KB5031362 is the cumulative update for Windows Server 2016 for the period of October 2023. It was released under the ‘Patch Tuesday’ program on 10th October 2023.
Salient points
- KB5031362 has now been superseded by KB5032197. You can read more about KB5032197 on this page.
- KB5031362 is a cumulative update that supersedes KB5030213.
- KB5030213 was released in September 2023. You can read more about KB5030213 on this page.
- KB5031362 corresponds to server build 14393.6351.
- KB5030213 corresponds to server build 14393.6252. When you upgrade from KB5030213 to KB5031362, you progress from build 6252 to 6351.
- KB5031467 is the latest Servicing Stack Update for Windows Server 2016. It was released on 10 October 2023. The SSU needs to be deployed prior to installing KB5031362.
- 70 security vulnerabilities affect Windows Server 2016. This is as per the October 2023 security bulletin released by Microsoft on 10 October 2023.
- 2 zero-day threats affect Windows Server 2016. These have been listed in the vulnerabilities section.
- There are 12 security vulnerabilities that can cause ‘Remote Code Execution’ threats. All these vulnerabilities have a ‘CRITICAL’ severity. We have listed all these threats in the vulnerabilities section.
Download KB5031362
KB5031362 can be installed automatically or manually.
For automated installations, you could use one of the following processes:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Service
WSUS or Windows Server Update Service remains the best method to roll out updates automatically for Windows Server 2016.
For automated updates, Servicing Stack Update KB5031467 is installed automatically prior to installation of KB5031362 cumulative update.
You could also install KB5031362 in a manual approach.
For manual installations, you will need to use a two-step process:
- Download and install Servicing Stack Update KB5031467
- Download and install Cumulative Update KB5031362
We have discussed both these steps here under.
Download KB5031467
KB5031467 is the latest Servicing Stack Update for Windows Server 2016. It was released on 10 October 2023. You can download KB5031467 as an offline installer file from the Microsoft Update Catalog site. Or, you could use the direct download links for the offline installer file shared below.
- Download KB5031467 Servicing Stack Update for Windows Server 2016
- Direct download link for KB5031467
It is important to know that Servicing Stack Updates do not cause server reboot after installation.
Download KB5031362
KB5031362 is a cumulative update. The offline installer file for KB5031362 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download link for the offline installer file shared below.
The size of the update file for KB5031362 for Windows Server 2016 is 1626.8 MB.
Cumulative updates cause a server reboot post-installation. Therefore, we always suggest the deployment of cumulative updates as part of an organized change within the infrastructure.
Vulnerabilities
Windows Server 2016 is affected by 70 security vulnerabilities. Out of these, there are 2 zero-day threats and 12 CRITICAL threats.
For reference, we have listed the zero-day threats and the CRITICAL vulnerabilities for Windows Server 2016 below.
Zero-day vulnerabilities
Zero-day threats are publicly disclosed threats. Or, these have already been exploited by various threat actors. Therefore, zero-day threats need to be patched immediately.
The following are the two zero-day threats that affect Windows Server 2016 under the October 2023 ‘Patch Tuesday’ program:
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36563 | IMPORTANT | 6.5 | Information Disclosure | Exploiting this vulnerability could allow the disclosure of NTLM hashes. |
| CVE-2023-44487 | IMPORTANT | 6.5 | Denial of Service | HTTP/2 Rapid Reset Attack |
CVE-2023-44487 can be resolved by installing KB5031362. Alternatively, Microsoft has published a mitigation plan. As part of the mitigation effort, you can also set the limit of the RST_STREAMS per minute using the new registry key in this update.
| Registry key | Default value | Valid value range | Registry key function |
| Http2MaxClientResetsPerMinute | 500 | 0–65535 | Sets the allowed number of resets (RST_STREAMS) per minute for a connection. When you reach this limit, the connection ends. |
CRITICAL vulnerabilities
There are 12 security vulnerabilities on Windows Server 2016 that have a ‘CRITICAL’ severity. All these vulnerabilities show the following characteristics:
- These threats affect the Microsoft Messaging Queue service or the Layer 2 Tunneling Protocol.
- All these CRITICAL threats can cause ‘Remote Code Execution’ impacts on the target server.
The 12 security vulnerabilities that have been reported in October 2023 for Windows Server 2016 are shared below:
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2023-35349 | 9.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36697 | 6.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server |
| CVE-2023-36718 | 7.8 | This vulnerability could lead to a contained execution environment escape on the Microsoft Virtual Trusted Platform Module. |
| CVE-2023-41774 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41773 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41771 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41770 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41769 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41768 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41767 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41765 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-38166 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
IIS Vulnerability
There is a CVSS 9.8 vulnerability on the IIS Server running on Windows Server 2016. This vulnerability has an IMPORTANT severity level. The details of the vulnerability are shared below:
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36434 | IMPORTANT | 9.8 | Elevation of Privileges | In a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft suggests using complex or strong passwords to protect against this vulnerability. |
KB5031362 – Changelog
The following changes or improvements are part of the KB5031362 cumulative update for Windows Server 2016:
- New! IE mode and Microsoft Edge can now share cookies. To learn more, see Cookie sharing between Microsoft Edge and Internet Explorer.
- New! This update completes the work to comply with the GB18030-2022 requirements. It removes and remaps characters for Microsoft Wubi input and Microsoft Pinyin U-mode input. You can no longer enter character codepoints that are not supported. All the required codepoints are up to date.
- This update changes the spelling of Ukraine’s capital from Kiev to Kyiv.
- This update addresses an issue that affects external binding. It fails. This occurs after you install Windows updates dated May 2023 or later. Because of this, there are issues that affect LDAP queries and authentication.
For more details about the KB5031362, you can also refer to Microsoft’s release document for KB5031362.
October 2023 Cumulative or Security Updates
You may also like to refer to the following cumulative updates or security updates released in October 2023:
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.