KB5075904 is the cumulative update for Windows Server 2019 and Windows Server 2019 Server Core installation. It was released on 10 February, 2025 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5075904 supersedes January 2026 cumulative update KB5073723.
- KB5075904 includes all changes that are part of the OOB or out of band update KB5078183 released on 24 January 2026.
- KB5075904 corresponds to Windows server build 17763.8389.
- Five Zero-day vulnerabilities affect Windows Server 2019 and Windows Server 2019 Server Core installation as per January’s security bulletin.
- 24 security vulnerabilities have been disclosed for February 2026 by Microsoft. 5 of these are zero-day vulnerabilities and one has CRITICAL severity level.
- The Servicing Stack Update corresponding to KB5075904 is KB5075903 (17763.8381). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- KB5005112 is the SSU that must be already deployed on Windows Server 2019. If you have not deployed this SSU, please download KB5005112 and apply on the server. This is a very old SSU released in August 2021. If you have followed the update release cycle, there is a high chance that you already have this patch on the server. SSU installation does not cause server reboot.
Important Reminders
Apart from this, it is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Download KB5075903
KB5075903 is the Servicing Stack Update for Windows Server 2019 released in February 2026 alongside the main cumulative update KB5075904.
If you intend to deploy cumulative updates through Windows Update or Windows Update for Business, no action is needed to install the Servicing Stack Update. The Servicing Stack Update is part of the security update that will be installed on Windows Server 2019.
For manual installation of KB5075904, there is no separate installation of KB5075903 as it is included in the main cumulative security update.
Download KB5075904
You may download the offline installer file for KB5075904 from the catalog site link shared below:
Upon installation of KB5075904, the server would restart. The Servicing Stack Update is already included in the main update and will be downloaded and installed as part of the installation process.
Zero-day vulnerabilities
Five zero-day vulnerability has been reported for Windows Server 2019 in February 2026.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2026-21510 | 8.8 | Security Feature Bypass Vulnerability in Windows Shell |
| CVE-2026-21513 | 8.8 | Security Feature Bypass Vulnerability in MSHTML Framework |
| CVE-2026-21519 | 7.8 | Elevation of Privilege Vulnerability in Desktop Window Manager |
| CVE-2026-21525 | 6.2 | Denial of Service Vulnerability in Windows Remote Access Connection Manager |
| CVE-2026-21533 | 7.8 | Elevation of Privilege Vulnerability in Windows Remote Desktop Services |
Critical vulnerabilities
The February security bulletin for Windows Server 2019 reports 24 security vulnerabilities. There is no CRITICAL vulnerability affecting Windows Server 2019.
Changelog – KB507590
The following changes or improvements are part of KB5073723 for Windows Server 2019:
- The update addresses security improvements for Windows Server 2019 and Windows Server 2019 Server Core installation.
- [Internal Windows OS] This update contains miscellaneous security improvements to internal Windows OS functionality. No specific issues are documented for this release.
- [Fonts] This update includes changes to Chinese fonts to meet GB18030-2022A compliance.
- [OS Security (known issue)] Fixed: After installing the Windows security update released on or after January 13, 2026, some Secure Launch-capable PCs with Virtual Secure Mode (VSM) enabled are unable to shut down or enter hibernation. Instead, the device restarts.
- [Folders] Fixed: This update fixes an issue that affects folder renaming with desktop.ini files in File Explorer. The LocalizedResourceName setting was ignored, so custom folder names did not show. Now, custom folder names appear as expected.
- [Graphics] Fixed: A stability issue affecting certain graphics processing units (GPUs) configurations.
Due to the zero-day vulnerabilities, we recommend installing the KB5075904 cumulative update on Windows Server 2019 at the earliest.
Simplifying technology, one step at a time.