KB5026419 is the monthly rollup update for Windows Server 2012. The update was released on 9th May under the ‘Patch Tuesday’ program of Microsoft.
Salient points about KB5026419
- KB5026419 is a cumulative update and supersedes KB5025287. KB5025287 was released on 11th April 2023.
- KB5026419 contains all the changes that are part of the security-only update KB5026411. KB5026411 is May month’s security-only update for Windows Server 2012.
- Servicing Stack Update KB5023791 corresponds to KB5026419. Prior to installing KB5026419, please ensure you have already deployed KB5023791.
- The issue with language packs and monthly rollup updates for Windows Server 2012 continues. If you install a language pack after installing KB5026419, you will need to redeploy the monthly rollup update KB5026419.
- As per Microsoft’s security bulletin, 16 security vulnerabilities affect Windows Server 2012.
- There are 5 CRITICAL vulnerabilities that impact Windows Server 2012. Details of these threats are in the vulnerability section below. Two of these vulnerabilities have a CVSS score of 9.8.
Download KB5026419
Since KB5026419 is a cumulative update, you can install it automatically through one of the following methods:
- Windows Update
- Microsoft Update
- WSUS or Windows Server Update Service
You can also patch KB5026419 on the server manually. The manual deployment process requires an offline installer file for KB5026419. The installer can be downloaded from the Microsoft Update Catalog or through the direct download link. For reference, the catalog download link and the direct download link for KB5026419 are shared below.
- Download KB5026419 from Microsoft Update Catalog.
- Download the KB5026419 installer file – this file has a size of 417.8 MB.
If you did not deploy the Servicing Stack Update KB5023791 yet, please install it prior to installing KB5026419.
- Download KB5023791 SSU from the Microsoft Update Catalog – the size of the update file is 9.8 MB.
- Direct download link for KB5023791 SSU for Windows Server 2012
KB5023791 was released in March 2023. Upon installation of the Servicing Stack Update, there will be no reboot of the server.
Vulnerabilities in Windows Server 2012
There are 16 disclosed vulnerabilities in Windows Server 2012. We cover the zero-day threats and ‘CRITICAL’ threats below for your ready reference.
Zero-day threats in Windows Server 2012
The following 3 zero-day threats affect Windows Server 2012.
| Vulnerability | CVSS Score | Severity | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-24932 | 6.7 | IMPORTANT | Secure Boot Security Feature Bypass | In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine. As part of the fix, Microsoft suggests reading emails in plain text in Microsoft Outlook. |
| CVE-2023-29325 | 8.1 | CRITICAL | Remote Code Execution | In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine. As part of the fix, Microsoft suggests reading emails in plain text in Microsoft Outlook. |
| CVE-2023-29336 | 7.8 | IMPORTANT | Elevation of Privileges | An attacker who successfully exploited this vulnerability could bypass Secure Boot. The attacker needs to have physical access or Administrative rights to a target device. To patch this vulnerability, please read the instructions on this page. |
CRITICAL vulnerabilities in Windows Server 2012
The following 5 CRITICAL vulnerabilities impact the Windows Server 2012.
| Vulnerability | CVSS Score | Severity | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-24941 | 9.8 | CRITICAL | Remote Code Execution | This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Mitigation steps are shared in the Microsoft advisory for CVE-2023-24941. |
| CVE-2023-24943 | 9.8 | CRITICAL | Remote Code Execution | When Windows Message Queuing service is running in a Pragmatic General Multicast (PGM) Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. To mitigate risk, Microsoft recommends customers deploy newer technologies such as Unicast or Multicast server. Read more details of this vulnerability on the Microsoft advisory page. |
| CVE-2023-29325 | 8.1 | CRITICAL | Remote Code Execution | An attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine. To mitigate this vulnerability, Microsoft recommends users read email messages in plain text format |
| CVE-2023-24903 | 8.1 | CRITICAL | Remote Code Execution | This RCE vulnerability exists in Windows Secure Socket Tunneling Protocol (SSTP). To exploit this vulnerability, an attacker would need to send a specially crafted malicious SSTP packet to a SSTP server. This could result in remote code execution on the server side. |
| CVE-2023-28283 | 8.1 | CRITICAL | Remote Code Execution | This RCE vulnerability exists in Windows Lightweight Directory Access Protocol (LDAP). An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service. |
KB5026419 – Changelog
The following changes are part of the KB5026419 monthly rollup update.
- By order of the Islamic Republic of Iran on September 22, 2022, daylight saving time (DST) will no longer be observed and the republic will remain on Iran Standard Time UTC+03:30.
- Local Kerberos authentication fails if the local Key Distribution Center (KDC) service is stopped. Additionally, all local Kerberos logons fail with the error STATUS_NETLOGON_NOT_STARTED.
- After the Windows Monthly Rollup dated on or after November 8, 2022, is installed, Kerberos constrained delegation (KCD) fails with the error message KRB_AP_ERR_MODIFIED on Read/Write Domain Controllers.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.