KB5027282 is a security-only update for Windows Server 2012 R2 for the month of June 2023. The update was released as part of the ‘Patch Tuesday’ release on 13th June 2023.
We look at the significant information about KB5027282 for your ready reference below.
Salient points
- KB5027282 is a standalone security update for Windows Server 2012 R2. It means that the security update is non-cumulative in nature.
- For full security coverage on Windows Server 2012 R2, you will need to install all the prior security updates released for the server.
- The previous month’s security update for Windows Server 2012 R2 is KB5026409. You can read more about KB5026409.
- Given a choice between KB5027282 and monthly rollup update KB5027271, we strongly suggest patching KB5027271. KB5027271 contains all the changes that are part of KB5027282 and it is cumulative in nature.
- Prior to deploying the security-only update, you will need to install the Servicing Stack Update KB5027574 on Windows Server 2012 R2.
- You will also need to install the cumulative update for Internet Explorer KB5026366 before installing KB5027282 for full security coverage on the server.
- The issue with language packs continues to affect Windows Server 2012 R2. If you install a language pack after installing KB5027282, you will need to reinstall the KB5027282 security update. A language pack renders the security update infructuous.
- There are 23 security vulnerabilities that have been reported for Windows Server 2012 R2 as part of the June 2023 security bulletin.
- 3 security vulnerabilities have a ‘CRITICAL’ severity and carry a CVSS score of 9.8.
- There are two older security vulnerabilities that have assumed a Zero-day status. These vulnerabilities are shared in the vulnerability section. We also explain the zero-day threats in the Zero-day vulnerabilities section.
Download KB5027282
KB5027282 is a standalone security update. It cannot be installed using the Windows Update program.
For automated installations, you can make use of WSUS or Windows Server Update Service.
For manual installation of KB5027282, you can follow the three-step process. As part of the manual deployment, we will follow these steps:
- Download and install KB5027574 Servicing Stack Update. This SSU was released on 13th June 2023.
- Download and install the cumulative update for Internet Explorer KB5026366. This update was released on 9th May 2023. There is a chance that you may have already installed this Internet Explorer 11 update last month. If KB5026366 is already present on the server, we can skip its installation.
- Finally, you can download and install the KB5027282 security-only update.
There are two options to download the offline installer file for each of these updates. You can download the offline installer directly from the Microsoft Update Catalog website.
Alternatively, you can download the MSU installer file from the direct download links published below.
Servicing Stack Update
The size of the Servicing Stack Update is 10.7 MB. Upon installing the SSU, there is no server reboot or restart.
- Download Servicing Stack Update KB5027574 from Microsoft Update Catalog
- Direct download link for SSU KB5027574 for Windows Server 2012 R2
Cumulative Update for Internet Explorer 11
The cumulative update for Internet Explorer 11 on Windows Server 2012 R2 has a size of 55 MB. It was released on 9th May 2023. You can download the IE cumulative update from the Microsoft Update Catalog or the direct download link of the offline installer file below.
- Download KB5026366 for Internet Explorer 11 on Windows Server 2012 R2
- Direct download link for KB5026366 for Internet Explorer 11 on Windows Server 2012 R2
Security Update KB5027282
The offline installer file for KB5027282 has a size of 47.2 MB. The download links for KB5027282 are published below.
- Download KB5027282 from Microsoft Update Catalog
- Direct download link for KB5027282 for Windows Server 2012 R2
Once you have completed these three steps, the Windows Server 2012 R2 will be brought to the latest stable security release level.
Vulnerabilities
As mentioned above, there are 23 security vulnerabilities that affect Windows Server 2012 R2. 3 of the vulnerabilities are of CRITICAL severity level. These CRITICAL security threats have a CVSS score of 9.8.
There are two zero-day threats that have assumed zero-day status in June 2023. These zero-day threats are also mentioned below.
| Vulnerability | CVSS Score | Severity | Type | Description |
|---|---|---|---|---|
| CVE-2023-24880 (Zero-day) | 4.4 | Moderate | Security Feature Bypass | An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. |
| CVE-2021-34527 (Zero-day) | 8.8 | Critical | Remote Code Execution | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| CVE-2023-29363 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32014 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-32015 | 9.8 | Critical | Remote Code Execution | When Windows message queuing service is running in a Windows Pragmatic General Multicast (PGM Server) environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
About Zero-day threats
Zero-day threats or security vulnerabilities are those vulnerabilities that are either publicly disclosed or are being exploited actively. These threats need to be patched on an immediate basis.
There are two security vulnerabilities that are old and have assumed a zero-day status in June 2023.
CVE-2023-24880 was unveiled in March 2023 and becomes a zero-day threat in June 2023 security bulletin. On a similar basis, CVE-2021-34527 was released in July 2021 and become a zero-day threat in June 2023 security bulletin.
You will need to take action on both these zero-day threats on a priority basis.
KB5027282 Changelog
There are no documented changes for Windows Server 2012 R2 under the KB5027282 security-only update. So, it is safe to presume that the current security update manages to bridge the security issues on Windows Server 2012 R2 for the month of June 2023.
June 2023 Security and Cumulative Updates
The following security updates or cumulative updates have been released as part of the June cycle of ‘Patch Tuesday’ updates by Microsoft:
- KB5027283 Monthly Rollup Update for Windows Server 2012
- KB5027271 Monthly Rollup for Windows Server 2012 R2
- KB5027282 Security Update for Windows Server 2012 R2
- KB5027225 Cumulative Update for Windows Server 2022
- KB5027219 Cumulative Update for Windows Server 2016
- KB5027222 Cumulative Update Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.