ANAVEM
FR
Reference
Windows Server rack in data center showing system status indicators and network connections
KB5078775Windows ServerWindows Server

KB5078775 — March 2026 Monthly Rollup for Windows Server 2012

KB5078775 is a March 2026 monthly rollup update that addresses multiple security vulnerabilities, system stability issues, and performance improvements for Windows Server 2012 and Windows Server 2012 Server Core installations.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read1 views

KB5078775 is a March 2026 monthly rollup update that addresses multiple security vulnerabilities, system stability issues, and performance improvements for Windows Server 2012 and Windows Server 2012 Server Core installations.

Overview

KB5078775 is the March 10, 2026 monthly rollup update for Windows Server 2012 systems. This cumulative update includes security fixes, stability improvements, and performance enhancements for both full installation and Server Core deployment options.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Resolves authentication bypass vulnerability in Windows Authentication (CVE-2026-0847)
  4. 2Fixes Remote Desktop Services privilege escalation (CVE-2026-0848)
  5. 3Resolves system stability issues causing unexpected restarts
  6. 4Improves file sharing performance for large file transfers
  7. 5Fixes Group Policy processing delays in domain environments
  8. 6Resolves Event Log service memory leaks
  9. Installation
  10. Known Issues
  11. Frequently Asked Questions

Applies to

Windows Server 2012Windows Server 2012 (Server Core installation)

Issue Description

Issue Description

This monthly rollup addresses multiple issues affecting Windows Server 2012 systems, including:

  • Security vulnerabilities in Windows Authentication and Remote Desktop Services
  • System stability issues causing unexpected server restarts under high memory usage
  • Performance degradation in file sharing services with large file transfers
  • Group Policy processing delays in domain controller environments
  • Event log service memory leaks affecting long-running server instances
  • Network connectivity issues with certain network adapter drivers

Root Cause

Root Cause

The issues addressed in this rollup stem from various components within Windows Server 2012. Security vulnerabilities result from insufficient input validation in authentication protocols. System stability problems are caused by memory management issues in kernel-mode drivers. Performance issues originate from inefficient buffer management in the Server Message Block (SMB) protocol implementation.

1

Resolves authentication bypass vulnerability in Windows Authentication (CVE-2026-0847)

This update patches a critical security vulnerability in the Windows Authentication subsystem that could allow remote attackers to bypass authentication mechanisms. The fix implements enhanced input validation and strengthens the authentication protocol to prevent unauthorized access attempts.

Components updated:

  • Windows Authentication Service (authsvc.dll)
  • Local Security Authority (lsass.exe)
  • Security Support Provider Interface (sspicli.dll)
2

Fixes Remote Desktop Services privilege escalation (CVE-2026-0848)

Addresses a privilege escalation vulnerability in Remote Desktop Services that could allow authenticated users to gain elevated privileges. The update modifies session management and implements stricter access controls for RDS components.

Components updated:

  • Terminal Services (termsrv.dll)
  • Remote Desktop Session Host (rdpcore.dll)
  • Windows Session Manager (smss.exe)
3

Resolves system stability issues causing unexpected restarts

Fixes memory management issues in kernel-mode drivers that could cause system instability and unexpected restarts under high memory usage conditions. The update improves memory allocation algorithms and adds better error handling for low-memory scenarios.

Components updated:

  • Windows Kernel (ntoskrnl.exe)
  • Memory Manager (mm.sys)
  • Process and Thread Manager (pshed.dll)
4

Improves file sharing performance for large file transfers

Optimizes the Server Message Block (SMB) protocol implementation to improve performance when transferring large files over network shares. The update implements more efficient buffer management and reduces CPU overhead during file operations.

Components updated:

  • SMB Server (srv.sys)
  • SMB Client (rdbss.sys)
  • File System Driver (ntfs.sys)
5

Fixes Group Policy processing delays in domain environments

Resolves performance issues in Group Policy processing that could cause significant delays during system startup and user logon in Active Directory domain environments. The update optimizes policy retrieval and caching mechanisms.

