KB5035885 Monthly Rollup ESU for Windows Server 2012 R2

KB5035885 is the cumulative monthly rollup update for Windows Server 2012 R2. It was released on 12 March 2024 under the ‘Patch Tuesday’ program of Microsoft.

Windows Server 2012 R2 reached ‘End of Support’ on 10 October 2023. Going forward, ESU or Extended Security Updates will be available for Windows Server 2012 R2.

ESU or Extended Security Updates are cumulative. You can buy ESU for Windows Server 2012 R2 on an annual renewal basis until October 2026.

Salient points

  • KB5035885 is the monthly rollup update (ESU or Extended Security Update) for Windows Server 2012 R2 and supersedes the KB5034819 update.
  • KB5034819 was released on 13 February 2024. You can read more about it on the KB5034819 page.
  • KB5035968 is the Servicing Stack Update that corresponds to KB5035885. The SSU was released on 12 March 2024. You would need to deploy KB5035968 before installing the KB5035885 monthly rollup update.
  • 28 security vulnerabilities affect Windows Server 2012 R2 as part of the February 2024 security report.
  • One CRITICAL security vulnerability affects Windows Server 2012 R2. You can read more about this vulnerability in the vulnerabilities section.
  • The issue with language packs continues to affect Windows Server 2012 R2. If you install a language pack after installing KB5035885, you will need to re-install the KB5035885 update. This is because installing a language pack renders the monthly rollup update infructitious.

To install KB5035885, you will need a valid key for the Extended Security Updates because the Windows Server 2012 R2 attained End of Support status on 10 October 2023.

Download KB5035885

KB5035885 is a cumulative monthly rollup update of the type of an Extended Security Update. It can be installed automatically or through a manual approach.

For automatic patching of the monthly rollup update, you could use one of the following methods:

  • Windows Update
  • WSUS or Windows Server Update Service

WSUS remains the best method to automatically import and deploy security updates or cumulative updates on Windows Servers. We strongly suggest using WSUS as the preferred method for rolling out updates.

However, you will still need a valid key to apply the Extended Security Updates on Windows Server 2012 R2.

For manual installation, you can download the offline installer files from the Microsoft Update Catalog site. Alternatively, you can use the direct download links for KB5034819 shared below.

The manual installation of KB5035885 involves the following 2 steps:

  1. Download and install KB5035968 Servicing Stack Update
  2. Download and install the KB5035885 Cumulative Update (Extended Security Update)

For each of these updates, we have shared the download links below.

Download KB5035968

The Servicing Stack Update file for KB5034866 has a size of 10.5 MB. Servicing Stack Updates, upon installation, do not cause the server to reboot. This Servicing Stack Update was released in March 2024.

Download KB5035885

The download links for KB5035885 are shared hereunder.

The size of the offline installer file for KB5035885 is 587 MB.

The server will reboot post-installation of the monthly rollup update. So, we do suggest installing the cumulative update as part of an organized change process within the IT infrastructure.

If you have already installed KB5034819, only the incremental changes of KB5035885 will be downloaded and installed on the Windows Server 2012 R2.


There are 28 security vulnerabilities that have been disclosed for Windows Server 2012 R2 as part of the March 2024 security bulletin released by Microsoft.

We have listed the single CRITICAL threat that affects Windows Server 2012 R2 below.

CRITICAL vulnerabilities

One CRITICAL security vulnerability affects Windows Server 2012 R2. This is a ‘Remote Code Execution’ vulnerability.

CVE detailsCVSSImpactDescription
CVE-2024-214078.1Remote Code ExecutionThe threat affects Windows Hyper-V.

This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.

The following changes are part of the KB5035885 monthly rollup update (Extended Security Updates) for Windows Server 2012 R2.

  • This update contains miscellaneous security improvements to internal Windows OS functionality.
  • This update brings in security changes for Windows Server 2012 R2.
  • The Local Security Authority (LSA) might fail while interfacing with third-party software.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.