KB5021303 is December 2022 security update for Windows Server 2012. It was released on 13th December 2022. This update contains fixes for security vulnerabilities on Windows Server 2012.
Salient points about KB5021303 for Windows Server 2012
- KB5021303 has now been succeeded by January 2023 security only update KB5022343 for Windows Server 2012 and Windows Server 2012 Server Core installation.
- KB5021303 is a standalone security update. For full security coverage on Windows Server 2012 and Windows Server 2012 Server Core installation, all the previous security updates for Windows Server 2012 ought to be already deployed on the server.
- The previous security update for Windows Server 2012 was released on November 8, 2022. It was called KB5020003. KB5020003 was immediately followed up with an OOB or out-of-band update KB5021652.
- This security update can only be installed using WSUS or through an offline installer file that can be downloaded from the Microsoft Update Catalog.
- KB5016263 is the Servicing Stack update that corresponds to KB5021303. Microsoft recommends installing KB5016263 before deploying KB5021303.
- For complete security protection, you will need to install the latest cumulative update for Internet Explorer alongside KB5021303. KB5019958 is the cumulative update for Internet Explorer that needs to be installed.
- Post-deployment of KB5021303, you may experience two issues. You may experience issues in joining a domain and in accessing the database through the Microsoft ODBC SQL server driver.
- If possible, you should prefer installing the monthly rollup update instead of the security-only update. While security-only updates are standalone updates, monthly rollup updates are cumulative in nature. KB5021285 is December month’s cumulative update for Windows Server 2012. You can read more about KB5021285 here. If you are installing the monthly rollup instead of the security-only update, you need not install the cumulative update for Internet Explorer separately.
Download KB5021303 for Windows Server 2012
KB50121303 is available as an MSU update file for offline installation. You can download the security update and the associated Servicing Stack Update (SSU) through the Microsoft Update Catalog pages shared hereunder:
- Microsoft Update Catalog page for KB5021303
- Microsoft Update Catalog page for KB5016263
- Microsoft Update Catalog page for KB5019958
The direct download links for the SSU and security-only updates are shared below:
| Security Update/SSU Update | Download update | Size of update |
|---|---|---|
| KB5021303 | Download KB5021303 | 35.1 MB |
| KB5016263 | Download KB5016263 | 9.8 MB |
| KB5019958 | Download KB5019958 | 46 MB |
Servicing Stack updates ought to be installed prior to installing the security-only update. SSU updates do not cause server reboot. Once the SSU has been installed, you can install the security-only update.
Issues fixed in KB5021303 for Windows Server 2012
The following issues have been fixed in KB5021303 for Windows Server 2012:
- By order of the Fijian government, Fiji will not observe daylight saving time (DST) in 2022. Therefore, clocks do not change by an hour at 02:00 on November 13, 2022.
- A memory leak in the Local Security Authority Subsystem Service (LSASS.exe) occurs on Windows domain controllers. This issue is known to occur after installing Windows updates dated November 8, 2022, or later.
Post-deployment issues after installing KB5021303 on Windows Server 2012
You may run into the following issues after installing KB5021303 on Windows Server 2012:
- After this update or a later Windows update is installed, domain join operations might be unsuccessful and error “0xaac (2732): NERR_AccountReuseBlockedByPolicy” occurs. Additionally, text stating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” might be displayed.
The domain join issue is being worked upon by Microsoft and you can read more about it in detail on the KB5020276 page.
- After installing this update, apps which use ODBC connections through Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might not connect. Additionally, you might receive an error in the app, or you might receive an error from the SQL Server. Errors you might receive include the following messages:
- The EMS System encountered a problem.
Message: [Microsoft][ODBC SQL Server Driver] Protocol error in TDS Stream. - The EMS System encountered a problem.
Message: [Microsoft][ODBC SQL Server Driver] Unknown token received from SQL Server.
- The EMS System encountered a problem.
The database connectivity issue is also being worked on by Microsoft. We expect a resolution to these issues as an OOB update or in the next security update for Windows Server 2012.
Security vulnerabilities on Windows Server 2012
There have been 19 vulnerability disclosures as part of the security-only update’s security notification for Windows Server 2012. Three of these 19 vulnerabilities have CRITICAL severity levels and are shared below.
| Vulnerability | CVSS Score | Severity | Description | Impact |
|---|---|---|---|---|
| CVE-2022-41076 | 8.5 | CRITICAL | Powershell RCE vulnerability | Remote Code Execution |
| CVE-2022-44676 | 8.1 | CRITICAL | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2022-44670 | 8.1 | CRITICAL | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Remote Code Execution |
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.