KB5031419 Monthly Rollup for Windows Server 2012 R2

KB5031419 is the cumulative or monthly rollup update for Windows Server 2012 R2. This update was released on 10 October 2023 under the ‘Patch Tuesday’ program.

Salient points

  • KB5031419 has now been superseded by KB5032249 monthly rollup update for Windows Server 2012 R2.
  • KB5031419 is a cumulative update that supersedes the KB5030269 monthly rollup update.
  • KB5030269 was released in September 2023. You can read more about KB5030269 on this page.
  • KB5031419 includes all changes that are part of the October security-only update KB5031407 for Windows Server 2012 R2.
  • KB5030329 is the Servicing Stack Update that corresponds to KB5031419 and KB5031407. You must ensure KB5030329 is installed on Windows Server 2012 R2 before deploying KB5031419 or KB5031407.
  • KB5030329 was released in September 2023. If you had already deployed KB5030269 in September, you would have already completed the installation of KB5030329.
  • The issue with language packs continues to affect Windows Server 2012 R2. If you install a language pack after installing KB5031419 or KB5031407, you will need to reinstall the updates. Installing a language pack over the monthly rollup or security update on Windows Server 2012 R2 renders the update infructitious.
  • 61 security vulnerabilities affect Windows Server 2012 R2. This is as per the October 2023 security bulletin released by Microsoft on 10 October 2023.
  • A single zero-day threat affects Windows Server 2012 R2. The zero-day vulnerability has been shared in the vulnerabilities section below.
  • 11 security vulnerabilities on Windows Server 2012 R2 have a ‘CRITICAL’ severity. These threats have been shared in the vulnerabilities section.

Download KB5031419

KB5031419 can be installed in an automated or manual approach. We discuss both options below.

For automated rollout of patches on Windows Server 2012 R2, you could use one of the following methods:

  • Windows Update
  • Windows Server Update Services or WSUS

WSUS remains the best way forward to import, deploy, and maintain software updates on Windows Servers.

For automated patch installations of cumulative or monthly rollup updates, Servicing Stack Updates are deployed automatically as part of the update process.

For manual installation, you need to download and apply the monthly rollup update on Windows Server 2012 R2. The offline installer file is available in MSU file extension.

Manual deployment of KB5031419 is a two-step process:

  1. Download and install Servicing Stack Update KB5030329.
  2. Download and install KB5031419

Download KB5030329

KB5030329 is a Servicing Stack Update released in September 2023. If you installed the KB5030329 monthly rollup for September 2023, the Servicing Stack Update would have been already deployed.

You can download KB5030329 from the Microsoft Update Catalog site. Or, you could download the offline installer file from the direct download link for KB5030329 shared below.

The size of the update file for KB5030329 is 10.5 MB.

When you install Servicing Stack Update on Windows Server 2012 R2, the server will not reboot or restart.

Download KB5031419

The monthly rollup update for Windows Server 2012 R2 for October 2023 can be downloaded from the Microsoft Update Catalog site. Or, you could download the offline installer file using the direct download link shared below.

The size of the monthly rollup update KB5031419 is 584.9 MB. This update will cause a server reboot. Therefore, we strongly suggest implementing KB5031419 as part of an organized change within the IT infrastructure.

Vulnerabilities

There are 61 vulnerabilities that have been disclosed under the October 2023 security bulletin released by Microsoft. Out of these, we cover the zero-day threats, CRITICAL threats and IIS server vulnerabilities below.

Zero-day vulnerabilities

There is a single zero-day threat that affects Windows Server 2012 R2. A zero-day threat is a publicly disclosed threat. Or, it could be a threat that has already been exploited by the various threat actors.

The zero-day threat affecting Windows Server 2012 R2 is mentioned below:

CVE VulnerabilitySeverityCVSS ScoreImpactComments
CVE-2023-36563IMPORTANT6.5Information DisclosureExploiting this vulnerability could allow the disclosure of NTLM hashes.

CRITICAL vulnerabilities

There are 11 vulnerabilities with CRITICAL severity. All these 11 vulnerabilities show the following characteristics:

  • All these threats can lead to ‘Remote Code Execution’ attacks.
  • These vulnerabilities affect the Microsoft Messaging Queue service or the Layer 2 Tunneling Protocol.

A list of CRITICAL vulnerabilities on Windows Server 2012 R2 for the month of October 2023 is shared below.

CVE DetailsCVSS ScoreComments
CVE-2023-353499.8This vulnerability affects the Microsoft Message Queuing.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.
CVE-2023-366976.8This vulnerability affects the Microsoft Message Queuing.
Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server
CVE-2023-417748.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417738.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417718.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417708.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417698.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417688.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417678.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-417658.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-381668.1This vulnerability affects the Layer 2 Tunneling protocol.
An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.

IIS Vulnerability

There is a CVSS 9.8 vulnerability on the IIS services running on Windows Server 2012 R2. This threat has been shared below.

CVE VulnerabilitySeverityCVSS ScoreImpactComments
CVE-2023-36434IMPORTANT9.8Elevation of PrivilegesIn a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft suggests using complex or strong passwords to protect against this vulnerability.

KB5031419 – Changelog

The following changes are part of the monthly rollup update KB5031419 for Windows Server 2012 R2:

  • Addresses an issue in which an external bind might fail after Windows updates released on or after May 2023 are installed. This leads to issues with Lightweight Directory Access Protocol (LDAP) queries and authentication.
  • This update includes daylight saving time (DST) changes for Ukraine and Greenland. For more information, see the Daylight Saving Time & Time Zone Blog.

October 2023 Cumulative or Security Updates

You may also like to refer to the following cumulative updates or security updates released in October 2023:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.