Windows 7/Server 2008 R2; Windows 8.1/Server 2012 R2: Updates (November 8, 2022)

Windows[German]Microsoft has also released security updates for Windows 7 and 8.1 as well as for the Windows Server counterparts 2008 R2 and 2012/R2 on Patchday. Here is an overview of these updates for Windows 7/8.1 and the corresponding Windows Server versions 2008 R2 and 2012/R2.


Note the notes on the installation order for Windows Server that Microsoft provides in the KB articles.

Updates for Windows 8.1 and Windows Server 2012 R2

A rollup and a security-only update have been released for Windows 8.1 and Windows Server 2012 R2. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.

KB5020023 (Monthly Rollup) for Windows 8.1/Server 2012 R2

Update KB5020023 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following issues.

  • Addresses a Distributed Component Object Model (DCOM) authentication hardening issue to automatically raise authentication level for all non-anonymous activation requests from DCOM clients. This will occur if the authentication level is less than RPC_C_AUTHN_LEVEL_PKT_INTEGRITY.
  • Updates the daylight-saving time (DST) for Jordan to prevent moving the clock back 1 hour on October 28, 2022. Additionally, changes the display name of Jordan standard time from "(UTC+02:00) Amman" to "(UTC+03:00) Amman".
  • Addresses an issue where Microsoft Azure Active Directory (AAD) Application Proxy Connector cannot retrieve a Kerberos ticket on behalf of the user because of the following general API error: "The handle specified is invalid (0x80090301)."
  • Addresses an issue where, after installing the January 11, 2022 or later update, the Forest Trust creation process fails to populate the DNS name suffixes into the trust information attributes.
  • Addresses an issue where the Microsoft Visual C++ Redistributable Runtime does not load into the Local Security Authority Server Service (LSASS) when Protected Process Light (PPL) is enabled.
  • It addresses security vulnerabilities in the Kerberos and Netlogon protocols as outlined in CVE-2022-38023, CVE-2022-37966, and CVE-2022-37967. For deployment guidance, see the following:
    • KB5020805: How to manage the Kerberos Protocol changes related to CVE-2022-37967
    • KB5021130: How to manage Netlogon Protocol changes related to CVE-2022-38023
    • KB5021131: How to manage the Kerberos Protocol changes related to CVE-2022-37966

This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog and via WSUS. In case of a manual installation, the latest Servicing Stack Update (SSU KB5018922) must be installed beforehand – whereby this SSU can no longer be uninstalled. Issues in connection with the update are mentioned in the support article.

KB5020010 (Security-only update) for Windows 8.1/Server 2012 R2

Update KB5020010 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the following items.

  • Updates the daylight-saving time (DST) for Jordan to prevent moving the clock back 1 hour on October 28, 2022. Additionally, changes the display name of Jordan standard time from "(UTC+02:00) Amman" to "(UTC+03:00) Amman".
  • Addresses an issue where, after installing the January 11, 2022 or later update, the Forest Trust creation process fails to populate the DNS name suffixes into the trust information attributes.
  • It addresses security vulnerabilities in the Kerberos and Netlogon protocols as outlined in CVE-2022-38023, CVE-2022-37966, and CVE-2022-37967. For deployment guidance, see the following:
    • KB5020805: How to manage the Kerberos Protocol changes related to CVE-2022-37967
    • KB5021130: How to manage Netlogon Protocol changes related to CVE-2022-38023
    • KB5021131: How to manage the Kerberos Protocol changes related to CVE-2022-37966

The update is distributed via WSUS (but not via Windows Update) or is available from the Microsoft Update Catalog. If installing, install the latest Servicing Stack Update KB5018922 beforehand. Known issues are listed in the support article.

Updates for Windows Server 2012

A rollup and a security-only update have been released for Windows Server 2012 and Windows Embedded 8 Standard. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.

