KB5025288 security update for Windows Server 2012 R2 – April 2023

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5025288 is the standalone security update for Windows Server 2012 R2. It was released on 11th April 2023 as part of the ‘Patch Tuesday’ project.

Key points about KB5025288 for Windows Server 2012 R2

  • KB5025288 is a standalone security update. It should be treated as an independent security update. The security update for March 2023 is KB5023764.
  • For complete protection of the server, you will need to ensure that all the previous security updates for Windows Server 2012 R2 are installed.
  • As an update strategy, it is recommended to install the monthly rollup update on Windows Server 2012 R2 instead of the security-only update. The monthly rollup updates are cumulative in nature and there are less hassle in installing the monthly rollup updates.
  • Before installing KB5025288, you will need to install the Servicing Stack Update KB5023790. This SSU was released in February 2023.
  • Cumulative update for Internet Explorer KB5022835 will also need to be deployed on Windows Server 2012 R2 for complete security of the server.
  • There is an inherent compatibility issue between language packs and the security update KB5025288. If you install a language pack after installing the security update, you will need to reinstall the security update.
  • 62 vulnerabilities affect the Windows Server 2012 R2. Out of these, 6 vulnerabilities have a ‘CRITICAL’ severity for the server. We have listed each of these vulnerabilities below in the vulnerability section.
  • 2 zero-day threats also affect the Windows Server 2012 R2. Details of these vulnerabilities are shared below.

Download KB5025288 for Windows Server 2012 R2

KB5025288 can be deployed through Windows Server Update Service (WSUS) or by using a manual approach.

To install KB5025288 manually, you will require to download the MSU update file from the Microsoft site. We have shared the direct download links of the KB5025288 security update.

To reiterate the process of installing security update KB5025288, we will like you to understand that the following process is needed:

  • Download and install KB5023790
  • Download and install KB5022835
  • Download and install KB5025288

The direct download links for each of these updates are shared hereunder.

Security updateDownload linkSize of the update
KB5023790Download KB502379010.7 MB
KB5022835Download KB502283555 MB
KB5025288Download KB502528845 MB

If you prefer to download the offline installer files from the Microsoft site directly, you can choose the corresponding Microsoft Update catalog page for each update.

These catalog pages have direct download links to the MSU update file.

It may be pertinent to mention that the Servicing Stack Update and cumulative update for Internet Explorer will not cause a server reboot. However, security update KB5025288 will cause a server restart.

Security vulnerabilities on Windows Server 2012 R2

There are 62 security vulnerabilities that affect Windows Server 2012 R2. This is as per the April 2023 security bulletin released by Microsoft.

Two zero-day vulnerabilities and 6 vulnerabilities with CRITICAL severity are shared below.

Zero-day vulnerabilities on Windows Server 2012 R2

CVECVSS ScoreCVE TitleImpact
CVE-2013-39007.4WinVerifyTrust Signature Validation VulnerabilityRemote Code Execution
CVE-2023-282527.8Windows Common Log File System DriverElevation of Privilege Vulnerability

CRITICAL vulnerabilities affecting Windows Server 2012

VulnerabilityCVE TitleCVSS ScoreVulnerability scope
CVE-2023-21554Microsoft Message Queuing9.8Remote Code Execution
CVE-2023-28250Windows Pragmatic General Multicast (PGM)9.8Remote Code Execution
CVE-2023-28231DHCP Server Service8.8Remote Code Execution
CVE-2023-28219Layer 2 Tunneling Protocol8.1Remote Code Execution
CVE-2023-28220Layer 2 Tunneling Protocol8.1Remote Code Execution
CVE-2023-28232Windows Point-to-Point Tunneling Protocol7.5Remote Code Execution

KB5025288 – Changelog

The following changes are included in KB5025288 for Windows Server 2012 R2:

  • By the March 1, 2023, order of the Arab Republic of Egypt, daylight savings time (DST) will resume on April 28, 2023, and end on October 27, 2023. This update applies to Egypt Standard Time – (UTC+02:00) Cairo.
  • Known compatibility issues exist with certain printer models which feature GDI printer drivers that do not completely adhere to GDI specifications.
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.