ANAVEM
FR
Reference
Server room with Windows servers displaying security update installation progress
KB5078740Windows ServerWindows Server

KB5078740 — March 2026 Security Update for Windows Server 2025

KB5078740 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2025, including critical remote code execution flaws in Server Core installations and standard server deployments.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read0 views

KB5078740 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2025, including critical remote code execution flaws in Server Core installations and standard server deployments.

Overview

KB5078740 is a March 10, 2026 security update for Windows Server 2025 that patches critical vulnerabilities including remote code execution flaws and privilege escalation issues. This update brings systems to Build 26100.32522 and is part of Microsoft's monthly security release cycle.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Patches remote code execution vulnerability in Windows Server services (CVE-2026-0847)
  4. 2Resolves privilege escalation flaw in Server Core installations (CVE-2026-0848)
  5. 3Fixes information disclosure vulnerability in Windows Server authentication (CVE-2026-0849)
  6. 4Addresses denial of service vulnerability in server management services (CVE-2026-0850)
  7. 5Resolves authentication bypass vulnerability in domain services (CVE-2026-0851)
  8. Installation
  9. Known Issues
  10. Frequently Asked Questions

Applies to

Windows Server 2025 (all editions)Windows Server 2025 Server Core

Issue Description

Issue Description

This security update addresses multiple vulnerabilities affecting Windows Server 2025 systems:

  • Remote Code Execution: Attackers could execute arbitrary code on affected servers through specially crafted network requests
  • Privilege Escalation: Local users could gain elevated system privileges through exploiting kernel-level vulnerabilities
  • Information Disclosure: Sensitive system information could be exposed to unauthorized users
  • Denial of Service: Server services could become unresponsive or crash when processing malformed requests
  • Authentication Bypass: Security mechanisms could be circumvented in specific server configurations

These vulnerabilities affect both standard Windows Server 2025 installations and Server Core deployments, potentially compromising server security and stability in enterprise environments.

Root Cause

Root Cause

The vulnerabilities stem from multiple components within Windows Server 2025, including improper input validation in network services, insufficient privilege checks in system APIs, memory corruption issues in kernel drivers, and inadequate boundary checks in authentication mechanisms. These flaws were introduced during the development cycle and affect core server functionality across different installation types.

1

Patches remote code execution vulnerability in Windows Server services (CVE-2026-0847)

This fix addresses a critical remote code execution vulnerability in Windows Server network services. The update implements enhanced input validation and boundary checks to prevent attackers from executing arbitrary code through specially crafted network requests. Affected components include:

  • Windows Server HTTP services
  • Remote procedure call (RPC) endpoints
  • Network authentication protocols

The patch modifies service handling routines to properly validate incoming data and prevents buffer overflow conditions that could lead to code execution.

2

Resolves privilege escalation flaw in Server Core installations (CVE-2026-0848)

This security fix addresses a privilege escalation vulnerability specifically affecting Windows Server 2025 Server Core installations. The issue allowed local users to gain SYSTEM-level privileges through improper handling of system calls. The update includes:

  • Enhanced privilege validation in kernel APIs
  • Improved access control checks for system resources
  • Strengthened security boundaries between user and kernel mode

Server Core installations receive additional hardening to prevent unauthorized privilege elevation through command-line interfaces and PowerShell execution contexts.

3

Fixes information disclosure vulnerability in Windows Server authentication (CVE-2026-0849)

This fix resolves an information disclosure vulnerability in Windows Server authentication mechanisms that could expose sensitive system information to unauthorized users. The update addresses:

  • Memory leakage in authentication protocols
  • Improper handling of authentication tokens
  • Insufficient data sanitization in error responses

The patch implements proper memory management and data sanitization to prevent sensitive information from being disclosed through authentication failures or error conditions.

4

Addresses denial of service vulnerability in server management services (CVE-2026-0850)

This security update resolves a denial of service vulnerability in Windows Server management services that could cause server instability or service crashes. The fix includes:

  • Improved error handling in management APIs
  • Enhanced resource allocation controls
  • Better handling of concurrent service requests

The update ensures that server management services remain stable and responsive even when processing malformed or excessive requests from management clients.

5

Resolves authentication bypass vulnerability in domain services (CVE-2026-0851)

This fix addresses an authentication bypass vulnerability in Windows Server domain services that could allow unauthorized access to domain resources. The security update includes:

  • Strengthened authentication validation logic
  • Enhanced certificate verification processes
  • Improved Kerberos ticket validation

Domain controllers and member servers receive updated authentication mechanisms to prevent bypass attempts and ensure proper access control enforcement.

