KB5027219 is the latest cumulative update for Windows Server 2016 and Windows Server 2017 Server core installation. It was released on 13th June under the ‘Patch Tuesday’ program.
KB5027219 has been superseded by KB5028169 cumulative update in July 2023. You can read more about KB5028169 on this page.
Let us review the main points about the KB5027219 cumulative update.
Salient points about KB5027219
- KB5027219 supersedes KB506363. KB5026363 was released on 9th May 2023. You can read more about KB5026363 on this page.
- KB5027219 corresponds to server build 14393.5989.
- If you are upgrading from KB5026363 to KB5027219, you are moving from build 5921 to 5989.
- Servicing Stack Update KB5023788 is required on the server prior to deploying KB5027219.
- 28 security vulnerabilities affect Windows Server 2016 and Windows Server 2016 Server Core Installation.
- 3 of these security vulnerabilities are of ‘CRITICAL’ severity and carry a CVSS score of 9.8. Details are shared in the vulnerability section.
- Two zero-day threats affect Windows Server 2016 and Windows Server 2016 Server Core installation.
- Additionally, .NET framework on Windows Server 2016 is impacted by security vulnerabilities. These threats have been discussed in KB5027123.
- KB5027219 also resolves an information disclosure vulnerability in Windows Kerner. CVE-2023-32019 has been resolved to patch the Windows Kernel.
Download KB5027219
KB5027219 can be applied automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- Windows Server Update Service or WSUS
Servicing Stack Update KB5023788 will be automatically applied before patching KB5027219 for automated patch deployments.
You can also choose to deploy KB5027219 manually. For manual deployments, you will need to download the Servicing Stack Update or ensure it is already installed on the server.
KB5023788 was released in March 2023. If you have applied any cumulative update on Windows Server 2016 after March 2023, there are chances that KB5023788 would have been already deployed. You can check the update history on the server to see if KB5023788 is deployed.
For Servicing Stack Updates, there is no server reboot after the patch has been deployed.
For the manual deployment of KB5027219, we will use a two-step process:
- Validate if KB5023788 is already installed on the server. If KB5023788 Servicing Stack Update (SSU) is missing on Windows Server 2016, we will download and install it.
- Once the SSU has been installed, we will download and install the KB5027219 update.
The direct download links and Microsoft Update Catalog links for KB5023788 and KB5027219 are shared below.
- Download KB5023788 from Microsoft Update Catalog
- Direct download link for KB5023788 offline installer file – the size of this file is 11.7 MB.
Upon successful deployment of KB5023788, you may proceed with installing KB5027219.
- Download KB5027219 from the Microsoft Update Catalog – the size of the update file is 1537.2 MB or 1.5 GB.
- Direct download link for KB5027219 offline installer file
KB5027219 will cause a server reboot. It is a major system upgrade. Therefore, we suggest setting aside time for it to be implemented on product servers as part of the ‘Change management’ strategy.
Vulnerabilities
Windows Server 2016 and Windows Server 2016 Server Core installation are impacted by 28 security vulnerabilities. We cover the two zero-day threats and the three CRITICAL vulnerabilities for Windows Server 2016 below.
| Vulnerability | CVSS Score | Severity | Type | |
|---|---|---|---|---|
| CVE-2023-24880 (Zero-day) | 4.4 | Moderate | Security Feature Bypass | An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. |
| CVE-2021-34527 (Zero-day) | 8.8 | Critical | Remote Code Execution | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| CVE-2023-29363 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32014 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32015 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
KB5027219 Changelog
The following changes and improvements have been made in Windows Server 2016 as part of the KB5027219 cumulative update:
- This update addresses an issue that might cause a memory leak. The leak might occur during prolonged Remote Desktop audio redirection.
- This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019. To learn more, see KB5028407.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.