KB5052000 for Windows Server 2019 – Feb 2025

by

KB5052000 is the cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 11 February, 2025 under the ‘Patch Tuesday’ release cycle.

Salient points

  • KB5052000 supersedes January 2025 cumulative update KB5050008.
  • KB5052000 corresponds to server build 17763.6893.
  • 33 security vulnerabilities have been reported for Windows Server 2019 as part of the February security updates.
  • There is 1 security vulnerability with CRITICAL severity.
  • There is a CRITICAL vulnerability with CVSS score of 8.1. CVE-2025-21376 impacts Windows Lightweight Directory Access Protocol (LDAP) and could lead to Remote Code Execution attacks.
  • 3 Zero-day vulnerabilities affect Windows Server 2019 and Windows Server 2022 Server Core installation.
  • Three zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2019 Server Core installation.
  • CVE-2025-21391 (zero-day) is an Elevation of Privilege Vulnerability affecting Windows Storage. It has a CVSS score of 7.1.
  • CVE-2025-21377 (zero-day) is an NTLM Hash Disclosure Spoofing with CVSS score of 6.5.
  • CVE-2025-21418 (zero-day) is an Elevation of Privilege Vulnerability affecting Windows Ancillary Function Driver for WinSock. It has a CVSS score of 7.8.
  • The Servicing Stack Update corresponding to KB5052000 is KB5050110 (17763.6763). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed. The SSU remains unchanged from January. KB5050110 is the SSU for KB5050008 and KB5052000.
  • KB5005112 is the SSU that must be already deployed on Windows Server 2019. If you have not deployed this SSU, please download KB5005112 and apply on the server. This is a very old SSU released in August 2021. If you have followed the update release cycle, there is a high chance that you already have this patch on the server. SSU installation does not cause server reboot.

Download KB5052000

You may download the offline installer file for KB5052000 from the catalog site link shared below:

Upon installation of KB5052000, the server would restart.

Changelog – KB5052000

The following changes or improvements are part of KB5052000 for Windows Server 2019:

  • [Microsoft Edge IE mode] Fixed: Pop-up windows open in the background instead of in the foreground.
  • [GB18030-2022] This update adds support for this amendment.
  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.​​​​​​​
  • [Digital/Analog converter (DAC) (known issue)] Fixed: You might experience issues with USB audio devices. This is more likely when you use a DAC audio driver based on USB 1.0. USB audio devices might stop working, which stops playback.
  • [USB cameras] Fixed: Your device does not recognize the camera is on. This issue occurs after you install the January 2025 security update.
  • [USB audio device drivers] Fixed: The code 10 error message, “This device cannot start” appears. This occurs when you connect to certain external audio management devices.

    Known issues

    January issues continue to affect Windows Server 2019 in February too. Both issues are listed below.

    • Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. For workarounds shared by Citrix, see Citrix’s documentation.
    • A second known issue affects OpenSSH. Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. For workaround instructions, please check the documentation or release notes for KB5050008. Or, you may follow the instructions below.

    Issue description – some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.

    Temporary Workaround – Microsoft is working on fix for the OpenSSH issue. In the interim, you may use the temporary workaround instructions released by Microsoft:

    Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps:

    1. Open PowerShell as an Administrator.
    2. Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed.Use the following commands to update the permissions:$directoryPath = “C:\ProgramData\ssh” $acl = Get-Acl -Path $directoryPath $sddlString = “O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)” $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm(“All”)) Set-Acl -Path $directoryPath -AclObject $acl
    3. Repeat the above steps for C:\ProgramData\ssh\logs.

    Rajesh Dhawan

    Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.