KB5022352 is the monthly rollup update that is cumulative in nature. KB5022352 contains security fixes and product improvements for Windows Server 2012 R2. It has been released by Microsoft under ‘Patch Tuesday’ initiative on 10th January 2023.
Salient points about KB5022352 for Windows Server 2012 R2
- KB5022899 is the latest cumulative monthly rollup update for Windows Server 2012 R2 that replaces KB5022352. You can read more about KB5022899.
- KB5022352 is a cumulative update and contains all the changes that are part of the security update KB5022346. You can choose to deploy the security-only update KB5022346 or KB5022352 for mitigating security threats on Windows Server 2012 R2. We strongly recommend deploying KB5022352 as this is a cumulative update.
- KB5022352 supersedes December month’s rollup update for Windows Server 2012 R2. KB5021294 was the monthly rollup update for December and it was released on 13th December 2023.
- Servicing Stack Update (SSU) KB5018922 corresponds to the monthly rollup update KB5022352. You need to deploy KB5018922 prior to installing KB5022352 on Windows Server 2012 R2.
- The SQL database connectivity issues that arose after the deployment of KB5021294 are resolved in KB5022352.
- The direct download links for KB5022352 are shared below.
- KB5022352 addresses 48 security vulnerabilities that have been disclosed for Windows Server 2012 R2 as part of the January 2023 security bulletin. 9 of these have a ‘CRITICAL’ severity and the remaining have ‘IMPORTANT’ severity levels.
- KB5022352 also addresses 47 vulnerabilities that have been disclosed for Windows Server 2012 R2 Server Core installation. 9 of these are ‘CRITICAL’ vulnerabilities and the remaining have ‘IMPORTANT’ severity levels.
- Additionally, Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation are affected by zero-day vulnerabilities CVE-2023-21549 and CVE-2023-21674. Both are successfully patched in the KB5022352 update for Windows Server 2012 R2. Details of vulnerabilities are shared below.
Download KB5022352 for Windows Server 2012 R2
You can deploy KB5022352 automatically through any of the following methods:
- Windows Update
- WSUS or Windows Server Update Service
If you choose Windows Update or WSUS to install KB5022352 on the server, SSU KB5018922 will be automatically installed prior to installing KB5022352.
Additionally, you can deploy KB5022352 manually. For this, you will need to download the offline installer files from the Microsoft Update catalog page that has been set up for KB5022352.
The manual deployment process of KB5022352 must be preceded by installing KB5018922 SSU on the server.
- KB5018922 was released in November 2022.
- Since KB5018922 is a Servicing Stack Update, deployment of KB5018922 does not cause or lead to a server reboot.
The direct download links for the SSU and the monthly rollup update KB5022352 are shared below for ready reference:
| Cumulative Update/SSU Update | Download update | Size of the update |
|---|---|---|
| KB5018922 | Download KB5018922 | 10.5 MB |
| KB5022352 | Download KB5022352 | 568.3 MB |
Vulnerabilities covered in KB5022352 for Windows Server 2012 R2
As mentioned above, there have been 48 vulnerabilities in this month’s security report for Windows Server 2012 R2. Windows Server 2012 R2 Server Core installation has 47 vulnerabilities.
9 of these vulnerabilities have a ‘CRITICAL’ severity. Two vulnerabilities are zero-day threats. We list these 11 vulnerabilities below.
CVE-2023-21549 and CVE-2023-21674 are the zero-day threats that affect Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.
| CVE Number | Impact | Severity | CVSS Score | Comments |
|---|---|---|---|---|
| CVE-2023-21549 | Elevation of Privilege | CRITICAL | 8.8 | Windows SMB Witness Service |
| CVE-2023-21674 | Elevation of Privilege | CRITICAL | 8.8 | Windows Advanced Local Procedure Call (ALPC) |
| CVE-2023-21535 | Remote Code Execution | CRITICAL | 8.1 | Windows Secure Socket Tunneling Protocol (SSTP) |
| CVE-2023-21543 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
| CVE-2023-21546 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
| CVE-2023-21548 | Remote Code Execution | CRITICAL | 8.1 | Windows Secure Socket Tunneling Protocol (SSTP) |
| CVE-2023-21555 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
| CVE-2023-21556 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
| CVE-2023-21561 | Elevation of Privilege | CRITICAL | 8.8 | Microsoft Cryptographic Services |
| CVE-2023-21679 | Remote Code Execution | CRITICAL | 8.1 | Windows Layer 2 Tunneling Protocol (L2TP) |
| CVE-2023-21730 | Elevation of Privilege | CRITICAL | 7.8 | Microsoft Cryptographic Services |
KB5022352 – Changelog for Windows Server 2012 R2
The following issues on Windows Server 2012 R2 have been fixed in KB5022352:
- Authentication might fail after you set the higher 16-bits of the msds-SupportedEncryptionTypes attribute. This issue might occur if encryption types are not set or if RC4 Encryption type is disabled on the domain.
- Starting in this release, we are displaying a modal dialog box to remind users about the End of Support for Windows 8.1 in January 2023. This reminder does not appear on managed devices that run Windows 8.1 Pro or Windows 8.1 Enterprise.
- Resolves a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.
The unresolved issue affects domain join operations on Windows Server 2012 R2. Here is what Microsoft has stated in the issue description:
After this update or a later Windows update is installed, domain join operations might be unsuccessful and error “0xaac (2732): NERR_AccountReuseBlockedByPolicy” occurs. Additionally, text stating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” might be displayed.
Affected scenarios include some domain join or re-imaging operations where a computer account was created or pre-staged by a different identity than the identity used to join or re-join the computer to the domain.
For the domain join issue, please read the details and fixes shared by Microsoft in the KB5020276 update document.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.