About

Security Update for Windows Server 2019 – KB5008218

The December security update for the Windows Server 2019 has been released by Microsoft. KB5008218 security update addresses the vulnerabilities on Windows Server 2019 for the period between 10th November to 14th December, 2021. The update will change the build to 10.0.17763.2366. This security update succeeds the previous security update, KB5007187, for the Windows Server 2019. KB5008218 security update addresses 3 critical vulnerabilities and 24 important vulnerabilities on the Windows Server 2019.

Update: 6th January, 2022: Microsoft has released an emergency security update KB5010196 for Windows Server 2019. This update will need to be added to the Windows Server 2019 if you have patched it with KB5008218. Out of band update KB5010196 seeks to address issues that have risen after installing the security update KB5008218 on the Windows Server 2019. You can find details of the Windows Server 2019 emergency update KB5010196 below.

How can I get the security update KB5008218 on Windows Server 2019?

KB5008218 security update succeeds the security update KB5007187. You can get the KB5008218 security update for Windows Server 2019 in one of the following 4 ways:

  • Microsoft Update catalog can be used for a manual download of the KB5008218 security update for the Windows Server 2019. The security update KB5008218 can be downloaded from the following link on the Microsoft Update catalog – https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008218. The update weighs 545 MB. Please do make sure that you are aware of a server reboot being needed after the update. A planned maintenance or a change ticket will be required to install the patch on the Windows Server 2019.
  • Windows Update can install the update automatically.
  • Windows Update for business can install the update automatically.
  • Windows Server Update Service (WSUS) can automatically sync with the KB5008218 if it is configured to work with Windows Server 2019 for security updates.

A reboot of the Windows Server 2019 will be needed after the security update is installed.

What are the bug fixes or improvements in KB5008218?

The security update KB5008218 provides quality improvements. It also:

  • Addresses a known issue that might prevent Microsoft Defender for Endpoint from starting or running on devices that have a Windows Server Core installation. 

What is the Emergency update KB5010196 for Windows Server 2019?

Microsoft has released an emergency or out of band update for the Windows Server 2019 on 4th January, 2022. This update has been tasked to resolve issues on the Windows Server 2019 after installation of the security update KB5008218.

The following issues were found to have risen after applying the December security update KB5008218 on Windows Server 2019:

  • Windows Server 2019 stops responding after applying the December cumulative security update KB5008218.
  • Black screen issue affects the Windows Server 2019 after the installation of security update KB5008218.
  • Degraded server performance results after application of the security update KB5008218.

Due to these issues that have been reported on Windows Server 2019 post-installation of the KB5008218 cumulative security update, Microsoft has advised patching the Windows Server 2019 with out of band KB5010196 security update.

KB5010196 is not available through Windows Update or the Windows Server Update Service (WSUS). You will need to manually download the emergency software update KB5010196 from the Microsoft Update catalog.

The download for emergency update KB5010196 can be done from this page. The update weighs 554.7 MB in size. It needs to be added on the Windows Server 2019 if it has been already patched with the December security update KB5008218.

Critical vulnerabilities resolved as part of KB5008218 on Windows Server 2019

There are three critical vulnerabilities that have been resolved on the security update KB5008218. All these critical vulnerabilities carry risks of remote code execution. A remote attacker could deploy or execute malicious code on the Windows Server 2019. The critical vulnerabilities that have been taken care of in the security update KB5008218 are:

  • CVE-2021-43215 – this is a remote code execution vulnerability with a CVSS score of 9.8. It requires immediate patching. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution.
  • CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS).
  • CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching.

The affected services or components on the Windows Server 2019 are the iSNS server, Windows Encrypting File System, and the Remote Desktop Client software. Given the nature of vulnerabilities and the CVSS 9.8 score vulnerability, you may want to get this KB5008218 installed on a priority basis on a Windows Server 2019.

Remote code execution vulnerability with important severity resolved in KB5008218

There are 2 remote code execution vulnerabilities that have an important severity or impact on your infrastructure of the Windows Server 2019. These two RCE vulnerabilities are over and above the three critical RCE stated above. The two remote code execution vulnerabilities that have been patched in the KB5008218 are as follows:

  • CVE-2021-43232 – carries a CVSS score of 7.8 and affects the Windows Event Tracing Service.
  • CVE-2021-43234 – carries a CVSS score of 7.8 and affects Windows Fax Service.

