KB5029312 Monthly Rollup Update Windows Server 2012 R2

KB5029312 is the monthly rollup update for Windows Server 2012 R2. The update was released on 8th August 2023 as part of the ‘Patch Tuesday’ project.

Salient points

  • KB5029312 has now been superseded by KB5030269. KB5030269 is the monthly rollup update released in September 2023. You can read more about KB5030269 on this page.
  • KB5029312 is a cumulative update that supersedes KB5028228. KB5028228 was released in July 2023 and you can read more about it on the KB5028228 page.
  • KB5029312 also includes all changes that are part of the security update KB5029304.
  • Given a choice, we would suggest installing the monthly rollup update instead of the security-only update on Windows Server 2012 R2. Monthly rollup updates are cumulative while the security-only updates are standalone updates.
  • KB5029368 is the Servicing Stack Update that needs to be deployed before installing KB5029312. This is the latest SSU for Windows Server 2012 R2 released on 8th August 2023.
  • 27 security vulnerabilities impact Windows Server 2012 R2. These vulnerabilities have been shared by Microsoft in August month’s security bulletin.
  • 3 security vulnerabilities can lead to ‘Remote Code Execution’ threats. All these 3 vulnerabilities have a CVSS score of 9.8. You can find brief details about these vulnerabilities in the Vulnerabilities section below.
  • The issue with language packs on Windows Server 2012 R2 persists and is pending a resolution from the Microsoft side. If you install a language pack after installing KB5029312, you will need to redeploy the monthly rollup update on the server. A language pack installation on top of the monthly rollup update renders the monthly rollup update infructuous.

Download KB5029312

Since KB5029312 is a monthly rollup update, it can be patched automatically using one of the following methods below:

  • Windows Update
  • Microsoft Update
  • WSUS or Windows Server Update Service

WSUS remains the most preferred method for patching Windows Servers.

As part of the automated update process, the latest Servicing Stack Update KB5029368 will be deployed prior to installing KB5029312.

For manual deployments, you can download the offline installer files for the SSU and monthly rollup update for Windows Server 2012 R2.

We have shared the Microsoft Update Catalog pages and direct download links for the SSU and monthly rollup update KB5029312 below.

Download Servicing Stack Update KB5029368

The size of the KB5029368 update file is 10.8 MB.

Servicing Stack Updates are small files. Upon installing the Servicing Stack Update, the server does not restart or reboot.

Download KB5029312

The size of the KB5029312 offline installer file is 576.1 MB.

Post-installation of KB5029312 update, the server will reboot. So, please deploy the monthly rollup update as part of an organized change in the IT infrastructure.


Out of the 27 security vulnerabilities disclosed for Windows Server 2012 R2, we are primarily concerned about the vulnerabilities with CRITICAL severity. The three vulnerabilities below have CRITICAL severity with CVSS scores of 9.8.

CVE DetailsCVSS ScoreImpact Affected componentDescription
CVE-2023-353859.8CRITICALMicrosoft Message QueuingSuccessful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.
CVE-2023-369119.8CRITICALMicrosoft Message QueuingSuccessful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.
CVE-2023-369109.8CRITICALMicrosoft Message QueuingTo exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.

These vulnerabilities affect the Microsoft Messaging Queuing service. If this service is not in use, the server will not be impacted by these security vulnerabilities.

KB5029312 – Changelog

The following improvement is part of the KB5029312 monthly rollup update for Windows Server 2012 R2:

  • Kerberos constrained delegation (KCD) might fail with the error message KRB_AP_ERR_MODIFIED on read/write domain controllers after installing the November 2022 security updates.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.