KB5029312 is the monthly rollup update for Windows Server 2012 R2. The update was released on 8th August 2023 as part of the ‘Patch Tuesday’ project.
Salient points
- KB5029312 has now been superseded by KB5030269. KB5030269 is the monthly rollup update released in September 2023. You can read more about KB5030269 on this page.
- KB5029312 is a cumulative update that supersedes KB5028228. KB5028228 was released in July 2023 and you can read more about it on the KB5028228 page.
- KB5029312 also includes all changes that are part of the security update KB5029304.
- Given a choice, we would suggest installing the monthly rollup update instead of the security-only update on Windows Server 2012 R2. Monthly rollup updates are cumulative while the security-only updates are standalone updates.
- KB5029368 is the Servicing Stack Update that needs to be deployed before installing KB5029312. This is the latest SSU for Windows Server 2012 R2 released on 8th August 2023.
- 27 security vulnerabilities impact Windows Server 2012 R2. These vulnerabilities have been shared by Microsoft in August month’s security bulletin.
- 3 security vulnerabilities can lead to ‘Remote Code Execution’ threats. All these 3 vulnerabilities have a CVSS score of 9.8. You can find brief details about these vulnerabilities in the Vulnerabilities section below.
- The issue with language packs on Windows Server 2012 R2 persists and is pending a resolution from the Microsoft side. If you install a language pack after installing KB5029312, you will need to redeploy the monthly rollup update on the server. A language pack installation on top of the monthly rollup update renders the monthly rollup update infructuous.
Download KB5029312
Since KB5029312 is a monthly rollup update, it can be patched automatically using one of the following methods below:
- Windows Update
- Microsoft Update
- WSUS or Windows Server Update Service
WSUS remains the most preferred method for patching Windows Servers.
As part of the automated update process, the latest Servicing Stack Update KB5029368 will be deployed prior to installing KB5029312.
For manual deployments, you can download the offline installer files for the SSU and monthly rollup update for Windows Server 2012 R2.
We have shared the Microsoft Update Catalog pages and direct download links for the SSU and monthly rollup update KB5029312 below.
Download Servicing Stack Update KB5029368
The size of the KB5029368 update file is 10.8 MB.
Servicing Stack Updates are small files. Upon installing the Servicing Stack Update, the server does not restart or reboot.
Download KB5029312
- Download KB5029312 from Microsoft Update Catalog
- Direct download link for KB5029312 offline installer file (.msu format)
The size of the KB5029312 offline installer file is 576.1 MB.
Post-installation of KB5029312 update, the server will reboot. So, please deploy the monthly rollup update as part of an organized change in the IT infrastructure.
Vulnerabilities
Out of the 27 security vulnerabilities disclosed for Windows Server 2012 R2, we are primarily concerned about the vulnerabilities with CRITICAL severity. The three vulnerabilities below have CRITICAL severity with CVSS scores of 9.8.
CVE Details | CVSS Score | Impact | Affected component | Description |
---|---|---|---|---|
CVE-2023-35385 | 9.8 | CRITICAL | Microsoft Message Queuing | Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
CVE-2023-36911 | 9.8 | CRITICAL | Microsoft Message Queuing | Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
CVE-2023-36910 | 9.8 | CRITICAL | Microsoft Message Queuing | To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. |
These vulnerabilities affect the Microsoft Messaging Queuing service. If this service is not in use, the server will not be impacted by these security vulnerabilities.
KB5029312 – Changelog
The following improvement is part of the KB5029312 monthly rollup update for Windows Server 2012 R2:
- Kerberos constrained delegation (KCD) might fail with the error message KRB_AP_ERR_MODIFIED on read/write domain controllers after installing the November 2022 security updates.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.