KB5078740 for Windows Server 2025

KB5078740 is the cumulative update for Windows Server 2025 version 24H2. It was released on 10 March 2026 under the ‘Patch Tuesday’ program of Microsoft.

Salient points

• KB5078740 supersedes Febuary 2026 cumulative update KB5075899 for Windows Server 2025.
• KB5078740 security update corresponds to the build 26100.32522.
• In March, a total of 39 security vulnerabilities are reported by Microsoft in the latest security report that affect Windows Server 2025.
• No zero-day vulnerabilities affect Windows Server 2025.
• No CRITICAL security vulnerability affects Windows Server2025 in March Patch Tuesday cycle.
• The Servicing Stack Update corresponding to KB5078740 is KB5078739 (26100.32500). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.

Zero-day vulnerabilities

No zero-day vulnerability affects Windows Server 2025 24H2 edition. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation.

Critical vulnerabilities

No Critical vulnerability has been disclosed on Windows Server 2025 in the March 2026 security bulletin.

Download KB5078740

You may download the offline installer file for KB5078740 from the catalog site link shared below:

• Download KB5078740 from the Microsoft Update Catalog (1948.2 MB)

The update file is available for x64 and ARM64 deployments. Upon installation of KB5078740, the server would restart. So, do plan as a structured change.

Changelog – KB5078740

The following changes or improvements are part of KB5078740 for Windows Server 2025:

• This update addresses security issues detected and shared for Windows Server 2025 24H2 editions.
• [Secure Boot] ​​​​​​​With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. This targeting is based primarily on client device diagnostic data; due to limited data, servers are unlikely to qualify, though not explicitly excluded. Devices receive new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
• [System services and reliability] Improved: Windows Server 2025 now supports newer server platforms that expose more hardware error reporting features, including systems with up to 64 Machine Check Architecture (MCA) banks. This update ensures Windows parses and configures all supported error sources, so hardware errors are reported and handled as expected on modern servers such as newer AMD EPYC‑based systems.

Important Reminder for Secure Boot Services

It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface​​​​​​​ (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.

Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.