KB5062592 is the ESU Monthly Rollup Update for Windows Server 2012. It was released on 8 July 2025 under the ‘Patch Tuesday’ program.
Salient points
- KB5062592 supersedes KB5061059 released in June 2025.
- KB5062592 requires the KB5058530 Servicing Stack Update to be installed prior to installing the main monthly rollup update. KB5058530 is the SSU corresponding to KB5061059 as well. Without the installation of KB5058530, the ESU KB5062592 cannot be installed. For WSUS administrators, KB5058530 needs to be approved before KB5062592 will be fetched and deployed automatically.
- If you install language pack after installing KB5062592, you would need to reinstall the security update. All language pack installations must be completed before installing the monthly rollup update on Windows Server 2012.
- KB5062592 is an Extended Security Update. A valid subscription key to the ESU program is required before installing the monthly rollup update.
- Windows Server 2012 is impacted by 58 security vulnerabilities reported in July 2025 security bulletin.
- Three of these vulnerabilities have CRITICAL severity.
- No zero-day vulnerabilities affect Windows Server 2012 and Windows Server 2012 Server Core installation.
Servicing Stack Update KB5058530
The Servicing Stack Update for Windows Server 2012 for June and July 2025 is KB5058530. It corresponds to KB5061059 and KB5062592.
For automated deployments of KB5062592 through the Windows Update program, the Servicing Stack Update KB5058530 is offered for installation as part of the installation process of the monthly rollup update KB5062592.
If you already installed KB5058530 along with KB5061059 in June 2025, the installation of KB5059530 will not be done as it was previously deployed. No further action is needed to install KB5058530 for automated installations of KB5062592.
The Servicing Stack Update file is a small file of 10 MB. Upon installation, it would not cause server reboot.
Once the SSU is installed, you can proceed with the installation of the main monthly rollup update KB5062592.
Download KB5062592
You can download the monthly rollup update KB5061059 for Windows Server 2012 from the Windows Update Catalog page shared below:
We would reiterate that you need a valid ESU program subscription before you could install the ESU KB5062592 on Windows Server 2012.
Zero-day Vulnerabilities
No security vulnerabilities with zero-day threat levels affect Windows Server 2012 and Windows Server 2012 Server Core installation.
Critical vulnerabilities
There are 58 reported security vulnerabilities in Windows Server 2012 for July 2025. The 3 CRITICAL vulnerabilities affecting Windows Server 2012 are shared below.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-47981 | 9.8 | Remote Code Execution | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism – Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. |
| CVE-2025-47980 | 6.2 | Information disclosure | Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. |
| CVE-2025-49735 | 8.1 | Remote Code Execution | An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target. |
KB5062592 – Changelog
Since this is an ESU, the focus remains on securing the Windows Server 2012 deployments. The following changes have been reported for KB5062592:
- [Internal Windows OS] Miscellaneous security improvements were made to internal Windows OS functionality. No additional issues are documented for this release.
- Microsoft RPC Netlogon protocol] This update includes a security hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access checks for a set of remote procedure call (RPC) requests. After this update is installed, Active Directory domain controllers will no longer allow anonymous clients to invoke some RPC requests through the Netlogon RPC server. These requests are typically related to domain controller location. Certain file and print service software can be affected, including Samba. If your organization uses Samba, please refer to the Samba release notes.
- [Stability issue] Fixed: This update addresses an issue observed in rare cases after installing the May 2025 security update and subsequent updates causing devices to experience stability issues. Some devices became unresponsive and stopped responding in specific scenarios.
Simplifying technology, one step at a time.