KB5037778 ESU for Windows Server 2012 – May 2024

KB5037778 is the cumulative monthly rollup update for Windows Server 2012. It was released on 14 May 2024 under the ‘Patch Tuesday’ program of Microsoft.

Windows Server 2012 reached ‘End of Support’ on 10 October 2023. Going forward, ESU or Extended Security Updates will be available for Windows Server 2012.

ESU or Extended Security Updates are cumulative. You can buy ESU for Windows Server 2012 on an annual renewal basis until October 2026.

Salient points

  • KB5037778 is the monthly rollup update (ESU or Extended Security Update) for Windows Server 2012 for May 2024. It supersedes the KB5036969 update released on 9 April 2024.
  • KB5037022 is the Servicing Stack Update that corresponds to KB5037778. The SSU was released on 14 May 2024. You would need to deploy KB5037022 prior to installing the KB5037778 monthly rollup update.
  • 24 security vulnerabilities affect Windows Server 2012 as part of the May 2024 security report.
  • No CRITICAL security vulnerability affects Windows Server 2012 as per the May 2024 security report.
  • The issue with language packs continues to affect Windows Server 2012. If you install a language pack after installing KB5037778, you will need to re-install the KB5037778 update. This is because installing a language pack renders the monthly rollup update infructitious.

To install KB5037778, you will need a valid key for the Extended Security Updates because the Windows Server 2012 attained End of Support status on 10 October 2023.

Download KB5037778

KB5037778 is a cumulative monthly rollup update of the type of an Extended Security Update. It can be installed automatically or through a manual approach.

For automatic patching of the monthly rollup update, you could use one of the following methods:

  • Windows Update
  • WSUS or Windows Server Update Service

WSUS remains the best method to automatically import and deploy security updates or cumulative updates on Windows Servers. We strongly suggest using WSUS as the preferred method for rolling out updates.

However, you will still need a valid key to apply the Extended Security Updates on Windows Server 2012.

For manual installation, you can download the offline installer files from the Microsoft Update Catalog site. Alternatively, you can use the direct download links for KB5037778 shared below.

The manual installation of KB5037778 involves the following 2 steps:

  1. Download and install KB5037022 Servicing Stack Update
  2. Download and install the KB5037778 cumulative update or the Extended Security Update

For each of these updates, we have shared the download links below.

Download KB5037022

The Servicing Stack Update file for KB5037022 has a size of 10.2 MB. Servicing Stack Updates, upon installation, do not cause the server to reboot. This Servicing Stack Update was released in May 2024.

Download KB5037778

The download links for KB5037778 are shared hereunder.

The size of the offline installer file for KB5037778 is 451.6 MB.

The server will reboot post-installation of the monthly rollup update. So, we do suggest installing the cumulative update as part of an organized change process within the IT infrastructure.


There are 24 security vulnerabilities that have been disclosed for Windows Server 2012 as part of the February 2024 security bulletin released by Microsoft.

No vulnerability has CRITICAL severity level. The following are the impacts of different vulnerabilities that affect Windows Server 2012 in May 2024:

  • Remote Code Execution – 10 vulnerabilities
  • Elevation of Privileges – 8 vulnerabilities
  • Denial of Service – 2 vulnerabilities
  • Information disclosure – 3 vulnerabilities
  • Security Bypass Feature – 1 vulnerability

The following changes are part of the KB5037778 monthly rollup update (Extended Security Updates) for Windows Server 2012.

  • This update contains miscellaneous security improvements to internal Windows OS functionality. 
  • This update brings in security changes for Windows Server 2012.
  • Croatia currency is changed from Krona to Euro.
  • Starting with this update, Next Secure 3 (NSEC3) validation in a Recursive Resolver (also known as a DNS recursor) will be limited to 1,000 computations. Validation of one label with one iteration is considered as one computation. DNS server administrators can change the default number of computations for this validation in their environment by setting the following registry value.Registry keyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\TypeDWORDValue nameMaxComputationForNsec3ValidationValue data1000 (default value)Minimum value: 1Maximum value: 9600
  • Resolves the following known issues after installing the update released April 9, 2024 (KB5036969):
    • A Domain Controller might experience an unexpectedly high NTLM authentication load.
    • Your VPN connection might fail.
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.