KB5060531 is the cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 11 June, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5060531 supersedes May 2025 cumulative update KB5058392.
- KB5060531 corresponds to server build 17763.7434.
- 40 security vulnerabilities have been reported for Windows Server 2019 as part of the June security updates.
- There are 3 security vulnerabilities with CRITICAL severity. Information about these CRITICAL vulnerabilities is shared in the vulnerabilities section.
- Two Zero-day vulnerabilities affect Windows Server 2019 and Windows Server 2019 Server Core installation. Details of zero-day threats have been shared below in the vulnerabilities section.
- The Servicing Stack Update corresponding to KB5060531 is KB5058525 (17763.7313). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- KB5005112 is the SSU that must be already deployed on Windows Server 2019. If you have not deployed this SSU, please download KB5005112 and apply on the server. This is a very old SSU released in August 2021. If you have followed the update release cycle, there is a high chance that you already have this patch on the server. SSU installation does not cause server reboot.
Download KB5060531
You may download the offline installer file for KB5060531 from the catalog site link shared below:
Upon installation of KB5060531, the server would restart. The Servicing Stack Update is already included in the main update and will be downloaded and installed as part of the installation process.
Zero-day vulnerabilities
Two zero-day vulnerabilities impact Windows Server 2019. The details of these vulnerabilities have been shared below in brief.
| CVE | Title | Severity | CVSS | Type |
| CVE-2025-33053 | Web Distributed Authoring and Versioning (WEBDAV) | Important | 8.8 | Remote Code Execution |
| CVE-2025-33073 | Windows SMB Client | Important | 8.8 | EoP |
Critical vulnerabilities
The June security bulletin for Windows Server 2019 reports 40 security vulnerabilities. The 3 CRITICAL vulnerabilities affecting Windows Server 2019 are shared below.
| CVE | Title | CVSS | Type |
| CVE-2025-33070 | Windows Netlogon | 8.1 | EoP |
| CVE-2025-33071 | Windows KDC Proxy Service (KPSSVC) | 8.1 | RCE |
| CVE-2025-32710 | Windows Remote Desktop Services | 8.1 | RCE |
Changelog – KB5060531
The following changes or improvements are part of KB5060531 for Windows Server 2019:
- The update addresses security improvements for Windows Server 2019 and Windows Server 2019 Server Core installation.
- [GDI and GDI+] Fixed: Some characters were rendered wider, and the sample paragraph was broken.
- [Windows Hello] Fixed: This update addresses an issue that prevents users from signing in with self-signed certificates when using Windows Hello for Business with the Key Trust model.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.