KB5060842 is the cumulative update for Windows Server 2025 version 24H2. It was released on 10 June 2025 under the ‘Patch Tuesday’ program.
Salient points
- KB5060842 supersedes May 2025 cumulative update KB5058411. It also includes all changes that are part of the preview update KB5058499 released on 28 May 2025. Additionally, KB5060842 includes all changes that are part of the out of band update KB5061977 released on 27 May 2025.
- KB5060842 corresponds to build 26100.4349.
- 39 security vulnerabilities have been reported in May 2025 security bulletin for Windows Server 2025.
- 4 of these 39 vulnerabilities have CRITICAL severity level. Information about CRITICAL vulnerabilities is in the vulnerabities section below.
- There are 2 zero-day vulnerabilities that affect Windows Server 2025.Details of the zero-day vulnerabilities are shared below.
- The Servicing Stack Update corresponding to KB5060842 is KB5059502 (26100.4193). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- The AI components have been updated to versions 1.7.0.838 from 1.7.0.824.
Zero-day vulnerability
There are two zero-day vulnerabilities affecting Windows Server 2025 24H2 edition. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| CVE | Title | Severity | CVSS | Type |
| CVE-2025-33053 | Web Distributed Authoring and Versioning (WEBDAV) | Important | 8.8 | Remote Code Execution |
| CVE-2025-33073 | Windows SMB Client | Important | 8.8 | EoP |
Critical vulnerabilities
The 4 CRITICAL vulnerabilities affecting Windows Server 2025 are shared below.
| CVE | Title | CVSS | Type |
| CVE-2025-33070 | Windows Netlogon | 8.1 | EoP |
| CVE-2025-33071 | Windows KDC Proxy Service (KPSSVC) | 8.1 | RCE |
| CVE-2025-32710 | Windows Remote Desktop Services | 8.1 | RCE |
| CVE-2025-29828 | Windows Schannel | 8.1 | RCE |
(RCE is Remote Code Execution)
AI Components
The following AI components for Windows Server 2025 have been updated to the latest version 1.7.838.0:
- Image Search
- Content Extraction
- Semantic Analysis
The May security update for Windows Server 2025 updated the AI components to version 1.7.824.0.
Download KB5060842
You may download the offline installer file for KB5060842 from the catalog site link shared below:
The update file is available for x64 and ARM64 deployments. Upon installation of KB5060842, the server would restart. So, do plan as a structured change.
Changelog – KB5060842
The following changes or improvements are part of KB5060842 for Windows Server 2025:
- [System Restore] After installing the June 2025 Windows security update, Windows 11, version 24H2 will retain system restore points for up to 60 days. To apply a restore point, select Open System Restore. Restore points older than 60 days are not available. This 60-day limit will also apply to future versions of Windows 11, version 24H2.
- [Windows Hello] Fixed: This update addresses an issue that prevents users from signing in with self-signed certificates when using Windows Hello for Business with the Key Trust model.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.