KB5029247 is the latest cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 8th August 2023 as part of the ‘Patch Tuesday’ initiative.
Salient points
- KB5029247 is the cumulative update for August 2023. It supersedes July month’s cumulative update KB5028168.
- KB5029247 has now been superseded by KB5030214. KB5030214 was released on 12th September 2023 as part of the ‘Patch Tuesday’ project. You can read more about KB5030214 on this page.
- With KB5029247, the server build changes to 17763.4737. You will be upgrading from KB5028168 server build 17763.4645 to 1773.4737.
- The cumulative update address quite a few improvements. One of the proposed improvements includes the resolution of logging into the Active Directory Federation Services. For a list of changes, look under the Changelog section.
- 31 security vulnerabilities have been disclosed as part of the security bulletin for Windows Server 2019 for August 2023.
- 3 of these vulnerabilities have a ‘Remote Code Execution’ impact with CVSS scores of 9.8. More information about these 3 vulnerabilities is in the vulnerabilities section below.
- KB5005112 is the Servicing Stack Update that should be deployed before patching KB5029247 on Windows Server 2019.
Download KB5029247
KB5029247 can be patched automatically through one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
WSUS remains the most commonly used Windows Update processes. We strongly recommend using WSUS to plan and deploy cumulative updates.
Should you want to deploy KB5029247 manually, you will need to ensure the following two patches are deployed:
- Deploy KB5005112 Servicing Stack Update
- Deploy KB5029247
The offline installer file for KB5005112 can be downloaded from the Microsoft Update Catalog page or the direct download link shared below:
- Download KB5005112 from the Microsoft Update Catalog page
- Download KB5005112 from the direct download link
The size of the update file for KB5005112 is 13.8 MB.
Once the Servicing Stack Update is installed, you can install KB5029247. It may be pertinent to mention here that Servicing Stack Updates do not lead to server reboots.
Below, you can find the direct download link for KB5029247 and the KB5029247 page on the Microsoft Update Catalog site.
- Download KB5029247 from the Microsoft Update Catalog
- Download KB5029247 from the direct download link
The size of the MSU update file for KB5029247 is 611.9. This update will cause a server reboot. So, please deploy as part of an organized change in the IT infrastructure.
Vulnerabilities
In all, 31 security vulnerabilities affect Windows Server 2019. This is as per the security bulletin for Windows Server 2019 released in August 2023.
We are primarily concerned with the 3 critical vulnerabilities that carry a CVSS score of 9.8. These 3 security vulnerabilities can cause ‘Remote Code Execution’ threats in the infrastructure.
| CVE Details | CVSS Score | Impact | Affected component | Description |
|---|---|---|---|---|
| CVE-2023-35385 | 9.8 | CRITICAL | Microsoft Message Queuing | Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36911 | 9.8 | CRITICAL | Microsoft Message Queuing | Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36910 | 9.8 | CRITICAL | Microsoft Message Queuing | To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. |
All 3 vulnerabilities affect the Microsoft Message Queuing service. If the Message Queuing service is disabled or inactive, the vulnerabilities ceases to have any impact on the server.
An immediate mitigation plan involves disabling the Message Queuing service.
KB5029247 – Changelog
Quite a few changes or improvements are part of the KB5029247 cumulative update. A list of changes that are part of KB5029247 includes:
- This update addresses an issue that affects apps that use DirectX on older Intel graphics drivers. You might receive an error from apphelp.dll.
- This update affects user mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
- This update enhances hinting for some of the letters of the Verdana Pro font family.
- This update affects the Windows Kernel Vulnerable Driver Blocklist, DriverSiPolicy.p7b. It adds drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- This update addresses an issue that affects Kerberos constrained delegation (KCD). It fails on read-write domain controllers. The error message is, “KRB_AP_ERR_MODIFIED.” This occurs after you install the November 2022 security updates.
- This update addresses an issue that affects the Windows Management Instrumentation (WMI) repository. This causes an installation error. The issue occurs when a device does not shut down properly.
- This update addresses an issue that affects Event Forwarding Subscriptions. When you add an Event Channel to the subscription, it forwards events you do not need.
- This update addresses a deadlock in Internet Protocol Security (IPsec). When you configure servers with IPsec rules, they stop responding. This issue affects virtual and physical servers.
- This update addresses an issue that affects Active Directory Federation Services (AD FS). It might take several attempts to sign in to AD FS successfully. This is because the time calculation for the expiration of a single sign on cookie is wrong.
- This update addresses an issue that affects AD Domains and Trusts snap-ins. They fail to enumerate domain trusts. The error message is, “The parameter is incorrect.”
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.