Patchday: Windows Server-Updates (May 13,  2025)

Posted on 2025-05-14 by guenni

Windows[German]On May 13, 2025 (second Tuesday of the month, Patchday at Microsoft) various cumulative updates were released for the supported versions of Windows Server. Below I have extracted the provided updates along with some details for these Windows Server versions (from Windows Server 2012 to 2025).

Advertising


The updates listed below fix the vulnerabilities described in the blog post Microsoft Security Update Summary (May 13, 2025), that are relevant for Windows Server.

Updates for Windows Server 2025

A list of updates for Windows Server 2025 can be found on this Microsoft website. The cumulative update KB5058411 has been released for Windows Server 2025, which contains security patches and the following fixes:

  • [Audio] Fixed: This update addresses an issue where the audio from your microphone might mute unexpectedly.
  • [Eye controller] Fixed: The eye controller app doesn't launch.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. The latest Windows Servicing Stack Update is integrated in the patch. Any problems caused by the update (Citrix) and installation requirements are listed in the support article.

Updates for Windows Server 2022/23H2

The following updates are available for Windows Server 2022 and Windows Server 23H2.

Update KB5058384 for Windows Server 23H2

A list of updates for Windows Server 23H2 can be found on this Microsoft website. The cumulative update KB5058384 has been released for Windows Server 23H2, which contains security patches and the following fixes.

  • [Graphics] Fixed: This update addresses an issue where users are unable to export or generate PDF or XLSX format reports with charts.
  • [Graphics kernel] Fixed: This update addresses an issue that affects users trying to start a new console session after closing the previous one, where the new session doesn't start successfully.
  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. The latest Windows Servicing Stack Update is integrated in the patch. Any problems caused by the update (Citrix) and installation requirements are listed in the support article.

Advertising

Update KB5058385 for Windows Server 2022

A list of updates for Windows Server 2022 can be found on this Microsoft website. The cumulative update KB5058385 has been released for Windows Server 2022, which raises the OS build to 20348.3454. The update includes security patches and the following fixes:

  • [Desktop Windows Manager (DVM)] Fixed: This update addresses an issue that affects the DWM, where it stops responding due to an access error in dwmredir.dll during remote session while connection or disconnection, resulting in a black or grey screen.
  • [Graphics kernel] Fixed: This update addresses an issue that occurs when starting a new console session after closing the previous one, and the new session doesn't start successfully.
  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)]​​​​​​​ This update applies improvements to SBAT for the detection of Linux systems
  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

This update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog and via WSUS and WUfB. The current Windows Servicing Stack Update is integrated in the patch. Any problems caused by the update and installation requirements are listed in the support article.

Updates for Windows Server 2016/2019

A list of updates for Windows Server 2016 and 2019 can be found on this Microsoft website. I have extracted the relevant update information below.

Update KB5058392 for Windows Server 2019

Cumulative Update KB5058392 is not only available for Windows 10 2019 Enterprise LTSC etc., but also for Windows Server 2019. The update contains security fixes, improvements and bug fixes:

  • [OS Security] Updates to the Windows Kernel Vulnerable Driver Blocklist (DriverSiPolicy.p7b). Additions have been made to blocklist drivers with security vulnerabilities that have been used in Bring Your Own Vulnerable Driver (BYOVD) attacks.
  • [GRFX-Graphics] This update addresses an issue causing an error message on a blue screen particularly in cases linked to recent GDI updates with CHS GB18030-2022 fonts. Corruption occurs while the associated thread remains active, leading to an error message.
  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies improvements to SBAT for the detection of Linux systems.

The update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog, via WSUS and WUfB. Microsoft has also updated the Service Stack Update (SSU). Please note the installation sequence described in the support article and, if applicable, the notes on further requirements and any existing problems.

Update KB5058383 for Windows Server 1607

Cumulative Update KB5058383 is not only available for Windows 10 2016 Enterprise LTSC, but also for Windows Server 2016. The update contains security fixes, bug fixes and improvements, which will be listed in the support article where applicable.

The update is automatically downloaded and installed by Windows Update, but is also available in the Microsoft Update Catalog, via WSUS and WUfB. Microsoft has also updated the Service Stack Update (SSU). Please note the installation requirements described in the support article and any information on existing problems.

Updates for Windows Server 2012 / R2

Windows Server 2012/R2 will no longer be supported in October 2023 and will only receive updates with an ESU license. Please note the installation order for Windows Server that Microsoft provides in the KB articles. The installation of this extended security update (ESU) may fail if installed on an Azure Arc-enabled device.

Update KB5058403 for Windows Server 2012 R2

The update history for Windows Server 2012 R2 can be found on this Microsoft page. Update KB5058403 (Monthly Rollup for Windows Server 2012 R2) has been released for Windows Server 2012 R2 for systems with an ESU license. The update eliminates various vulnerabilities and brings the following fixes.

[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies improvements to SBAT for the detection of Linux systems.

This update is automatically downloaded and installed by Windows Update in Windows Server 2012 R2, but is also available in the Microsoft Update Catalog and via WSUS. Details on fixes and any known problems in connection with the update are listed in the support article.

There is no security-only update for Windows Server 2012 R2.

Update KB5058451 for Windows Server 2012

The update history for Windows Server 2012 can be found on this Microsoft page. Update KB5058451 (Monthly Rollup for Windows Server 2012) has been released for Windows Server 2012 with ESU license. It contains unspecified security patches and brings the following bug fixes.

[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies improvements to SBAT for the detection of Linux systems.

This update is automatically downloaded and installed by Windows Update in Windows Server 2012 R2, but is also available in the Microsoft Update Catalog and via WSUS. In the case of a manual installation, the latest Servicing Stack Update (SSU) must be installed beforehand – although this SSU can no longer be uninstalled. Problems in connection with the update are listed in the KB article.

There is no security-only update for Windows Server 2012.

If in doubt, details on the above updates can be found in the respective Microsoft KB articles.

Similar articles:
Microsoft Security Update Summary (May 13, 2025)
Patchday: Windows 10/11 Updates (May 13,  2025)
Patchday: Windows Server-Updates (May 13,  2025)
Patchday: Microsoft Office Updates (May 13, 2025)

Windows 10/11: Preview Updates April 22 and 25, 2025

Advertising
This entry was posted in Security, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).