KB5053594 is the cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. It was released on 11 March, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5053594 supersedes February 2025 cumulative update KB5052006.
- KB5053594 corresponds to server build 14393.7876.
- Windows Server 2016 is impacted by 6 zero-day vulnerabilities that are being publicly known or exploited.
- 33 security vulnerabilities have been reported for Windows Server 2016 in March 2025.
- 4 of these vulnerabilities have CRITICAL severity.
- CVE-2025-26645, CVE-2025-24064, CVE-2025-24045, and CVE-2025-24035 are the 4 CRITICAL vulnerabilities.
- The Servicing Stack Update corresponding to KB5053594 is KB5054006. This SSU was released in March 2025. For automated deployments (Windows Update and Windows Update for Business), it is included in the main cumulative update. For manual patching, you will need to download and install the SSU KB5054006 before installing KB5053594.
Servicing Stack Update KB5054006
KB5054006 is the Servicing Stack Update (SSU) for Windows Server 2016. For automated deployments of KB5053594, KB5054006 is automatically offered for installation as part of the installation of the main cumulative update.
For manual installations of KB5053594, you would need to download and install KB5054006 before installing KB5053594.
You can download the SSU KB5054006 from the Microsoft Update Catalog page:
Installing the Servicing Stack Update would not cause the server to reboot or restart. So, you could directly proceed with the installation of the main cumulative update for Windows Server 2016.
Download KB5053594
You may download the offline installer file for KB5053594 from the catalog site link shared below:
Upon installation of KB5053594, the server would restart.
Zero-day Vulnerabilities
6 security vulnerabilities with zero-day threat levels affect Windows Server 2016 and Windows Server 2016 Server Core installation. A list of these zero-day vulnerabities is shared below.
| CVE | Title | Severity | CVSS | Type |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | Important | 7 | SFB |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | Important | 7.8 | RCE |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | Important | 4.6 | Info |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | Important | 5.5 | Info |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | Important | 7.8 | RCE |
| CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important | 7 | EoP |
Changelog – KB5053594
The following changes or improvements are part of KB5053594 for Windows Server 2016:
- [Temporary files] This update enables system processes to store temporary files in a secure directory “C:\Windows\SystemTemp” via either calling GetTempPath2 API or using .NET’s GetTempPath API, thereby reducing the risk of unauthorized access.
- [Use-after-free (UAF) risk] Fixed: A race condition might lead to a UAF risk during process creation.
- [Daylight saving time (DST)] Updated: DST changes for Paraguay. For more information, see the Daylight Saving Time & Time Zone Blog.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.