KB5031407 is the security update for Windows Server 2012 R2. The standalone update was released on 10 October 2023.
Salient points
- KB5031407 is a standalone security update for Windows Server 2012 R2.
- For complete security coverage on Windows Server 2012 R2, you will need to ensure all the previous security updates for Windows Server 2012 R2 must be already deployed.
- KB5030287 is the previous security update for Windows Server 2012 R2. It was released in September 2023. You can read more about KB5030287 on this page.
- KB5030329 is the Servicing Stack Update that corresponds to KB5031407. KB5030329 was released in September 2023.
- You will also need to install the latest cumulative update for Internet Explorer 11. KB5031355 is the latest cumulative update for Internet Explorer 11 released on 10 October 2023.
- There are 60 security vulnerabilities that affect Windows Server 2012 R2.
- A single zero-day threat affects Windows Server 2012 R2. This threat has been covered in the vulnerabilities section below.
- There are 11 security vulnerabilities that affect Windows Server 2012 R2. These have been shared in the vulnerabilities section below.
- A CVSS 9.8 vulnerability on the IIS services has also been discussed below.
- The language pack issue continues to affect Windows Server 2012 R2. If you install a language pack after installing KB5031407, you will need to reinstall KB5031407. A language pack renders the security update infructitious.
Download KB5031407
KB5031407 is a standalone update. It can be installed using WSUS or through a manual approach.
WSUS or Windows Server Update Service remains the most preferred method to install security updates on Windows Server 2012 R2.
For manual installation of KB5031407, you will need to follow a three-step process on Windows Server 2012 R2.
- Download and install Servicing Stack Update KB5030329
- Download and install Internet Explorer 11 cumulative update KB5031355 for Windows Server 2012 R2
- Download and install KB5031407 on Windows Server 2012 R2
We discuss these three patches below.
Download KB5030329
KB5030329 is a Servicing Stack Update released in September 2023. If you have installed the security update KB5030279 for September 2023, you could have already deployed the KB5030329 Servicing Stack Update.
Otherwise, you can download KB5030329 from the Microsoft Update Catalog site. Or, you could use the direct download link for KB5030329 below.
Download KB5031355
KB5031355 is the cumulative update for Internet Explorer 11 in Windows Server 2012 R2. It was released on 10 October 2023. The download links for KB5031355 are shared below.
The size of the KB5031355 cumulative update for Internet Explorer 11 is 55.1 MB. This update will cause the server to reboot.
Download KB5031407
KB5031407 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download link for KB5031407 shared below.
The size of the security update KB5031407 for Windows Server 2012 R2 is 61.5 MB. This update will require a server restart to complete the installation.
Vulnerabilities
There are 61 vulnerabilities that have been disclosed under the October 2023 security bulletin released by Microsoft. Out of these, we cover the zero-day threats, CRITICAL threats, and IIS server vulnerabilities below.
Zero-day vulnerabilities
There is a single zero-day threat that affects Windows Server 2012 R2. A zero-day threat is a publicly disclosed threat. Or, it could be a threat that has already been exploited by the various threat actors.
The zero-day threat affecting Windows Server 2012 R2 is mentioned below:
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36563 | IMPORTANT | 6.5 | Information Disclosure | Exploiting this vulnerability could allow the disclosure of NTLM hashes. |
CRITICAL vulnerabilities
There are 11 vulnerabilities with CRITICAL severity. All these 11 vulnerabilities show the following characteristics:
- All these threats can lead to ‘Remote Code Execution’ attacks.
- These vulnerabilities affect the Microsoft Messaging Queue service or the Layer 2 Tunneling Protocol.
A list of CRITICAL vulnerabilities on Windows Server 2012 R2 for the month of October 2023 is shared below.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2023-35349 | 9.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36697 | 6.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server |
| CVE-2023-41774 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41773 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41771 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41770 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41769 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41768 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41767 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41765 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-38166 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
IIS Vulnerability
There is a CVSS 9.8 vulnerability on the IIS services running on Windows Server 2012 R2. This threat has been shared below.
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36434 | IMPORTANT | 9.8 | Elevation of Privileges | In a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft suggests using complex or strong passwords to protect against this vulnerability. |
KB5031407 – Changelog
The following changes are part of the KB5031407 security update for Windows Server 2012 R2:
- Addresses an issue in which an external bind might fail after Windows updates released on or after May 2023 are installed. This leads to issues with Lightweight Directory Access Protocol (LDAP) queries and authentication.
- This update includes daylight saving time (DST) changes for Ukraine and Greenland. For more information, see theĀ Daylight Saving Time & Time Zone Blog.
October 2023 Cumulative or Security Updates
You may also like to read more about the October 2023 cumulative updates below:
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.