KB5052020 ESU for Windows Server 2012

KB5052020 is the ESU Monthly Rollup Update for Windows Server 2012. It was released on 11 February 2025 under the ‘Patch Tuesday’ program.

Salient points

KB5052020 supersedes KB5050004 released in January 2025.
KB5052020 requires a new Servicing Stack Update to be installed prior to installing the main monthly rollup update. KB5052109 is the SSU corresponding to KB5052020 Without the installation of KB5052109, the ESU KB5052020 cannot be installed. For WSUS administrators, KB5052109 needs to be approved before KB5052020 will be fetched and deployed automatically.
If you install language pack after installing KB5052020, you would need to reinstall the security update. All language pack installations must be completed before installing the monthly rollup update on Windows Server 2012.
KB5052020 is an Extended Security Update. A valid subscription key to the ESU program is required before installing the monthly rollup update.
You will also need to install KB5051972 IE Cumulative Update for patching Internet Explorer 11 on Windows Server 2012.
Windows Server 2012 is impacted by 24 security vulnerabilities reported in February 2025 security bulletin.
One of these vulnerabilities have CRITICAL severity.
There is a CRITICAL vulnerability with CVSS score of 8.1. CVE-2025-21376 impacts Windows Lightweight Directory Access Protocol (LDAP) and could lead to Remote Code Execution attacks. This vulnerability affects Windows Server 2012.
Two zero-day vulnerabilities affect Windows Server 2012 and Windows Server 2012 Server Core installation.
CVE-2025-21377 (zero-day) is an NTLM Hash Disclosure Spoofing with CVSS score of 6.5.
CVE-2025-21418 (zero-day) is an Elevation of Privilege Vulnerability affecting Windows Ancillary Function Driver for WinSock. It has a CVSS score of 7.8.
The issue with language pack continues to impact Windows Server 2012. If you install a language pack after installing KB5052020, you will need to reinstall the security update. The ESU needs to be installed on top of the language pack for Windows Server 2012.

Servicing Stack Update KB5052109

The Servicing Stack Update for Windows Server 2012 for February 2025 is KB5052109. It corresponds to KB5052020.

For automated deployments of KB5052020 through the Windows Update program, the Servicing Stack Update KB5052109 is offered for installation as part of the installation process of the monthly rollup update KB5052020. No further action is needed to install KB5052109 for automated installations of KB5052020.

Download KB5052109 from the Microsoft Update Catalog page – 10 MB

The Servicing Stack Update file is a small file of 10 MB. Upon installation, it would not cause server reboot.

Once the SSU is installed, you can proceed with the installation of the main monthly rollup update KB5052020.

Download KB5052020

You can download the monthly rollup update KB5052020 for Windows Server 2012 from the Windows Update Catalog page shared below:

Download KB5052020 from the Microsoft Update Catalog page (457.4 MB)

We would reiterate that you need a valid ESU program subscription before you could install the ESU KB5052020 on Windows Server 2012.

KB5052020 – Changelog

Since this is an ESU, the focus remains on securing the Windows Server 2012 deployments. The following changes have been reported for KB5052020:

[USB cameras] Fixed: Your device does not recognize the camera is on. This issue occurs after you install the January 2025 security update.
[Digital/Analog converter (DAC)] Fixed: You might experience issues with USB audio devices. This is more likely when you use a DAC audio driver based on USB 1.0. USB audio devices might stop working, which stops playback.

KB5051972 for Internet Explorer

You will also need to install KB5051972 Internet Explorer Cumulative Update. This Internet Explorer update is for Internet Explorer version 11.

KB5051972 is additional to the cumulative ESU update KB5052020. It is also an ESU or Extended Security Update and needs to be installed on Windows Server 2012 for full security coverage.

For automated installations through the WSUS program, IE Cumulative Update KB5051972 will be automatically installed on the Windows Server 2012 once you have authorized KB5052020.

For manual deployments, you can download the IE Cumulative ESU update KB5051972 from the following catalog link:

Download KB5051972 for Windows Server 2012 – 75 MB

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.