KB5027281 is the standalone security-only update for Windows Server 2012. It was released as part of the ‘Patch Tuesday’ program on 13th June 2023.
KB5027281 has now been succeeded by the July month’s security update for Windows Server 2012 KB5028233. You can read more about KB5028233 on this page.
We review the security update KB5027281 below.
Salient points
- KB5027281 is a standalone security update. It is non-cumulative in nature.
- KB5027281 provides security coverage on Windows Server 2012. For full security coverage, you need to install all the prior security updates. KB5026411 is the last security update for Windows Server 2012 released on 9th May 2023.
- Between KB5027281 and KB5027283, we strongly suggest patching Windows Server 2012 with the monthly rollup update KB5027283. This is because KB5027283 is a cumulative update and contains all changes that are part of the KB5027281 security update.
- Prior to installing KB5027281 on Windows Server 2012, you need to deploy the Servicing Stack Update KB5027575 on the server. KB5027575 is a new Servicing Stack Update and was released on 13th June 2023.
- For full security coverage, you will need to install the cumulative update for Internet Explorer 11 KB5026366 as well. KB5026366 was released on 9th May 2023.
- There are 20 security vulnerabilities that affect Windows Server 2012 as part of the June 2023 security bulletin. 3 of these security vulnerabilities have a CRITICAL severity level. All these CRITICAL security vulnerabilities have a CVSS rating of 9.8.
- Additionally, two older vulnerabilities assumed a zero-day status in June 2023. These zero-day threats are shared in the vulnerability section.
- The issue with the language pack affects Windows Server 2012. If you install a language pack after installing KB5027281, you will need to redeploy the KB5027281 security update.
Download KB5027281
KB5027281 is a standalone update that can be patched on the server using WSUS or Windows Server Update Service.
Alternatively, you can install KB5027281 on the server manually.
The manual deployment process for KB5027281 is a three-step process:
- Download and install KB5027575 Servicing Stack Update.
- Download and install KB5026366 cumulative update for Internet Explorer 11.
- Download and install KB5027281 security update.
Prior to installing any of these updates, we need to make sure that the last security update KB5026411 is also deployed on Windows Server 2012.
The download links for each of these updates are shared below. You can choose to download the offline installer file from the Microsoft Update Catalog site. Or, you could download these updates directly from the download links shared below.
Servicing Stack Update
The Servicing Stack Update file for KB5027575 has a size of 10.1 MB. Upon installation of the Serving Stack Update, the server will not reboot.
You can download KB5027575 from the following links:
Cumulative update for Internet Explorer 11
KB5026366 is the cumulative update for Internet Explorer 11. It was released on 9th May 2023. You can download the IE 11 update from the following links:
The size of the IE 11 cumulative update KB5026366 for Windows Server 2012 is 46.3 MB.
Security Update KB5027281
Once you have deployed the SSU and cumulative update for IE 11, you can download the offline installer file for KB5027281 from one of the following links:
The size of the security update is 40.6 MB only. Upon installation of the security update, the server will reboot. So, please plan the implementation of KB5027281 as part of the scheduled change management routine.
Vulnerabilities
There are 20 security vulnerabilities that affect Windows Server 2012. Out of these 20 vulnerabilities, 3 security vulnerabilities have a CRITICAL severity level.
Additionally, two older security vulnerabilities have assumed zero-day status.
We discuss the zero-day threats and CRITICAL vulnerabilities below for ready reference.
| Vulnerability | CVSS Score | Severity | Type | Description |
|---|---|---|---|---|
| CVE-2023-24880 (Zero-day) | 4.4 | Moderate | Security Feature Bypass | An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. |
| CVE-2021-34527 (Zero-day) | 8.8 | Critical | Remote Code Execution | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| CVE-2023-29363 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32014 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32015 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
About Zero-day threats
Zero-day security vulnerabilities are security threats that are either publicly disclosed or are being exploited by various threat actors. There is a need to patch against zero-day threats on an immediate basis.
Two security vulnerabilities have assumed zero-day status in June 2023 security bulletin.
- CVE-2021-34527 is a security threat that was first reported in July 2021. It assumed zero-day status in June 2023.
- CVE-2023-24880 is a security threat that was first reported in March 2023. It assumed zero-day status in June 2023.
No new zero-day threats have been reported for Windows Server 2012 in June 2023 security bulletin. But, at the same time, these older security vulnerabilities need to be taken care of.
KB5027281 Changelog
There are no documented changes for KB5027281. The security update for Windows Server 2012 addresses security issues on the server for the month of June 2023.
June 2023 Security Updates
The following security or cumulative updates have been released in June 2023:
- KB5027283 Monthly Rollup Update for Windows Server 2012
- KB5027271 Monthly Rollup for Windows Server 2012 R2
- KB5027282 Security Update for Windows Server 2012 R2
- KB5027225 Cumulative Update for Windows Server 2022
- KB5027219 Cumulative Update for Windows Server 2016
- KB5027222 Cumulative Update Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.