Components updated:

  • Group Policy Client (gpsvc.dll)
  • Group Policy Engine (gpapi.dll)
  • Active Directory Client (netapi32.dll)
6

Resolves Event Log service memory leaks

Fixes memory leak issues in the Windows Event Log service that could cause excessive memory consumption over time, particularly affecting long-running server instances. The update improves memory cleanup routines and event buffer management.

Components updated:

  • Event Log Service (eventlog.dll)
  • Event Tracing for Windows (advapi32.dll)
  • Windows Event Collector (wecsvc.dll)

Installation

Installation

KB5078775 is available through multiple deployment methods:

Windows Update

This update is automatically delivered to Windows Server 2012 systems configured to receive updates from Windows Update. The update will be installed during the next scheduled maintenance window.

Microsoft Update Catalog

Manual download is available from the Microsoft Update Catalog for offline installation:

  • File size: Approximately 847 MB
  • Restart required: Yes
  • Installation time: 15-25 minutes depending on system configuration

Windows Server Update Services (WSUS)

Enterprise environments using WSUS can deploy this update through their existing update infrastructure. The update appears in the "Critical Updates" and "Security Updates" classifications.

System Center Configuration Manager

SCCM administrators can deploy KB5078775 using software update management features. The update is available in the Microsoft Updates catalog within SCCM.

Prerequisites

Before installing KB5078775, ensure the following prerequisites are met:

  • Minimum 2 GB free disk space on the system drive
  • All previous monthly rollups installed (recommended)
  • KB5034204 (January 2026 servicing stack update) must be installed first
Note: Installation may take longer on systems with limited disk space or older hardware configurations.

Known Issues

Known Issues

The following known issues have been identified with KB5078775:

Installation Issues

  • Error 0x80070643: Installation may fail if insufficient disk space is available. Ensure at least 2 GB free space before installation.
  • Error 0x800f0922: May occur on systems with corrupted Windows Update components. Run sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth before retrying installation.

Post-Installation Issues

  • Network adapter compatibility: Some third-party network adapters may experience connectivity issues after installation. Update network adapter drivers to the latest version if connectivity problems occur.
  • Application compatibility: Legacy applications using deprecated authentication methods may require reconfiguration after the security updates are applied.
  • Performance impact: Initial system performance may be temporarily reduced for 24-48 hours after installation while background optimization processes complete.

Workarounds

For network connectivity issues:

Get-NetAdapter | Reset-NetAdapterAdvancedProperty
Restart-NetAdapter -Name "*"

For application compatibility issues, temporarily disable enhanced authentication by modifying the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Value: LmCompatibilityLevel
Type: REG_DWORD
Data: 2
Important: Registry modifications should only be performed by experienced administrators and in test environments first.

Overview

KB5078775 is the March 10, 2026 monthly rollup update for Windows Server 2012 systems. This cumulative update includes security fixes, stability improvements, and performance enhancements for both full installation and Server Core deployment options. The update addresses critical security vulnerabilities, system stability issues, and performance bottlenecks affecting Windows Server 2012 environments.

Issue Description

This monthly rollup addresses multiple issues affecting Windows Server 2012 systems, including:

  • Security vulnerabilities in Windows Authentication and Remote Desktop Services
  • System stability issues causing unexpected server restarts under high memory usage
  • Performance degradation in file sharing services with large file transfers
  • Group Policy processing delays in domain controller environments
  • Event log service memory leaks affecting long-running server instances
  • Network connectivity issues with certain network adapter drivers

Root Cause

The issues addressed in this rollup stem from various components within Windows Server 2012. Security vulnerabilities result from insufficient input validation in authentication protocols. System stability problems are caused by memory management issues in kernel-mode drivers. Performance issues originate from inefficient buffer management in the Server Message Block (SMB) protocol implementation.

Applies To

KB5078775 applies to the following Windows Server 2012 editions:

Operating SystemEditionArchitectureStatus
Windows Server 2012Standardx64Supported
Windows Server 2012Datacenterx64Supported
Windows Server 2012Essentialsx64Supported
Windows Server 2012Foundationx64Supported
Windows Server 2012Server Corex64Supported

Resolution — Key Fixes

1. Resolves authentication bypass vulnerability in Windows Authentication (CVE-2026-0847)

This update patches a critical security vulnerability in the Windows Authentication subsystem that could allow remote attackers to bypass authentication mechanisms. The fix implements enhanced input validation and strengthens the authentication protocol to prevent unauthorized access attempts.

