KB5022343 is the security only update for Windows Server 2012. It addresses security vulnerabilities reported in Microsoft’s security bulletin for January 2023. KB5022343 was released on 10th January 2023.
A more recent security update for Windows Server 2012 was released on 14th February 2023. You can read more about KB5022895 on this page.
Salient points about KB5022343 for Windows Server 2012
- KB5022343 is not a cumulative update. It is a standalone security update. For complete and adequate security, you will need to deploy all the previous security-only updates for Windows Server 2012.
- KB5022343 succeeds KB5021303 security update for December 2022.
- All changes that are part of the KB5022343 security-only update are also included in this month’s monthly rollup update KB5022348 for Windows Server 2012. You can find information about KB5022348 on this page.
- You will need to deploy KB5016263 Servicing Stack Update (SSU) for Windows Server 2012 before deploying KB5022343 on the server.
- On a similar basis, you will need to apply the latest security update for Internet Explorer KB5019958 on Windows Server 2012.
Effectively speaking, if you choose to install a security only update instead of the monthly rollup update on Windows Server 2012, you will need to install the following updates:
- KB5016263 Servicing Stack Update
- KB5019958 Cumulative update for Internet Explorer
- KB5022343 security-only update for Windows Server 2012
The direct download links for the offline installer files for each of these updates are shared below for ready reference.
Download KB5022343 for Windows Server 2012 – January 2023 Update
KB5022343 is unavailable for patching through Windows Update or Windows Update for Business. You can use WSUS or Windows Server Update Service to import the KB5022343 security only update on the server.
For manual installation of KB5022343 on Windows Server 2012, we suggest downloading the offline installer file from the Microsoft Update catalog page for KB5022343.
You can also download the update files from the direct download links shared below:
Security Update/SSU Update | Download update | Size of the update |
---|---|---|
KB5016263 | Download Servicing Stack Update | 9.8 MB |
KB5019958 | Download Internet Explorer Cumulative Update | 46 MB |
KB5022343 | Download KB5022343 for Windows Server 2012 | 44.9 MB |
Security vulnerabilities on Windows Server 2012 under KB5022343
- Zero-day threats CVE-2023-21549 and CVE-2023-21674 affect Windows Server 2012 and are resolved in KB5022343 for Windows Server 2012.
- There are 46 security threats that have been reported for Windows Server 2012 as part of the January 2023 security bulletin. 9 of these have a ‘CRITICAL’ severity level and the remaining have an ‘IMPORTANT’ severity level.
The two zero-day threats and the nine ‘CRITICAL’ threats are listed below:
CVE Number | Impact | Severity | CVSS Score | Comments |
---|---|---|---|---|
CVE-2023-21549 | Elevation of Privilege | CRITICAL | 8.8 | Windows SMB Witness Service |
CVE-2023-21535 | Remote Code Execution | CRITICAL | 8.1 | Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2023-21543 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
CVE-2023-21546 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
CVE-2023-21548 | Remote Code Execution | CRITICAL | 8.1 | Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2023-21555 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
CVE-2023-21556 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
CVE-2023-21561 | Elevation of Privilege | CRITICAL | 8.8 | Microsoft Cryptographic Services |
CVE-2023-21679 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
CVE-2023-21730 | Elevation of Privilege | CRITICAL | 7.8 | Microsoft Cryptographic Services |
KB5022343 – Changelog for Windows Server 2012
The following issues and bug fixes have been reported for KB5022343 by Microsoft:
Microsoft release notes
- Authentication might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if encryption types are not set or if RC4 Encryption type is disabled on the domain.
- Resolves a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.