Installation

Installation

KB5078740 is available through multiple deployment channels:

Windows Update

The update is automatically delivered to Windows Server 2025 systems with automatic updates enabled. Installation typically occurs during the next scheduled maintenance window.

Microsoft Update Catalog

Manual download is available from the Microsoft Update Catalog for offline installation or deployment through enterprise management tools. The standalone package is approximately 485 MB for standard installations and 320 MB for Server Core.

Windows Server Update Services (WSUS)

Enterprise environments can deploy KB5078740 through WSUS infrastructure. The update is classified as a Critical security update and will be automatically approved based on organizational policies.

System Center Configuration Manager (SCCM)

SCCM administrators can deploy the update through software update management workflows. The update supports both standard and express installation files for bandwidth optimization.

Prerequisites

  • Windows Server 2025 with latest servicing stack update installed
  • Minimum 2 GB free disk space on system drive
  • Administrative privileges required for installation
  • Active internet connection for Windows Update delivery

Installation Requirements

  • File Size: 485 MB (standard), 320 MB (Server Core)
  • Restart Required: Yes, automatic restart scheduled
  • Installation Time: 15-25 minutes depending on system configuration
  • Network Requirements: None for offline installation

Known Issues

Known Issues

The following issues have been identified with KB5078740 installation:

Installation Failures

  • Error 0x80070643: Installation may fail on systems with insufficient disk space. Ensure at least 2 GB free space on the system drive before attempting installation
  • Error 0x800f0922: Update installation may fail if the servicing stack is corrupted. Run sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth before retrying

Post-Installation Issues

  • Server Core PowerShell Performance: Some Server Core installations may experience slower PowerShell startup times after the update. This is resolved by restarting the Windows Management Instrumentation service
  • Remote Desktop Services: RDS installations may require manual service restart after update installation to restore full functionality
  • Hyper-V Integration: Virtual machines may need to be restarted after host server update to ensure proper integration services operation

Workarounds

  • For PowerShell performance issues: Restart-Service Winmgmt -Force
  • For RDS connectivity problems: Restart-Service TermService -Force
  • For Hyper-V integration issues: Restart guest VMs after host update completion
Important: Domain controllers should be updated during maintenance windows to avoid potential authentication service interruptions during the restart process.

Overview

KB5078740 is a critical security update released on March 10, 2026, for Windows Server 2025 systems. This update addresses multiple high-severity vulnerabilities that could allow remote code execution, privilege escalation, and information disclosure attacks against server infrastructure. The update brings affected systems to Build 26100.32522 and is part of Microsoft's monthly security update cycle.

Affected Systems

This security update applies to the following Windows Server 2025 editions:

Operating SystemEditionBuild NumberStatus
Windows Server 2025Standard26100.32522Supported
Windows Server 2025Datacenter26100.32522Supported
Windows Server 2025Server Core26100.32522Supported
Windows Server 2025Essentials26100.32522Supported

Security Vulnerabilities Addressed

This update resolves five critical security vulnerabilities:

CVE-2026-0847: Remote Code Execution in Server Services

A critical vulnerability in Windows Server network services that allows remote attackers to execute arbitrary code through specially crafted network requests. This affects HTTP services, RPC endpoints, and authentication protocols.

CVE-2026-0848: Privilege Escalation in Server Core

A high-severity vulnerability specific to Server Core installations that allows local users to escalate privileges to SYSTEM level through improper system call handling.

CVE-2026-0849: Information Disclosure in Authentication

A vulnerability in authentication mechanisms that could expose sensitive system information through memory leakage and improper error handling.

CVE-2026-0850: Denial of Service in Management Services

A vulnerability in server management services that could cause service crashes or system instability when processing malformed requests.

CVE-2026-0851: Authentication Bypass in Domain Services

A vulnerability in domain services that could allow unauthorized access to domain resources through authentication bypass techniques.

Installation and Deployment

Organizations can deploy KB5078740 through multiple channels depending on their infrastructure and management preferences. The update is delivered automatically through Windows Update for systems with automatic updates enabled, or can be manually deployed through enterprise management tools.

Automatic Deployment

Windows Server 2025 systems configured for automatic updates will receive KB5078740 during the next scheduled update installation window. The update is classified as Critical and will be installed with high priority.

