[German]As of July 11, 2023, various security updates have been released for Windows Server 2008 R2 (in its 4th ESU year) and Windows Server 2012/R2 (the updates may still install on Windows 7 SP1). Here is an overview of these updates for Windows Server 2008 R2 and Windows Server 2012/R2.
Advertising
Notes about the update installation
Note the installation order information for Windows Server that Microsoft provides in the KB articles. Windows 7 and 8.1 are out of support in January 2023, but Windows 7 systems can be provided with security updates via updates. See my notes on Windows 7 ESU and BypassESU v12 in the Microsoft Security Update Summary blog post (February 14, 2023).
Updates for Windows Server 2012 R2
A rollup and a security-only update have been released for Windows Server 2012 /R2. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.
KB5028228 (Monthly Rollup) for Windows Server 2012 R2
Update KB5028228 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses various unspecified vulnerabilities. This update is automatically downloaded and installed by Windows Update in Windows Server 2012 R2, but is also available from the Microsoft Update Catalog and via WSUS. If installing manually, the latest Servicing Stack Update (SSU KB5027574) must be installed beforehand – although this SSU cannot be uninstalled. The fixes and any known issues related to the update are listed in the support article.
Starting with this release, event log entries will pop up from July 11, 2023 to October 10, 2023 notifying customers of the end of support (EOS) for Windows Server 2012 R2 on October 10, 2023.
KB5027271 (Security-only update) for Windows 8.1/Server 2012 R2
Update KB5027271 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same issues as the rollup update above. The update is distributed via WSUS (but not via Windows Update) or is available from the Microsoft Update Catalog. If installing, the latest Servicing Stack Update (SSU) KB5027574 must be installed first. Any known issues are listed in the support article.
Important: Due to the Microsoft Outlook Security Feature Bypass vulnerabilit CVE-2023-35311 in Microsoft's MSHTML (Trident) engine, which is exploited in the wild as a zero-day (see Microsoft Security Update Summary (July 11, 2023), the cumulative security update KB5028167 for Internet Explorer 11 must also be installed. In contrast, the IE update is included in the Monthly Rollup.
Updates for Windows Server 2012
A rollup and a security-only update have been released for Windows Server 2012 and Windows Embedded 8 Standard. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.
KB5028232 (Monthly Rollup) for Windows Server 2012
Update KB5028232 (Monthly Rollup for Windows Server 2012, Windows Embedded 8 Standard) contains improvements and fixes as well as security patches. This update is available from the Microsoft Update Catalog and via WSUS. If installing manually, install the latest Servicing Stack Update (SSU KB5027575) beforehand – although this SSU cannot be uninstalled. Issues related to the update are indicated in the KB article.
Advertising
The end of support is also indicated here in the event display.
KB5028232 (Security-only update) for Windows Server 2012
Update KB5028232 (Security-only for Windows Server 2012, Windows Embedded 8 Standard) contains improvements and fixes, addresses the same issues as the rollup update above. The update is available from the Microsoft Update Catalog and via WSUS. If installing, the latest Servicing Stack Update (SSU KB5027575) must be installed beforehand – although this SSU cannot be uninstalled. This update has the same known issues as the updates listed above.
Also cumulative security update KB5028167 for Internet Explorer 11 must be installed separately.
Updates for Windows Server 2008 R2 (und Windows 7)
For Windows Server 2008 R2 SP1 with ESU a rollup and a security-only update have been released (should be installable on 64-bit Windows 7 SP1 with tricks). However, these updates are now only available for systems with ESU license (1st,2nd, 3rd and 4th year complete). The update history for Windows 7 can be found on this Microsoft page.
The update installation requires either a valid ESU license for 2023, or ESU Bypass v12 (see the comments above). In addition, security updates for Windows Embedded POSReady 7 until 2024 are provided, which can be installed under Windows 7. Furthermore, ACROS Security offers micropatches to secure until 2025 (see 0patch secures Microsoft Edge for Windows 7/Server 2008/2012/R2 until Jan. 2025).
KB5028240 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB5028240 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains (besides the security fixes from the previous month) improvements and bug fixes and addresses the same issues as the update for Windows Server 2012. This update is automatically downloaded and installed via Windows Update. However, the package is also available via Microsoft Update Catalog and is distributed via WSUS. Details about the requirements and known issues can be found in the KB article.
KB5028224 (Security Only) für Windows 7/Windows Server 2008 R2
Update KB5028224 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 with ESU license. The update addresses the same issues as the updates for Windows Server 2012 R2. The update is available via WSUS or in the Microsoft Update Catalog. To install the update, you must meet the prerequisites listed in the KB article and in the Rollup Update above.
Again, the cumulative security update KB5028167 for Internet Explorer 11 must be installed separately.
Similar articles:
Microsoft Security Update Summary (July 11, 2023)
Patchday: Windows 10-Updates (July 11, 2023)
Patchday: Windows 11/Server 2022-Updates (July 11, 2023)
Windows 7/Server 2008 R2; Server 2012 R2: Updates (July 11, 2023)
Advertising