KB5031427 is the security-only standalone update for Windows Server 2012. This security update was released on 10 October 2023.
Salient points
- KB5031427 is a standalone security update. You must have already deployed all the previous security updates on Windows Server 2012 for full security coverage.
- The last security update for Windows Server 2012 was KB5030279. It was released in September 2023. You can read more about KB5030279 on this page.
- KB5031442 is the monthly rollup update that corresponds to security update KB5031427. We suggest installing the KB5031442 monthly rollup update instead of the KB5031427 security update if possible. KB5031442 is a cumulative update while KB5031427 is a standalone update.
- KB5031469 is the Servicing Stack Update that corresponds to the KB5031427 security update for Windows Server 2012. You need to deploy KB5031469 before installing KB5031427 on the server.
- Besides installing KB5031469, you will also need to install KB5031355 cumulative update for Internet Explorer 11 on Windows Server 2012. The IE cumulative update KB5031355 was released on 10 October 2023.
- 61 security vulnerabilities affect Windows Server 2012.
- A single zero-day threat affects Windows Server 2012. It has been shared in the vulnerabilities section below.
- There are 11 CRITICAL security vulnerabilities on Windows Server 2012 as part of the October 2023 security bulletin released by Microsoft. These have been shared in the vulnerabilities section below.
- The issue with language packs continues to affect Windows Server 2012. If you install a language pack after installing KB5031427, you will need to reinstall the security update KB5031427.
Download KB5031427
KB5031427 can be installed using WSUS or in a manual approach.
Since KB5031427 is a standalone update, you cannot use Windows Update to roll out the update on Windows Server 2012.
WSUS, therefore, remains the best method to install KB5031427 on Windows Server 2012.
For manual installation of KB5031427 on Windows Server 2012, we need to follow a three-step process.
- Download and install Servicing Stack Update KB5031469 on Windows Server 2012
- Download and install Cumulative Update KB5031355 for Internet Explorer 11
- Download and install KB5031427 Security Update
All these patches can be downloaded from corresponding pages on the Microsoft Update Catalog site. Or, you could use the direct download links shared for each update below.
Download KB5031469
KB5031469 is the latest Servicing Stack Update for Windows Server 2012 released on 10 October 2023.
The Servicing Stack Update file for KB5031469 has a size of 10.1 MB. Servicing Stack Updates, upon installation, do not cause the server to reboot.
Download KB5031355
KB5031355 is the latest cumulative update for Internet Explorer 11. It was released on 10 October 2023.
The size of the cumulative update for Internet Explorer 11 is 92.7 MB. This update will require a restart to complete the installation.
Download KB5031427
The security-only update KB5031427 can be downloaded from the Microsoft Update Catalog site or through the direct download link shared below.
The size of the security-only update KB5031427 is 58.2 MB. This security update will cause the server to reboot or restart. We suggest installing KB5031427 as part of a structured change management process within the IT infrastructure.
Vulnerabilities
There are 60 security vulnerabilities that have been disclosed for Windows Server 2012 as part of the October 2023 security bulletin released by Microsoft.
There is a single zero-day threat that affects Windows Server 2012. There are 11 CRITICAL threats. We have listed the zero-day threats and all the 11 CRITICAL threats below.
Zero-day vulnerabilities
There is a single zero-day threat that affects Windows Server 2012 and needs to be patched immediately.
Zero-day threats are vulnerabilities that are publicly disclosed. Or, these are the vulnerabilities that have already been exploited by the various threat actors.
The zero-day threat that affects Windows Server 2012 is mentioned below.
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36563 | IMPORTANT | 6.5 | Information Disclosure | Exploiting this vulnerability could allow the disclosure of NTLM hashes. |
CRITICAL vulnerabilities
There are 11 security vulnerabilities that have CRITICAL severity levels.
- All these 11 CRITICAL vulnerabilities can cause ‘Remote Code Execution’ attacks.
- These CRITICAL vulnerabilities are either on account of the Microsoft Messaging Queue service or the Layer 2 Tunneling Protocol.
The 11 CRITICAL security vulnerabilities affecting Windows Server 2012 are shared hereunder.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2023-35349 | 9.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. |
| CVE-2023-36697 | 6.8 | This vulnerability affects the Microsoft Message Queuing. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server |
| CVE-2023-41774 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41773 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41771 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41770 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41769 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41768 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41767 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-41765 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
| CVE-2023-38166 | 8.1 | This vulnerability affects the Layer 2 Tunneling protocol. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. |
IIS Vulnerability
There is a CVSS 9.8 vulnerability on the IIS services running on Windows Server 2012. This threat has been shared below.
| CVE Vulnerability | Severity | CVSS Score | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36434 | IMPORTANT | 9.8 | Elevation of Privileges | In a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft suggests using complex or strong passwords to protect against this vulnerability. |
KB5031427 – Changelog
The following changes are part of the KB5031427 security update for Windows Server 2012:
- Addresses an issue in which an external bind might fail after Windows updates released on or after May 2023 are installed. This leads to issues with Lightweight Directory Access Protocol (LDAP) queries and authentication.
- Addresses an issue in which the Windows product key installation and Windows activation might fail after installing the September 12, 2023 Windows Server 2012 update.
- This update includes daylight saving time (DST) changes for Greenland. For more information, see theĀ Daylight Saving Time & Time Zone Blog.
October 2023 Cumulative or Security Updates
You may also like to refer to the following cumulative updates or security updates released in October 2023:
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.