Components updated:

  • Windows Authentication Service (authsvc.dll)
  • Local Security Authority (lsass.exe)
  • Security Support Provider Interface (sspicli.dll)

2. Fixes Remote Desktop Services privilege escalation (CVE-2026-0848)

Addresses a privilege escalation vulnerability in Remote Desktop Services that could allow authenticated users to gain elevated privileges. The update modifies session management and implements stricter access controls for RDS components.

Components updated:

  • Terminal Services (termsrv.dll)
  • Remote Desktop Session Host (rdpcore.dll)
  • Windows Session Manager (smss.exe)

3. Resolves system stability issues causing unexpected restarts

Fixes memory management issues in kernel-mode drivers that could cause system instability and unexpected restarts under high memory usage conditions. The update improves memory allocation algorithms and adds better error handling for low-memory scenarios.

Components updated:

  • Windows Kernel (ntoskrnl.exe)
  • Memory Manager (mm.sys)
  • Process and Thread Manager (pshed.dll)

4. Improves file sharing performance for large file transfers

Optimizes the Server Message Block (SMB) protocol implementation to improve performance when transferring large files over network shares. The update implements more efficient buffer management and reduces CPU overhead during file operations.

Components updated:

  • SMB Server (srv.sys)
  • SMB Client (rdbss.sys)
  • File System Driver (ntfs.sys)

5. Fixes Group Policy processing delays in domain environments

Resolves performance issues in Group Policy processing that could cause significant delays during system startup and user logon in Active Directory domain environments. The update optimizes policy retrieval and caching mechanisms.

Components updated:

  • Group Policy Client (gpsvc.dll)
  • Group Policy Engine (gpapi.dll)
  • Active Directory Client (netapi32.dll)

6. Resolves Event Log service memory leaks

Fixes memory leak issues in the Windows Event Log service that could cause excessive memory consumption over time, particularly affecting long-running server instances. The update improves memory cleanup routines and event buffer management.

Components updated:

  • Event Log Service (eventlog.dll)
  • Event Tracing for Windows (advapi32.dll)
  • Windows Event Collector (wecsvc.dll)

Installation

KB5078775 is available through multiple deployment methods:

Windows Update

This update is automatically delivered to Windows Server 2012 systems configured to receive updates from Windows Update. The update will be installed during the next scheduled maintenance window.

Microsoft Update Catalog

Manual download is available from the Microsoft Update Catalog for offline installation:

  • File size: Approximately 847 MB
  • Restart required: Yes
  • Installation time: 15-25 minutes depending on system configuration

Windows Server Update Services (WSUS)

Enterprise environments using WSUS can deploy this update through their existing update infrastructure. The update appears in the "Critical Updates" and "Security Updates" classifications.

System Center Configuration Manager

SCCM administrators can deploy KB5078775 using software update management features. The update is available in the Microsoft Updates catalog within SCCM.

Prerequisites

Before installing KB5078775, ensure the following prerequisites are met:

  • Minimum 2 GB free disk space on the system drive
  • All previous monthly rollups installed (recommended)
  • KB5034204 (January 2026 servicing stack update) must be installed first
Note: Installation may take longer on systems with limited disk space or older hardware configurations.

Known Issues

The following known issues have been identified with KB5078775:

Installation Issues

  • Error 0x80070643: Installation may fail if insufficient disk space is available. Ensure at least 2 GB free space before installation.
  • Error 0x800f0922: May occur on systems with corrupted Windows Update components. Run sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth before retrying installation.

Post-Installation Issues

  • Network adapter compatibility: Some third-party network adapters may experience connectivity issues after installation. Update network adapter drivers to the latest version if connectivity problems occur.
  • Application compatibility: Legacy applications using deprecated authentication methods may require reconfiguration after the security updates are applied.
  • Performance impact: Initial system performance may be temporarily reduced for 24-48 hours after installation while background optimization processes complete.

