KB5025228 cumulative update for Windows Server 2016

KB5025228 is the cumulative update for the month of April 2023 for Windows Server 2016 and Windows Server 2016 Server core installation. This update addresses security vulnerabilities and brings in product improvements for Windows Server 2016.

KB5025228 has now been superseded by KB5026363. You can read more about KB5026363 on this page.

Key points about the KB5025228 update for Windows Server 2016

  • KB5025228 corresponds to server build 14393.5850. If you did deploy the March 2023 cumulative update, you will be upgrading from server build 14393.5786 to 14393.5850.
  • There are 66 disclosed vulnerabilities for Windows Server 2016 in April’s security bulletin. Out of these 66 threats, 6 vulnerabilities carry a ‘CRITICAL’ severity level. There are two threats that have a CVSS score of 9.8. Details of these vulnerabilities are shared in the vulnerability section. All 6 CRITICAL vulnerabilities are of the type of ‘Remote Code Execution’.
  • The Servicing Stack Update KB5023788 needs to be deployed on the server prior to installing KB5025228. KB5023788 was released in March 2023. If you did deploy the March 2023 cumulative update KB5023697, there are chances that the Servicing Stack Update or SSU is already installed on the Windows Server 2016.

Download KB5025228 for Windows Server 2016

You can install KB5025228 manually through an offline installer file. The offline installer file is in .MSU format. You can download it from the Microsoft Update Catalog page for KB5025228. A direct download link for the MSU file is shared below.

Prior to installing KB5025228, we need to make sure that the KB5023788 Servicing Stack Update is also deployed. So, our download sequence should involve the download of the SSU KB5023788 and cumulative update KB5025228.

Security update or SSUDownload linkSize of the update
KB5023788Download 11.7 MB
KB5025228Download1537.2 MB

Alternatively, you can download the offline installer directly from the Microsoft Update catalog site.

You need to deploy the SSU before installing the main security update.

When you deploy the SSU, there will be no server restart. However, installation of the cumulative update will need a server restart. So, you may have to plan the installation of the cumulative update.

Apart from manual deployment, you can also use one of the following automated strategies to patch KB5025228 on Windows Server 2016:

  • Windows Update
  • WSUS or Windows Server Update Service
  • Windows Update for Business

In the case of automated installation, you will notice that the Servicing Stack Update is automatically installed before the main release version of cumulative update KB5025228 is installed.

Also, the cumulative update is in excess of 1.5 GB in size. The Rollout of this update will take some time, and therefore, a change management schedule is best for implementing KB5025228.

Security vulnerabilities on Windows Server 2016

April month’s security bulletin for Windows Server 2016 contains 66 different security threats. Out of these 66 vulnerabilities, 6 are of ‘CRITICAL’ severity and the remaining carry the ‘IMPORTANT’ severity levels.

It may be worth reiterating that all these 66 security threats also affect the Windows Server 2016 Server core installation version.

Zero day threats on Windows Server 2016

An old threat has been republished by Microsoft as exploitation attempts have been detected to harness the vulnerability in the way WinVerifyTrust Signature Validation works on Windows servers and desktop operating systems.

The two zero-day threats that affect Windows Server 2016 and Windows Server 2016 Server core installation are:

VulnerabilityCVE TitleCVSS ScoreVulnerability scope
CVE-2013-3900WinVerifyTrust Signature Validation7.4Remote code execution
CVE-2022-43552Windows Common Log File System Driver 7.8Elevation of Privilege Vulnerability

Apart from these zero-day threats, there are 6 ‘CRITICAL’ vulnerabilities that affect Windows Server 2016 and Windows Server 2016 Server Core installation. The details of these vulnerabilities are shared in brief below.

CRITICAL vulnerabilities affecting Windows Server 2016

VulnerabilityCVE TitleCVSS ScoreVulnerability scope
CVE-2023-21554Microsoft Message Queuing9.8Remote Code Execution
CVE-2023-28250Windows Pragmatic General Multicast (PGM)9.8Remote Code Execution
CVE-2023-28231DHCP Server Service8.8Remote Code Execution
CVE-2023-28219Layer 2 Tunneling Protocol8.1Remote Code Execution
CVE-2023-28220Layer 2 Tunneling Protocol8.1Remote Code Execution
CVE-2023-28232Windows Point-to-Point Tunneling Protocol7.5Remote Code Execution

All these 6 vulnerabilities carry an impact of ‘Remote Code Execution’.

KB5025228 – Changelog

The following changes have been implemented under the KB5025228 cumulative update for Windows Server 2016:

  • This update affects the Arab Republic of Egypt. The update supports the government’s daylight saving time change order for 2023.
  • This update addresses an issue that affects Microsoft Edge IE mode and pages that use predictive prerendering. Edge IE mode does not support predictive prerendering. Because of this, a page that uses prerendering will load as if it was not in use.
  • This update addresses compatibility issues that affect some printers. These printers use Windows Graphical Device Interface (GDI) printer drivers. These drivers do not completely adhere to GDI specifications.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.