KB5033429 is the cumulative monthly rollup update for Windows Server 2012. It was released on 12 December 2023 under the ‘Patch Tuesday’ program of Microsoft.
Windows Server 2012 reached ‘End of Support’ on 10 October 2023. Going forward, ESU or Extended Security Updates will be available for Windows Server 2012.
ESU or Extended Security Updates are cumulative. You can buy ESU for Windows Server 2012 on an annual renewal basis until October 2026.
Salient points
- KB5033429 has been superseded by the KB5034184 ESU or monthly rollup update. You can read more about it on the KB5034184 page.
- KB5033429 is the monthly rollup update (ESU or Extended Security Update) for Windows Server 2012 for December 2023. It supersedes the KB5032247 update.
- KB5032247 is the monthly rollup update for November 2023. It was released on 14 November 2023. You can read more about KB5032247 on this page.
- KB5032309 is the Servicing Stack Update that corresponds to KB5032247 and KB5033429. The SSU was released on 14 November 2023. You would need to deploy KB5032309 prior to installing the KB5033429 monthly rollup update.
- There is no new Servicing Stack Update release for December 2023 for Windows Server 2012.
- If you installed KB5032247 in November 2023, you would have already deployed the Servicing Stack Update KB5032309.
- 18 security vulnerabilities affect Windows Server 2012 as part of the December 2023 security report.
- Three CRITICAL security vulnerabilities affect Windows Server 2012. You can read more about these vulnerabilities in the vulnerabilities section.
- CVE-2023-20588 is a zero-day threat that impacts AMD servers. This threat affects Windows Server 2012 edition.
- The issue with language packs continues to affect Windows Server 2012. If you install a language pack after installing KB5033429, you will need to re-install the KB55033429 update. This is because installing a language pack renders the monthly rollup update infructitious.
To install KB5033429, you will need a valid key for the Extended Security Updates because the Windows Server 2012 attained End of Support status on 10 October 2023.
Extended Security Updates for Windows Server 2012
For Windows Server 2012, you need to follow the 4-step process to avail of the Extended Security Update KB5033429.
- Ensure that the Servicing Stack Update KB5029369 is installed on Windows Server 2012. This SSU was released in August 2023. This SSU needs to be installed before you install the ESU preparation package.
- Buy the ESU license or Extended Security Update program subscription for one year. Download and install the ESU or Extended Security Update preparation package.
- Download and install the KB5032309 Servicing Stack update for Windows Server 2012
- Download and install the KB5033429 monthly rollup update.
Download KB5033429
KB5033429 is a cumulative monthly rollup update of the type of an Extended Security Update. It can be installed automatically or through a manual approach.
For automatic patching of the monthly rollup update, you could use one of the following methods:
- Windows Update
- WSUS or Windows Server Update Service
WSUS remains the best method to automatically import and deploy security updates or cumulative updates on Windows Servers. We strongly suggest using WSUS as the preferred method for rolling out updates.
However, you will still need a valid key to apply the Extended Security Updates on Windows Server 2012.
For manual installation, you can download the offline installer files from the Microsoft Update Catalog site. Alternatively, you can use the direct download links for KB5033429 shared below.
The manual installation of KB5033429 involves the following 4 steps:
- Download and install KB5029369 Servicing Stack Update
- Download and install ESU package KB5017221 for Windows Server 2012
- Download and install Servicing Stack Update KB5032309
- Download and install the KB5033429 cumulative update
For each of these updates, we have shared the download links below.
Download KB5029369
The Servicing Stack Update file for KB5029369 has a size of 9.8 MB. Servicing Stack Updates, upon installation, do not cause the server to reboot. This Servicing Stack Update was released in August 2023.
This Servicing Stack Update is required before installing the ESU preparation package on Windows Server 2012.
Download KB5017221
KB5017221 is the ESU or Extended Security Update preparation package. Before you can deploy an Extended Security Update, you need to install this package on Windows Server 2012.
You can download the package from the Microsoft Update Catalog site or from the direct download link shared below.
- Download the KB5017221 ESU package from the Microsoft Update Catalog site
- Direct download link for KB5017221 ESU preparation package
The size of the preparation package is 364 KB only. This package will prepare your Windows Server 2012 to accept the Extended Security Updates released under the ‘Patch Tuesday’ project.
