KB5075899 is the cumulative update for Windows Server 2025 version 24H2. It was released on 10 February 2026 under the ‘Patch Tuesday’ program of Microsoft.
Salient points
- KB5075899 supersedes January 2026 cumulative update KB5073779 for Windows Server 2025.
- KB5075899 also includes out of band updates KB5077793 released on 17 January 2026 and KB5078135 released on 24 January 2026.
- KB5075899 security update corresponds to the build 26100.32370.
- In February, a total of 28 security vulnerabilities are reported by Microsoft in the latest security report that affect Windows Server 2025.
- 5 zero-day vulnerabilities affect Windows Server 2025.
- No CRITICAL security vulnerability affects Windows Server2025 in February Patch Tuesday cycle.
- The Servicing Stack Update corresponding to KB5075899 is KB5075898 (26100.32370). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
Zero-day vulnerabilities
Three zero-day vulnerability affects Windows Server 2025 24H2 edition. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation. In this case, it has been found that the zero-day has been exploited by threat actors. So, immediate patching of the security update is needed.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2026-21510 | 8.8 | Security Feature Bypass Vulnerability in Windows Shell |
| CVE-2026-21513 | 8.8 | Security Feature Bypass Vulnerability in MSHTML Framework |
| CVE-2026-21519 | 7.8 | Elevation of Privilege Vulnerability in Desktop Window Manager |
| CVE-2026-21525 | 6.2 | Denial of Service Vulnerability in Windows Remote Access Connection Manager |
| CVE-2026-21533 | 7.8 | Elevation of Privilege Vulnerability in Windows Remote Desktop Services |
Critical vulnerabilities
No Critical vulnerability has been disclosed on Windows Server 2025 in the Feb 2026 security bulletin.
Download KB5075899
You may download the offline installer file for KB5075899 from the catalog site link shared below:
The update file is available for x64 and ARM64 deployments. Upon installation of KB5075899, the server would restart. So, do plan as a structured change.
Changelog – KB5075899
The following changes or improvements are part of KB5075899 for Windows Server 2025:
- This update addresses security issues detected and shared for Windows Server 2025 24H2 editions.
- [File Explorer] Fixed: This update addresses an issue where folder renaming with desktop.ini files in File Explorer isn’t work correctly. The LocalizedResourceName setting is ignored, so custom folder names don’t appear.
- [Fonts & Display] Updates the Chinese fonts to support the GB18030‑2022A standard for character coverage and display.
- [Graphics] Fixed: This update addresses an issue where certain GPU configurations might recently have experienced a system error related to dxgmms2.sys, resulting in the KERNEL_SECURITY_CHECK_FAILURE error.
- [Performance & Reliability] Fixed: This update disables the forwarded I/O feature in the NVMe stack by default.
- [Networking] New! DNS over HTTPS (DoH) support for Windows DNS Server is now available in public preview. This preview enables evaluation of DoH for traffic between the server and its clients. This is intended for feedback only. It isn’t supported for production use, and it might contain issues. Functionality might also change, including potential breaking changes, before General Availability (GA). You can read more about this preview in the DoH on Windows DNS Server blog.
- New! Windows Server now supports random shuffling of resource records in DNS Server responses. This helps reduce scenarios where a single resource record becomes overloaded because it appears first in the returned list.To enable, create a DWORD registry key named “RandomShuffle” at:Registry Key: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\ParametersData to be set: 1
To disable or erase the key:Date to be set to: 0
Important Reminder for Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.