KB5032196 is a cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. The update was released on 14 November as part of the ‘Patch Tuesday’ project of Microsoft.
Salient points
- KB5032196 has now been superseded by the KB5033371 cumulative update.
- KB5032196 is a cumulative update that supersedes the KB5031361 cumulative update.
- KB5031361 was released on 10 October 2023 and you can read more about it on this KB5031361 page.
- KB5032196 corresponds to server build 17763.5122. KB5031361 corresponds to build 17763.4974. If you had installed KB5031361, you would be transitioning from build 4974 to 5122.
- KB5005112 is the Servicing Stack Update that needs to be installed prior to installing KB5032196. KB5005112 was released in August 2021. There is a high likelihood of the SSU being already installed on the server. If KB5005112 is already installed, you can skip to direct installation of KB5032196.
- The issue with Bitlocker device encryption reporting continues to impact Windows Server 2019. It was first reported after the installation of October 2023 cumulative updates. Microsoft is working on providing a resolution.
- 27 security vulnerabilities have been reported for Windows Server 2019 in the November 2023 security bulletin released by Microsoft.
- 2 of these security vulnerabilities have a CRITICAL severity level.
- 1 Zero-day threat affects Windows Server 2019. CVE-2023-36033 is the zero-day threat impacting Windows DWM Core Library and could cause an ‘Elevation of Privilege’ attack.
Details of security vulnerabilities on Windows Server 2019 are listed in the vulnerabilities section below.
Download KB5032196
KB5032196 can be applied automatically using one of the following methods:
- Windows Update
- Windows Update for Business
- WSUS or Windows Server Update Services
WSUS remains the most preferred method to automatically deploy security and cumulative updates.
For manual deployment of KB5032196, you will need to follow a 2-step process.
- Ensure Servicing Stack Update KB5005112 is already installed. If not, download and install KB5005112.
- Download and install KB5032196 cumulative update.
The download for the Servicing Stack Update and the cumulative update can be completed from the Microsoft Update Catalog site. The installer is available as offline installer file in .MSU format.
Download KB5005112
The size of the Servicing Stack Update file is 13.8 MB. The server will not restart after installing the SSU.
Download KB5032196
KB5032196 for Windows Server 2019 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download link below.
The size of the cumulative update KB5032196 is 620.3 MB. KB5032196 will cause a server reboot. Please plan for implementation as part of an organized change management process.
Vulnerabilities
27 security vulnerabilities affect Windows Server 2019 as part of the November 2023 security reports. 2 of these vulnerabilities are CRITICAL severity vulnerabilities. There is a single zero-day threat that affects Windows Server 2019.
We have listed the CRITICAL vulnerabilities and the zero-day threat for Windows Server 2019 below.
Zero-day vulnerability
The zero-day vulnerabilities are publicly known and exploited vulnerabilities. Therefore, immediate patching needs to be carried out to mitigate the risk arising out of zero-day vulnerabilities within the IT infrastructure.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-36033 | 7.8 | IMPORTANT | Elevation of Privilege | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CRITICAL Vulnerabilities
The two CRITICAL security vulnerabilities on Windows Server 2019 are listed below.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-36397 | 9.8 | CRITICAL | Remote Code Execution | This threat impact the Windows Pragmatic General Multicast (PGM). When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
CVE-2023-36400 | 8.8 | CRITICAL | Elevation of Privilege | This vulnerability arises on account of Windows HMAC Key Derivation. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. |
Known Issue – KB5032196
KB5032196 reports the Bitlocker Device Encryption reporting issue. The issue was first reported after the deployment of the October 2023 cumulative update KB5031361. It is essential to note that the issue is a reporting issue only and actual device encryption is not impacted.
Issue Description
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the “Require Device Encryption” setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also be affected.
Mitigation
To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies to not configured.
KB5032196 Changelog
The following changes or improvements are part of the KB5032196 cumulative update for Windows Server 2019:
- This update supports daylight saving time (DST) changes in Syria.
- This update affects user mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
- This update addresses an issue that affects Xenon or Argon containers. They do not start.
- This update addresses an issue that affects NCryptGetProperty(). Calling it with NCRYPT_KEY_TYPE_PROPERTY returns 0x1 instead of 0x20. This occurs when the key is a machine key.
- This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
- This update addresses an issue that affects Windows LAPS. Its PasswordExpirationProtectionEnabled policy fails to turn on the setting.
- This update addresses an issue that affects an Application Virtualization (App-V) environment. Copy operations within it stop working. This occurs after you install the April 2023 update.
- This update supports the currency change in Croatia from the Kuna to the Euro.
- This update addresses security issues for your Windows operating system.
November 2023 Cumulative or Security Updates
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.