KB5025272 Security Update for Windows Server 2012 – April 2023

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5025272 is the security-only update for Windows Server 2012. It was released under April month’s ‘Patch Tuesday’ program of Microsoft. We look at the significant points of the KB5025272 security update below.

Key points about the KB5025272 for Windows Server 2012

  • KB5025272 is a standalone security update. Standalone security updates work as independent updates. This update will have no correlation with any previous security update.
  • March month’s security update can be found on the KB5023752 page.
  • For adequate security coverage, all the security updates need to be installed on Windows Server 2012.
  • Usually, it is a better idea to patch Windows Server 2012 with monthly rollup updates instead of security-only updates. This is because the monthly rollup updates are cumulative in nature. Also, installing security-only updates has additional overheads.
  • KB5025272 contains only security changes for Windows Server 2012.
  • KB5023791 is the Servicing Stack Update that needs to be deployed on Windows Server 2012 prior to installing KB5025272.
  • KB5022835 is the cumulative update for Internet Explorer. This update needs to be installed alongside the security update KB5025272 for full protection on the server. KB5022835 was released in February 2023. If you have deployed February or March months’ security update, then KB5022835 should have already been deployed on the server.
  • 62 security vulnerabilities affect Windows Server 2012 as per April month’s security bulletin for Windows Server 2012. Out of these, 6 vulnerabilities have a ‘CRITICAL’ impact on the server. Details of these CRITICAL vulnerabilities are shared in the vulnerability section.

As you would have seen, April month’s security coverage for Windows Server 2012 will involve installing KB5023791, KB5022835, and KB5025272 in the proper sequence.

The download links for each of these updates have been shared below.

Download KB5025272 for Windows Server 2012

You can deploy KB5025272 through WSUS or through a manual approach.

If you intend to patch KB5025272 manually, you can download the offline installer file from the Microsoft Update catalog page for KB5025272. Or, you could download the MSU update file manually from the download links shared below.

Security updateDownload linkSize of the update
KB5023791Download KB50237919.8 MB
KB5022835Download KB502283546.3 MB
KB5025272Download KB5025272415.8 MB

If you prefer to download the MSU files directly from the Microsoft site, you can use the following links:

Since this is a security update, you cannot use Windows Update or Windows Update for Business to patch Windows Server 2012 automatically.

Security vulnerabilities on Windows Server 2012

There are 62 security vulnerabilities that impact Windows Server 2012 as per this month’s security bulletin. 6 of these vulnerabilities are CRITICAL in nature. Additionally, Windows Server 2012 is impacted by two zero-day threats.

Zero-day threats on Windows Server 2012

The two zero-day threats that impact Windows Server 2012 are stated below.

CVECVSS ScoreCVE TitleImpact
CVE-2013-39007.4WinVerifyTrust Signature Validation VulnerabilityRemote Code Execution
CVE-2023-282527.8Windows Common Log File System DriverElevation of Privilege Vulnerability

CRITICAL vulnerabilities affecting Windows Server 2012

VulnerabilityCVE TitleCVSS ScoreVulnerability scope
CVE-2023-21554Microsoft Message Queuing9.8Remote Code Execution
CVE-2023-28250Windows Pragmatic General Multicast (PGM)9.8Remote Code Execution
CVE-2023-28231DHCP Server Service8.8Remote Code Execution
CVE-2023-28219Layer 2 Tunneling Protocol8.1Remote Code Execution
CVE-2023-28220Layer 2 Tunneling Protocol8.1Remote Code Execution
CVE-2023-28232Windows Point-to-Point Tunneling Protocol7.5Remote Code Execution

KB5025272 Changelog

The following changes have been implemented under the KB5025272 security update for Windows Server 2012.

  • By the March 1, 2023, order of the Arab Republic of Egypt, daylight savings time (DST) will resume on April 28, 2023, and end on October 27, 2023. This update applies to Egypt Standard Time – (UTC+02:00) Cairo.
  • Known compatibility issues exist with certain printer models which feature GDI printer drivers that do not completely adhere to GDI specifications.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.