KB5053596 is the cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 11 March, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5053596 supersedes February 2025 cumulative update KB5052000.
- KB5053596 corresponds to server build 17763.7009.
- 32 security vulnerabilities have been reported for Windows Server 2019 as part of the March security updates.
- There are 4 security vulnerabilities with CRITICAL severity.
- CVE-2025-26645, CVE-2025-24064, CVE-2025-24045, and CVE-2025-24035 are the 4 CRITICAL vulnerabilities.. All these affect Window Server 2019 and the Windows Server 2019 Server Core installation.
- 5 Zero-day vulnerabilities affect Windows Server 2019 and Windows Server 2019 Server Core installation. Details of zero-day threats have been shared below in the vulnerabilities section.
- The Servicing Stack Update corresponding to KB5053596 is KB5054007 (17763.7000). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- KB5005112 is the SSU that must be already deployed on Windows Server 2019. If you have not deployed this SSU, please download KB5005112 and apply on the server. This is a very old SSU released in August 2021. If you have followed the update release cycle, there is a high chance that you already have this patch on the server. SSU installation does not cause server reboot.
Download KB5053596
You may download the offline installer file for KB5053596 from the catalog site link shared below:
Upon installation of KB5053596, the server would restart. The Servicing Stack Update is already included in the main update and will be downloaded and installed as part of the installation process.
Zero-day vulnerabilities
There are 5 zero-day vulnerabilities that impact Windows Server 2019. These vulnerabilities have been shared below in brief.
These vulnerabilities have been exploited or are under active exploitation targets.
| CVE | Title | Severity | CVSS | Type |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | Important | 7 | SFB |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | Important | 7.8 | RCE |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | Important | 4.6 | Info |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | Important | 5.5 | Info |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | Important | 7.8 | RCE |
Changelog – KB5053596
The following changes or improvements are part of KB5053596 for Windows Server 2019:
- [Daylight saving time (DST)] Updated: DST changes for Paraguay. For more information, see the Daylight Saving Time & Time Zone Blog.
- [GB18030-2022] This update adds support for this amendment.
- [Temporary files] This update enables system processes to store temporary files in a secure directory “C:\Windows\SystemTemp” via either calling GetTempPath2 API or using .NET’s GetTempPath API, thereby reducing the risk of unauthorized access.
- [Open Secure Shell (OpenSSH) (known issue)] Fixed: The service fails to start, which stops SSH connections. There is no detailed logging, and you must run the sshd.exe process manually.
Known issues
Citrix issues continues to impact Windows Server 2019.
- Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. For workarounds shared by Citrix, see Citrix’s documentation.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.