KB5025287 is the cumulative monthly rollup update for Windows Server 2012. The update has been released under the ‘Patch Tuesday’ project of Microsoft on 11th April 2023.
KB5025287 has now been replaced by KB5026419 in May 2023. You can find more information about KB5026419 on this page.
Key points about KB5025287
- KB5025287 is a cumulative update for Windows Server 2012 R2 and it supersedes March month’s update KB5023756.
- KB5025287 contains all changes that are part of the KB5023756 update. If you have already deployed KB5023756 on the server, only the incremental changes will be rolled out to the Windows Server 2012.
- We suggest installing KB5025287 instead of KB5025272 on Windows Server 2012. This is because all changes that are part of KB5025272 are included in KB5025287. And, KB5025287 is a cumulative update while KB5025272 is a standalone update.
- KB5023791 is the Servicing Stack Update for Windows Server 2012 that needs to be deployed prior to installing KB5025287. This Servicing Stack Update or SSU was released in February 2023.
- 62 security vulnerabilities have been disclosed for Windows Server 2012 as part of the April security bulletin. 6 of these have CRITICAL severity and we have shared basic details of these threats in the vulnerability section.
- Two zero-day threats affect Windows Server 2012. Basic details of these vulnerabilities have been shared in the vulnerability section.
- Separate installation of the cumulative update for Internet Explorer is not needed with the installation of KB5025287.
The monthly rollup update for Windows Server 2012 can be deployed automatically or through a manual approach.
Download KB5025287
Manual deployment of KB5025287 requires an offline installer file. The installer file can be downloaded directly from Microsoft as per the details below.
Direct download links for KB5025287
The direct download links for the monthly rollup update are given hereunder with the Servicing Stack Update links. The Servicing Stack Update needs to be on the server prior to installing KB5025287.
SSU deployment is a quick process and does not cause any server reboot. You can move to the main monthly rollup installation once the SSU has been successfully installed.
| Security Update | Download link | Size of the update |
|---|---|---|
| KB5023791 | Download KB5023791 | 9.8 MB |
| KB5025287 | Download KB5025287 | 415.8 MB |
You can also download the offline installer files directly from the Microsoft Update Catalog pages for KB5023791 and KB5025287. The catalog links are shared below for your ready reference.
- Download KB5023791 from the Microsoft Update Catalog
- Download KB5025287 from the Microsoft Update Catalog
Apart from the manual installation, you can also install KB5025287 using one of the following automated update processes:
- Windows Update
- WSUS or Windows Server Update Service
Generally speaking, most system administrators are happy with WSUS deploying cumulative security updates on the servers.
Security vulnerabilities on Windows Server 2012
There are 62 vulnerabilities that have been disclosed in April month’s security bulletin released by Microsoft. The two zero-day threats and 6 CRITICAL severity threats are shared below.
Zero-day vulnerabilities
| CVE | CVSS Score | CVE Title | Impact |
|---|---|---|---|
| CVE-2013-3900 | 7.4 | WinVerifyTrust Signature Validation Vulnerability | Remote Code Execution |
| CVE-2023-28252 | 7.8 | Windows Common Log File System Driver | Elevation of Privilege Vulnerability |
CRITICAL vulnerabilities
| Vulnerability | CVE Title | CVSS Score | Vulnerability scope |
|---|---|---|---|
| CVE-2023-21554 | Microsoft Message Queuing | 9.8 | Remote Code Execution |
| CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) | 9.8 | Remote Code Execution |
| CVE-2023-28231 | DHCP Server Service | 8.8 | Remote Code Execution |
| CVE-2023-28219 | Layer 2 Tunneling Protocol | 8.1 | Remote Code Execution |
| CVE-2023-28220 | Layer 2 Tunneling Protocol | 8.1 | Remote Code Execution |
| CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol | 7.5 | Remote Code Execution |
KB5025287 – Changelog
There are not many changes that have been made to Windows Server 2012 stack in KB5025287. A brief list of changes under KB5025287 is shared below
- By the March 1, 2023, order of the Arab Republic of Egypt, daylight savings time (DST) will resume on April 28, 2023, and end on October 27, 2023. This update applies to Egypt Standard Time – (UTC+02:00) Cairo.
- Known compatibility issues exist with certain printer models which feature GDI printer drivers that do not completely adhere to GDI specifications.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.