KB5022343 security update for Windows Server 2012

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5022343 is the security only update for Windows Server 2012. It addresses security vulnerabilities reported in Microsoft’s security bulletin for January 2023. KB5022343 was released on 10th January 2023.

A more recent security update for Windows Server 2012 was released on 14th February 2023. You can read more about KB5022895 on this page.

Salient points about KB5022343 for Windows Server 2012

  • KB5022343 is not a cumulative update. It is a standalone security update. For complete and adequate security, you will need to deploy all the previous security-only updates for Windows Server 2012.
  • KB5022343 succeeds KB5021303 security update for December 2022.
  • All changes that are part of the KB5022343 security-only update are also included in this month’s monthly rollup update KB5022348 for Windows Server 2012. You can find information about KB5022348 on this page.
  • You will need to deploy KB5016263 Servicing Stack Update (SSU) for Windows Server 2012 before deploying KB5022343 on the server.
  • On a similar basis, you will need to apply the latest security update for Internet Explorer KB5019958 on Windows Server 2012.

Effectively speaking, if you choose to install a security only update instead of the monthly rollup update on Windows Server 2012, you will need to install the following updates:

  • KB5016263 Servicing Stack Update
  • KB5019958 Cumulative update for Internet Explorer
  • KB5022343 security-only update for Windows Server 2012

The direct download links for the offline installer files for each of these updates are shared below for ready reference.

Download KB5022343 for Windows Server 2012 – January 2023 Update

KB5022343 is unavailable for patching through Windows Update or Windows Update for Business. You can use WSUS or Windows Server Update Service to import the KB5022343 security only update on the server.

For manual installation of KB5022343 on Windows Server 2012, we suggest downloading the offline installer file from the Microsoft Update catalog page for KB5022343.

You can also download the update files from the direct download links shared below:

Security Update/SSU UpdateDownload updateSize of the update
KB5016263Download Servicing Stack Update9.8 MB
KB5019958Download Internet Explorer Cumulative Update46 MB
KB5022343Download KB5022343 for Windows Server 201244.9 MB

Security vulnerabilities on Windows Server 2012 under KB5022343

  • Zero-day threats CVE-2023-21549 and CVE-2023-21674 affect Windows Server 2012 and are resolved in KB5022343 for Windows Server 2012.
  • There are 46 security threats that have been reported for Windows Server 2012 as part of the January 2023 security bulletin. 9 of these have a ‘CRITICAL’ severity level and the remaining have an ‘IMPORTANT’ severity level.

The two zero-day threats and the nine ‘CRITICAL’ threats are listed below:

CVE NumberImpactSeverityCVSS ScoreComments
CVE-2023-21549Elevation of PrivilegeCRITICAL8.8Windows SMB Witness Service
CVE-2023-21535Remote Code ExecutionCRITICAL8.1Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-21543Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21546Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21548Remote Code ExecutionCRITICAL8.1Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-21555Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21556Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21561Elevation of PrivilegeCRITICAL8.8Microsoft Cryptographic Services
CVE-2023-21679Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21730Elevation of PrivilegeCRITICAL7.8Microsoft Cryptographic Services

KB5022343 – Changelog for Windows Server 2012

The following issues and bug fixes have been reported for KB5022343 by Microsoft:

  • Authentication might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if encryption types are not set or if RC4 Encryption type is disabled on the domain.
  • Resolves a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.
Microsoft release notes
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.