On 10th May 2022, Microsoft released Windows Update KB5013952 as part of its regular update cycle known as ‘Path Tuesday’. The aim of this update is to fix security issues and improve performance on Windows Server 2016 server core installation.
This article looks at key points of this update including the key fixes it makes, issues arising during update, and how to get the update on Windows server 2016.
And in case the one question you want answered is “How Do You Download KB5013952?”, then scroll down to the end of this article to find your answer.
What Updates Does Windows KB5013952 Update Make?
Windows KB5013952 security rollout includes security updates to Microsoft Windows Server 2016, which fixes the following vulnerabilities in Windows Server 2016 (Server Core Installation) and Windows Server 2016 (Server with Desktop Experience Installation)
- KB5013952 fixes a security vulnerability in the way that the Microsoft Remote Desktop Protocol handles authentication requests. Name suffix routing configuration might fail when using the Active Directory forests or Netdom.exe., a problem that could result in failed authentication or wrong authentication routing. As a result, an attacker might exploit this vulnerability to perform remote code execution on an affected system.
- The update also fixes a security vulnerability in Microsoft Windows Server 2016 and Windows 10 that could allow information disclosure if an attacker runs a specially crafted application to access data that is not intended to be disclosed.
- KB5013952 also improves the servicing for the secure boot component, providing a more secure environment during boot up.
- This update also fixes a security vulnerability in Windows Server 2016 (Server Core Installation) and Windows Server 2016 (Server with Desktop Experience Installation). The vulnerability could allow remote code execution if an authenticated attacker launches a man-in-the-middle (MiTM) attack against a user who is connecting over RDP and sends specially crafted requests.
- The windows 11 update raised an issue with improper cleanup of Dynamic Data Exchange (DDE) objects, resulting in session tear down and session failure. KB5013952 update fixes this issue.
- The KB5013952 update also fixes multiple vulnerabilities in Microsoft Exchange Server 2016 when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code on Exchange servers, install programs, view, change, or delete data, or create new accounts with full user rights. The update addresses these vulnerabilities by modifying how Exchange handles objects in memory.
- There is also an issue noted among machines on which users installed Windows updates released on or after 11th January 2022. Back up CDs or DVDs created on those machines using the backup and restore feature in the Control panel might not start. KB5013952 fixes this issue.
- The update addresses a problem that might hinder the LSASS subsystem service (LSASS) from working correctly. This has been noted in instances where simultaneous service for user (S4U) and user-to-user (U2U) requests are processed for the same user.
Issues Caused By KB5013952 Update and How To Fix Them
KB5013952 update causes the following issues:
It results in issues in handling of certificate mapping to machine accounts. Servers used as domain controllers might experience Certificate authentication failures for various server or client services such as Network Policy Server, Extensible Authentication Protocol, etc.
Domain administrators can mitigate against this issue by performing manual certificate mapping in active directory to an account.
Note that this problem does not affect end users’ windows devices.
How To Get The Windows KB5013952 Update On Windows Server 2016
So having said all that, How Do You Download KB5013952?
To install this update on a computer that is running Windows Server 2016 (Server Core Installation), follow these steps:
- Download the MSU file from Microsoft update catalog. Copy the downloaded file to a USB flash drive or other media.
- Run Install-Windows Feature RSAT-ADDS, Install-Windows Feature RSAT-ADDS-Tools, Set-ADServiceAccount –ID <DomainControllerAccount> –StartupType Automatic
- Restart your computer and log on as Administrator.
- Open an elevated PowerShell command prompt and run Add-WindowsPackage -packagepath <PathToMSUFile>. For example, if you copied the MSU file to E:\Downloads\kb5013952_x64_enu.msu , run Add-WindowsPackage -packagepath E:\Downloads\kb5013952_x64_enu.msu.
- Restart your computer if prompted after installation is complete.
After you install this update by using Windows Update or through WSUS, you must also install updates that were released earlier to continue to receive future updates for Windows Server 2016 Technical Preview 5 (TP5).
KB5013952 is available for end user installation as a free download from Microsoft Update, and can be automatically installed as soon as it is downloaded.
The update can also be manually installed by opening the Control Panel, clicking on “Programs”, and then clicking on “Turn Windows features on or off”. This will allow you to check what additional updates are available for your computer.
Once you select the relevant file, click Install to begin installing the update.
Once the update is complete, you should restart your computer to ensure that all changes are properly applied.