The CVSS scores for both these vulnerabilities are high, suggesting an immediate plan to deploy the KB5008218 security update on the Windows Server 2019.

Elevation of Privileges vulnerabilities resolved under KB5008218 for Windows Server 2019

KB5008218 addresses 12 vulnerabilities that could impact your server and an attacker could use the security gaps to elevate credentials and deploy malicious code on the server. Elevating credentials usually means that an attacker could gain administrative privileges to cause collateral damage on the affected server.

The twelve vulnerabilities that have been resolved under the security update KB5008218 on Windows Server 2019 are:

  • CVE-2021-43893 – CVSS score of 7.5 and affects Windows Encrypting File System (EFS)
  • CVE-2021-43883 – CVSS score of 7.8 and affects Windows Installer
  • CVE-2021-43248 – CVSS score of 7.8 and affects Windows Digital Media Receiver
  • CVE-2021-43247 – CVSS score of 7.8 and affects Windows TCP/IP driver.
  • CVE-2021-43238 – CVSS score of 7.8 and affects Windows Remote Access.
  • CVE-2021-43231 – CVSS score of 7.8 and affects Windows NTFS.
  • CVE-2021-43230 – CVSS score of 7.8 and affects Windows NTFS.
  • CVE-2021-43229 – CVSS score of 7.8 and affects Windows NTFS.
  • CVE-2021-43226 – CVSS score of 7.8 and affects Windows Common Log File System Driver.
  • CVE-2021-43223 – CVSS score of 7.8 and affects Windows Remote Access Connection Manager.
  • CVE-2021-41333 – CVSS score of 7.8 and affects Windows Print Spooler.
  • CVE-2021-43207 – CVSS score of 7.8 and affects Windows Common Log File System Driver.

The vulnerabilities listed above show the affected components on a Windows Server 2019 version. All the ‘elevation of privileges’ vulnerabilities carry a significant CVSS score of 7.8. The impact and severity of these vulnerabilities suggest a proactive approach to installing the security update KB5008218 on the Windows Server 2019.

Information disclosure vulnerabilities resolved under KB5008218 on Windows Server 2019

There are seven information disclosure vulnerabilities that have been resolved under the security update KB5008218. These vulnerabilities affect a diverse set of Windows server components. The 7 vulnerabilities that have been patched as part of the security update KB5008218 are:

  • CVE-2021-43244 – CVSS score of 6.5 and affects Windows Kernel.
  • CVE-2021-43236 – CVSS score of 7.5 and affects Microsoft Messaging Queue
  • CVE-2021-43235 – CVSS score of 5.5 and affects the ‘Storage Spaces Controller’.
  • CVE-2021-43227 – CVSS score of 5.5 and affects the ‘Storage Spaces Controller’.
  • CVE-2021-43224 – CVSS score of 5.5 and affects the Windows Common Log File System Driver.
  • CVE-2021-43222 – CVSS score of 7.5 and affects Microsoft Messaging Queue.
  • CVE-2021-43216 – CVE-2021-43216 – CVSS score of 6.5 and affects Microsoft Local Security Authority Server (lsasrv).

Information disclosure vulnerabilities could result in an attacker stealing personal or business data. So, we need to be careful and plan for the deployment of KB5008218 on Windows Server 2019.

Denial of Service vulnerabilities resolved under KB5008218 on Windows Server 2019

The Denial of Service vulnerabilities could cause disruption in the working of Windows Server 2019. The 3 vulnerabilities that could potentially cause a denial of service attack on the Windows Server 2019 are mentioned below:

  • CVE-2021-43246 – carries a CVSS score of 5.6 and affects Windows Hyper V service.
  • CVE-2021-43228 – carries a CVSS score of 7.5 and affects SymCrypt.
  • CVE-2021-43219 – carries a CVSS score of 7.4 and affects DirectX Graphics Kernel File.

These DoS vulnerabilities carry significant risks for the Windows Server 2019 deployments. KB5008218 offers regular patching of these vulnerabilities on Windows Server 2019.

Essentially, the 27 vulnerabilities that have been resolved under the KB5008218 present significant challenges to the system administrators. We do suggest that you would be better off in taking a maintenance window to get these security vulnerabilities patched and resolved.

You may also like to read the following content related to Windows Update: