Patchday: Windows Server-Updates (March 11, 2025)

Posted on 2025-03-12 by guenni

Windows[German]On March 11, 2025 (second Tuesday of the month, Patchday at Microsoft) various cumulative updates were released for the supported versions of Windows Server. Below I have extracted the provided updates along with some details for these Windows Server versions (from Windows Server 2012 to 2025). The updates fix the vulnerabilities described in blog post Microsoft Security Update Summary (March 11, 2025), that are relevant for Windows Server.

Advertising

Updates for Windows Server 2025

A list of updates for Windows Server 2025 can be found on this Microsoft website. The cumulative update KB5053598 has been released for Windows Server 2025, which raises the OS build to 20348.3476. The update contains security patches and the following fixes:

  • [Narrator]
    • New!  This update adds a new Narrator shortcut. To copy the last spoken content by Narrator to the clipboard, press Narrator key + Ctrl + X. This shortcut is especially useful for quickly copying content such as codes or numbers.
    • New!  It will now auto read the contents of an email message in the new Outlook, similar to how it works in classic Outlook.
  • [Scanning apps] Fixed: This update addresses the issue where certain scanners were not being detected despite being connected.
  • [Virtual hard disk (VHD/VHDx)] New! This update adds a detach virtual hard disk button to Settings. In the properties for your VHD or VHDx, go to Settings > System > Storage > Disks & Volumes.
  • [Networking] New! The netsh wlan show networks command can now read SSIDs that are encoded using UTF-8. This means that Wi-Fi SSIDs that have Unicode characters, such as emoji, display properly in netsh output.
  • ​​​​​​​[Live kernel debug files (dumps)] Fixed: The win32kbase.sys creates live kernel debug files when it should not.
  • [Winlogon] Fixed: A stop error occurs during shutdown.
  • [sfc /scannow command] Fixed: You get errors every time you run the command.
  • [Service for User to Self (S4U2self)] Fixed: Your device might have issues using S4U2self to authenticate. This occurs if Credential Guard is off, and the device joins an Active Directory domain that doesn't allow the RC4 cipher.
  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds more drivers to the list that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. The latest Windows Servicing Stack Update is integrated in the patch. Any problems caused by the update (Citrix) and installation requirements are listed in the support article.

Updates for Windows Server 2022/23H2

The following updates are available for Windows Server 2022 and Windows Server 23H2.

Update KB5053599 for Windows Server 23H2

A list of updates for Windows Server 23H2 can be found on this Microsoft website. The cumulative update KB5053599 has been released for Windows Server 23H2, which raises the OS build to 25398.1486. The update contains security patches and the following fixes.

  • [Daylight saving time (DST)] This update supports (DST) changes in Paraguay.
  • [Open Secure Shell (OpenSSH) (known issue)] Fixed: The service fails to start, which stops SSH connections. There is no detailed logging, and you must run the sshd.exe process manually.
  • [GB18030-2022] This update adds support for this amendment.
  • [Azure Virtual Network] Fixed: You can turn off the VNET metering feature with the following registry key.
    Registry key: HKLM\CurrentControlSet\Services\NcHostAgent\Parameters\Plugins\Vnet
    Registry value:MeteringDisabled (DWORD type)
    Data to be set: 1

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. The latest Windows Servicing Stack Update is integrated in the patch. Any problems caused by the update (Citrix) and installation requirements are listed in the support article

Advertising

Update KB5053603 for Windows Server 2022

A list of updates for Windows Server 2022 can be found on this Microsoft website. The cumulative update KB5053603 has been released for Windows Server 2022, which raises the OS build to 20348.3328. The update contains security patches and the following fixes:

  • [Daylight saving time (DST)] This update supports (DST) changes in Paraguay.
  • [Open Secure Shell (OpenSSH) (known issue)] Fixed: The service fails to start, which stops SSH connections. There is no detailed logging, and you must run the sshd.exe process manually.
  • [GB18030-2022] This update adds support for this amendment.
  • [Azure Virtual Network] Fixed: You can turn off the VNET metering feature with the following registry key.
    Registry key: HKLM\CurrentControlSet\Services\NcHostAgent\Parameters\Plugins\Vnet
    Registry key: MeteringDisabled (DWORD type)
    Data to be set: 1

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. The current Windows Servicing Stack Update is integrated in the patch. Any problems caused by the update and installation requirements are listed in the support article.

Updates for Windows Server 2016/2019

A list of updates for Windows Server 2016 and 2019 can be found on this Microsoft website. I have extracted the relevant update information below.

Update KB5053596 for Windows Server 2019

Cumulative Update KB5053596 is not only available for Windows 10 2019 Enterprise LTSC etc., but also for Windows Server 2019. The update contains security fixes, no bug fixes are listed in the support article.

The update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog, via WSUS and WUfB. Microsoft has also updated the Service Stack Update (SSU). Please note the installation sequence described in the support article and, if applicable, the notes on further requirements and any existing problems.

Update KB5053594 for Windows Server 1607

Cumulative Update KB5053594 is not only available for Windows 10 2016 Enterprise LTSC, but also for Windows Server 2016. The update contains security fixes, no bug fixes are listed in the support article.

The update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog, via WSUS and WUfB. Microsoft has also updated the Service Stack Update (SSU). Please note the installation requirements described in the support article and any information on existing problems.

Updates for Windows Server 2012 / R2

Windows Server 2012/R2 will no longer be supported in October 2023 and will only receive updates with an ESU license. Please note the information on the installation sequence for Windows Server that Microsoft provides in the KB articles

Update KB5053887 for Windows Server 2012 R2

The update history for Windows Server 2012 R2 can be found on this Microsoft page. Update KB5053887 (Monthly Rollup for Windows Server 2012 R2) has been released for Windows Server 2012 R2 for systems with an ESU license. The update eliminates various vulnerabilities and brings the following fixes.

  • [Use-after-free (UAF) risk] Fixed: A race condition might lead to a UAF risk during process creation.
  • [Daylight saving time (DST)] This update supports DST changes in Paraguay. For more information, see the Daylight Saving Time & Time Zone Blog.

This update is automatically downloaded and installed by Windows Update in Windows Server 2012 R2, but is also available in the Microsoft Update Catalog and via WSUS. Details on fixes and any known problems in connection with the update are listed in the support article.

There is no security-only update for Windows Server 2012 R2.

Update KB5052020 for Windows Server 2012

The update history for Windows Server 2012 can be found on this Microsoft page. Update KB5053886 (Monthly Rollup for Windows Server 2012) has been released for Windows Server 2012 with ESU license. It contains unspecified security patches and brings the following bug fixes.

  • [Use-after-free (UAF) risk] Fixed: A race condition might lead to a UAF risk during process creation.
  • [Daylight saving time (DST)] This update supports DST changes in Paraguay. For more information, see the Daylight Saving Time & Time Zone Blog.

This update is available in the Microsoft Update Catalog and via WSUS. For a manual installation, the latest Servicing Stack Update (SSU) must be installed beforehand – although this SSU can no longer be uninstalled. Problems in connection with the update are listed in the KB article.

There is no security-only update for Windows Server 2012.

If in doubt, details on the above updates can be found in the respective Microsoft KB articles.

Similar articles:
Microsoft Security Update Summary (March 11, 2025)
Patchday: Windows 10/11 Updates (March 11, 2025)
Patchday: Windows Server-Updates (March 11, 2025)
Patchday: Microsoft Office Updates (March 11, 2025)

Advertising
This entry was posted in Security, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).