KB5063877 is the cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 12 August, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5063877 supersedes July 2025 cumulative update KB5062557.
- KB5063877 corresponds to server build 17763.7678.
- 57 security vulnerabilities have been reported for Windows Server 2019 as part of the August security updates.
- There are 4 security vulnerabilities with CRITICAL severity. Information about these CRITICAL vulnerabilities is shared in the vulnerabilities section.
- No Zero-day vulnerabilities affect Windows Server 2019 and Windows Server 2019 Server Core installation.
- The Servicing Stack Update corresponding to KB5063877 is KB5062800 (17763.7557). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed. This SSU was released in July 2025. If you installed KB5062557 in July, the SSU will already have been deployed on the server as part of the previous update cycle for Windows Server 2016.
- KB5005112 is the SSU that must be already deployed on Windows Server 2019. If you have not deployed this SSU, please download KB5005112 and apply on the server. This is a very old SSU released in August 2021. If you have followed the update release cycle, there is a high chance that you already have this patch on the server. SSU installation does not cause server reboot.
Apart from this, it is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Download KB5063877
You may download the offline installer file for KB5063877 from the catalog site link shared below:
Upon installation of KB5063877, the server would restart. The Servicing Stack Update is already included in the main update and will be downloaded and installed as part of the installation process.
Zero-day vulnerabilities
No zero-day vulnerabilities have been reported for Windows Server 2019 in August 2025.
Critical vulnerabilities
The August security bulletin for Windows Server 2019 reports 57 security vulnerabilities. The 4 CRITICAL vulnerabilities affecting Windows Server 2019 are shared below.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-53766 | 9.8 | Remote Code Execution | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
| CVE-2025-53778 | 8.8 | Elevation of Privilege | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
| CVE-2025-50177 | 8.1 | Remote Code Execution | Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. |
| CVE-2025-48807 | 7.5 | Remote Code Execution | Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. |
Changelog – KB5063877
The following changes or improvements are part of KB5063877 for Windows Server 2019:
- The update addresses security improvements for Windows Server 2019 and Windows Server 2019 Server Core installation.
- [Cluster Service] Fixed: A known issue affecting Windows Server 2019 where the Cluster Service would repeatedly stop and restart. This behavior caused nodes to fail to rejoin the cluster or enter quarantine, virtual machines to restart multiple times, and frequent Event ID 7031 errors in the event logs. The issue was specific to configurations using BitLocker with Cluster Shared Volumes (CSV).
- [Input and Composition] Fixed: A known issue with the Microsoft Changjie Input Method. Users were unable to select words after a recent update.
Simplifying technology, one step at a time.