Flexis March 2025 Patch Recommendation
Patches Microsoft released in March 2025:
- KB5053603: 2025-03 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems
- KB5053596: 2025-03 Cumulative Update for Windows Server 2019 for x64-based Systems
- KB5053594: 2025-03 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5054006: 2025-03 Servicing Stack Update for Windows Server 2016 for x64-based Systems
Impacted Products:
Microsoft Windows
Microsoft Edge
(HTML-based)
Microsoft Edge
(Chromium-based)
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
Windows Defender
Visual Studio
ASP.NET Core
Chakra Core
Microsoft Dynamics
.NET Framework
.NET Core
Please note the following information regarding the security updates:
Windows 10 Enterprise and Education and Windows 10 Home and Pro lifecycle pages, Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10. The following editions will remain in support with monthly security update releases through that date:
Home
Pro
Pro Education
Pro for Workstations
Education
Enterprise
Enterprise multi-session
KB5053603: Windows Server 2022
Improvements
This security update includes quality improvements. The following summary outlines key issues addressed by the KB update after you install it. Also, included are available new features. The bold text within the brackets indicates the item or area of the change.
- [Daylight saving time (DST)] This update supports (DST) changes in Paraguay.
- [Open Secure Shell (OpenSSH) (known issue)] Fixed: The service fails to start, which stops SSH connections. There is no detailed logging, and you must run the sshd.exe process manually.
- [GB18030-2022] This update adds support for this amendment.
- [Azure Virtual Network] Fixed: You can turn off the VNET metering feature with the following registry key.
Registry key: HKLM\CurrentControlSet\Services\NcHostAgent\Parameters\Plugins\Vnet
Registry key: MeteringDisabled (DWORD type)
Data to be set: 1
There is no known issue with this update.
KB5053596: Win 10 Ent LTSC 2019 Win 10 IoT Ent LTSC 2019 Windows 10 IoT Core LTSC Windows Server 2019
Improvements
- [Daylight saving time (DST)] Updated: DST changes for Paraguay. For more information, see the Daylight Saving Time & Time Zone Blog.
- [GB18030-2022] This update adds support for this amendment.
- [Temporary files] This update enables system processes to store temporary files in a secure directory “C:\Windows\SystemTemp” via either calling GetTempPath2 API or using .NET’s GetTempPath API, thereby reducing the risk of unauthorized access.
- [Open Secure Shell (OpenSSH) (known issue)] Fixed: The service fails to start, which stops SSH connections. There is no detailed logging, and you must run the sshd.exe process manually.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the March 2025 Security Updates.
Windows 10 servicing stack update (KB5054007) – 17763.7000
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing updates.
Known issues in this update
Symptoms
Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024.
Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device.
This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue.
Workaround
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation.
Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
KB5053594: Windows 10, version 1607, all editions Windows Server 2016, all editions
Improvement
- [Temporary files] This update enables system processes to store temporary files in a secure directory “C:\Windows\SystemTemp” via either calling GetTempPath2 API or using .NET’s GetTempPath API, thereby reducing the risk of unauthorized access.
- [Use-after-free (UAF) risk] Fixed: A race condition might lead to a UAF risk during process creation.
- [Daylight saving time (DST)] Updated: DST changes for Paraguay. For more information, see the Daylight Saving Time & Time Zone Blog.
Microsoft is not currently aware of any issues with this update.
KB5054006: Win 10 Ent LTSB 2016 Win 10 IoT Ent LTSB 2016 Windows Server 2016
This servicing stack update (SSU) makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates make sure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Important Not installing the latest SSU before applying Windows updates might result in the Windows update not being offered until the latest SSU is installed.