KB5023697 cumulative update for Windows Server 2016

KB5023697 is the cumulative update for Windows Server 2019 which was released on 14th March 2023. It has been released under the ‘Patch Tuesday’ project.

Key points about KB5023697 for Windows Server 2019

– KB5023697 has now been superseded by KB5025228 in April 2023 under the ‘Patch Tuesday’ program. You can read more about KB5025228 here.

– KB5023697 is a cumulative update that supersedes February month’s cumulative update KB5022838 for Windows Server 2016. You can read more about KB5022838 on this page.

– KB5023697 corresponds to server build 14393.5786. February month’s KB5022838 corresponds to server build 14393.5717. So, we are looking at upgrading from build 5717 to build 5786 on Windows Server 2016. This is assuming that all the previous cumulative updates have been deployed as per the update cycle.

– KB5023788 is the latest Servicing Stack Update for Windows Server 2016. It was released on March 14, 2023. Therefore, before deploying KB5023697 on the server, you will need to ensure that KB5023788 is also deployed. More details about the download of KB5023788 are shared below.

– The Active Directory domain join issue has finally been resolved and patched in KB5023697. The issue was caused after the deployment of the October 2022 cumulative updates. Microsoft released an interim fix for the issue in the KB5020276 advisory.

– There are 51 vulnerabilities that have been disclosed as part of Microsoft’s security bulletin for Windows Server 2016 and Windows Server 2016 Server core installation. Out of these 51 vulnerabilities, there are 7 CRITICAL vulnerabilities on the server. We have shared a brief description of CRITICAL vulnerabilities below.

Download KB5023697 for Windows Server 2016

You can deploy KB5023697 manually. For this, you can download the offline installer file from the Microsoft Update Catalog page for KB5023697. The installer file is in MSU format. We provide the catalog link and the offline installer file below.

Prior to installing KB5023697, you will need to deploy KB5023788. KB5023788 is the Servicing Stack Update that has been released in March 2023.

• Download KB5023788 from the Microsoft Update Catalog page. The size of the update file is 11.7 MB.
• Direct download link for the Servicing Stack Update for KB5023788

Once the Servicing Stack Update has been deployed, you can install KB5023697 on the server. The download details are shared below.

• Download KB5023697 from the Microsoft Update Catalog page. The size of the file is 1536.2 MB.
• You can download the MSU update file for KB5023697 from this direct download link.

You can install KB5023697 through the following automated methods:

• Windows Update
• Windows Update for Business
• WSUS or Windows Server Update Service

As part of the automated deployment process, the Servicing Stack Update KB5023788 will be automatically offered and patched prior to installing KB5023697 on Windows Server 2016. No server restart is required after installation of the KB5023788 Servicing Stack Update.

Security vulnerabilities on Windows Server 2016 covered in KB5023697

There are 51 vulnerabilities on Windows Server 2016 as per Microsoft’s security bulletin. We list 7 CRITICAL vulnerabilities on Windows Server 2019 below.

Vulnerability	CVSS	Impact	Brief description
CVE-2023-23415	9.8	Remote Code Execution	An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.
CVE-2023-21708	9.8	Remote Code Execution	To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
CVE-2023-1017	8.8	Elevation of Privileges	By leveraging malicious TPM commands from a guest VM to a target running Hyper-V, an attacker can cause an out-of-bounds write in the root partition.
CVE-2023-1018	8.8	Elevation of Privileges	This vulnerability is on the TPM2.0 Module Library.
CVE-2023-23416	8.4	Remote Code Execution	For successful exploitation, a malicious certificate needs to be imported on an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system. The vulnerability affects Windows Cryptographic services.
CVE-2023-23404	8.1	Remote Code Execution	This is an RCE on the Windows Point-to-Point Tunneling Protocol.
CVE-2023-23411	6.5	Denial of Service	Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. This vulnerability affects Windows Hyper-V.

KB5023697 for Windows Server 2016 – Changelog

The following improvements and issue fixes have been reported by Microsoft for KB5023697 for Windows Server 2016:

• This update implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.
• This update affects the United Mexican States. This update supports the government’s daylight saving time change order for 2023.
• This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This occurs after you run Sysprep on a domain-joined machine.
• This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’” For more information, see KB5020276.