KB5066586 is the cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 14 October, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5066586 supersedes September 2025 cumulative update KB5065428.
- KB5066586 corresponds to Windows server build 17763.7919.
- Four Zero-day vulnerability affects Windows Server 2019 and Windows Server 2019 Server Core installation as per October’s security bulletin.
- 95 security vulnerabilities have been disclosed for October 2025 by Microsoft.
- 3 of these vulnerabilities are Critical vulnerabilities. Details of critical security vulberabilities are shared in the vulnerabilities section below.
- The Servicing Stack Update corresponding to KB5066586 is KB5066585 (17763.7912). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- KB5005112 is the SSU that must be already deployed on Windows Server 2019. If you have not deployed this SSU, please download KB5005112 and apply on the server. This is a very old SSU released in August 2021. If you have followed the update release cycle, there is a high chance that you already have this patch on the server. SSU installation does not cause server reboot.
Important Reminders
Apart from this, it is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Download KB5066585
KB5066585 is the Servicing Stack Update for Windows Server 2019 released in October 2025 alongside the main cumulative update KB5066586.
If you intend to deploy cumulative updates through Windows Update or Windows Update for Business, no action is needed to install the Servicing Stack Update. The Servicing Stack Update is part of the security update that will be installed on Windows Server 2019.
For manual installation of KB5066586, you need to deploy the SSU KB5066585 before installing KB5066586. The offline installer file for KB5066585 can be downloaded from the catalog page.
The SSU will not lead to server reboot. It is a small update file that can be installed prior to installing the main cumulative update for Windows Server 2019.
Download KB5066586
You may download the offline installer file for KB5066586 from the catalog site link shared below:
Upon installation of KB5066586, the server would restart. The Servicing Stack Update is already included in the main update and will be downloaded and installed as part of the installation process.
Zero-day vulnerabilities
Four zero-day vulnerability has been reported for Windows Server 2019 in October 2025.
| Vulnerability | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2025-24052 | 7.8 | Important | Elevation of Privileges affecting Windows Agere Modem Driver |
| CVE-2025-24990 | 7.8 | Important | Elevation of Privileges affecting Windows Agere Modem Driver |
| CVE-2025-47827 | 4.6 | Important | Secure Boot bypass in IGEL OS before 11 |
| CVE-2025-59230 | 7.8 | Important | Elevation of Privileges vulnerabity in remote access connection manager |
Critical vulnerabilities
The October security bulletin for Windows Server 2019 reports 95 security vulnerabilities. The 3 CRITICAL vulnerabilities affecting Windows Server 2019 are shared below.
It is important to note that there is a CVSS 9.9 and another one with CVSS 9.8 score; so, system administrators must patch KB5066586 immediately to protect against the security vulnerabilities.
| Vulnerability | CVSS | Description |
|---|---|---|
| CVE-2025-49708 | 9.9 | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-59287 | 9.8 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
| CVE-2016-9535 | 4.0 | LibTIFF Heap Buffer Overflow Vulnerability |
Changelog – KB5066586
The following changes or improvements are part of KB5066586 for Windows Server 2019:
- The update addresses security improvements for Windows Server 2019 and Windows Server 2019 Server Core installation.
- [Input and Composition] Fixed: An issue with the Chinese Input Method Editor (IME). Private Unicode characters were shown incorrectly and did not meet GB18030 standard. Fixed: An issue that affects USER32 Edit controls. Surrogate pairs appear as empty boxes when text fields reach their length limit.
- [Windows Remote Management (WinRM)] – Fixed: An issue that affects PowerShell Remoting and WinRM in which commands time out after 600 seconds.
- [Stability issue] – Fixed: This update addresses an issue observed in rare cases after installing the May 2025 security update and subsequent updates causing devices to experience stability issues. Some devices became unresponsive and stopped responding in specific scenarios.
- [Fax modem driver] – This update removes the ltmdm64.sys driver. Fax modem hardware dependent on this specific driver will no longer work in Windows.
Simplifying technology, one step at a time.