KB5028223 is the security-only update for Windows Server 2012 R2. It was released as part of the ‘Patch Tuesday’ initiative on 11th July 2023.
Salient points
- KB5028223 is a standalone security update. For full security coverage on Windows Server 2012 R2, you will need to deploy all the previous standalone security updates.
- The previous security-only update KB5027282 for Windows Server 2012 R2 was released in June 2023.
- To patch Windows Server 2012 R2 as part of the July update cycle, you have two options. Either you can install the monthly rollup update KB5028232 or you could deploy the security-only update KB5028223. Since the monthly rollup update is cumulative in nature, we strongly recommend preferring the monthly rollup update over the security-only update.
- Servicing Stack Update KB5027574 needs to be deployed prior to installing the security-only update KB5028223 for Windows Server 2012 R2
- Internet Explorer Cumulative Update KB5028167 also needs to be deployed on Windows Server 2012 R2 as part of the security patch update.
- There are 71 security vulnerabilities that have been disclosed for Windows Server 2012 R2 as part of the July month’s security bulletin. Out of these, there are 6 CRITICAL and 4 zero-day threats. The CRITICAL and Zero-day threats have been shared in the vulnerability section below.
Download KB5028223
You can deploy KB5028223 manually. You can use an offline installer file to install KB5028223.
The security update process for Windows Server 2012 R2 is essentially a three-step process.
- Download and install Servicing Stack Update KB5027574
- Download and install Internet Explorer Cumulative Update KB5028167
- Download and install KB5028223 security-only update
The offline installer files for each of these updates may be downloaded from the Microsoft Update Catalog pages. Or, you can use the direct download links for the patches shared below.
- Download KB5027574 Servicing Stack Update from Microsoft Update Catalog
- Download KB5028167 Internet Explorer Cumulative Update from Microsoft Update Catalog
- Download KB5028223 security update from Microsoft Update Catalog
- Direct download KB5027574
- Direct download KB5028167
- Direct download KB5028223
It may be pertinent to mention a few important points about the SSU, IE Cumulative Update, and Security-only update below:
- KB5027574 Servicing Stack Update has a size of 10.7 MB only. Post-deployment of the SSU, the server will not reboot.
- KB5028167 IE cumulative update has a size of 54.9 MB only. IE cumulative updates get applied fully after a server reboot.
- KB5028223 update has a size of 77.1 MB. You can expect the server to reboot after installing the security update.
Vulnerabilities
Out of the 71 security vulnerabilities on Windows Server 2012 R2, we share the 6 CRITICAL and 4 zero-day threats below.
CRITICAL vulnerabilities on Windows Server 2012 R2
CVE Details | Impact | CVSS Score | Severity | Comments |
---|---|---|---|---|
CVE-2023-35367 | Remote Code Execution | 9.8 | CRITICAL | Windows Routing and Remote Access Service (RRAS) are affected |
CVE-2023-35365 | Remote Code Execution | 9.8 | CRITICAL | Windows Routing and Remote Access Service (RRAS) are affected |
CVE-2023-35366 | Remote Code Execution | 9.8 | CRITICAL | Windows Routing and Remote Access Service (RRAS) are affected |
CVE-2023-32057 | Remote Code Execution | 9.8 | CRITICAL | Microsoft Message Queuing is affected |
CVE-2023-35352 | Security Feature Bypass | 7.5 | CRITICAL | Windows Remote Desktop is affected |
CVE-2023-35297 | Remote Code Execution | 7.5 | CRITICAL | Windows Pragmatic General Multicast (PGM) is affected |
Zero-day vulnerabilities on Windows Server 2012 R2
CVE Details | Impact | CVSS | Severity | Comments |
---|---|---|---|---|
CVE-2023-32046 | Elevation of Privilege Vulnerability | 7.8 | Important | Windows MSHTML Platform is affected |
CVE-2023-36874 | Service Elevation of Privilege Vulnerability | 7.8 | Important | Windows Error Reporting is affected |
CVE-2023-36884 | Remote Code Execution Vulnerability | 8.3 | Important | Office and Windows HTML are affected |
CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | 6.7 | Important | An attacker with physical access or Administrative rights to a target device could install an affected boot policy. |
KB5028223 Changelog
Besides security updates for the various risks and vulnerabilities, KB5028223 has added new event logs about the impending end of support for Windows Server 2012 R2 on 10th October 2023.
- Starting with this release, we will log event logs beginning July 11, 2023, and ending on October 10, 2023, to notify customers of the end of support (EOS) for Windows Server 2012 R2 on October 10, 2023.
Microsoft July 2023 Security Updates
- KB5028232 Monthly Rollup update for Windows Server 2012
- KB5028233 Security Update for Windows Server 2012
- KB5028223 Security Update for Windows Server 2012 R2
- KB5028228 Monthly Rollup Update for Windows Server 2012 R2
- KB5028169 Cumulative Update for Windows Server 2016
- KB5028168 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.