KB5032197 Cumulative Update for Windows Server 2016

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5032197 is a cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. The update was released on 14 November as part of the ‘Patch Tuesday’ project of Microsoft.

  • KB5032197 has been superseded by December 2023 cumulative update KB5033373.
  • KB5032197 is a cumulative update that supersedes the KB5031362 cumulative update.
  • KB5031362 was released on 10 October 2023 and you can read more about it on this KB5031362 page.
  • KB5032197 corresponds to server build 14393.6452. KB5031362 corresponds to build 14393.6351. If you had installed KB5031362, you would be transitioning from build 6351 to 6452.
  • KB5032391 is the Servicing Stack Update that needs to be installed before installing KB5032197. KB5032391 is a new Servicing Stack update for Windows Server 2016 released on 14 November 2023.
  • 23 security vulnerabilities have been reported for Windows Server 2016 in the November 2023 security bulletin released by Microsoft.
  • 2 of these security vulnerabilities have a CRITICAL severity level for Windows Server 2016.
  • 1 Zero-day threat affects Windows Server 2016. CVE-2023-36033 is the zero-day threat impacting Windows DWM Core Library and could cause an ‘Elevation of Privilege’ attack.

Details of security vulnerabilities on Windows Server 2016 are listed in the vulnerabilities section below.

KB5032197 can be applied automatically using one of the following methods:

  • Windows Update
  • Windows Update for Business
  • WSUS or Windows Server Update Services

WSUS remains the most preferred method to automatically deploy security and cumulative updates.

For automated deployments, the Servicing Stack Update KB5032391 will be automatically installed before KB5032197 is installed on Windows Server 2016.

For manual deployment of KB5032197, you will need to follow a 2-step process.

  • Download and install KB5032391 Servicing Stack Update
  • Download and install KB5032197 cumulative update.

The download for the Servicing Stack Update and the cumulative update can be completed from the Microsoft Update Catalog site. The installer is available as an offline installer file in the .MSU format.

The size of the Servicing Stack Update file is 11.6 MB. The server will not restart after installing the SSU.

KB5032197 for Windows Server 2016 can be downloaded from the Microsoft Update Catalog site. Or, you could use the direct download link below.

The size of the cumulative update KB5032197 is 1626.4 MB. KB5032197 will cause a server reboot. Please plan for implementation as part of an organized change management process.

23 security vulnerabilities affect Windows Server 2016 as part of the November 2023 security reports. 2 of these vulnerabilities are CRITICAL severity vulnerabilities. There is a single zero-day threat that affects Windows Server 2016.

The remaining 21 security vulnerabilities have IMPORTANT severity levels.

We have listed the CRITICAL vulnerabilities and the zero-day threat for Windows Server 2016 below.

The zero-day vulnerabilities are publicly known and exploited vulnerabilities. Therefore, immediate patching needs to be carried out to mitigate the risk arising out of zero-day vulnerabilities within the IT infrastructure.

CVE detailsCVSSSeverityImpact Description
CVE-2023-360337.8IMPORTANTElevation of PrivilegeAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

The two CRITICAL security vulnerabilities on Windows Server 2016 are listed below.

CVE detailsCVSSSeverityImpact Description
CVE-2023-363979.8CRITICALRemote Code ExecutionThis threat impact the Windows Pragmatic General Multicast (PGM).

When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.
CVE-2023-364008.8CRITICALElevation of PrivilegeThis vulnerability arises on account of Windows HMAC Key Derivation.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The following changes or improvements are part of the KB5032197 cumulative update for Windows Server 2016:

  • This update supports daylight saving time (DST) changes in Syria.
  • This update addresses security issues for your Windows operating system. 
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.