KB5025287 for Windows Server 2012 – April 2023

KB5025287 is the cumulative monthly rollup update for Windows Server 2012. The update has been released under the ‘Patch Tuesday’ project of Microsoft on 11th April 2023.

KB5025287 has now been replaced by KB5026419 in May 2023. You can find more information about KB5026419 on this page.

Key points about KB5025287

  • KB5025287 is a cumulative update for Windows Server 2012 R2 and it supersedes March month’s update KB5023756.
  • KB5025287 contains all changes that are part of the KB5023756 update. If you have already deployed KB5023756 on the server, only the incremental changes will be rolled out to the Windows Server 2012.
  • We suggest installing KB5025287 instead of KB5025272 on Windows Server 2012. This is because all changes that are part of KB5025272 are included in KB5025287. And, KB5025287 is a cumulative update while KB5025272 is a standalone update.
  • KB5023791 is the Servicing Stack Update for Windows Server 2012 that needs to be deployed prior to installing KB5025287. This Servicing Stack Update or SSU was released in February 2023.
  • 62 security vulnerabilities have been disclosed for Windows Server 2012 as part of the April security bulletin. 6 of these have CRITICAL severity and we have shared basic details of these threats in the vulnerability section.
  • Two zero-day threats affect Windows Server 2012. Basic details of these vulnerabilities have been shared in the vulnerability section.
  • Separate installation of the cumulative update for Internet Explorer is not needed with the installation of KB5025287.

The monthly rollup update for Windows Server 2012 can be deployed automatically or through a manual approach.

Download KB5025287

Manual deployment of KB5025287 requires an offline installer file. The installer file can be downloaded directly from Microsoft as per the details below.

Direct download links for KB5025287

The direct download links for the monthly rollup update are given hereunder with the Servicing Stack Update links. The Servicing Stack Update needs to be on the server prior to installing KB5025287.

SSU deployment is a quick process and does not cause any server reboot. You can move to the main monthly rollup installation once the SSU has been successfully installed.

Security UpdateDownload linkSize of the update
KB5023791Download KB50237919.8 MB
KB5025287Download KB5025287415.8 MB

You can also download the offline installer files directly from the Microsoft Update Catalog pages for KB5023791 and KB5025287. The catalog links are shared below for your ready reference.

Apart from the manual installation, you can also install KB5025287 using one of the following automated update processes:

  • Windows Update
  • WSUS or Windows Server Update Service

Generally speaking, most system administrators are happy with WSUS deploying cumulative security updates on the servers.

Security vulnerabilities on Windows Server 2012

There are 62 vulnerabilities that have been disclosed in April month’s security bulletin released by Microsoft. The two zero-day threats and 6 CRITICAL severity threats are shared below.

Zero-day vulnerabilities

CVECVSS ScoreCVE TitleImpact
CVE-2013-39007.4WinVerifyTrust Signature Validation VulnerabilityRemote Code Execution
CVE-2023-282527.8Windows Common Log File System DriverElevation of Privilege Vulnerability

CRITICAL vulnerabilities

VulnerabilityCVE TitleCVSS ScoreVulnerability scope
CVE-2023-21554Microsoft Message Queuing9.8Remote Code Execution
CVE-2023-28250Windows Pragmatic General Multicast (PGM)9.8Remote Code Execution
CVE-2023-28231DHCP Server Service8.8Remote Code Execution
CVE-2023-28219Layer 2 Tunneling Protocol8.1Remote Code Execution
CVE-2023-28220Layer 2 Tunneling Protocol8.1Remote Code Execution
CVE-2023-28232Windows Point-to-Point Tunneling Protocol7.5Remote Code Execution

KB5025287 – Changelog

There are not many changes that have been made to Windows Server 2012 stack in KB5025287. A brief list of changes under KB5025287 is shared below

  • By the March 1, 2023, order of the Arab Republic of Egypt, daylight savings time (DST) will resume on April 28, 2023, and end on October 27, 2023. This update applies to Egypt Standard Time – (UTC+02:00) Cairo.
  • Known compatibility issues exist with certain printer models which feature GDI printer drivers that do not completely adhere to GDI specifications.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.