KB5063906 is the ESU Monthly Rollup Update for Windows Server 2012. It was released on 12 August 2025 under the ‘Patch Tuesday’ program.
Salient points
- KB5063906 supersedes KB5062592 released in July 2025.
- KB5063906 requires the KB5056456 Servicing Stack Update to be installed prior to installing the main monthly rollup update.
- Without the installation of KB5056456, the ESU KB5063906 cannot be installed. For WSUS administrators, KB5056456 needs to be approved before KB5063906 will be fetched and deployed automatically.
- If you install language pack after installing KB5063906, you would need to reinstall the security update. All language pack installations must be completed before installing the monthly rollup update on Windows Server 2012.
- KB5063906 is an Extended Security Update. A valid subscription key to the ESU program is required before installing the monthly rollup update.
- Windows Server 2012 is impacted by 47 security vulnerabilities reported in August 2025 security bulletin.
- Three of these vulnerabilities have CRITICAL severity.
- No zero-day vulnerabilities affect Windows Server 2012 and Windows Server 2012 Server Core installation in August security bulletin released alongside the Windows Updates on 12 August 2025.
Servicing Stack Update KB5056456
The Servicing Stack Update for Windows Server 2012 for August 2025 is KB5056456. It corresponds to KB5063906 ESU.
For automated deployments of KB5063906 through the Windows Update program, the Servicing Stack Update KB5056456 is offered for installation as part of the installation process of the monthly rollup update KB5063906.
The Servicing Stack Update file is a small file little under 10 MB. Upon installation, it would not cause server reboot.
Once the SSU is installed, you can proceed with the installation of the main monthly rollup update KB5063906.
Download KB5063906
You can download the monthly rollup update KB5063906 for Windows Server 2012 from the Windows Update Catalog page shared below:
We would reiterate that you need a valid ESU program subscription before you could install the ESU KB5063906 on Windows Server 2012.
Zero-day Vulnerabilities
No security vulnerabilities with zero-day threat levels affect Windows Server 2012 and Windows Server 2012 Server Core installation.
Critical vulnerabilities
There are 47 reported security vulnerabilities in Windows Server 2012 for August 2025. The 3 CRITICAL vulnerabilities affecting Windows Server 2012 are shared below.
| Vulnerability | CVSS | Impact | Description |
|---|---|---|---|
| CVE-2025-53766 | 9.8 | Remote Code Execution | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
| CVE-2025-53778 | 8.8 | Elevation of Privilege | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
| CVE-2025-50177 | 8.1 | Remote Code Execution | Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. |
KB5063906 – Changelog
Since this is an ESU, the focus remains on securing the Windows Server 2012 deployments. The following changes have been reported for KB5063906:
- [Internal Windows OS]Â Miscellaneous security improvements were made to internal Windows OS functionality. No additional issues are documented for this release.
Relevant Edge Security Updates
For August month’s Edge security updates from Microsoft, refer this page.
Simplifying technology, one step at a time.