KB5022346 Security update for Windows Server 2012 R2

KB5022346 is the security-only update for Windows Server 2012 R2. The update was released under the ‘Patch Tuesday’ project on 10th January 2023.

Salient points about KB5022346 for Windows Server 2012 R2

  • KB5022346 is a standalone security update that addresses vulnerabilities and security threats reported in January 2023 security bulletin released by Microsoft.
  • For full security, you must deploy all the previous security updates released for Windows Server 2012 R2.
  • KB5022346 succeeds the previous month’s security-only update KB5021296 for Windows Server 2012 R2.
  • All changes that are part of KB5022346 are also part of the monthly rollup update KB5022352 for Windows Server 2012 R2. Given a choice, we would suggest patching Windows Server 2012 R2 and Windows Server 2012 R2 Server core installation with the monthly rollup update KB5022352. This is because of the fact that KB5022352 is more exhaustive than KB5022346.
  • Servicing Stack Update KB5018922 also needs to be deployed prior to installing KB5022346 security update on Windows Server 2012 R2.
  • Apart from KB5018922, you will also need to install the latest cumulative update for Internet Explorer KB5019958 on Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.
  • It may be pertinent to mention that the zero-day threats CVE-2023-21549 and CVE-2023-21674 do affect Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.

Download KB5022346 for Windows Server 2012 R2

KB5022346 cannot be patched using Windows Update or Windows Update for Business.

You can install it manually through Windows Server Update Service (WSUS). For this, you will need to import the security update for Windows Server 2012 R2 manually into the WSUS.

You can deploy KB5022346 manually through offline installer files. The offline installer files can be downloaded from the Microsoft Update Catalog page for KB5022346.

To patch KB5022346 on Windows Server 2012 R2, you must consider following the below-mentioned approach:

  • Install KB5018922 Servicing Stack Update
  • Install cumulative update KB5019958 for Internet Explorer
  • Install KB5022346 using the offline installer file

The direct download links for all these three updates are shared below for your ready reference.

Security Update/SSU or Cumulative UpdateDownload link for the updateSize of update
KB5018922 Servicing Stack UpdateDownload KB501892210.5 MB
KB5019958 Cumulative Update for Internet ExplorerDownload KB501995855 MB
KB5022346 security update for Windows Server 2012 R2Download KB502234648.9 MB

Out of these three updates, the Servicing Stack Update does not cause the server to reboot. The cumulative update for Internet Explorer and the security update may cause the server to reboot.

KB5022346 – Changelog for Windows Server 2012 R2

We know that the database connectivity issues that happened after the deployment of December month’s security update have been resolved in KB5022346. The changelog for KB5022346 lists the following issue fixes and improvements:

  • Authentication might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if encryption types are not set or if RC4 Encryption type is disabled on the domain.
  • Starting in this release, we are displaying a modal dialog box to remind users about the End of Support for Windows 8.1 in January 2023. This reminder does not appear on managed devices that run Windows 8.1 Pro or Windows 8.1 Enterprise.
  • Resolves a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.
Microsoft release notes

Security vulnerabilities reported resolved in KB5022346 for Windows Server 2012 R2

There have been 48 vulnerabilities disclosed in January’s security bulletin for Windows Server 2012 R2. The nine ‘CRITICAL’ vulnerabilities and the two zero-day threats are shared below in a brief list:

CVE NumberImpactSeverityCVSS ScoreComments
CVE-2023-21549Elevation of PrivilegeCRITICAL8.8Windows SMB Witness Service
CVE-2023-21674Elevation of PrivilegeCRITICAL8.8Windows Advanced Local Procedure Call (ALPC)
CVE-2023-21535Remote Code ExecutionCRITICAL8.1Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-21543Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21546Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21548Remote Code ExecutionCRITICAL8.1Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-21555Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21556Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21561Elevation of PrivilegeCRITICAL8.8Microsoft Cryptographic Services
CVE-2023-21679Remote Code ExecutionCRITICAL8.1Windows Layer 2 Tunneling Protocol (L2TP)
CVE-2023-21730Elevation of PrivilegeCRITICAL7.8Microsoft Cryptographic Services
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.