KB5063878 is the cumulative update for Windows Server 2025 version 24H2. It was released on 12 August 2025 under the ‘Patch Tuesday’ program.
Salient points
- KB5063878 supersedes July 2025 cumulative update KB5062553.
- It also includes all changes that are part of the preview update KB5062660 released on 22 July 2025.
- KB5063878 also includes all changes that are part of the out of band or OOB update KB5064489 released on 13 July 2025.
- KB5063878 corresponds to build 26100.4946.
- 61 security vulnerabilities have been reported in August 2025 security bulletin for Windows Server 2025.
- 4 of these 61 vulnerabilities have CRITICAL severity level. Information about CRITICAL vulnerabilities is in the vulnerabities section below.
- A single zero-day vulnerability affects Windows Server 2025.
- The Servicing Stack Update corresponding to KB5063878 is KB5065381 (26100.4933). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- The AI components have been updated to versions 1.2507.793.0. The AI components updated include the image search, content extraction, and semantic analysis.
Zero-day vulnerability
A single zero-day vulnerabilities affecting Windows Server 2025 24H2 edition. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-53779 | 7.2 | Elevation of Privilege | Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. |
Critical vulnerabilities
The 4 CRITICAL vulnerabilities affecting Windows Server 2025 are shared below.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-53766 | 9.8 | Remote Code Execution | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
| CVE-2025-53778 | 8.8 | Elevation of Privilege | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
| CVE-2025-50177 | 8.1 | Remote Code Execution | Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. |
| CVE-2025-48807 | 7.5 | Remote Code Execution | Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. |
(RCE is Remote Code Execution)
AI Components
The following AI components for Windows Server 2025 have been updated to the latest version 1.2507.793.0.:
- Image Search
- Content Extraction
- Semantic Analysis
Download KB5063878
You may download the offline installer file for KB5063878 from the catalog site link shared below:
The update file is available for x64 and ARM64 deployments. Upon installation of KB5063878, the server would restart. So, do plan as a structured change.
Changelog – KB5063878
The following changes or improvements are part of KB5063878 for Windows Server 2025:
- [Authentication] Fixed: This update addresses an issue that caused delays during sign-in on new devices. The delay was due to certain preinstalled packages.
Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.