Windows Server 2012 / R2 and Windows 7 (August 13, 2024)

Windows[German]Various security updates for Windows Server 2012/R2 (1st ESU year) were published on August 13, 2024. Support for Windows 7 SP1 and Windows Server 2008 R2 expired in January 2024. However, updates for Windows Embedded Standard 7 can be downloaded from the Microsoft Update Catalog. Here is an overview of these updates for Windows Server 2012/R2 and Windows Embedded Standard 7.

Preliminary remarks on the update installation

Please note the information on the installation sequence for Windows Server that Microsoft provides in the KB articles. Windows 7 (dropped out of support in January 2020) and Windows 8.1 in January 2023. ESU support ended in January 2024, but Windows 7 systems can be provided with security updates via Embedded Updates. Windows Server 2012/R2 dropped out of support in October 2023 and will only receive updates with an ESU license. If you are still using Windows 8.1, you can install the Server 2012 R2 updates with ESUBypass (see).

Updates for Windows Server 2012 R2

A rollup (for systems with an ESU license) has been released for Windows Server 2012 /R2. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.

KB5041828 (Monthly Rollup) for Windows Server 2012 R2

Update KB5041828 (Monthly Rollup for Windows Server 2012 R2) contains improvements and fixes, and eliminates various vulnerabilities that are not specified. It says about the improvements:

  • [NetJoinLegacyAccountReuse] Removes this registry key. For more information, see KB5020276.
  • [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.
  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.
  • [Domain Name System (DNS)] This update hardens DNS server security to address CVE-2024-37968. If the configurations of your domains are not up to date, you might get the SERVFAIL error or time out.

This update is automatically downloaded and installed by Windows Update in Windows Server 2012 R2, but is also available in the Microsoft Update Catalog and via WSUS. The installation of this Enhanced Security Update (ESU) may fail on an Azure Arc-enabled device running Windows Server 2012 R2. Details on fixes and any known issues related to the update are listed in the support article.

There is no security-only update for Windows Server 2012 R2.

Updates for Windows Server 2012

A rollup update for Windows Server 2012 and Windows Embedded 8 Standard has been released for systems with an ESU license. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.

KB5041851 (Monthly Rollup) for Windows Server 2012

Update KB5041851 (Monthly Rollup for Windows Server 2012, Windows Embedded 8 Standard) contains improvements and fixes as well as security patches (see also the update for Windows Server 2012 R2). This update is available in the Microsoft Update Catalog and via WSUS. For a manual installation, the latest Servicing Stack Update (SSU) must be installed beforehand – although this SSU can no longer be uninstalled. Problems in connection with the update are listed in the KB article.

EThere is no security-only update for Windows Server 2012.

Updates for Windows Windows 7

For Windows Server 2008 R2 SP1 with ESU and Windows 7, official updates for systems with an ESU license (1st, 2nd, 3rd and 4th year complete) were made available for the last time in January 2024. However, updates for July 2024 for Windows Embedded Standard 7 are available in the Microsoft Update Catalog, which can be installed even though the ESU period should actually have expired. To search, enter "2024-08 Embedded standard 7". Furthermore, ACROS Security offers micropatches for protection until 2025 (see 0patch secures Microsoft Edge for Windows 7/Server 2008/2012/R2 until Jan. 2025).

Similar articles:
Office Updates from August 6, 2024
Microsoft Security Update Summary (August 13, 2024)
Patchday: Windows 10/Server Updates (August 13, 2024)
Patchday: Windows 11/Server 2022-Updates (August 13, 2024)
Windows Server 2012 / R2 and Windows 7 (August 13, 2024)
Microsoft Office Updates (August 13, 2024)

This entry was posted in Security, Update and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *