KB5021296 Security update for Windows Server 2012 R2 – released December 2022

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5021296 is the security-only update for Windows Server 2012 R2. It has been released on 13th December 2022 under the ‘Patch Tuesday’ project. The security-only update strives to resolve security vulnerabilities on the Windows Server 2012 R2.

Salient points about KB5021296 for Windows Server 2012 R2

  • KB5021296 has been succeeded by KB5022287 update for January 2023. You can read more about KB5022287.
  • KB5021296 is a standalone security update. It contains updates that target security vulnerabilities on Windows Server 2012 R2 only.
  • All the previous security-only updates for Windows Server 2012 R2 ought to be deployed on the server for full security protection on the server.
  • KB5021296 was preceded by November month’s security-only update KB5020010. KB5020010 was followed up with an out-of-band update KB5021653 to resolve issues arising out of the deployment of KB5020010. Ideally, you must have deployed KB5020010 and KB5021653 on Windows Server 2012 R2 before deploying KB5021296.
  • Servicing Stack Update KB5018922 needs to be installed prior to installing KB5021296.
  • Cumulative update for Internet Explorer KB5019958 also needs to be deployed on Windows Server 2012 R2 before deploying KB5021296.
  • In other words, if you choose to install security-only updates on Windows Server 2012 R2, you need KB5018922 + KB5019958 + KB5021296 for full security coverage until December 2022 ‘Patch Tuesday’ release date.
  • Post-deployment of KB5021296, you may run into a couple of issues. You may experience problems in joining a domain and connections to the database through the ODBC SQL Server driver may fail. In both cases, Microsoft is working on providing fixes.
  • 19 security vulnerabilities have been disclosed in December month’s security bulletin for Windows Server 2012 R2.

Download KB5021296 for Windows Server 2012 R2

Since KB5021296 is a standalone security update, you can install it manually or through WSUS. You cannot install KB5021296 using Windows Update or Windows Update for Business.

For manual deployment of KB5021296, you will need to download the offline installer file in MSU format. This file can be downloaded from the Microsoft Update Catalog site.

For full security coverage, we need to install KB5018922, KB5019958 and KB5021296 on Windows Server 2012 R2. So, we will share details of each update’s Microsoft Update Catalog page. We will also share the direct download links for each of these updates below.

You can also download the offline installer files for Windows Server 2012 R2 below.

Security UpdateDownload updateUpdate size
KB5018922Download KB501892211.5 MB
KB5019958Download KB501995855 MB
KB5021296Download KB502129635.4 MB

There are no special requisites for installing KB5021296. We just need to make sure that we have covered the SSU, cumulative update for Internet Explorer and security update as part of the installation process.

Post-deployment issues in KB5021296

There is a talk about two post-deployment issues after installing KB5021296 on Windows Server 2012 R2. Microsoft has acknowledged the issues and is working on fixes for each of these. A brief description of the issues is shared below.

After this update or a later Windows update is installed, domain join operations might be unsuccessful and error “0xaac (2732): NERR_AccountReuseBlockedByPolicy” occurs. Additionally, text stating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” might be displayed.

For this issue, Microsoft has shared guidance on the KB5020276 page.

The second issue is in accessing database through Microsoft SQL Server driver.

After installing this update, apps which use ODBC connections through Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might not connect. Additionally, you might receive an error in the app, or you might receive an error from the SQL Server. Errors you might receive include the following messages:

  • The EMS System encountered a problem.
    Message: [Microsoft][ODBC SQL Server Driver] Protocol error in TDS Stream.
  • The EMS System encountered a problem.
    Message: [Microsoft][ODBC SQL Server Driver] Unknown token received from SQL Server.

As mentioned above, we will like to reiterate that Microsoft is working on a fix for each of these issues.

Issues fixed in KB5021296 or Changelog of KB5021296

The following issues have been fixed in KB5021296 for Windows Server 2012 R2:

  • By order of the Fijian government, Fiji will not observe daylight saving time (DST) in 2022. Therefore, clocks do not change by an hour at 02:00 on November 13, 2022.
  • A memory leak in the Local Security Authority Subsystem Service (LSASS.exe) occurs on Windows domain controllers. This issue is known to occur after installing Windows updates dated November 8, 2022, or later.

Security vulnerabilities in Windows Server 2012 R2 under KB5021296

There have been 19 vulnerability disclosures as part of KB5021296 for Windows Server 2012 R2.

  • 6 Remote Code Execution vulnerabilities that include CVE-2022-41076, CVE-2022-44676, CVE-2022-44670, CVE-2022-44668, CVE-2022-44667, and CVE-2022-44666.
  • 8 Elevation of Privilege vulnerabilities that include CVE-2022-41094, CVE-2022-44683, CVE-2022-44681, CVE-2022-44680, CVE-2022-44678, CVE-2022-44675, CVE-2022-41121, and CVE-2022-41077.
  • 3 Denial of Service vulnerabilities that include CVE-2022-44707, CVE-2022-44697, and CVE-2022-44682.
  • 2 Information disclosure vulnerabilities include CVE-2022-44679, and CVE-2022-41074.

Three vulnerabilities of the type ‘Remote Code Execution’ carry CRITICAL severity levels. These vulnerabilities are separately mentioned below for your ready reference.

VulnerabilityCVSS ScoreSeverityDescription
CVE-2022-410768.5CRITICALPowershell RCE vulnerability
CVE-2022-446768.1CRITICALWindows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-446708.1CRITICALWindows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.