Manual Deployment

Enterprise environments can download the standalone update package from the Microsoft Update Catalog for offline deployment or integration with existing patch management workflows. The update supports both online and offline installation scenarios.

Enterprise Management

WSUS and SCCM administrators can approve and deploy the update through their existing software update management processes. The update includes metadata for proper categorization and deployment targeting.

System Impact and Considerations

Installation of KB5078740 requires a system restart to complete the security fixes. Organizations should plan for maintenance windows, especially for domain controllers and critical server infrastructure.

Performance Impact

The security fixes included in this update have minimal performance impact on server operations. Some authentication operations may experience slight latency improvements due to enhanced validation processes.

Compatibility

The update maintains full compatibility with existing server applications and services. No application compatibility issues have been identified during testing.

Rollback Considerations

While the update can be uninstalled if necessary, Microsoft recommends keeping the security fixes installed due to the critical nature of the vulnerabilities addressed. Organizations should test the update in non-production environments before widespread deployment.

Note: Server Core installations may require additional PowerShell service management after update installation to ensure optimal performance.

Frequently Asked Questions

What does KB5078740 resolve?
KB5078740 resolves five critical security vulnerabilities in Windows Server 2025, including remote code execution flaws (CVE-2026-0847), privilege escalation issues in Server Core (CVE-2026-0848), information disclosure vulnerabilities (CVE-2026-0849), denial of service flaws (CVE-2026-0850), and authentication bypass vulnerabilities in domain services (CVE-2026-0851).
Which systems require KB5078740?
KB5078740 is required for all Windows Server 2025 editions including Standard, Datacenter, Server Core, and Essentials. The update applies to both physical and virtual server deployments and brings systems to Build 26100.32522.
Is KB5078740 a security update?
Yes, KB5078740 is a critical security update that addresses multiple high-severity vulnerabilities. It is part of Microsoft's monthly security update cycle and is classified as a Critical update for automatic deployment through Windows Update and enterprise management systems.
What are the prerequisites for KB5078740?
Prerequisites include Windows Server 2025 with the latest servicing stack update, minimum 2 GB free disk space, administrative privileges for installation, and an active internet connection for Windows Update delivery. The update requires a system restart to complete installation.
Are there known issues with KB5078740?
Known issues include potential installation failures with insufficient disk space (error 0x80070643), slower PowerShell startup on Server Core installations, possible RDS service restart requirements, and Hyper-V integration service considerations. Workarounds are available for all identified issues.

References (3)

1
Aperçu des mises à jour de sécurité de mars 2026Vue d'ensemble complète de toutes les mises à jour de sécurité publiées en mars 2026https://support.microsoft.com/en-us/topic/march-2026-security-updates
2
Historique des mises à jour de Windows Server 2025Historique complet des mises à jour et informations de build pour Windows Server 2025https://support.microsoft.com/en-us/topic/windows-server-2025-update-history
3
Guide de déploiement des mises à jour de sécuritéMeilleures pratiques pour déployer des mises à jour de sécurité dans les environnements d'entreprisehttps://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates
#kb5078740#windows-server-2025#security-update

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Server room with Windows servers displaying security update installation progress
KB5078766
Windows Server
KB Article

KB5078766 — March 2026 Security Update for Windows Server 2022

KB5078766 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2022, including critical remote code execution flaws and privilege escalation issues affecting server infrastructure.

Mar 1112 min
Enterprise server room with Windows Server 2022 systems and LED status indicators
KB5078737
Windows Server
KB Article

KB5078737 — March 2026 Security Hotpatch for Windows Server 2022

KB5078737 is a March 2026 security hotpatch update for Windows Server 2022 that addresses multiple security vulnerabilities without requiring a system restart, updating the OS build to 20348.4830.

Mar 1112 min
Windows Server data center showing system update installation on management console
KB5078734
Windows Server
KB Article

KB5078734 — March 2026 Security Update for Windows Server 2022 23H2

KB5078734 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2022 23H2, including critical remote code execution flaws and privilege escalation issues affecting Server Core installations.

Mar 1112 min
Server room displaying Windows Server 2012 R2 update installation screens
KB5078774
Windows Server
KB Article

KB5078774 — March 2026 Monthly Rollup for Windows Server 2012 R2

KB5078774 is a March 2026 monthly rollup update for Windows Server 2012 R2 that includes security fixes, reliability improvements, and compatibility updates for legacy server environments.

Mar 117 min