ODBC SQL Server Driver] Protocol error in TDS Stream.- The EMS System encountered a problem.
Message: [Microsoft][ODBC SQL Server Driver] Unknown token received from SQL Server.
For the database issues, we expect an OOB or out-of-band update may be released for a quick fix by Microsoft.
Vulnerabilities on Windows Server 2012 R2 under KB5021294
There have been 19 vulnerability disclosures for Windows Server 2012 R2 in December month’s security bulletin. Brief details of these vulnerabilities are shared below.
- 6 Remote Code Execution vulnerabilities that include CVE-2022-41076, CVE-2022-44676, CVE-2022-44670, CVE-2022-44668, CVE-2022-44667, and CVE-2022-44666.
- 8 Elevation of Privilege vulnerabilities that include CVE-2022-41094, CVE-2022-44683, CVE-2022-44681, CVE-2022-44680, CVE-2022-44678, CVE-2022-44675, CVE-2022-41121, and CVE-2022-41077.
- 3 Denial of Service vulnerabilities that include CVE-2022-44707, CVE-2022-44697, and CVE-2022-44682.
- 2 Information disclosure vulnerabilities include CVE-2022-44679, and CVE-2022-41074.
Three vulnerabilities of the type ‘Remote Code Execution’ carry CRITICAL severity levels. These vulnerabilities are separately mentioned below for your ready reference.
| Vulnerability | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2022-41076 | 8.5 | CRITICAL | Powershell RCE vulnerability |
| CVE-2022-44676 | 8.1 | CRITICAL | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-44670 | 8.1 | CRITICAL | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.