KB5066835 is the cumulative update for Windows Server 2025 version 24H2. It was released on 14 October 2025 under the ‘Patch Tuesday’ program of Microsoft.
Salient points
- KB5066835 supersedes September 2025 cumulative update KB5065426 for Windows Server 2025.
- KB5066835 includes all changes that are part of the out of band or OOB update KB5068221. The OOB update was last released on 22 September 2025.
- It also includes all changes that are part of the preview update KB5065789 released on 29 September 2025.
- KB5066835 corresponds to build 26100.6899.
- 130 security vulnerabilities have been reported in September 2025 security bulletin for Windows Server 2025.
- 3 of these 130 vulnerabilities have CRITICAL severity level. Information about CRITICAL vulnerabilities is in the vulnerabities section below.
- 4 zero-day vulnerabilities affect Windows Server 2025.
- The Servicing Stack Update corresponding to KB5066835 is KB5067360 (26100.6893). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- The AI components have been updated to versions 1.2509.1022.0. The AI components updated include the image search, content extraction, and semantic analysis.
Zero-day vulnerabilities
Four zero-day vulnerabilities affect Windows Server 2025 24H2 edition. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.
| Vulnerability | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2025-24052 | 7.8 | Important | Elevation of Privileges affecting Windows Agere Modem Driver |
| CVE-2025-24990 | 7.8 | Important | Elevation of Privileges affecting Windows Agere Modem Driver |
| CVE-2025-47827 | 4.6 | Important | Secure Boot bypass in IGEL OS before 11 |
| CVE-2025-59230 | 7.8 | Important | Elevation of Privileges vulnerabity in remote access connection manager |
Critical vulnerabilities
The 3 CRITICAL vulnerabilities affecting Windows Server 2025 are shared below. There is a CVSS 9.9 vulnerability and another one with CVSS score of 9.8 too.
We strongly recommend installing KB5066835 on Windows Server 2025 to protect against these security vulnerabilities.
| Vulnerability | CVSS | Description |
|---|---|---|
| CVE-2025-49708 | 9.9 | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-59287 | 9.8 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
| CVE-2016-9535 | 4.0 | LibTIFF Heap Buffer Overflow Vulnerability |
(RCE is Remote Code Execution)
AI Components
The following AI components for Windows Server 2025 have been updated to the latest version 1.2509.1022.0:
- Image Search
- Content Extraction
- Semantic Analysis
- Settings Model
Download KB5066835
You may download the offline installer file for KB5065426 from the catalog site link shared below:
The update file is available for x64 and ARM64 deployments. Upon installation of KB5066835, the server would restart. So, do plan as a structured change.
Changelog – KB5066835
The following changes or improvements are part of KB5066835 for Windows Server 2025:
- [Browser] Fixed: This update addresses an issue that caused the print preview screen to stop responding in Chromium-based browsers.
- [Gaming] Fixed: An issue occurred when users signed in to a Windows device using only a Gamepad at the lock screen. If no other input methods—such as touch or fingerprint—were used during sign-in, apps and games did not respond to input afterward.
- [PowerShell]
- Fixed: This update addresses an issue that affects PowerShell Remoting and Windows Remote Management (WinRM), where commands might time out after 10 minutes.
- Fixed: This update addresses an issue that prevented an audit event from being logged.
- [Windows Hello] Fixed: This update addresses an issue that affects the setup process for Windows Hello face recognition when using USB infrared camera modules. Users were unable to complete setup due to a persistent error message, such as “Make sure your face is centered in the frame.”
- [Compatibility] This update removes the ltmdm64.sys driver. Fax modem hardware dependent on this specific driver will no longer work in Windows.
Important Reminder for Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.