KB5025272 is the security-only update for Windows Server 2012. It was released under April month’s ‘Patch Tuesday’ program of Microsoft. We look at the significant points of the KB5025272 security update below.
Key points about the KB5025272 for Windows Server 2012
- KB5025272 is a standalone security update. Standalone security updates work as independent updates. This update will have no correlation with any previous security update.
- March month’s security update can be found on the KB5023752 page.
- For adequate security coverage, all the security updates need to be installed on Windows Server 2012.
- Usually, it is a better idea to patch Windows Server 2012 with monthly rollup updates instead of security-only updates. This is because the monthly rollup updates are cumulative in nature. Also, installing security-only updates has additional overheads.
- KB5025272 contains only security changes for Windows Server 2012.
- KB5023791 is the Servicing Stack Update that needs to be deployed on Windows Server 2012 prior to installing KB5025272.
- KB5022835 is the cumulative update for Internet Explorer. This update needs to be installed alongside the security update KB5025272 for full protection on the server. KB5022835 was released in February 2023. If you have deployed February or March months’ security update, then KB5022835 should have already been deployed on the server.
- 62 security vulnerabilities affect Windows Server 2012 as per April month’s security bulletin for Windows Server 2012. Out of these, 6 vulnerabilities have a ‘CRITICAL’ impact on the server. Details of these CRITICAL vulnerabilities are shared in the vulnerability section.
As you would have seen, April month’s security coverage for Windows Server 2012 will involve installing KB5023791, KB5022835, and KB5025272 in the proper sequence.
The download links for each of these updates have been shared below.
Download KB5025272 for Windows Server 2012
You can deploy KB5025272 through WSUS or through a manual approach.
If you intend to patch KB5025272 manually, you can download the offline installer file from the Microsoft Update catalog page for KB5025272. Or, you could download the MSU update file manually from the download links shared below.
Security update | Download link | Size of the update |
---|---|---|
KB5023791 | Download KB5023791 | 9.8 MB |
KB5022835 | Download KB5022835 | 46.3 MB |
KB5025272 | Download KB5025272 | 415.8 MB |
If you prefer to download the MSU files directly from the Microsoft site, you can use the following links:
- Download KB5023791 from Microsoft Update Catalog
- Download KB5022835 from Microsoft Update Catalog
- Download KB5025272 from Microsoft Update Catalog
Since this is a security update, you cannot use Windows Update or Windows Update for Business to patch Windows Server 2012 automatically.
Security vulnerabilities on Windows Server 2012
There are 62 security vulnerabilities that impact Windows Server 2012 as per this month’s security bulletin. 6 of these vulnerabilities are CRITICAL in nature. Additionally, Windows Server 2012 is impacted by two zero-day threats.
Zero-day threats on Windows Server 2012
The two zero-day threats that impact Windows Server 2012 are stated below.
CVE | CVSS Score | CVE Title | Impact |
---|---|---|---|
CVE-2013-3900 | 7.4 | WinVerifyTrust Signature Validation Vulnerability | Remote Code Execution |
CVE-2023-28252 | 7.8 | Windows Common Log File System Driver | Elevation of Privilege Vulnerability |
CRITICAL vulnerabilities affecting Windows Server 2012
Vulnerability | CVE Title | CVSS Score | Vulnerability scope |
---|---|---|---|
CVE-2023-21554 | Microsoft Message Queuing | 9.8 | Remote Code Execution |
CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) | 9.8 | Remote Code Execution |
CVE-2023-28231 | DHCP Server Service | 8.8 | Remote Code Execution |
CVE-2023-28219 | Layer 2 Tunneling Protocol | 8.1 | Remote Code Execution |
CVE-2023-28220 | Layer 2 Tunneling Protocol | 8.1 | Remote Code Execution |
CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol | 7.5 | Remote Code Execution |
KB5025272 Changelog
The following changes have been implemented under the KB5025272 security update for Windows Server 2012.
- By the March 1, 2023, order of the Arab Republic of Egypt, daylight savings time (DST) will resume on April 28, 2023, and end on October 27, 2023. This update applies to Egypt Standard Time – (UTC+02:00) Cairo.
- Known compatibility issues exist with certain printer models which feature GDI printer drivers that do not completely adhere to GDI specifications.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.