KB5025229 is April month’s cumulative security update for Windows Server 2019 and Windows Server 2019 Server Core installation. The update has been released under the ‘Patch Tuesday’ program on 11th April 2023.
KB5025229 has now been replaced by KB5026362. You can read more about KB5026362 here.
Key points about the KB5025229 update
- KB5025229 is a cumulative update that supersedes the KB5023702 update. KB5023702 was released in March 2023 and you can read about it on this page.
- In terms of server builds, KB5023702 corresponds to 17763.4131 and KB5025229 corresponds to 17763.4252. If you have implemented KB5023702 on the server, you will be upgrading from build 4131 to 4252.
- 69 security vulnerabilities affect Windows Server 2019 and Windows Server 2019 Server Core installation. Out of these, 6 vulnerabilities have a ‘CRITICAL’ severity. These vulnerabilities have been shared in the vulnerability section.
- 3 zero-day threats affect Windows Server 2019 and details are shared in the vulnerability section below.
- In terms of the Servicing Stack Update, we need to ensure that KB5005112 is already deployed on the server. This SSU was released in August 2021. Download links for KB5005112 are shared in the download section.
- Out of the many changes implemented in KB5025229, we would suggest reading more about the new additions that have been made to the Microsoft Defender for Endpoint.
Download KB5025229 for Windows Server 2019
KB5025229 can be manually installed through an offline installer file. You can download the file directly from the Microsoft Update catalog page for KB5025229. We have also shared the download links for the relevant Servicing Stack Update and the actual security update.
Before sharing the download links, it may be worth reiterating that KB5005112 Servicing Stack Update needs to be deployed prior to the installation of KB5025229. Given the fact that KB5005112 was released in August 2021, there is a high probability of the patch being already deployed on the server.
| SSU or Cumulative update | Download link | Size of the update |
|---|---|---|
| KB5005112 | Download KB5005112 | 13.8 MB |
| KB5025229 | Download KB5025229 | 596.1 MB |
An alternate approach to download the MSU update file is through the Microsoft Catalog update pages for each update.
- Download KB5005112 from the Microsoft Update catalog site
- Download KB5025229 from the Microsoft Update catalog site
For the record, we would like to mention that you can install KB5025229 through automated methods. Some automated processes that can be used to deploy KB5025229 are:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
WSUS remains popular with most system administrators for installing security and cumulative updates on Windows servers.
Security vulnerabilities on Windows Server 2019
April security bulletin for Windows Server 2019 contains 69 security vulnerabilities that affect Windows Server 2019 and Windows Server 2019 Server core installation. Below, we list the zero-day threats that impact Windows Server 2019. Following this, we list the 6 vulnerabilities that carry ‘CRITICAL’ severity levels.
Zero-day threats affecting Windows Server 2019
There are three threats that have assumed zero-day significance for Windows Server 2019 and Windows Server 2019 Server core installation.
| CVE vulnerability | CVSS Severity | CVE Title | Impact |
|---|---|---|---|
| CVE-2022-43552 | 9.8 | Open Source Curl | Remote Code Execution |
| CVE-2013-3900 | 7.4 | WinVerifyTrust Signature Validation Vulnerability | Remote Code Execution |
| CVE-2023-28252 | 7.8 | Windows Common Log File System Driver | Elevation of Privilege Vulnerability |
Critical vulnerabilites affecting Windows Server 2019
| Vulnerability | CVE Title | CVSS Score | Vulnerability scope |
|---|---|---|---|
| CVE-2023-21554 | Microsoft Message Queuing | 9.8 | Remote Code Execution |
| CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) | 9.8 | Remote Code Execution |
| CVE-2023-28231 | DHCP Server Service | 8.8 | Remote Code Execution |
| CVE-2023-28219 | Layer 2 Tunneling Protocol | 8.1 | Remote Code Execution |
| CVE-2023-28220 | Layer 2 Tunneling Protocol | 8.1 | Remote Code Execution |
| CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol | 7.5 | Remote Code Execution |
KB5025229 – Changelog
KB5025229 has brought in many changes for the Windows Server 2019. Some of these changes lead to product improvements. Others involve fixing the bugs or issues that Microsoft was working on.
The two most significant changes are improvements in the Microsoft Defender for Endpoint and introduction of the Windows Local Administrator Password Solution (LAPS).
A list of changes that form part of KB5025229 is given below:
- New! This update adds many new features and improvements to Microsoft Defender for Endpoint. For more information, see Microsoft Defender for Endpoint.
- New! This update implements the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature. For more information, see By popular demand: Windows LAPS available now!
- This update affects the Arab Republic of Egypt. The update supports the government’s daylight saving time change order for 2023.
- This update enables onunload events to create pop-up windows in IE Mode.
- This update addresses an issue that affects Microsoft Edge IE mode and pages that use predictive prerendering. Edge IE mode does not support predictive prerendering. Because of this, a page that uses prerendering will load as if it was not in use.
- This update addresses an issue that affects Desired State Configuration. It loses its previously configured options. This occurs if metaconfig.mof is missing.
- This update addresses compatibility issues that affect some printers. These printers use Windows Graphical Device Interface (GDI) printer drivers. These drivers do not completely adhere to GDI specifications.
- This update addresses an issue that affects the Host Networking Service. The service stops working. Because of this, there are traffic interruptions.
- This update addresses an issue that affects Administrator Account Lockout policies. GPResult and Resultant Set of Policy did not report them.
- This update addresses an issue that affects MySQL commands. The commands fail on Windows Xenon containers.
- This update addresses an issue that affects repair storage jobs. The jobs are suspended. This occurs after two physical disks in two different rack-level fault domains (three fault domain in total) lose communication.
You could read more about KB5025229 on Microsoft’s release notes page.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.