KB5029242 Cumulative Update for Windows Server 2016

KB5029242 is the latest cumulative update for Windows Server 2016 released on 8th August 2023. The update covers security threats and improvements for Windows Server 2016 and Windows Server 2016 Server Core installation.

We look at some important points about the KB5029242 update below.

Salient points

• KB5029242 has now been superseded by KB5030213 cumulative update. KB5030213 was released on 12th September 2023. You can read more about KB5030213 on this page.
• KB5029242 is the latest cumulative update that supersedes KB5028169. KB5028169 was released in July 2023.
• KB5029242 corresponds to server build 14393.6167. It supersedes the previous build 14393.6085 of the KB5028169 cumulative update.
• There are 27 security vulnerabilities that have been disclosed as part of the August cumulative update.
• 3 security vulnerabilities have a ‘CRITICAL’ severity with a CVSS score of 9.8. You can read more about these vulnerabilities in the vulnerability section below.
• KB5023788 is the Servicing Stack Update that needs to be deployed on the server prior to installing KB5029242. KB5023788 was released in March 2023.

Download KB5029242

KB5029242 can be applied automatically through one of the following processes:

• Windows Update
• Windows Update for Business
• WSUS or Windows Server Update Service

Most system administrators are happy working with the WSUS deployments for automated patch management.

For manual deployments, you can download the offline installer file in MSU format from the Microsoft Update Catalog page for KB5029242.

Prior to installing KB5029242, you must install the Servicing Stack Update KB5023788.

Below, we have shared the direct download links for KB5023788 and KB5029242. We have also shared the Microsoft Update Catalog page links for KB5023788 and KB5029242.

• Download the offline installer file for KB5023788 Servicing Stack Update for Windows Server 2016 – the size of this offline installer file for Windows Server 2016 is 11.7 MB.
• Download the offline installer file for KB5029242 Cumulative Update for Windows Server 2016 – the size of this installer file is 1622.9 MB.
• Direct download link for KB5023788 for Windows Server 2016
• Direct download link for KB5029242 for Windows Server 2016

When you install the Servicing Stack Update, the server will not restart or reboot. However, upon installation of the cumulative update, your server will reboot. So, please deploy the cumulative updates as part of a planned change within the IT infrastructure.

Vulnerabilities

We cover three security vulnerabilities that have ‘CRITICAL’ severity level and affect the Windows Server 2016.

CVE Details	CVSS Score	Impact	Affected component	Description
CVE-2023-35385	9.8	CRITICAL	Microsoft Message Queuing	Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.
CVE-2023-36911	9.8	CRITICAL	Microsoft Message Queuing	Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.
CVE-2023-36910	9.8	CRITICAL	Microsoft Message Queuing	To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.

All these three security vulnerabilities affect Microsoft Message Queuing service. You can check if the Microsoft Message Queuing service is enabled on the server by checking for the Message Queuing service in the services management console.

KB5029242 – Changelog

The following improvement on Windows Server 2016 is part of the cumulative update KB5029242:

• This update addresses an issue that affects Kerberos constrained delegation (KCD). It fails on read-write domain controllers. The error message is, “KRB_AP_ERR_MODIFIED.” This occurs after you install the November 2022 security updates.