[German]As of September 12, 2023, various security updates have been released for Windows Server 2008 R2 (in its 4th ESU year) and for Windows Server 2012/R2 (the updates may still install on Windows 7 SP1). Here is an overview of these updates for Windows Server 2008 R2 and Windows Server 2012/R2.
Preliminary remarks about the update installation
Note the installation order information for Windows Server that Microsoft provides in the KB articles. Windows 7 and 8.1 are out of support in January 2023, but Windows 7 systems can be provided with security updates via updates. See my notes on Microsoft Security Update Summary (February 14, 2023).
Updates for Windows Server 2012 R2
A rollup and a security-only update have been released for Windows Server 2012 /R2. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.
KB5030269 (Monthly Rollup) for Windows Server 2012 R2
Update KB5030269 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and eliminates various vulnerabilities that are not specified. However, the following is specified as an improvement or fix:
- The renaming of local temporary user policy files during Group Policy processing might cause registry settings under Policies related paths to be deleted.
- The LanmanServer Service might crash in clusters that do not have an Administrative Access Point, also known as AD-Detached Clusters. Using AD-Detached Clusters is recommended by Exchange on some versions of Windows. For more information, see Database availability groups.
- Authentication to join or re-join a computer to an Active Directory domain might fail when a user uses a Smart Card. This issue might occur after you install Windows Updates dated on or after November 2022.
- This update includes changes to Israel daylight saving time (DST). For more information, see the Daylight Saving Time & Time Zone Blog.
This update is automatically downloaded and installed by Windows Update in Windows Server 2012 R2, but is also available from the Microsoft Update Catalog and via WSUS. In case of a manual installation, the latest Servicing Stack Update (SSU KB5030329) must be installed beforehand – whereby this SSU can no longer be uninstalled. The fixes as well as any known issues related to the update are mentioned in the support article.
Starting with this release, event log entries will pop up from July 11, 2023 to October 10, 2023 notifying customers of the end of support (EOS) for Windows Server 2012 R2 on October 10, 2023.
KB5030287 (Security-only update) for Windows 8.1/Server 2012 R2
Update KB5030287 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same issues as the rollup update above. The update is distributed via WSUS (but not via Windows Update) or is available from the Microsoft Update Catalog. If installing, the latest Servicing Stack Update (SSU) must be installed first. If applicable, known known issues are mentioned in the support article.
Here, the cumulative security update KB5030209 for Internet Explorer 11 must be installed separately.
Updates for Windows Server 2012
A rollup and a security-only update have been released for Windows Server 2012 and Windows Embedded 8 Standard. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.
KB5030278 (Monthly Rollup) for Windows Server 2012
Update KB5030278 (Monthly Rollup for Windows Server 2012, Windows Embedded 8 Standard) contains improvements and fixes as well as security patches. This update is available from the Microsoft Update Catalog and via WSUS. If installing manually, install the latest Servicing Stack Update (SSU) beforehand – although this SSU cannot be uninstalled. Issues related to the update are indicated in the KB article.
Here, too, the end of support is indicated in the event log.
KB5030279 (Security-only update) for Windows Server 2012
Update KB5030279 (Security-only for Windows Server 2012, Windows Embedded 8 Standard) contains improvements and fixes, addresses the same issues as the rollup update above. The update is available from the Microsoft Update Catalog and via WSUS. If installing, the latest Servicing Stack Update (SSU) must be installed first – although this SSU cannot be uninstalled. This update has the same known issues as the updates listed above.
Here, the cumulative security update KB5030209 for Internet Explorer 11 must be installed separately.
Updates for Windows Server 2008 R2 (und Windows 7)
For Windows Server 2008 R2 SP1 with ESU a rollup and a security-only update have been released (should be installable on 64-bit Windows 7 SP1 with tricks). However, these updates are now only available for systems with ESU license (1st,2nd, 3rd and 4th year complete). The update history for Windows 7 can be found on this Microsoft page.
The update installation requires either a valid ESU license for 2023, or ESU Bypass v12 (see the comments above). In addition, security updates for Windows Embedded POSReady 7 until 2024 are provided, which can be installed under Windows 7. Furthermore, ACROS Security offers micropatches to secure until 2025 (see 0patch secures Microsoft Edge for Windows 7/Server 2008/2012/R2 until Jan. 2025).
KB5030265 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
Update KB5030265 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1)contains (besides the security fixes from the previous month) improvements and bug fixes and addresses the same issues as the update for Windows Server 2012. This update is automatically downloaded and installed via Windows Update. However, the package is also available via Microsoft Update Catalog and is distributed via WSUS. Details about the requirements and known issues can be found in the KB article.
KB5030261 (Security Only) for Windows 7/Windows Server 2008 R2
Update KB5030261 (Security-only update) is available for Windows 7 SP1 and Windows Server 2008 R2 SP1 with ESU license. The update addresses the same issues as the updates for Windows Server 2012 R2. The update is available via WSUS or in the Microsoft Update Catalog. To install the update, you must meet the prerequisites listed in the KB article and in the Rollup Update above. The update has the known bugs described in the KB article. Make sure to install the latest Servicing Stack Update beforehand.
Here, the cumulative security update KB5030209 for Internet Explorer 11 must be installed separately.
Similar articles
Microsoft Security Update Summary (September 12, 2023)
Patchday: Windows 10 Updates (September 2023)
Patchday: Windows 11/Server 2022 Updates (September 12, 2023)
Patchday: Windows 7/Server 2008 R2; Server 2012 R2 Updates (September 12, 2023)
Patchday: Microsoft Office Updates (September 12, 2023)
Windows 11 22H2: Preview Update KB5029351 (August 22, 2023)
Windows 11 21H2: Preview-Update KB5029332 (August 22, 2023)
Windows 10 22H2 Preview Update KB5029331 (August 22, 2023)
