KB5050008 for Windows Server 2019 – January 2025

KB5050008 is the cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 14 January, 2025 under the ‘Patch Tuesday’ release cycle.

Salient points

  • KB5050008 supersedes December 2024 cumulative update KB5048661.
  • KB5050008 corresponds to server build 17763.6775.
  • 117 security vulnerabilities have been reported for Windows Server 2019 as part of the January security updates.
  • There are 7 security vulnerabilities with CRITICAL severity.
  • There is a CRITICAL vulnerability with CVSS score of 9.8. CVE-2025-21307 impacts Windows Reliable Multicast Transport Driver (RMCAST) and could lead to Remote Code Execution attacks.
  • A zero-day vulnerability CVE-2025-21308 also affects Windows Server 2019. It is a Windows Theme Spoofing vulnerability with CVSS score of 6.5.
  • The Servicing Stack Update corresponding to KB5050008 is KB5050110 (17763.6763). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
  • KB5005112 is the SSU that must be already deployed on Windows Server 2019. If you have not deployed this SSU, please download KB5005112 and apply on the server. This is a very old SSU released in August 2021. If you have followed the update release cycle, there is a high chance that you already have this patch on the server. SSU installation does not cause server reboot.

Download KB5050008

You may download the offline installer file for KB5050008 from the catalog site link shared below:

Upon installation of KB5050008, the server would restart.

Changelog – KB5050008

The following changes or improvements are part of KB5050008 for Windows Server 2019:

  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.​​​​​​​
  • This update addresses security issues for your Windows operating system. 

Known issues

There are reported issues in installing January security updates on Citrix environments.

  • Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. For workarounds shared by Citrix, see Citrix’s documentation.
  • A second known issue affects OpenSSH. Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. For workaround instructions, please check the documentation or release notes for KB5050008. Or, you may follow the instructions below.

Issue description – some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.

Temporary Workaround – Microsoft is working on fix for the OpenSSH issue. In the interim, you may use the temporary workaround instructions released by Microsoft:

Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps:

  1. Open PowerShell as an Administrator.
  2. Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed.Use the following commands to update the permissions:$directoryPath = “C:\ProgramData\ssh” $acl = Get-Acl -Path $directoryPath $sddlString = “O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)” $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm(“All”)) Set-Acl -Path $directoryPath -AclObject $acl
  3. Repeat the above steps for C:\ProgramData\ssh\logs.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.