KB5082126 is the ESU Monthly Rollup Update for Windows Server 2012 R2. It was released on 14 April 2026 under the ‘Patch Tuesday’ program.
Salient points
- KB5082126 supersedes KB5078774 released in March 2026.
- KB508216 requires a Servicing Stack Update to be installed prior to installing the main monthly rollup update. KB5079233 is the SSU corresponding to KB5082126.
- If you install language pack after installing KB5082126, you would need to reinstall the security update once again. All language pack installations must be completed before installing the monthly rollup update on Windows Server 2012 R2.
- KB5082126 is an Extended Security Update. A valid subscription key to the ESU program is required before installing the monthly rollup update.
- Windows Server 2012 R2 is impacted by 59 security vulnerabilities reported in April 2026 security bulletin.
- No zero-day vulnerabilities affect Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation.
- Three Critical security vulnerabilities affect Windows Server 2012 R2 in the latest April security bulletin.
- Meanwhile, the last cumulative update for Internet Explorer on Windows Server 2012 R2 was last released in October 2025 (KB5066840)
- If you installed KB5078774 in March, the SSU KB5079233 would have already been deployed.
Servicing Stack Update KB5079233
The Servicing Stack Update for Windows Server 2012 R2 for April is KB5079233.
For automated deployments of KB5082126 through the Windows Update program, the Servicing Stack Update KB5079233 is offered for installation as part of the installation process of the monthly rollup update KB5082126. No further action is needed to install KB5079233 for automated installations of KB5082126.
WSUS administrators need to authorize or approve KB5079233 before KB5082126 is fetched and installed in WSUS.
If you choose to deploy KB5082126 manually, you need to download and install KB5079233 on the Windows Server 2012 R2.
The Servicing Stack Update file is a small file of 10.6 MB. Upon installation, it would not cause server reboot. Once the SSU is installed, you can proceed with the installation of the main monthly rollup update KB5082126.
Download KB5082126
You can download the monthly rollup update KB5082126 for Windows Server 2012 R2 from the Windows Update Catalog page shared below:
We would reiterate that you need a valid ESU program subscription before you could install the ESU KB5082126 on Windows Server 2012 R2.
Zero-day Vulnerabilities
No zero-day vulnerability affects Windows Server 2012 R2 and Windows Server 2012 R2 Server Core installation, as per the latest security reported released by Microsoft.
Critical vulnerabilities
Three Critical vulnerabilities have been reported for Windows Server 2012 R2 in April 2026.
| Vulnerability | CVSS | Impact | Comments |
|---|---|---|---|
| CVE-2026-33826 | 8 | Remote Code Execution | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. |
| CVE-2026-33827 | 8.1 | Remote Code Execution | Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows TCP/IP allows an unauthorized attacker to execute code over a network. |
| CVE-2026-32157 | 8.8 | Remote Code Execution | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
KB5082126 – Changelog
Since this is an ESU, the focus remains on securing the Windows Server 2012 R2 deployments. The following changes have been reported for KB5082126:
- [Internal Windows OS] Miscellaneous security improvements were made to internal Windows OS functionality.
- [Remote Desktop] Improved: This update improves protection against phishing attacks that use Remote Desktop (.rdp) files. When you open an .rdp file, Remote Desktop shows all requested connection settings before it connects, with each setting turned off by default. A one-time security warning also appears the first time you open an .rdp file on a device. For more information, see Understanding security warnings when opening Remote Desktop (RDP) files.
Internet Explorer Cumulative Update – KB5066840
To secure the Windows Server 2012 R2, you also need to patch Internet Explorer 11 with the latest cumulative update. KB5066840 is the cumulative update for Internet Explorer released on 14 October 2025. No new IE update has been released in November or December 2025.
You can download the IE Cumulative Update for Windows Server 2012 R2 from the link shared below:
Download Cumulative Update for Internet Explorer – KB5066840 (54.9 MB)
Simplifying technology, one step at a time.