KB5029295 is the monthly rollup update for Windows Server 2012. It was released on 8th August 2023 as part of the ‘Patch Tuesday’ initiative of Microsoft.
Salient points
- The monthly rollup update KB5029295 has been superseded by KB5030278. KB5030278 was released on 12th September 2023 as part of the ‘Patch Tuesday’ project. You can read more about KB5030278 on this page.
- KB5029295 is a cumulative update. It supersedes the KB5028232 monthly rollup update. KB5028232 was released on 11th July 2023. You can read more about KB5028232 on this page for KB5028232.
- KB5029295 also includes all changes that are part of the security update KB5029308.
- Between KB5029295 and KB5029308, we strongly recommend using the monthly rollup update KB5029295. Monthly rollup updates are cumulative in nature. Security-only updates are standalone updates.
- KB5029369 is the Servicing Stack Update that needs to be installed prior to installing KB5029295. KB5029369 was released on 8th August 2023.
- 24 security vulnerabilities have been disclosed for Windows Server 2012 in the August security bulletin.
- Out of these 24 vulnerabilities that are three ‘Remote Code Execution’ threats with CVSS scores of 9.8. Information about the CRITICAL vulnerabilities has been shared in the vulnerability section below.
Download KB5029295
KB5029295 can be automatically patched using one of the following methods:
- Windows Update
- WSUS or Windows Server Update Service
WSUS remains the most used method by system administrators.
If you intend to use an automated process to apply the monthly rollup update, the Servicing Stack Update will be automatically deployed prior to installing the KB5029295 update.
For manual installation of KB5029295, you will need to use the following two-step approach.
- Download KB5029369 Servicing Stack Update
- Download KB5029295 monthly rollup update
For your ready consideration, we have shared the direct download links and Microsoft Update Catalog links for KB5029369 and KB5029295 below.
Download KB5029369
The Servicing Stack Update KB5029369 has been released on 8th August 2023. You can download the KB5029369 SSU from one of the following pages:
- Download KB5029369 from the Microsoft Update Catalog page
- Direct download link for the MSU installer file for KB5029369
The size of the update file for KB5029369 is 9.8 MB.
Once you install KB5029369 on Windows Server 2012, the server will not reboot. SSU or Servicing Stack Updates do not cause servers to reboot.
Download KB5029295
KB5029295 can be downloaded from the Microsoft Update Catalog or through the direct download links shared below.
The size of the update file for KB5029295 is 423.2 MB.
Post-installation of KB5029295, the server will reboot to complete the update process. So, please plan the change as part of the organized change to the IT infrastructure.
Vulnerabilities
There are 24 security vulnerabilities on Windows Server 2012 in the August 2023 security bulletin,
We are primarily concerned with the three ‘Remote Code Execution’ threats that have CRITICAL severity levels. The 3 CRITICAL vulnerabilities that affect Windows Server 2012 are shared below.
| CVE Details | CVSS Score | Impact | Affected component | Description |
|---|---|---|---|---|
| CVE-2023-35385 | 9.8 | CRITICAL | Microsoft Message Queuing | Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36911 | 9.8 | CRITICAL | Microsoft Message Queuing | Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36910 | 9.8 | CRITICAL | Microsoft Message Queuing | To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. |
All these vulnerabilities will affect servers that run the Microsoft Messaging Queuing service. If the Message Queuing service is inactive or in a stopped state on the server, these threats will not have an impact on the said server.
Issue with Language Packs
If you install a language pack after installing the KB5029295 monthly rollup update on Windows Server 2012, you will need to redeploy the KB5029295 update.
Installing the language pack on top of the monthly rollup update renders the monthly rollup update infructuous.
Microsoft is working on resolving the issue. There is no ETA for the issue as of today.
KB5029295 – Changelog
The following improvement has been made as part of the KB5029295 monthly rollup update for Windows Server 2012:
- Kerberos constrained delegation (KCD) might fail with the error message KRB_AP_ERR_MODIFIED on read/write domain controllers after installing the November 2022 security updates.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.