Flexis May 2025 Patch Recommendation
Patches Microsoft released in May 2025:
- KB5058392: 2025-05 Cumulative Update for Windows Server 2019 for x64-based Systems
- KB5058383: 2025-05 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5058524: 2025-05 Servicing Stack Update for Windows Server 2016 for x64-based Systems
Impacted Products:
Microsoft Windows
Microsoft Edge
(HTML-based)
Microsoft Edge
(Chromium-based)
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
Windows Defender
Visual Studio
ASP.NET Core
Chakra Core
Microsoft Dynamics
.NET Framework
.NET Core
Please note the following information regarding the security updates:
Windows 10 Enterprise and Education and Windows 10 Home and Pro lifecycle pages, Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10. The following editions will remain in support with monthly security update releases through that date:
Home
Pro
Pro Education
Pro for Workstations
Education
Enterprise
Enterprise multi-session
KB5058392: Windows Server 2022
Improvements
- [OS Security] Updates to the Windows Kernel Vulnerable Driver Blocklist (DriverSiPolicy.p7b). Additions have been made to blocklist drivers with security vulnerabilities that have been used in Bring Your Own Vulnerable Driver (BYOVD) attacks.
- [GRFX-Graphics] This update addresses an issue causing an error message on a blue screen particularly in cases linked to recent GDI updates with CHS GB18030-2022 fonts. Corruption occurs while the associated thread remains active, leading to an error message.
- [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies improvements to SBAT for the detection of Linux systems.
Known issues in this update
Symptoms
Citrix
Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024.
Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device.
This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue.
Workaround
Citrix
The issue has been resolved in Citrix Session Recording Agent version 2503, released on April 28, 2025, and newer versions.
For details, see the documentation provided by Citrix at “Microsoft’s January Security Update Fails/Reverts on a machine with 2411 Session Recording Agent“.
KB5058383: Win 10 Ent LTSC 2019 Win 10 IoT Ent LTSC 2019 Windows 10 IoT Core LTSC Windows Server 2019
Improvement
- [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies improvements to SBAT for the detection of Linux systems.
We are currently not aware of any issues with this update.
KB5058524: Win 10 Ent LTSB 2016 Win 10 IoT Ent LTSB 2016 Windows Server 2016
Summary
This servicing stack update (SSU) makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates make sure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Important Not installing the latest SSU before applying Windows updates might result in the Windows update not being offered until the latest SSU is installed.