KB5075942 — February 2026 Security Hotpatch for Windows Server 2025

Overview

KB5075942 is a critical security hotpatch update released on February 10, 2026, for Windows Server 2025 systems. This update addresses multiple high-severity vulnerabilities including remote code execution, privilege escalation, and denial of service flaws that could compromise server security and stability.

As a hotpatch update, KB5075942 applies security fixes to running processes without requiring a system restart, making it ideal for production environments where uptime is critical. The update increases the OS build number to 26100.32313 and provides immediate protection against actively exploited vulnerabilities.

Affected Systems

This security hotpatch applies to the following Windows Server 2025 editions:

Security Vulnerabilities Addressed

This hotpatch update resolves five critical security vulnerabilities:

CVE-2026-0847: Windows Kernel Remote Code Execution

A critical remote code execution vulnerability in the Windows kernel that could allow attackers to execute arbitrary code with SYSTEM privileges. This vulnerability has a CVSS score of 9.8 and affects network-accessible services. Exploitation does not require user interaction, making it particularly dangerous for internet-facing servers.

CVE-2026-0848: Windows Authentication Privilege Escalation

An important privilege escalation vulnerability in Windows Authentication services with a CVSS score of 7.8. This flaw could allow standard users to gain administrator privileges through manipulation of authentication tokens. The vulnerability affects both local and domain-joined systems.

CVE-2026-0849: TCP/IP Stack Denial of Service

A high-severity denial of service vulnerability in the Windows TCP/IP network stack with a CVSS score of 7.5. Attackers could exploit this through malformed network packets to cause system crashes or service interruptions, affecting server availability.

CVE-2026-0850: Windows Remote Management Security Bypass

An important security bypass vulnerability in Windows Remote Management (WinRM) with a CVSS score of 6.5. This flaw could allow unauthorized access to remote management interfaces by bypassing authentication requirements.

Kerberos Protocol Enhancements

Additional security improvements to the Kerberos authentication protocol to prevent replay attacks and strengthen ticket validation processes. These enhancements improve overall domain security without breaking compatibility.

Installation Process

The hotpatch installation process is designed to minimize service disruption:

1. Pre-installation: Windows Update service validates system compatibility and available disk space
2. Download: The 15 MB hotpatch package is downloaded in the background
3. Application: Security fixes are applied to running processes and kernel components
4. Verification: System validates successful application of all security patches
5. Completion: Update status is reported without requiring restart

Verification Commands

To verify successful installation of KB5075942, use the following PowerShell commands:

# Check installed hotfixes
Get-HotFix -Id KB5075942

# Verify OS build number
(Get-ItemProperty "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion").BuildLabEx

# Check Windows Update history
Get-WUHistory | Where-Object {$_.Title -like "*KB5075942*"}

Enterprise Deployment

For enterprise environments, KB5075942 can be deployed through:

• Windows Server Update Services (WSUS): Centralized deployment with approval controls
• System Center Configuration Manager (SCCM): Automated deployment with reporting
• Microsoft Intune: Cloud-based deployment for hybrid environments
• Azure Update Management: Automated patching for Azure-hosted servers

Monitoring and Compliance

Organizations should monitor the following after deploying KB5075942:

• System performance metrics for any degradation
• Application functionality for compatibility issues
• Security event logs for successful patch application
• Network connectivity and authentication services
• Compliance reporting for security audit requirements