KB5062553 is the cumulative update for Windows Server 2025 version 24H2. It was released on 8 July 2025 under the ‘Patch Tuesday’ program.
Salient points
- KB5062553 supersedes June 2025 cumulative update KB5060842. It also includes all changes that are part of the preview update KB5060829 released on 26 June 2025.
- KB5062553 corresponds to build 26100.4652.
- 98 security vulnerabilities have been reported in July 2025 security bulletin for Windows Server 2025.
- 5 of these 98 vulnerabilities have CRITICAL severity level. Information about CRITICAL vulnerabilities is in the vulnerabities section below.
- No zero-day vulnerabilities that affect Windows Server 2025.Details of the zero-day vulnerabilities are shared below.
- The Servicing Stack Update corresponding to KB5062553 is KB5063666 (26100.4651). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- The AI components have been updated to versions 1.2506.707.0. The AI components updated include the image search, content extraction, and semantic analysis.
Zero-day vulnerability
No zero-day vulnerabilities affecting Windows Server 2025 24H2 edition. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
Critical vulnerabilities
The 5 CRITICAL vulnerabilities affecting Windows Server 2025 are shared below.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-47981 | 9.8 | Remote Code Execution | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism – Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. |
| CVE-2025-47980 | 6.2 | Information disclosure | Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. |
| CVE-2025-36350 | 5.6 | Information disclosure | The vulnerability assigned to this CVE is in certain processor models offered by AMD. It impacts Transient Scheduler Attack in Store Queue. Corresponding AMD vulnerability is AMD-SB-7029. |
| CVE-2025-36357 | 5.6 | Information disclosure | The vulnerability assigned to this CVE is in certain processor models offered by AMD. Corresponding AMD vulnerability is AMD-SB-7029. |
| CVE-2025-48822 | 8.6 | Remote Code Execution | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. |
| CVE-2025-49735 | 8.1 | Remote Code Execution | An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target. |
(RCE is Remote Code Execution)
AI Components
The following AI components for Windows Server 2025 have been updated to the latest version 1.2506.707.0.:
- Image Search
- Content Extraction
- Semantic Analysis
The June security update for Windows Server 2025 updated the AI components to version 1.7.838.0.
Download KB5062553
You may download the offline installer file for KB5062553 from the catalog site link shared below:
The update file is available for x64 and ARM64 deployments. Upon installation of KB5062553, the server would restart. So, do plan as a structured change.
Changelog – KB5062553
The following changes or improvements are part of KB5062553 for Windows Server 2025:
- [Graphics] Fixed: This issue occurs only if the June 2025 non-security update (KB5060829) is installed. Game content might become out of sync with the cursor position after using ALT+Tab to switch away and back from certain games running in full screen exclusive mode, when the game resolution doesn’t match the desktop resolution.
- [Multimedia] Fixed: This update addresses an issue where notification sounds didn’t play. Affected sounds included those for on-screen alerts, volume adjustments, and sign-in.
- [Windows Firewall] Fixed: This update addresses an issue found in Event Viewer as Event 2042 for Windows Firewall with Advanced Security. The event appears as “Config Read Failed” with the message “More data is available.” For more information about this issue, see “Error events are logged for Windows Firewall” in the Windows Health Dashboard.
Simplifying technology, one step at a time.