Microsoft's May 2025 Updates: A Comprehensive Summary for System Administrators
Windows 11, version 24H2 – May 13, 2025 — KB5058411 (OS Build 26100.4061)
[Audio] Fixed: This update resolves an issue where the audio from your microphone would cut out unexpectedly.
[Eye control device] Fixed: The Eye control device app does not start. There are no known issues in this update.
Windows 11, version 23H2 – May 13, 2025 — KB5058405 (OS Builds 22621.5335 and 22631.5335)
This version includes all the improvements in Windows 11 version 22H2.
No additional issues have been documented for this release.
Windows 11, version 22H2
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)]: This update implements improvements to SBAT for detection of Linux systems.
[Windows Update] Fixed: This update addresses an issue that might prevent you from updating to Windows 11, version 24H2, via WSUS. The download may not start or complete, showing error code 0x80240069 and logs showing "Service stopped unexpectedly." There are no known issues with this update.
Windows 10, version 22H2 update history – May 13, 2025 — KB5058379 (OS Builds 19044.5854 and 19045.5854)
Windows 10, version 21H2
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)]: This update implements improvements to SBAT for detection of Linux systems.
Windows 10, version 22H2
This release includes all improvements from supported Windows 10 version 21H2.
No additional issues have been documented for this release.
Known issues in this update: Devices with certain Citrix components installed may fail to complete the installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. This version was released in December 2024.
Affected devices can correctly download and apply the January 2025 update through methods like the Windows Update page in Settings. However, upon restarting, the device displays an error message similar to "Something didn't go as planned. No need to worry – changes are being reverted." The device then reverts to previous Windows updates.
This issue likely affects a limited number of organizations. Home users are not expected to be affected by this issue, as version 2411 of the SRA application is a new release.
Windows 10, version 1607 and Windows Server 2016 update history – May 13, 2025 — KB5058383 (OS Build 14393.8066)
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)]: This update implements improvements to SBAT for the detection of Linux systems. This update does not contain any known issues.
Windows 10, version 1809, Windows Server, version 1809, and Windows Server 2019 update history – May 13, 2025 — KB5058392 (OS Build 17763.7314)
[Operating System Security]: Updated the Windows Kernel Vulnerable Driver Blocklist (DriverSiPolicy.p7b). Vulnerable drivers used in Bring Your Own Vulnerable Driver (BYOVD) attacks have been added to the blocklist.
[GRFX - Graphics]: This update addresses a blue screen issue that occurred after recent GDI updates, particularly with the CHS GB18030-2022 fonts. Corruption occurred while the thread remained active, resulting in the error message.
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)]: This update implements improvements to SBAT for detection of Linux systems.
Known issues in this update: Devices with certain Citrix components installed may fail to complete the installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. This version was released in December 2024.
Affected devices can correctly download and apply the January 2025 update through methods like the Windows Update page in Settings. However, upon restarting, the device displays an error message similar to "Something didn't go as planned. No need to worry – changes are being reverted." The device then reverts to previous Windows updates.
This issue likely affects a limited number of organizations. Home users are not expected to be affected by this issue, as version 2411 of the SRA application is a new release.
Windows 10 (initial version released July 2015) update history – May 13, 2025 — KB5058387 (OS Build 10240.21014)
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)]: This update implements improvements to SBAT for detection of Linux systems.
There are no known issues with this update.
Windows Server 2025 - May 13, 2025—KB5058411 (OS Build 26100.4061)
[Fonts] New! This update includes Simsun-ExtG, a new simplified Chinese font that includes the Biangbiang noodle character. Some applications may not yet be able to display these extension characters. Supports 9,753 ideograms in Unicode Extensions G, H, and I.
- Unicode range G: 30000-3134A (4,939 characters)
- Unicode range H: 31350-323AF (4,192 characters)
- Unicode range I: 2EBF0-2EE5D (622 characters)
[Settings] New! Change time zones in Settings > Time & Language > Date & Time. You don't need to be an administrator to make this change.
[Audio] Fixed: This update resolves an issue where the audio on your microphone would cut out unexpectedly.
[Chinese Pinyin Input Method Editor (IME)] With this update, automatic suggestions will no longer be provided in the search box for search engines like Bing and Baidu. Use Ctrl + Tab or the arrow keys to get manual suggestions.
[Digital/Analog converter (DAC) (known issue)] Fixed: USB audio devices may experience issues. This is more likely when you use a USB 1.0-based DAC audio driver. USB audio devices may stop working, which may affect playback.
[Eye controller] Fixed: Eye controller app does not start.
[File Explorer]
- Fixed: A search could repeat unexpectedly after it was performed.
- Fixed: Date and time properties of a file could be updated after it was copied.
