KB5028228 Monthly Rollup update for Windows Server 2012 R2

KB5028228 is the monthly rollup update for Windows Server 2012 R2 for the month of July 2023. The update was released on 11th July as part of the ‘Patch Tuesday’ project.

KB5028228 has been superseded by the KB5029312 monthly rollup update. You can read more about the KB5029312 update on this page for KB5029295.

Topics covered in this post

Salient points

KB5028228 is a cumulative update that supersedes KB5027271. KB5027271 was released in June 2023.
KB5028228 includes all changes that are part of the security update KB5028223 released in July 2023.
Servicing Stack Update KB5027574 needs to be deployed before installing KB5028228. KB5027574 was released in June 2023.
The issue with language packs remains unresolved. If you install a language pack after installing KB5028228, you will need to redeploy the monthly rollup update.
71 security vulnerabilities affect Windows Server 2012 R2 as per the July security bulletin released by Microsoft.
6 security vulnerabilities carry a ‘CRITICAL’ severity and have been shared in the vulnerability section below. Four of these CRITICAL vulnerabilities have a CVSS score of 9.8.
4 zero-day threats affect Windows Server 2012 R2. These have been shared in the zero-day section below.

Download KB5028228

KB5028228 is available for automated patching and you could apply it using one of the following methods:

Windows Update
WSUS or Windows Server Update Service

WSUS remains the preferred method for rolling out the updates on the Windows servers.

KB5028228 can be patched manually.

You can also download an offline installer file for KB5028228. The file can be downloaded from the Microsoft Update Catalog page for KB55028228. Or, you could use the direct download link given below for KB5028228.

Prior to installing KB5028228, you will need to apply Servicing Stack Update on Windows Server 2012 R2. SSU KB5027574 needs to be patched on the server.

The size of the SSU KB5027574 file is 10.7 MB. Upon installing it on Windows Server 2012 R2, the server will not reboot.

The offline installer file for KB5028228 can be downloaded from one of the following methods:

Download KB5028228 from the Microsoft Update Catalog page – the size of the cumulative update file is 574.8 MB.
Direct download link for KB5028228 file

Vulnerabilities

Out of 71 security vulnerabilities reported for Windows Server 2012 R2, we have listed the 6 CRITICAL and 4 Zero-day threats below.

CRITICAL vulnerabilities on Windows Server 2012 R2

The following six CRITICAL vulnerabilities affect Windows Server 2012 R2:

CVE Details	Impact	CVSS Score	Severity	Comments
CVE-2023-35367	Remote Code Execution	9.8	CRITICAL	Windows Routing and Remote Access Service (RRAS) are affected
CVE-2023-35365	Remote Code Execution	9.8	CRITICAL	Windows Routing and Remote Access Service (RRAS) are affected
CVE-2023-35366	Remote Code Execution	9.8	CRITICAL	Windows Routing and Remote Access Service (RRAS) are affected
CVE-2023-32057	Remote Code Execution	9.8	CRITICAL	Microsoft Message Queuing is affected
CVE-2023-35352	Security Feature Bypass	7.5	CRITICAL	Windows Remote Desktop is affected
CVE-2023-35297	Remote Code Execution	7.5	CRITICAL	Windows Pragmatic General Multicast (PGM) is affected

Zero-day threats on Windows Server 2012 R2

The following zero-day threats affect Windows Server 2012 R2:

CVE Details	Impact	CVSS	Severity	Comments
CVE-2023-32046	Elevation of Privilege Vulnerability	7.8	Important	Windows MSHTML Platform is affected
CVE-2023-36874	Service Elevation of Privilege Vulnerability	7.8	Important	Windows Error Reporting is affected
CVE-2023-36884	Remote Code Execution Vulnerability	8.3	Important	Office and Windows HTML are affected
CVE-2023-24932	Secure Boot Security Feature Bypass Vulnerability	6.7	Important	An attacker with physical access or Administrative rights to a target device could install an affected boot policy.

KB5028228 Changelog

Microsoft has added logs about the end of support for Windows Server 2012 R2.

Starting with this release, we will log event logs beginning July 11, 2023, and ending on October 10, 2023, to notify customers of the end of support (EOS) for Windows Server 2012 R2 on October 10, 2023.

Other changes in KB5028228 target security improvements and threat resolution on Windows Server 2012 R2.

About Zero-day threats

Zero-day threats are security threats that are publicly exploited and disclosed. There is an immediate need to patch these security vulnerabilities.

The nature of these vulnerabilities is such that you cannot wait for patching these security vulnerabilities.

Zero-day threats call for immediate resolution and patching of threats.

Monthly rollup update vs Security update

We suggest patching Windows Server 2012 R2 with monthly rollup updates as these updates are cumulative in nature. The monthly rollup update also contains all changes that are part of the security-only updates.

Security-only updates for Windows Server 2012 R2 are standalone updates. For full security coverage, you will need to install each security-only update on the server.

Besides installing the security-only update, you will also need to deploy other security updates for Internet Explorer on the server.

As a best practice, therefore, we suggest using cumulative monthly rollup updates on the server instead of the standalone security updates.

KB5028228 must be given a preference over KB5028223 security-only update for Windows Server 2012 R2.

Microsoft July 2023 Security Updates

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.