KB5068861 is the cumulative update for Windows Server 2025 version 24H2. It was released on 11 November 2025 under the ‘Patch Tuesday’ program of Microsoft.
Salient points
- KB5068861 supersedes October 2025 cumulative update KB5066835 for Windows Server 2025.
- KB5068861 includes all changes that are part of the out of band or OOB update KB5070773. The OOB update was last released on 20 October 2025.
- It also includes all changes that are part of the preview update KB5067036 released on 28 October 2025.
- KB5068861 corresponds to build 26100.7171.
- In November, a total of 63 security vulnerabilities are reported by Microsoft in the latest security report.
- 32 security vulnerabilities have been reported in November 2025 security bulletin for Windows Server 2025.
- 2 of these 32 vulnerabilities have CRITICAL severity level. Information about CRITICAL vulnerabilities is in the vulnerabities section below.
- One zero-day vulnerability affects Windows Server 2025.
- The Servicing Stack Update corresponding to KB5068861 is KB5067035 (26100.7010). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- The AI components have been updated to versions 1.2510.1159.0. The AI components updated include the image search, content extraction, and semantic analysis.
Zero-day vulnerabilities
One zero-day vulnerability affects Windows Server 2025 24H2 edition. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation. In this case, it has been found that the zero-day has been exploited by threat actors. So, immediate patching of the security update is needed.
One zero-day vulnerability has been reported for Windows Server 2025 in November 2025.
- CVE-2025-62215
- CVSS 3.1 – 7.1
- This vulnerability is confirmed zero-day vulnerability as it has been exploited and exploitation has been confirmed.
- The security vulnerability affects Windows Kernel.
- It could lead to Elevation of Privileges
Critical vulnerabilities
The 2 CRITICAL vulnerabilities affecting Windows Server 2025 are shared below.
We strongly recommend installing KB5068861 on Windows Server 2025 to protect against these security vulnerabilities. There is a CVSS 9.8 security vulnerability affecting the Windows Server 2025 platform.
| CVE-2025-60724 | 9.8 | Remote Code Execution in GDI+. |
| CVE-2025-60716 | 7 | Elevation of Privilege vulnerability in DirectX Graphics Kernel. |
(RCE is Remote Code Execution)
AI Components
The following AI components for Windows Server 2025 have been updated to the latest version 1.2510.1159.0:
- Image Search
- Content Extraction
- Semantic Analysis
- Settings Model
Download KB5068861
You may download the offline installer file for KB5068861 from the catalog site link shared below:
The update file is available for x64 and ARM64 deployments. Upon installation of KB5068861, the server would restart. So, do plan as a structured change.
Changelog – KB5068861
The following changes or improvements are part of KB5068861 for Windows Server 2025:
- This update addresses security issues detected and shared for Windows Server 2025 24H2 editions.
- [Gaming]
- [Storage] Fixed: This update addresses an issue that could cause some Storage Spaces to become inaccessible or Storage Spaces Direct to fail when creating a storage cluster.
- [System utilities (known issue)] Fixed: This update addresses an issue where closing Task Manager with the Close button didn’t fully end the process, leaving background instances that could slow performance over time. This might occur after installing KB5067036.
- [Voice Access] Fixed: This update addresses an issue where Voice Access failed during initial setup if no microphone was connected and the voice model wasn’t installed.
- [Window management] Fixed: This update addresses an issue where selecting the desktop could unexpectedly open Task View.
- [Networking] Fixed: This update fixes an issue in the HTTP.sys request parser, a Windows component that reads and processes HTTP requests. The parser allowed a single line break within HTTP/1.1 chunk extensions, where the RFC 9112 standard requires a carriage return and line feed (CRLF) sequence to terminate each chunk. This can cause a parsing discrepancy when front end proxies are a part of the setup.
To turn off strict parsing, use the following registry key:Registry Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Http\Parameters]Registry value: “HttpAllowLenientChunkExtParsing”=dword:00000001Data to be set: 1
Important Reminder for Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.