KB5032249 is the cumulative monthly rollup update for Windows Server 2012 R2. It was released on 14th November 2023 under the ‘Patch Tuesday’ program of Microsoft.
Windows Server 2012 R2 reached ‘End of Support’ on 10 October 2023. Going forward, ESU or Extended Security Updates will be available for Windows Server 2012 R2.
ESU or Extended Security Updates are cumulative. You can buy ESU for Windows Server 2012 R2 on an annual renewal basis until October 2026.
Salient points
- KB5032249 is the monthly rollup update (ESU or Extended Security Update) for Windows Server 2012 R2 and supersedes the KB5031419 update.
- KB5031419 is the monthly rollup update for Windows Server 2012 R2. It was released on 10 October 2023. You can read more about KB5031419 on this page.
- KB5032308 is the Servicing Stack Update that corresponds to KB5032249. The SSU was released on 14 November 2023. You would need to deploy KB5032308 prior to installing the KB5032249 monthly rollup update.
- 18 security vulnerabilities affect Windows Server 2012 R2 as part of the November 2023 security report.
- There is a single CRITICAL security vulnerability that affects Windows Server 2012 R2. You can read more about this vulnerability in the vulnerabilities section.
- The issue with language packs continues to affect Windows Server 2012 R2. If you install a language pack after installing KB5032249, you will need to re-install the KB55032249 update. This is because installing a language pack renders the monthly rollup update infructitious.
To install KB5032249, you will need a valid key for the Extended Security Updates because the Windows Server 2012 R2 attained End of Support status on 10 October 2023.
Extended Security Updates for Windows Server 2012 R2
For Windows Server 2012 R2, you need to follow the 4-step process to avail of the Extended Security Update KB5032249.
- Ensure that the Servicing Stack Update KB5029368 is installed on Windows Server 2012 R2. This SSU was released in August 2023. This SSU needs to be installed before you install the ESU preparation package.
- Buy the ESU license or Extended Security Update program subscription for one year. Download and install the ESU or Extended Security Update preparation package.
- Download and install the KB5032308 Servicing Stack update for Windows Server 2012 R2.
- Download and install the KB5032249 monthly rollup update.
Download KB5032249
KB5032249 is a cumulative monthly rollup update of the type of an Extended Security Update. It can be installed automatically or through a manual approach.
For automatic patching of the monthly rollup update, you could use one of the following methods:
- Windows Update
- WSUS or Windows Server Update Service
WSUS remains the best method to automatically import and deploy security updates or cumulative updates on Windows Servers. We strongly suggest using WSUS as the preferred method for rolling out updates.
However, you will still need a valid key to apply the Extended Security Updates on Windows Server 2012 R2.
For manual installation, you can download the offline installer files from the Microsoft Update Catalog site. Alternatively, you can use the direct download links for KB5032249 shared below.
The manual installation of KB5032249 involves the following 4 steps:
- Download and install KB5029368 Servicing Stack Update
- Download and install ESU package KB5017220 for Windows Server 2012
- Download and install Servicing Stack Update KB5032308
- Download and install the KB5032249 cumulative update
For each of these updates, we have shared the download links below.
Download KB5029368
The Servicing Stack Update file for KB5029368 has a size of 10.5 MB. Servicing Stack Updates, upon installation, do not cause the server to reboot. This Servicing Stack Update was released in August 2023.
This Servicing Stack Update is required before installing the ESU preparation package on Windows Server 2012 R2.
Download KB5017220
KB5017220 is the ESU or Extended Security Update preparation package. Before you can deploy an Extended Security Update, you need to install this package on Windows Server 2012 R2.
You can download the package from the Microsoft Update Catalog site or from the direct download link shared below.
- Download the KB5017220 ESU package from the Microsoft Update Catalog site
- Direct download link for KB5017220 ESU preparation package
The size of the preparation package is 424 KB only. This package will prepare your Windows Server 2012 R2 to accept the Extended Security Updates released under the ‘Patch Tuesday’ project.
Download KB5032308
KB5032308 is the latest Servicing Stack Update for Windows Server 2012 R2. It was released on 14 November 2023. You can download the SSU from the Catalog site or use the direct download link shared below.
SSU will not cause a server reboot.
The size of the Servicing Stack Update KB5032308 is 10.5 MB only.
Download KB5032249
The download links for KB5032249 are shared hereunder.
- Download KB5032249 from the Microsoft Update Catalog site
- Direct download link for cumulative update KB5032249
The size of the offline installer file for KB5032249 is 586.2 MB.
The server will reboot post-installation of the monthly rollup update. So, we do suggest installing the cumulative update as part of an organized change process within the IT infrastructure.
Vulnerabilities
There are 18 security vulnerabilities that have been disclosed for Windows Server 2012 R2 as part of the November 2023 security bulletin released by Microsoft.
We have listed the single CRITICAL threat that affects Windows Server 2012 R2 below.
CRITICAL vulnerabilities
There is a single CRITICAL security vulnerability that affects Windows Server 2012 R2.
| CVE details | CVSS | Severity | Impact | Description |
|---|---|---|---|---|
| CVE-2023-36397 | 9.8 | CRITICAL | Remote Code Execution | This threat impacts the Windows Pragmatic General Multicast (PGM). When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
KB5032249 – Changelog
The following changes are part of the KB5032249 monthly rollup update (Extended Security Updates) for Windows Server 2012 R2.
- This update includes daylight saving time (DST) changes for Syria.
- This update brings in security changes for Windows Server 2012 R2.
November 2023 Cumulative or Security Updates
- KB5032196 Cumulative Update for Windows Server 2019
- KB5032197 Cumulative Update for Windows Server 2016
- KB5032198 Cumulative Update for Windows Server 2022
- KB5032247 Monthly Rollup Update for Windows Server 2012
- KB5032249 Monthly Rollup for Windows Server 2012 R2
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.