- Fixed: When you change a theme, the icons in the details pane may not update as expected.
- Fixed: The search box might lose input focus while typing.
[Do]
- Fixed: The mouse cursor might disappear. This occurs when hovering over text fields in certain applications.
- Fixed: When you enable pointer trails, the mouse cursor becomes transparent and a black box appears behind it.
- Fixed: The mouse cursor might get stuck while moving on the screen. This happens even when the system is not using a lot of resources.
[Snipping Tool] Fixed: Snipping Tool screenshots may become corrupted. This occurs when you use two or more monitors with different display scaling.
[Task Manager] Fixed: The application remains open longer than expected after being closed.
[USB audio device drivers] Fixed: The Code 10 error message, "This device cannot start," appears. This occurs when you connect certain external audio management devices.
[USB cameras] Fixed: Your device does not detect that the camera is on. This issue occurs after installing the January 2025 security update.
[Wi-Fi] Fixed: The Windows Security dialog box may stop responding when you sign in to certain Wi-Fi networks. This issue may also occur with some other options in Settings.
[Windows Hello] Fixed: Addressed an edge case where Windows Hello was not working on devices with System Protection, Secure Boot, or Dynamic Root of Trust for Metering (DRTM) enabled, preventing users from signing in with facial recognition or PIN. This issue occurs when "Reset this PC" from Settings > System > Recovery is performed with Keep My Files and Local installation.
[Windows Kernel Vulnerable Driver Blocklist (DriverSiPolicy.p7b)] This update adds to the list of drivers at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
[Windows update installation] Fixed: Cumulative updates may fail to install. Error code 0x800736b3. This occurs when a feature on demand fails to install.
There are no known issues with this update.
Windows Server 2022 - May 13, 2025—KB5058385 (OS Build 20348.3692)
- [Desktop Windows Manager (DWM)] Fixed: This update addresses an issue that causes DWM to stop responding during a remote session due to an access error in dwmredir.dll when connecting or disconnecting, resulting in a black or gray screen.
- [Graphics core] Fixed: This update addresses an issue where starting a new console session after closing the previous console session would not start successfully.
- [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update implements improvements to SBAT for detection of Linux systems.
- [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
There are no known issues with this update.
Windows Server, version 23H2 - May 13, 2025—KB5058384 (OS Build 25398.1611)
[Charts] Fixed: This update addresses an issue where users were unable to export or create PDF or XLSX formatted reports that contained charts.
[Graphics core] Fixed: This update addresses the issue where when users attempt to start a new console session after closing the previous console session, the new session does not start successfully.
[Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
There are no known issues with this update.
Windows Server 2012 - May 13, 2025—KB5058451 (Monthly Rollup)
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update implements improvements to SBAT for detection of Linux systems.
There are no known issues with this update. Support for Windows Server 2012 will end in October 2026.
Windows 8.1 and Windows Server 2012 R2 - May 13, 2025—KB5058403 (Monthly Rollup)
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update implements improvements to SBAT for detection of Linux systems.
There are no known issues with this update. Support for Windows Server 2012 R2 will end in October 2026.
Windows Server 2008 Premium Assurance - May 13, 2025—KB5058449 (Monthly Rollup)
[Built-in Windows OS] Various security improvements have been made to built-in Windows OS functionality. No additional issues have been documented for this release.
After installing this update and restarting your device, you may encounter the error, "Failed to configure Windows updates. Reversing changes. Do not turn off your PC." The update may appear as "Failed" in your Update History.
For more information, please visit the Microsoft support page.
Support for Windows Server 2008 will end in January 2026.
Windows Server 2008 Premium Assurance - May 13, 2025—KB5058429 (Security-only update)
[Built-in Windows OS] Various security improvements have been made to built-in Windows OS functionality. No additional issues have been documented for this release.
After installing this update and restarting your device, you may encounter the error, "Failed to configure Windows updates. Reversing changes. Do not turn off your PC." The update may appear as "Failed" in your Update History.
For more information, please visit the Microsoft support page.
Support for Windows Server 2008 will end in January 2026.
Windows Server 2008 Premium Assurance - May 13, 2025—KB5058429 (Security-only update)
[Built-in Windows OS] Various security improvements have been made to built-in Windows OS functionality. No additional issues have been documented for this release.
After installing this update and restarting your device, you may encounter the error, "Failed to configure Windows updates. Reversing changes. Do not turn off your PC." The update may appear as "Failed" in your Update History.
For more information, please visit the Microsoft support page.
Windows Server 2008 R2 Premium Assurance - May 13, 2025—KB5058430 (Monthly Rollup)
[Built-in Windows OS] Various security improvements have been made to built-in Windows OS functionality. No additional issues have been documented for this release.
