The security update for the month of December 2021 for the Windows Server 2012 R2 has been released. The security update is managed under the article KB5008285. Below, we look at the main features of the security update KB5008285 that affect Windows Server 2012 R2.
The security update for the Windows Server 2012 R2 resolves 21 security vulnerabilities. There are 3 vulnerabilities of a critical nature, and 18 vulnerabilities are of an ‘important’ impact for the Windows Server 2012 R2.
Update – 06th January 2022: Microsoft has released an emergency out of band update, KB5010215, for Windows Server 2012 R2 that needs to be installed on a Windows Server 2012 R2 that has been patched with KB5008285. The emergency update fixes the RDP issue on the Windows Server 2012 R2 and resolves performance issues that may have happened after patching the Windows Server 2012 R2 with the security update KB50082825. You may read more about the emergency update KB5010215 below.
Critical vulnerabilities resolved under KB5008285 for Windows Server 2012 R2
In all, 3 remote code execution vulnerabilities have been resolved as part of the security update KB5008285 on the Windows Server 2012 R2. All these vulnerabilities could allow a remote attacker to execute malicious code on vulnerable servers. The critical vulnerabilities that have been resolved under the KB5008285 are mentioned below:
- CVE-2021-43215 – this is a remote code execution vulnerability with a CVSS score of 9.8. It requires immediate patching. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution.
- CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS).
- CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching.
All these vulnerabilities are to be patched on an immediate basis. If left unpatched, these vulnerabilities may cause unintended consequences for the infrastructure or the network.
Over and above these 3 critical vulnerabilities, there are 18 other vulnerabilities that have been resolved under the security update KB5008285. These 18 vulnerabilities are mentioned herein, based on the type of scope of the vulnerability.
What is the emergency update KB5010215 for the Windows Server 2012 R2?
Emergency update KB5010215 has been released by Microsoft on 4th January. It seeks to address a few performance issues. It also fixes the issue wherein the Windows Server 2012 R2 was not responding on remote connections initiated through the Remote Desktop Client.
Security update KB5010215 must be installed on the servers that have already been patched with the December security update KB5008285. Since this is an emergency update, you cannot apply it automatically through the Windows Update or the Windows Server Update Service. You will need to manually download the patch from the Microsoft Update Catalog. Since the update may require a reboot of the server to complete, please do plan for a maintenance window to activate the security update KB5010215.
The issues that have been fixed as part of the security update KB5010215 are:
- degraded performance on the server after deployment of the KB5008285 security update.
- slow sign in to the Windows Server 2012 R2
- black screen issue that affects the Windows Server 2012 R2 after deployement of the security update KB5008285.
- inability to make use of the Remote desktop connection to connect to the Windows Server 2012 R2.
The emergency update KB5010215 can be downloaded from the Microsoft Update Catalog. The patch is available on this page. KB5010215 weighs 40.1 MB in size for an AMD64 or 64-bit processor.
Elevation of Privileges vulnerabilities on Windows Server 2012:
The following vulnerabilities with important severity are resolved as part of the KB5008285 security update for the Windows Server 2012 R2:
Remote Code Execution vulnerability resolution on KB5008285
The following important severity vulnerabilities for the Windows Server 2012 r2 have been resolved as part of the security update KB5008285 in December 2021. These are in addition to the 3 critical vulnerabilities that have been patched with impacts of remote code execution.
Information Disclosure vulnerabilities resolved under KB5008285
A couple of security vulnerabilities are resolved under KB5008285 with an information disclosure scope. These are mentioned below for your ready reference:
How can I apply security update KB5008285 on the Windows Server 2012 R2?
The security update KB5008285 can be applied on the Windows Server 2012 R2 through a manual download of the update from the Microsoft Update Catalog. Alternatively, you can use the Windows Server Update Service on the server to download the update and apply it automatically. You will need to update the WSUS product information with the Windows Server 2012 R2 version. Before installing the update, do make sure that you have installed other security updates and the security update for Internet explorer version – KB5006671.
You can download the KB5008285 from the Microsoft Update catalog – https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008285
The size of the KB5008285 update for the Windows Server 2012 R2 is 40.1 MB.
This update will require a reboot. So, please set aside a time for maintenance and a scheduled downtime during the period of update.
What are the bug fixes and product improvements under KB5008285?
The security update KB5008285 for the Windows Server 2012 R2 works on fixing or updating the following:
- Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.
- Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.
- Addresses a known issue that might prevent apps, such as Kaspersky apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.