Security update for Windows Server 2022 - KB5008223

The December security update for Windows Server 2022 has been released by Microsoft on 14th December. The update will upgrade the build on your Windows Server 2022 to build 20348.405. KB5008223 security update caters to resolving 29 security vulnerabilities. Of these 29 security vulnerabilities, 3 vulnerabilities are of a critical nature and the remaining 26 vulnerabilities have important severity levels for the infrastructure. Both, critical and important vulnerabilities should be patched through the application of the KB5008223 security update.

Topics covered in this post

How can I get the security update KB5008223 for Windows Server 2022?

You can get the security update KB5008223 for Windows Server 2022 in one of the following ways:

You can download the KB5008223 security update manually through the Microsoft Update catalog. The security update for Windows server 21H2 edition can be downloaded directly from the URL – https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008223. It weighs 204.8 MB. Do note that the Windows Server 2022 cumulative update is the Windows Server 21H2 security update.
Windows Update program will update the security update KB5008223 automatically.
KB5008223 can be automatically applied through the Windows Update for Business program.
Windows Server Update Service (WSUS) will automatically sycn with the KB5008223 security update if you have configured the system as – Microsoft Server operating system-21H2, and classification of security update.

It is suggested that a maintenance window be planned to apply the security update KB5008223.

Quality Improvements in KB5008223 for Windows Server 2022

The following improvement has been made as part of the KB5008223 on Windows Server 2022:

addresses a known issue that might prevent Microsoft Defender for Endpoint from starting or running on devices that have a Windows Server Core installation.

What critical vulnerabilities are resolved as part of KB5008223 on Windows Server 2022?

There are two critical vulnerabilities that have been resolved as part of the cumulative security update KB5008223 for Windows Server 2022. All these vulnerabilities are related to remote code execution. Essentially, the vulnerabilities on the Windows Server 2022 could allow a remote attacker to execute malicious code on the server.

The two critical vulnerabilities that have been resolved as part of the cumulative security update KB5008223 are mentioned below:

CVE-2021-43217 – this is a remote code execution vulnerability with a CVSS score of 8.1. It requires immediate patching. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. This vulnerability affects the Windows Encrypting File System (EFS). Windows Server 2016 is also affected with this vulnerability.
CVE-2021-43233 – this is a remote code execution vulnerability that has a CVSS score of 7.5. It affects the Remote Desktop Client software. The vulnerability requires immediate patching. This client software is a part of the Windows Server 2016 platform.

Both of these critical remote code execution vulnerabilities need to be resolved on an immediate basis to get ahead of the risks for the Windows Encrypting File System (EFS) and the Remote desktop client software.

Over and above these 2 critical vulnerabilities, another 27 vulnerabilities with important severity levels have been patched in the KB5008223 security update for Windows Server 2022. Below, we discuss the different types of vulnerabilities that have been listed and resolved under the KB5008223 security update for Windows Server 2022.

Remote code execution vulnerabilities patched in KB5008223 for Windows Server 2022

KB5008223 resolved 2 critical remote code execution vulnerabilities. Aside from that, the KB5008223 cumulative security update also resolved two remote code execution vulnerabilities with an important severity rating for the infrastructure. The two important security vulnerabilities that have been resolved are:

CVE-2021-43232 – CVSS score of 7.8 and it affects the Windows Event Service.
CVE-2021-43234 – CVSS score of 7.8 and it affects the Windows Fax Service.

Elevation of Privileges vulnerabilities patched in KB5008223 for Windows Server 2022

There are 15 security vulnerabilities that have been patched under the security update KB5008223 for Windows Server 2022. These vulnerabilities are mentioned below for your reference:

CVE-2021-43893 – CVSS score of 7.5 and affects the Windows Encrypting File System (EFS) .
CVE-2021-43883 – CVSS score of 7.8 and affects Windows Installer.
CVE-2021-43248 – CVSS score of 7.8 and affects Windows Digital Media Receiver.
CVE-2021-43247 – CVSS score of 7.8 and affects Windows TCP/IP Driver.
CVE-2021-43240 – CVSS score of 7.8 and affects NTFS Set Short Name.
CVE-2021-43239 – CVSS score of 7.1 and affects Windows Recovery Environment Agent.
CVE-2021-43238 – CVSS score of 7.8 and affects Windows Remote Access.
CVE-2021-43237 – CVSS score of 7.8 and affects Windows Setup.
CVE-2021-43231 – CVSS score of 7.8 and affects Windows NTFS.
CVE-2021-43230 – CVSS score of 7.8 and affects Windows NTFS.
CVE-2021-43229 – CVSS score of 7.8 and affects Windows NTFS.
CVE-2021-43226 – CVSS score of 7.8 and affects Windows Common Log File System Driver.
CVE-2021-43223 – CVSS score of 7.8 and affects Windows Remote Access Connection Manager.
CVE-2021-41333 – CVSS score of 7.8 and affects Windows Print Spooler.
CVE-2021-43207 – CVSS score of 7.8 and affects Windows Common Log File System Driver.

Elevation of privileges vulnerabilities allow the attackers to elevate their access on the compromised server on account of an existing security vulnerability on the box.

Information Disclosure vulnerabilities resolved under KB5008223 for Windows Server 2022

Information disclosure vulnerabilities may lead to data theft. It is important to resolve these vulnerabilities to keep the attackers at bay from stealing business and personal data from an organization’s servers. KB5008223 resolves 7 information disclosure vulnerabilities on Windows Server 2022. These vulnerabilities carry an ‘important’ severity for the affected infrastructure. The 7 important vulnerabilities that could lead to information disclosure are mentioned below, for your ready reference.

CVE-2021-43244 – CVSS score of 6.5 and affects Windows Kernel.
CVE-2021-43236 – CVSS score of 7.5 and affects Microsoft Messaging Queue.
CVE-2021-43235 – CVSS score of 5.5 and affects the ‘Storage Spaces Controller’.
CVE-2021-43227 – CVSS score of 5.5 and affects the ‘Storage Spaces Controller’.
CVE-2021-43224 – CVSS score of 5.5 and affects the Windows Common Log File System Driver.
CVE-2021-43222 – CVSS score of 7.5 and affects Microsoft Messaging Queue.
CVE-2021-43216 – CVSS score of 6.5 and affects Microsoft Local Security Authority Server (lsasrv).

The cumulative update KB5008223 takes care of all these information disclosure vulnerabilities by patching all the security gaps.

Denial of Service vulnerabilities resolved under KB5008223 on Windows Server 2022

There are three security vulnerabilities that could lead to denial of service attacks on the infrastructure comprising of Windows Server 2022. We look at the three denial of service vulnerabilities and share the details hereunder:

CVE-2021-43246 – carries a CVSS score of 5.6 and affects Windows Hyper V service.
CVE-2021-43228 – carries a CVSS score of 7.5 and affects SymCrypt.
CVE-2021-43219 – carries a CVSS score of 7.4 and affects DirectX Graphics Kernel File.

The individual Windows Server 2022 services or modules that are affected by the denial of service vulnerability have been shared with you. KB5008223 has provided a fix for these three vulnerabilities as part of the cumulative update.

You may also like to read the following content related to Windows Updates:

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.