KB5023702 is the latest cumulative update for Windows Server 2019. It was released on 14th March 2023 under the ‘Patch Tuesday’ program.
Key points about KB5023702
– KB5023702 has now been superseded by KB5025229. KB5025229 is April month’s ‘Patch Tuesday’ update and you can find all the information about it on this page for KB5025229.
– KB5023702 is a cumulative update that supersedes KB5022840. KB5022840 was released as a cumulative update for the month of February 2023. You can read more about KB5022840 on this page.
– KB5023702 corresponds to server build 17763.4131 or 4131 in short. The server build for February 2023 was 17763.4010 or 4010 in short. So, an upgrade from February to March 2023 build implies an upgrade from build 4010 to build 4131.
– Servicing Stack Update KB5005112 for Windows Server 2019 needs to be deployed prior to installing KB5023702. If you have been maintaining a consistent update cycle, there are chances that you would have already deployed KB5005112 on the server by now.
– There have been 52 vulnerability disclosures for Windows Server 2019 and Windows Server 2019 Server core installation as part of the March update cycle. Out of these 52 vulnerabilities, there are 7 ‘CRITICAL’ vulnerabilities. Two of these ‘CRITICAL’ vulnerabilities are CVSS score 9.8 rated threats.
– The domain join issues on Active Directory have been resolved in KB5023702 for Windows Server 2019. The issue had been first reported after the installation of the October ‘Patch Tuesday’ updates. Microsoft had been working on a resolution for this domain join issue and had shared an interim fix under the KB5020276 update.
Download KB5023702 for Windows Server 2019
You can install KB5023702 manually. For this, you will need to download the installer file manually from the Microsoft Update catalog site. For your ready reference, the catalog links and MSU update file direct download links from Microsoft are shared below for KB5023702.
Before deploying KB5023702 on Windows Server 2019, you will need to make sure that KB5005112 Servicing Stack Update is already installed on the server. If KB5005112 is not deployed yet, you can download the MSU file as per the details below:
- Download the KB5005112 file from the Microsoft Update Catalog – the size of the file is 13.8 MB.
- Download KB5005112 directly from this MSU install link on the Microsoft site
Once KB5005112 SSU is on the server, you can proceed with the installation of KB5023702 as per the details below:
- Download KB5023702 from the Microsoft Update Catalog – this file is available in x64 format and has a size of 595.4 MB.
- Download KB5023702 offline installer file directly – this is a direct download link for the MSU file that can be applied on the Windows Server 2019 for patching.
Apart from the manual deployment of KB5023702 through the MSU installer file, you can also install KB5023702 automatically. For this you can use:
- Windows Update
- WSUS or Windows Server Update Service
- Windows Update for Business
If you use one of these automatic deployment strategies, the Servicing Stack Update KB5005112 will be automatically offered for deployment as part of the upgrade process. Installation of Servicing Stack Update does not cause a server restart.
Vulnerabilities on Windows Server 2019 under KB5023702
As mentioned above, there are 52 vulnerability disclosures for Windows Server 2019 and Windows Server 2019 Server core installation. Out of these 52 vulnerabilities:
- 7 are CRITICAL vulnerabilities
- 36 are IMPORTANT vulnerabilities
- 9 are MODERATE vulnerabilities
We discuss the 7 CRITICAL vulnerabilities in brief below:
| Vulnerability | CVSS | Impact | Brief description |
|---|---|---|---|
| CVE-2023-23415 | 9.8 | Remote Code Execution | An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket. |
| CVE-2023-21708 | 9.8 | Remote Code Execution | To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. |
| CVE-2023-1017 | 8.8 | Elevation of Privileges | By leveraging malicious TPM commands from a guest VM to a target running Hyper-V, an attacker can cause an out of bounds write in the root partition. |
| CVE-2023-1018 | 8.8 | Elevation of Privileges | This vulnerability is on the TPM2.0 Module Library. |
| CVE-2023-23416 | 8.4 | Remote Code Execution | For successful exploitation, a malicious certificate needs to be imported on an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system. The vulnerability affects Windows Cryptographic services. |
| CVE-2023-23404 | 8.1 | Remote Code Execution | This is a RCE on the Windows Point-to-Point Tunneling Protocol. |
| CVE-2023-23411 | 6.5 | Denial of Service | Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. This vulnerability affects Windows Hyper-V. |
KB5023702 for Windows Server 2019 – Changelog
Microsoft has reported the following improvements and issue fixes in the KB5023702 cumulative update for Windows Server 2019:
- This update implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.
- This update addresses an issue that affects the registry size. It grows very large. This occurs because the registry entries are not removed when users sign out of an Azure Virtual Desktop (AVD) environment that uses FSlogix.
- This update affects the United Mexican States. This update supports the government’s daylight saving time change order for 2023.
- This update addresses an issue that might affect lsass.exe. It might stop responding when it sends a Lightweight Directory Access Protocol (LDAP) query to a domain controller that has a very large LDAP filter.
- This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This occurs after you run Sysprep on a domain-joined machine.
- This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’” For more information, see KB5020276.
- This update addresses an issue that affects the Routing and Remote Access Service (RRAS). RRAS cannot accept any new incoming virtual private network (VPN) connections.
- This update addresses an issue that affects Cluster Name Object of Failover Clustering on Azure virtual machines (VM). The issue stops you from repairing it.
You can read more about the cumulative update on Microsoft’s release note page for KB5023702.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.