Download KB5032309
KB5032309 is the latest Servicing Stack Update for Windows Server 2012. It was released on 14 November 2023. You can download the SSU from the Catalog site or use the direct download link shared below.
SSU will not cause a server reboot.
The size of the Servicing Stack Update KB5032309 is 10.1 MB only.
Download KB5033429
The download links for KB5033429 are shared hereunder.
- Download KB5033429 from the Microsoft Update Catalog site
- Direct download link for cumulative update KB5033429
The size of the offline installer file for KB5033429 is 435 MB.
The server will reboot post-installation of the monthly rollup update. So, we do suggest installing the cumulative update as part of an organized change process within the IT infrastructure.
If you installed KB5032247 in November 2023, only the incremental changes in KB5033429 will be downloaded and applied on the Windows Server 2012. This process is short and swift and you can expect the updates to complete very quickly.
Vulnerabilities
There are 18 security vulnerabilities that have been disclosed for Windows Server 2012 as part of the December 2023 security bulletin released by Microsoft.
This includes one zero-day threat and 3 CRITICAL severity threats.
Zero-day vulnerability
The zero-day vulnerabilities are publicly known and exploited vulnerabilities. Therefore, immediate patching needs to be carried out to mitigate the risk arising out of zero-day vulnerabilities within the IT infrastructure.
The following zero-day threat was first reported in August 2023. It has been mitigated in the current Windows Update cycle. Therefore, we suggest immediate deployment of the cumulative update KB5033429.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-20588 | 5.5 | IMPORTANT | Information Disclosure | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. |
We have listed the 3 CRITICAL threats that affect Windows Server 2012 below.
CRITICAL vulnerabilities
The 3 CRITICAL security vulnerabilities affect Windows Server 2012. All these CRITICAL vulnerabilities could lead to ‘Remote Code Execution’ attacks.
CVE details | CVSS | Severity | Impact | Description |
---|---|---|---|---|
CVE-2023-35630 | 8.8 | CRITICAL | Remote Code Execution | This threat impacts the Internet Connection Sharing (ICS). Successful exploitation of this vulnerability requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message. This attack is limited to systems connected to the same network segment as the attacker. |
CVE-2023-35628 | 8.1 | CRITICAL | Remote Code Execution | This vulnerability arises on account of Windows MSHTML Platform. The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. This could result in the attacker executing remote code on the victim’s machine. |
CVE-2023-35641 | 8.8 | CRITICAL | Remote Code Execution | This threat affects the Internet Connection Sharing (ICS). To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service. This attack is limited to systems connected to the same network segment as the attacker |
KB5033429 – Changelog
The following changes are part of the KB5033429 monthly rollup update (Extended Security Updates) for Windows Server 2012.
- This update contains miscellaneous security improvements to internal Windows OS functionality.
- This update brings in security changes for Windows Server 2012.
December 2023 Cumulative or Security Updates
- KB5033371 for Windows 10 version 1809
- KB5033373 for Windows 10 version 1607
- KB5033379 for Windows 10
- KB5033372 for Windows 10 21H2 and 22H2
- KB5033375 Cumulative Update for Windows 11 22H2 and 23H2
- KB5033369 Cumulative Update for Windows 11 21H2
- KB5033420 Monthly Rollup Update for Windows Server 2012 R2
- KB5033429 Monthly Rollup Update for Windows Server 2012
- KB5033383 Cumulative Update for Windows Server 2022
- KB5033118 Cumulative Update for Windows Server 2022
- KB5033371 Cumulative Update for Windows Server 2019
- KB5033373 Cumulative Update for Windows Server 2016
- Microsoft Edge upgrades to version 120.0.2210.61
November 2023 Cumulative or Security Updates
- KB5032196 Cumulative Update for Windows Server 2019
- KB5032197 Cumulative Update for Windows Server 2016
- KB5032198 Cumulative Update for Windows Server 2022
- KB5032247 Monthly Rollup Update for Windows Server 2012
- KB5032249 Monthly Rollup for Windows Server 2012 R2
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.