KB5046612 for Windows Server 2016

KB5046612 is the cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. It was released on 12 November, 2024 under the ‘Patch Tuesday’ release cycle.

Salient points

  • KB5046612 supersedes October 2024 cumulative update KB5044293.
  • KB5046612 corresponds to server build 14393.7515.
  • Windows Server 2016 is impacted by two zero-day vulnerabilities.
  • CVE-2024-43451 (CVSS 6.5 out of 10) is a zero-day NTLM Hash Disclosure Spoofing Vulnerability. It’s patched in KB5046612.
  • CVE-2024-49039 (CVSS 8.8 out of 10) is a zero-day Windows Task Scheduler Elevation of Privilege Vulnerability. It is patched in KB5046612.
  • 25 security vulnerabilities have been reported in November security bulletin for Windows Server 2016.
  • One of these 25 vulnerabilities has a CRITICAL severity.
  • CVE-2024-43639 is a CVSS 9.8 Remote Code Execution vulnerability. It impacts the Windows Server 2016.
  • The Servicing Stack Update corresponding to KB5046612 is KB5043124. Read the SSU section for more details about installation.

Servicing Stack Update KB5043124

KB5043124 is the Servicing Stack Update (SSU) for Windows Server 2016. For automated deployments of KB5046612, KB5043124 is automatically offered for installation as part of the installation of the main cumulative update.

For manual installations of KB5046612, you would need to download and install KB5043124 before installing KB5046612.

You can download the SSU KB5043124 from the Microsoft Update Catalog page:

Installing the Servicing Stack Update would not cause the server to reboot or restart. So, you could directly proceed with the installation of the main cumulative update for Windows Server 2016.

Download KB5046612

You may download the offline installer file for KB5046612 from the catalog site link shared below:

Upon installation of KB5046612, the server would restart.

Changelog – KB5046612

The following changes or improvements are part of KB5046612 for Windows Server 2016:

  • [vmswitch] Fixed: A vmswitch triggers a stop error. This occurs when you use Load Balancing and Failover (LBFO) teaming with two virtual switches on a virtual machine (VM). In this case, one virtual switch uses single root Input/Output virtualization (SR-IOV). ​​​​​​​
Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.