KB5052006 for Windows Server 2016 – Feb 2025

KB5052006 is the cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. It was released on 11 February, 2024 under the ‘Patch Tuesday’ release cycle.

Salient points

• KB5052006 supersedes January 2025 cumulative update KB5049993.
• KB5052006 corresponds to server build 14393.7785.
• Windows Server 2016 is impacted by 3 zero-day vulnerabilities.
• 32 security vulnerabilities have been reported for Windows Server 2016 in February 2025.
• 1 of these vulnerabilities have CRITICAL severity.
• There is a CRITICAL vulnerability with CVSS score of 8.1. CVE-2025-21376 impacts Windows Lightweight Directory Access Protocol (LDAP) and could lead to Remote Code Execution attacks.
• Three zero-day vulnerabilities affect Windows Server 2016 and Windows Server 2016 Server Core installation.
• CVE-2025-21391 (zero-day) is an Elevation of Privilege Vulnerability affecting Windows Storage. It has a CVSS score of 7.1.
• CVE-2025-21377 (zero-day) is an NTLM Hash Disclosure Spoofing with CVSS score of 6.5.
• CVE-2025-21418 (zero-day) is an Elevation of Privilege Vulnerability affecting Windows Ancillary Function Driver for WinSock. It has a CVSS score of 7.8.
• There is a CRITICAL vulnerability with CVSS score of 9.8. CVE-2025-21307 impacts Windows Reliable Multicast Transport Driver (RMCAST) and could lead to Remote Code Execution attacks.
• The Servicing Stack Update corresponding to KB5052006 is KB5050109. This SSU was released in January 2025. No new SSU has been released for February 2025. For automated deployments, it is included in the main cumulative update. For manual patching, you will need to download and install the SSU KB5050109 before installing KB5052006.
• To install any LCU dated January 14, 2025 and later, you must first install the SSU KB5050109. If your device or offline image does not have this SSU, you cannot install LCUs dated January 14, 2025 and later. If you are a WSUS admin, you must approve KB5050109 and KB5052006​​​​​​​.

Servicing Stack Update KB5050109

KB5050109 is the Servicing Stack Update (SSU) for Windows Server 2016. For automated deployments of KB5052006, KB5050109 is automatically offered for installation as part of the installation of the main cumulative update.

For manual installations of KB5052006, you would need to download and install KB5050109 before installing KB5052006.

You can download the SSU KB5050109 from the Microsoft Update Catalog page:

• Download KB5050109 from the Microsoft Update Catalog site (11.7 MB)

Installing the Servicing Stack Update would not cause the server to reboot or restart. So, you could directly proceed with the installation of the main cumulative update for Windows Server 2016.

Download KB5052006

You may download the offline installer file for KB5052006 from the catalog site link shared below:

• Download KB5052006 from the Microsoft Update Catalog (1668.3 MB)

Upon installation of KB5052006, the server would restart.

Changelog – KB5052006

The following changes or improvements are part of KB5052006 for Windows Server 2016:

• [USB cameras] Fixed: Your device does not recognize the camera is on. This issue occurs after you install the January 2025 security update.
• [USB audio device drivers] Fixed: The code 10 error message, “This device cannot start” appears. This occurs when you connect to certain external audio management devices.  ​​​​​​​
• [Digital/Analog converter (DAC) (known issue)] Fixed: You might experience issues with USB audio devices. This is more likely when you use a DAC audio driver based on USB 1.0. USB audio devices might stop working, which stops playback.