There are no known issues with this update. Support for Windows Server 2008 R2 will end in January 2026.
Windows Server 2008 R2 Premium Assurance - May 13, 2025—KB5058454 (Security-only update)
[Built-in Windows OS] Various security improvements have been made to built-in Windows OS functionality. No additional issues have been documented for this release.
There are no known issues with this update. Support for Windows Server 2008 R2 will end in January 2026.
Description of the security update for SharePoint Server Subscription Edition: May 13, 2025 (KB5002709)
This security update includes improvements and fixes for the following non-security issues in SharePoint Server Subscription Edition:
- Introduces the Get-SPHybridDocVroomId command to support retrieving VroomId in a hash search scenario.
- The new Hybrid Search feature will be available in the Standard release ring. Download and run the Onboard-CloudHybridSearch-SPOONS.ps1 script to initiate the new Hybrid Search Experience. SCS (Search Content Service) will be retired on June 30, 2025.
- Fixes an issue that could cause modern web parts to break in Quick Links when you use the Zero Downtime patch (ZDP) and the Side-by-Side token together.
- Fixes an issue where users were repeatedly prompted for My Site authentication if they did not have permissions to access followed sites.
- Fixes an issue that causes users to be unable to filter the User Information list that includes an indexed column and exceeds 500 items.
- Fixes an issue that causes Data Loss Prevention (DLP) policy tips to not work on SharePoint subsites.
Description of the security update for SharePoint Server 2019 Language Pack: May 13, 2025 (KB5002706)
This security update resolves a Microsoft SharePoint Server privilege escalation vulnerability.
Description of the security update for SharePoint Enterprise Server 2016: May 13, 2025 (KB5002722) This public update introduces Feature Pack 2 for SharePoint Server 2016. Feature Pack 2 includes the following feature:
- SharePoint Framework (SPFx)
- Administrative Actions Diary
- MinRole improvements
- SharePoint Custom Tiles
- Hybrid Taxonomy
- SharePoint on-premises OneDrive API
- OneDrive for Business modern user experience (available to Software Assurance customers)
Description of the security update for SharePoint Enterprise Server 2016 Language Pack: May 13, 2025 (KB5002712)
This public update introduces Feature Pack 2 for SharePoint Server 2016. Feature Pack 2 includes the following feature:
- SharePoint Framework (SPFx)
- Administrative Actions Diary
- MinRole improvements
- SharePoint Custom Tiles
- Hybrid Taxonomy
- SharePoint on-premises OneDrive API
- OneDrive for Business modern user experience (available to Software Assurance customers)
Description of the security update for Excel 2016: May 13, 2025 (KB5002717)
This security update resolves a Microsoft Excel remote code execution vulnerability.
For detailed information;
Click here
Description of the security update for Office Online Server: May 13, 2025 (KB5002707)
This security update resolves a Microsoft Excel remote code execution vulnerability.
For detailed information;
Click here
Description of the security update for Office 2016: May 13, 2025 (KB5002711)
This security update resolves a Microsoft Office remote code execution vulnerability.
For detailed information;
Click here
Description of the security update for Office 2016: May 13, 2025 (KB5002695) This security update resolves a Microsoft Excel remote code execution vulnerability.
.NET 9.0 Update - May 13, 2025 (KB5059201)
.NET 9.0 has been updated with the latest update as of May 13, 2025. This update includes both security and non-security fixes. .NET 9.0 servicing updates are upgrades. The latest servicing update for 9.0 will remove the previous 9.0 update after a successful installation. After applying this update, you may need to restart the computer if the affected files are in use. We recommend that you exit all .NET-based applications before applying this update.
.NET 8.0 Update - May 13, 2025 (KB5059200)
.NET 8.0 has been updated with the latest update as of May 13, 2025. This update includes both security and non-security fixes. .NET 8.0 servicing updates are upgrades. The latest servicing update for 8.0 will remove the previous 8.0 update after a successful installation. After applying this update, you may need to restart the computer if the affected files are in use. We recommend that you exit all .NET-based applications before applying this update.
Windows Server 2025 Datacenter: Azure Edition - May 13, 2025 — Hotpatch KB5058497 (OS Build 26100.3981)
This security update includes quality improvements. This update makes several security improvements to internal operating system functionality. There are no additional documented issues in this release. If you have installed previous updates, your device will only download and install the new updates included in this package.
Windows Server 2022 Datacenter: Azure Edition - May 13, 2025 — Hotpatch KB5058500 (OS Build 20348.3630)
This security update includes quality improvements. This update makes several security improvements to internal operating system functionality. There are no additional documented issues in this release. If you have installed previous updates, your device will only download and install the new updates included in this package.
