KB5055521 is the cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. It was released on 8 April, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5055521 supersedes March 2025 cumulative update KB5053594.
- KB5055521 corresponds to build 14393.7969. KB5053594 corresponds to server build 14393.7876.
- Windows Server 2016 is impacted by a single zero-day vulnerability.
- 60 security vulnerabilities have been reported for Windows Server 2016 in April 2025.
- 6 of these vulnerabilities have CRITICAL severity. The information about CRITICAL vulnerabilities is mentioned in the vulnerabilities section.
- The Servicing Stack Update corresponding to KB5055521 is KB5055661. This SSU was released in April 2025. For automated deployments (Windows Update and Windows Update for Business), the installation is included in the main cumulative update installation process. For manual patching, you will need to download and install the SSU KB5055661 before installing KB5055521.
Servicing Stack Update KB5055661
KB5055661 is the Servicing Stack Update (SSU) for Windows Server 2016. For automated deployments of KB5055521, KB5055661 is automatically offered for installation as part of the installation of the main cumulative update.
For manual installations of KB5055521, you would need to download and install KB5055661 before installing KB5055521.
You can download the SSU KB5055661 from the Microsoft Update Catalog page:
Installing the Servicing Stack Update would not cause the server to reboot or restart. So, you could directly proceed with the installation of the main cumulative update for Windows Server 2016.
Download KB5055521
You may download the offline installer file for KB5055521 from the catalog site link shared below:
Upon installation of KB5055521, the server would restart.
Zero-day Vulnerabilities
One security vulnerability with zero-day threat levels affect Windows Server 2016 and Windows Server 2016 Server Core installation.
| CVE | Title | Severity | CVSS | Type |
| CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | EoP |
Critical vulnerabilities
There are 60 reported security vulnerabilities in Windows Server 2016 for April 2025. The 6 CRITICAL vulnerabilities affecting Windows Server 2016 are shared below. These vulnerabilities could lead to Remote Code Execution on unpatched servers.
| CVE | Title | CVSS | Type |
| CVE-2025-27491 | Windows Hyper-V | 7.1 | RCE |
| CVE-2025-27482 | Windows Remote Desktop Services | 8.1 | RCE |
| CVE-2025-27480 | Windows Remote Desktop Services | 8.1 | RCE |
| CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client | 8.1 | RCE |
| CVE-2025-26686 | Windows TCP/IP | 7.5 | RCE |
| CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) | 8.1 | RCE |
Changelog – KB5055521
The following changes or improvements are part of KB5055521 for Windows Server 2016:
- [Daylight Saving Time (DST)] Update for the Aysen region in Chile to support the government DST change order in 2025. For more information about DST changes, see the Daylight Saving Time & Time Zone Blog.
- The security update addresses security improvements in Windows Server 2016.
Known issues
Audit Logon/Logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy. Changes to the registry would resolve the issue.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.