KB5023765 monthly rollup update for Windows Server 2012 R2

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5023765 is the monthly rollup update for Windows Server 2012 R2. It was released on March 14 as part of the ‘Patch Tuesday’ program of Microsoft.

Key points about KB5023765 for Windows Server 2012 R2

– KB5023765 has now been superseded by KB5025285 in April 2023. You can read about KB5025285 in detail to understand the security threats disclosed in the April security bulletin of Microsoft.

– KB5023765 is a cumulative update. We suggest using the KB5023765 over the security-only update for Windows Server 2012 R2. This prevents incremental steps needed while deploying the security-only update on Windows Server 2012 R2.

– KB5023765 supersedes KB502899 monthly rollup update for Windows Server 2012 R2 released in February 2023. You can read more about KB5022899 on this page.

– Servicing Stack Update KB5023790 corresponds to KB5023765 monthly rollup update for Windows Server 2012 R2. KB5023790 is the latest SSU for Windows Server 2012 R2 and was released together with the monthly rollup update on 14th March 2023. The download links for the SSU are shared below in the downloads section.

– The Active Directory join issue has finally been resolved for Windows Server 2012 R2 in KB5023765. The issue occurred after the deployment of the October 2022 cumulative updates. Microsoft released a temporary fix for the issue under the KB5020276 advisory.

– The issue with language packs with KB5023765 still affects the Windows Server 2012 R2. If you deploy a language pack on Windows Server 2012 R2 after deployment of KB5023765, you will have to re-install the monthly rollup update KB5023765. The monthly rollup update needs to be installed on top of the language pack.

– Windows Server 2012 R2 is affected by 45 security vulnerabilities that have been disclosed in the March 2023 security bulletin of Microsoft. Out of these 45 security vulnerabilities, 4 CRITICAL vulnerabilities impact the server. A brief description of these CRITICAL vulnerabilities is shared in the relevant section below.

Download KB5023765 for Windows Server 2012 R2

Installing KB5023765 manually requires you to follow Microsoft’s recommended process. The recommended process is a two-step process that needs to be implemented as discussed below.

Before deploying KB5023765, you will need to deploy the Servicing Stack Update KB5023790 for Windows Server 2012 R2. You can download the offline installer file for KB5023790 from the Microsoft Catalog page for KB5023790. Or, you could use the direct download link below to download the offline installer file.

After installing KB5023790, you can install the monthly rollup update KB5023765 on Windows Server 2012 R2. The download links from the Microsoft Update Catalog and the direct download links are shared below.

If you prefer to deploy the KB5023765 update automatically, you can do so in either of the following ways:

  • Windows Update
  • Microsoft Update
  • WSUS or Windows Server Update Service

The automated deployment process also follows a two-step process. In the first step, you will be offered the Servicing Stack Update KB5023790. Once the SSU is installed, the monthly rollup update KB5023765 will be offered for automatic deployment.

Vulnerabilities on Windows Server 2012 R2 covered in KB5023765

There are 45 security vulnerabilities on Windows Server 2012 R2 that have been disclosed in March 2023 security bulletin. 4 of these vulnerabilities are CRITICAL vulnerabilities and the remaining 41 are IMPORTANT security vulnerabilities.

A brief listing of the 4 security vulnerabilities is shared below for ready reference.

VulnerabilityCVSSImpactBrief description
CVE-2023-234159.8Remote Code ExecutionAn attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.
CVE-2023-217089.8Remote Code ExecutionTo exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
CVE-2023-234168.4Remote Code ExecutionFor successful exploitation, a malicious certificate needs to be imported on an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system. The vulnerability affects Windows Cryptographic services.
CVE-2023-234048.1Remote Code ExecutionThis is an RCE on the Windows Point-to-Point Tunneling Protocol.

KB5023765 for Windows Server 2012 R2 – Changelog

The following improvements and issue fixes have been reported by Microsoft for Windows Server 2012 R2:

  • After applying a Windows update released on or after July 12, 2022, hyperlinks embedded in an Office document that use the search-ms protocol might stop working.
  • The Local Security Authority Subsystem Service (Lsass.exe) might stop responding after System Preparation (sysprep) is run on a domain-joined device.
  • By order of the Mexican government in October 2022, the United Mexican States will not observe daylight saving time (DST) in 2023. Key changes in the order include the following:
    • Updated DST rules for Mountain Standard Time (Mexico) and Central Standard Time (Mexico) to no daylight saving time starting in 2023.
    • Changed Chihuahua time zone from (UTC -7:00) Mountain Standard Time (Mexico) to (UTC -6:00) Central Standard Time (Mexico).
    • Changed Ojinaga time zone from (UTC -7:00) Mountain Standard Time (Mexico) to (UTC -6:00) Central Standard Time (Mexico)
    • Created a new time zone America/Ciudad_Juarez and mapped it to Mountain Standard Time (Mexico).
  • This update implements the final phase of DCOM hardening as described in KB5004442. This phase removes the ability to disable changes through the registry.
  • Known issue resolved: When an existing computer account is reused to join a computer to an Active Directory domain, the join is unsuccessful. This results in an error – “An account with the same name exists in Active Directory. Re-using the account was blocked by the security policy.” The fix was provided under the KB5020276 update.
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.