KB5020009 (Monthly Rollup) for Windows Server 2012

Update KB5020009 (Monthly Rollup for Windows Server 2012, Windows Embedded 8 Standard) Contains improvements and fixes, addresses the same issues as the update for Windows Server 2012 R2. This update is available from the Microsoft Update Catalog and via WSUS. If installing manually, install the latest Servicing Stack Update (SSU KB5016263) beforehand – although this SSU cannot be uninstalled. Issues related to the update are indicated in the KB article.

KB5020003 (Security-only update) foür Windows Server 2012

Update KB5020003 (Security-only for Windows Server 2012, Windows Embedded 8 Standard) addresses the following items.

  • Updates the daylight-saving time (DST) for Jordan to prevent moving the clock back 1 hour on October 28, 2022. Additionally, changes the display name of Jordan standard time from "(UTC+02:00) Amman" to "(UTC+03:00) Amman".
  • Addresses an issue where, after installing the January 11, 2022 or later update, the Forest Trust creation process fails to populate the DNS name suffixes into the trust information attributes.
    It addresses security vulnerabilities in the Kerberos and Netlogon protocols as outlined in CVE-2022-38023, CVE-2022-37966, and CVE-2022-37967. For deployment guidance, see the following:

    • KB5020805: How to manage the Kerberos Protocol changes related to CVE-2022-37967
    • KB5021130: How to manage Netlogon Protocol changes related to CVE-2022-38023
    • KB5021131: How to manage the Kerberos Protocol changes related to CVE-2022-37966

The update is available via Microsoft Update Catalog and via WSUS. When installing, the latest Servicing Stack Update (SSU KB5016263) must be installed beforehand – whereby this SSU can no longer be uninstalled. Issues caused by the update may be found within the support article.

Updates for Windows 7/Windows Server 2008 R2

For Windows 7 SP1 and Windows Server 2008 R2 SP1 a rollup and a security-only update have been released. However, these updates are only available for systems with ESU license (1st,2nd and 3rd year complete). The update history for Windows 7 can be found on this Microsoft page.

The update installation requires either a valid ESU license for 2021, or ESU Bypass v11 (see).

KB5020000 (Monthly Rollup) for Windows 7/Windows Server 2008 R2

Update KB5020000 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) addresses the same issues as the update for Windows Server 2012 R2. This update is automatically downloaded and installed via Windows Update. However, the package is also available via Microsoft Update Catalog and is distributed via WSUS. Details about the requirements and known issues can be found in the KB article.

KB5020013 (Security Only) for Windows 7/Windows Server 2008 R2

Update KB5020013 (Security-only update) s available for Windows 7 SP1 and Windows Server 2008 R2 SP1 with ESU license. The update addresses the same issues as the security only update for Windows Server 2012 R2. The update is available via WSUS or in the Microsoft Update Catalog. To install the update, you must meet the prerequisites listed in the KB article and in the Rollup Update above. The update has the known bugs described in the KB article. Make sure to install the latest Servicing Stack Update beforehand.

Similar articles:
Microsoft Office Updates (November 1, 2022)
Microsoft Security Update Summary (November 8, 2022)
Patchday: Windows 10-Updates (November 8, 2022)
Patchday: Windows 11/Server 2022-Updates (November 8, 2022)
Windows 7/Server 2008 R2; Windows 8.1/Server 2012 R2: Updates (November 8, 2022)
Patchday: Microsoft Office Updates (November 8, 2022)

Windows 10 20H2-22H2 Preview Update KB5018482 (Oct. 25, 2022)
Windows 11 22H2: Preview-Update KB5018496 (Oct. 25, 2022)
Windows 11 21H2: Preview Update (Oct. 25, 2022)
Windows Server 2022 Preview Update KB5018485 (Oct. 25, 2022)

Windows: 0Patch Micropatch for MOTOW ZIP file bug (0-day, no CVE)
Windows 0-day (Mark of the Web) used for ransomware attacks via JavaScript

This entry was posted in Security, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *