KB5050004 for Windows Server 2012 – ESU January 2025

KB5050004 is the ESU Monthly Rollup Update for Windows Server 2012. It was released on 14 January 2025 under the ‘Patch Tuesday’ program.

Salient points

  • KB5050004 supersedes KB5048699 released in December 2024.
  • KB5050004 requires a new Servicing Stack Update to be installed prior to installing the main monthly rollup update. KB5050116 is the SSU corresponding to KB5050004 Without the installation of KB5050116, the ESU KB5050004 cannot be installed.
  • If you install language pack after installing KB5050004, you would need to reinstall the security update. All language pack installations must be completed before installing the monthly rollup update on Windows Server 2012.
  • KB5050004 is an Extended Security Update. A valid subscription key to the ESU program is required before installing the monthly rollup update.
  • Windows Server 2012 is impacted by 93 security vulnerabilities reported in January 2025 security bulletin.
  • Seven of these vulnerabilities have CRITICAL severity.
  • There is a CRITICAL vulnerability with CVSS score of 9.8. CVE-2025-21307 impacts Windows Reliable Multicast Transport Driver (RMCAST) and could lead to Remote Code Execution attacks. This vulnerability impacts Windows Server 2012.
  • Windows Themes Spoofing Vulnerability CVE-2025-21308 is a CVSS 6.5 vulnerability with a zero-day status. It impacts Windows Server 2012.
  • The issue with language pack continues to impact Windows Server 2012. If you install a language pack after installing KB5050004, you will need to reinstall the security update. The ESU needs to be installed on top of the language pack for Windows Server 2012.

Servicing Stack Update KB5050116

The Servicing Stack Update for Windows Server 2012 for January 2025 is KB5050116. It corresponds to KB5050004.

For automated deployments of KB5050004 through the Windows Update program, the Servicing Stack Update KB5050116 is offered for installation as part of the installation process of the monthly rollup update KB5050004. No further action is needed to install KB5050116 for automated installations of KB5050004.

The Servicing Stack Update file is a small file of 10 MB. Upon installation, it would not cause server reboot.

Once the SSU is installed, you can proceed with the installation of the main monthly rollup update KB5050004.

Download KB5050004

You can download the monthly rollup update KB5050004 for Windows Server 2012 from the Windows Update Catalog page shared below:

We would reiterate that you need a valid ESU program subscription before you could install the ESU KB5050004 on Windows Server 2012.

KB5050004 – Changelog

Since this is an ESU, the focus remains on securing the Windows Server 2012 deployments. The following changes have been reported for KB5050004:

  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] Fixed: This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

Internet Explorer Cumulative ESU

In addition to the KB5050004 monthly rollup ESU, you need to install the ESU for Internet Explorer KB5049994.

KB5049994 is a January 2025 cumulative ESU for IE. You need valid ESU subscription key to download or install the ESU on Windows Server 2012 for Internet Explorer.

KB5049994 addresses 7 security vulnerabilities in Internet Explorer.

You can download the KB5049994 for Internet Explorer from the Microsoft Catalog site.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.