KB5062560 is the cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. It was released on 8 July, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5062560 supersedes June 2025 cumulative update KB5061010.
- KB5062560 corresponds to build 14393.8246.
- No zero-day vulnerabilities have been reported for Windows Server 2016 in July 2025 security bulletin.
- 67 security vulnerabilities have been reported for Windows Server 2016 in July 2025.
- 6 of these vulnerabilities have CRITICAL severity. The information about CRITICAL vulnerabilities is mentioned in the vulnerabilities section.
- The Servicing Stack Update corresponding to KB5062560 is KB5062799. This SSU was released in July 2025. For automated deployments (Windows Update and Windows Update for Business), the installation is included in the main cumulative update installation process. For manual patching, you will need to download and install the SSU KB5062799 before installing KB5062560.
Servicing Stack Update KB5062799
KB5062799 is the Servicing Stack Update (SSU) for Windows Server 2016. For automated deployments of KB5062560, KB5062799 is automatically offered for installation as part of the installation of the main cumulative update.
For manual installations of KB5062560, you would need to download and install KB5062799 before installing KB5062560.
You can download the SSU KB5062799 from the Microsoft Update Catalog page:
Installing the Servicing Stack Update would not cause the server to reboot or restart. So, you could directly proceed with the installation of the main cumulative update for Windows Server 2016.
Download KB5062560
You may download the offline installer file for KB5062560 from the catalog site link shared below:
Upon installation of KB5062560, the server would restart.
Zero-day Vulnerabilities
No security vulnerabilities with zero-day threat levels affect Windows Server 2016 and Windows Server 2016 Server Core installation.
Critical vulnerabilities
There are 67 reported security vulnerabilities in Windows Server 2016 for July 2025. The 6 CRITICAL vulnerabilities affecting Windows Server 2016 are shared below.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-47981 | 9.8 | Remote Code Execution | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism – Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. |
| CVE-2025-47980 | 6.2 | Information disclosure | Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. |
| CVE-2025-36350 | 5.6 | Information disclosure | The vulnerability assigned to this CVE is in certain processor models offered by AMD. It impacts Transient Scheduler Attack in Store Queue. Corresponding AMD vulnerability is AMD-SB-7029. |
| CVE-2025-36357 | 5.6 | Information disclosure | The vulnerability assigned to this CVE is in certain processor models offered by AMD. Corresponding AMD vulnerability is AMD-SB-7029. |
| CVE-2025-48822 | 8.6 | Remote Code Execution | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. |
| CVE-2025-49735 | 8.1 | Remote Code Execution | An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target. |
Changelog – KB5062560
The following changes or improvements are part of KB5062560 for Windows Server 2016:
- [DHCP Server (known issue] Fixed: An issue in which the DHCP Server service might intermittently stop responding and affects IP renewal for clients.
- [Microsoft RPC Netlogon protocol] This update includes a security hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access checks for a set of remote procedure call (RPC) requests. After this update is installed, Active Directory domain controllers will no longer allow anonymous clients to invoke some RPC requests through the Netlogon RPC server. These requests are typically related to domain controller location. Certain file and print service software can be affected, including Samba. If your organization uses Samba, please refer to the Samba release notes.
- The security update addresses security improvements in Windows Server 2016.
Simplifying technology, one step at a time.