KB5053603 is the cumulative update for Windows Server 2022 and Windows Server 2022 Server Core installation. It was released on 11 March, 2025 under the ‘Patch Tuesday’ release cycle.
KB5053603 is for Windows Server 2022 21H2 and 22H2 editions. For Windows Server 2022 23H2 edition, the applicable cumulative update is KB5053599.
Salient points
- KB5053603 supersedes February 2025 cumulative update KB5051979.
- KB5053603 corresponds to server build 20348.3328. If you patched in February 2025, you are upgrading from build 3207 to 3328.
- CVE-2025-26645, CVE-2025-24084, CVE-2025-24064, CVE-2025-24045, and CVE-2025-24035 are the 5 CRITICAL vulnerabilities.. All these affect Window Server 2022 and the Windows Server 2022 Server Core installation.
- 5 Zero-day vulnerabilities affect Windows Server 2022 and Windows Server 2022 Server Core installation. Details of zero-day threats have been shared below in the vulnerabilities section.
- 34 security vulnerabilities have been reported in February security bulletin for Windows Server 2022.
- The Servicing Stack Update corresponding to KB5053603 is KB5053666 with build number corresponding to 20348.3320. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerabilities
There are 5 zero-day vulnerabilities affecting Windows Server 2022 21H2 and 22H2 editions. These zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| CVE | Title | Severity | CVSS | Type |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | Important | 7 | SFB |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | Important | 7.8 | RCE |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | Important | 4.6 | Info |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | Important | 5.5 | Info |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | Important | 7.8 | RCE |
These vulnerabilities have been fixed in KB5053603 for Windows Server 2022 21H2 and 22H2 editions.
Download KB5053603
You may download the offline installer file for KB5053603 from the catalog site link shared below:
The cumulative update is available for x64 deployments for Windows Server 2022 versions 21H2 and 22H2.Upon installation of KB5053603, the server would restart.
Changelog – KB5053603
The following changes or improvements are part of KB5053603 for Windows Server 2022 21H2 and 22H2 editions:
- [Daylight saving time (DST)] This update supports (DST) changes in Paraguay.
- [Open Secure Shell (OpenSSH) (known issue)] Fixed: The service fails to start, which stops SSH connections. There is no detailed logging, and you must run the sshd.exe process manually.
- [GB18030-2022] This update adds support for this amendment.
- [Azure Virtual Network] Fixed: You can turn off the VNET metering feature with the following registry key.Registry key: HKLM\CurrentControlSet\Services\NcHostAgent\Parameters\Plugins\VnetRegistry key: MeteringDisabled (DWORD type)Data to be set: 1
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.