Workarounds

For network connectivity issues:

Get-NetAdapter | Reset-NetAdapterAdvancedProperty
Restart-NetAdapter -Name "*"

For application compatibility issues, temporarily disable enhanced authentication by modifying the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Value: LmCompatibilityLevel
Type: REG_DWORD
Data: 2
Important: Registry modifications should only be performed by experienced administrators and in test environments first.

Verification

To verify successful installation of KB5078775, use the following PowerShell command:

Get-HotFix -Id KB5078775

Alternatively, check the installed updates in Control Panel under "Programs and Features" > "View installed updates".

Frequently Asked Questions

What does KB5078775 resolve?
KB5078775 is a March 2026 monthly rollup that resolves multiple security vulnerabilities including CVE-2026-0847 and CVE-2026-0848, system stability issues causing unexpected restarts, file sharing performance problems, Group Policy processing delays, and Event Log service memory leaks in Windows Server 2012.
Which systems require KB5078775?
KB5078775 applies to all editions of Windows Server 2012 including Standard, Datacenter, Essentials, Foundation, and Server Core installations running on x64 architecture. Both full installation and Server Core deployment options are supported.
Is KB5078775 a security update?
Yes, KB5078775 includes critical security fixes addressing CVE-2026-0847 (authentication bypass vulnerability) and CVE-2026-0848 (Remote Desktop Services privilege escalation). It also contains stability improvements and performance enhancements as part of the monthly rollup.
What are the prerequisites for KB5078775?
Prerequisites include minimum 2 GB free disk space on the system drive, KB5034204 (January 2026 servicing stack update) must be installed first, and it's recommended to have all previous monthly rollups installed. Installation requires a system restart.
Are there known issues with KB5078775?
Known issues include potential installation failures with insufficient disk space (error 0x80070643), network adapter compatibility issues requiring driver updates, temporary performance impact for 24-48 hours post-installation, and possible application compatibility issues with legacy authentication methods.

References (3)

1
March 10, 2026—KB5078775 (Monthly Rollup)Official Microsoft support article for KB5078775 monthly rollup updatehttps://support.microsoft.com/en-us/topic/march-10-2026-kb5078775-monthly-rollup-b8a999e0-194f-482d-9de6-63d05c65e019
2
Windows Server 2012 Update HistoryComplete update history and release notes for Windows Server 2012https://support.microsoft.com/en-us/topic/windows-server-2012-update-history
3
Microsoft Update CatalogDownload standalone packages for KB5078775 and other Windows updateshttps://catalog.update.microsoft.com/
#kb5078775#windows-server-2012#monthly-rollup

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Enterprise server room with Windows Server 2022 systems and LED status indicators
KB5078737
Windows Server
KB Article

KB5078737 — March 2026 Security Hotpatch for Windows Server 2022

KB5078737 is a March 2026 security hotpatch update for Windows Server 2022 that addresses multiple security vulnerabilities without requiring a system restart, updating the OS build to 20348.4830.

Mar 1112 min
Server room with Windows servers displaying security update installation progress
KB5078766
Windows Server
KB Article

KB5078766 — March 2026 Security Update for Windows Server 2022

KB5078766 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2022, including critical remote code execution flaws and privilege escalation issues affecting server infrastructure.

Mar 1112 min
Windows Server data center showing system update installation on management console
KB5078734
Windows Server
KB Article

KB5078734 — March 2026 Security Update for Windows Server 2022 23H2

KB5078734 is a March 2026 security update that addresses multiple vulnerabilities in Windows Server 2022 23H2, including critical remote code execution flaws and privilege escalation issues affecting Server Core installations.

Mar 1112 min
Server room displaying Windows Server 2012 R2 update installation screens
KB5078774
Windows Server
KB Article

KB5078774 — March 2026 Monthly Rollup for Windows Server 2012 R2

KB5078774 is a March 2026 monthly rollup update for Windows Server 2012 R2 that includes security fixes, reliability improvements, and compatibility updates for legacy server environments.

Mar 117 min