The security update for the month of December 2021 for the Windows Server 2012 R2 has been released. The security update is managed under the article KB5008285. Below, we look at the main features of the security update KB5008285 that affect Windows Server 2012 R2.
Introduction
The security update for the Windows Server 2012 R2 resolves 21 security vulnerabilities. There are 3 vulnerabilities of a critical nature, and 18 vulnerabilities are of an ‘important’ impact for the Windows Server 2012 R2.
Update – 06th January 2022: Microsoft has released an emergency out of band update, KB5010215, for Windows Server 2012 R2 that needs to be installed on a Windows Server 2012 R2 that has been patched with KB5008285. The emergency update fixes the RDP issue on the Windows Server 2012 R2 and resolves performance issues that may have happened after patching the Windows Server 2012 R2 with the security update KB50082825. You may read more about the emergency update KB5010215 below.
What is the emergency update KB5010215?
Emergency update KB5010215 has been released by Microsoft on 4th January. It seeks to address a few performance issues. It also fixes the issue wherein the Windows Server 2012 R2 was not responding on remote connections initiated through the Remote Desktop Client.
Security update KB5010215 must be installed on the servers that have already been patched with the December security update KB5008285. Since this is an emergency update, you cannot apply it automatically through the Windows Update or the Windows Server Update Service. You will need to manually download the patch from the Microsoft Update Catalog. Since the update may require a reboot of the server to complete, please do plan for a maintenance window to activate the security update KB5010215.
The issues that have been fixed as part of the security update KB5010215 are:
- degraded performance on the server after deployment of the KB5008285 security update.
- slow sign in to the Windows Server 2012 R2
- black screen issue that affects the Windows Server 2012 R2 after deployement of the security update KB5008285.
- inability to make use of the Remote desktop connection to connect to the Windows Server 2012 R2.
The emergency update KB5010215 can be downloaded from the Microsoft Update Catalog. The patch is available on this page. KB5010215 weighs 40.1 MB in size for an AMD64 or 64-bit processor.
Security vulnerabilities
We cover the various security vulnerabilities that have been patched as part of the KB5008285 security update for Windows Server 2012 R2.
Critical vulnerabilities
In all, 3 remote code execution vulnerabilities have been resolved as part of the security update KB5008285 on the Windows Server 2012 R2. All these vulnerabilities could allow a remote attacker to execute malicious code on vulnerable servers. The critical vulnerabilities that have been resolved under the KB5008285 are mentioned below:
- CVE-2021-43215 – this is a remote code execution vulnerability with a CVSS score of 9.8. It requires immediate patching. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution.
- CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS).
- CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching.
All these vulnerabilities are to be patched on an immediate basis. If left unpatched, these vulnerabilities may cause unintended consequences for the infrastructure or the network.
Over and above these 3 critical vulnerabilities, there are 18 other vulnerabilities that have been resolved under the security update KB5008285. These 18 vulnerabilities are mentioned herein, based on the type of scope of the vulnerability.
Elevation of Privileges vulnerabilities
The following vulnerabilities with important severity are resolved as part of the KB5008285 security update for the Windows Server 2012 R2:
- CVE-2021-43893
- CVE-2021-43883
- CVE-2021-43248
- CVE-2021-43245
- CVE-2021-43238
- CVE-2021-43230
- CVE-2021-43229
- CVE-2021-43226
- CVE-2021-43223
- CVE-2021-43222
- CVE-2021-43217
- CVE-2021-43216
- CVE-2021-43215
- CVE-2021-41333
- CVE-2021-40441
- CVE-2021-43207
Remote Code Execution vulnerabilities
The following important severity vulnerabilities for the Windows Server 2012 r2 have been resolved as part of the security update KB5008285 in December 2021. These are in addition to the 3 critical vulnerabilities that have been patched with impacts of remote code execution.
- CVE-2021-43232
- CVE-2021-43234
Information Disclosure vulnerabilities
A couple of security vulnerabilities are resolved under KB5008285 with an information disclosure scope. These are mentioned below for your ready reference:
- CVE-2021-43216
- CVE-2021-43236
Deploy KB5008285
The security update KB5008285 can be applied on the Windows Server 2012 R2 through a manual download of the update from the Microsoft Update Catalog. Alternatively, you can use the Windows Server Update Service on the server to download the update and apply it automatically. You will need to update the WSUS product information with the Windows Server 2012 R2 version. Before installing the update, do make sure that you have installed other security updates and the security update for Internet explorer version – KB5006671.
You can download the KB5008285 from the Microsoft Update catalog – https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008285
The size of the KB5008285 update for the Windows Server 2012 R2 is 40.1 MB.
This update will require a reboot. So, please set aside a time for maintenance and a scheduled downtime during the period of update.
KB5008285 Changelog
The security update KB5008285 for the Windows Server 2012 R2 works on fixing or updating the following:
- Update to support the cancellation of daylight savings time (DST) for 2021 for the Republic of Fiji.
- Addresses a known issue that causes error codes 0x000006e4, 0x0000007c, or 0x00000709 when connecting to a remote printer that is shared on a Windows print server.
- Addresses a known issue that might prevent apps, such as Kaspersky apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI).
Suggested reading for the latest updates
- KB5026372 cumulative update for Windows 11 22H2
- KB5026368 Cumulative Update for Windows 11 21H2
- KB5026409 Security Update for Windows Server 2012 R2
- KB5026411 security update for Windows Server 2012
- KB5026419 cumulative update for Windows Server 2012
- KB5026415 Monthly rollup update for Windows Server 2012 R2
- KB5026370 cumulative update for Windows Server 2022
- KB5026362 cumulative update for Windows Server 2019
- KB5026363 May 2023 cumulative update for Windows Server 2016
- KB5025287 for Windows Server 2012 – April 2023
- KB5025285 Monthly rollup update for Windows Server 2012 R2 – April 2023
- Security Update for Windows Server 2012 R2 – KB5008285
- KB5025288 security update for Windows Server 2012 R2 – April 2023
- KB5025272 Security Update for Windows Server 2012 – April 2023
- KB5025230 cumulative update for Windows Server 2022 – April 2023
- KB5025229 cumulative update for Windows Server 2019 – April 2023
- KB5025228 cumulative update for Windows Server 2016
- KB5023706 cumulative update for Windows 11 22H2
- KB5023752 security update for Windows Server 2012
- KB5023764 security update for Windows Server 2012 R2
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.