KB5058392 is the cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 13 May, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5058392 supersedes April 2025 cumulative update KB5055519.
- KB5055519 corresponds to server build 17763.7314.
- 38 security vulnerabilities have been reported for Windows Server 2019 as part of the May security updates.
- There are 3 security vulnerabilities with CRITICAL severity. Information about these CRITICAL vulnerabilities is shared in the vulnerabilities section.
- Five Zero-day vulnerabilities affect Windows Server 2019 and Windows Server 2019 Server Core installation. Details of zero-day threats have been shared below in the vulnerabilities section.
- The Servicing Stack Update corresponding to KB5058392 is KB5058525 (17763.7313). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- KB5005112 is the SSU that must be already deployed on Windows Server 2019. If you have not deployed this SSU, please download KB5005112 and apply on the server. This is a very old SSU released in August 2021. If you have followed the update release cycle, there is a high chance that you already have this patch on the server. SSU installation does not cause server reboot.
Download KB5058392
You may download the offline installer file for KB5058392 from the catalog site link shared below:
Upon installation of KB5058392, the server would restart. The Servicing Stack Update is already included in the main update and will be downloaded and installed as part of the installation process.
Zero-day vulnerabilities
Five zero-day vulnerabilities impact Windows Server 2019. The details of these vulnerabilities have been shared below in brief.
| CVE | Title | Severity | CVSS | Type |
| CVE-2025-32701 | Windows Common Log File System Driver | Important | 7.8 | EoP |
| CVE-2025-32706 | Windows Common Log File System | Important | 7.8 | EoP |
| CVE-2025-32709 | Windows Ancillary Function Driver for WinSock | Important | 7.8 | EoP |
| CVE-2025-30397 | Scripting Engine | Important | 7.5 | Memory corruption |
| CVE-2025-30400 | Microsoft DWM Core Library | Important | 7.8 | EoP |
Critical vulnerabilities
The May security bulletin for Windows Server 2019 reports 38 security vulnerabilities. The 3 CRITICAL vulnerabilities affecting Windows Server 2019 are shared below. These vulnerabilities could lead to Remote Code Execution on unpatched servers.
| CVE | Title | CVSS | Type |
| CVE-2025-29833 | Microsoft Virtual Machine Bus (VMBus) | 7.1 | RCE |
| CVE-2025-29966 | Remote Desktop Client | 8.8 | RCE |
| CVE-2025-29967 | Remote Desktop Client | 8.8 | RCE |
Changelog – KB5058392
The following changes or improvements are part of KB5058392 for Windows Server 2019:
- The update addresses security improvements for Windows Server 2019 and Windows Server 2019 Server Core installation.
- OS Security] Updates to the Windows Kernel Vulnerable Driver Blocklist (DriverSiPolicy.p7b). Additions have been made to blocklist drivers with security vulnerabilities that have been used in Bring Your Own Vulnerable Driver (BYOVD) attacks.
- [GRFX-Graphics] This update addresses an issue causing an error message on a blue screen particularly in cases linked to recent GDI updates with CHS GB18030-2022 fonts. Corruption occurs while the associated thread remains active, leading to an error message.
- [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies improvements to SBAT for the detection of Linux systems.
- [Daylight Saving Time (DST)] Update for the Aysen region in Chile to support the government DST change order in 2025. For more information about DST changes, see the Daylight Saving Time & Time Zone Blog.
Known issues
Citrix issue continues to be a reported ‘Known issue’ for Windows Server 2019 in May 2025 security update guide.
- Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. For workarounds shared by Citrix, see Citrix’s documentation.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.