Share via

Windows Update Cumulative

Handian Sudianto 6,846 Reputation points
2026-03-04T07:28:04.0433333+00:00

We have internal tool to scan the cve and i found i have server with cve-2025-49735 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49735 and i can see to fix this sve then we need install KB5060842 for windows server 2025 which published on Jul 8 2025.

In this Februari 2026 I also install security cumulative period Feb 2026 with KB5075899.

Then i just want to know if we install the latest security update (Feb 2025) isn't this include all previous security update?

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
0 comments
Answer accepted by question author
  1. Harry Phan 15,915 Reputation points Independent Advisor
    2026-03-04T08:12:27.15+00:00

    Hi Handian, on Windows Server, cumulative updates are designed to be rollups, meaning each new monthly security cumulative package supersedes the previous ones and includes all prior fixes. In your example, KB5060842 from July 2025 contained the fix for CVE‑2025‑49735. When you later installed KB5075899 in February 2026, that cumulative update already incorporated the July 2025 fixes along with everything released in between.

    So yes, installing the latest cumulative security update is sufficient; you do not need to manually install older KBs. The only exception would be if you skipped cumulative updates and tried to apply individual hotfixes, but Microsoft’s servicing model for Windows Server 2022/2025 ensures that the most recent cumulative update always contains all previous security fixes.

    If it's helpful to you, please give it a thump up or Accept the Answer, appreciate it :)

    Harry.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-04T07:28:20.1466667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    For Windows Server cumulative updates, the general servicing model is that each new cumulative update (CU) is superseding the previous ones and includes all earlier security fixes for that product/version.

    From the provided context, this behavior is visible in multiple 2025 examples:

    • Each new CU or rollup lists a “Supersedes” field indicating it replaces earlier updates for the same OS version. For example:
      • 2025-07 Cumulative Update for Windows Server 2016 (KB5062560) supersedes KB5061010.
      • 2025-07 Cumulative Update for Windows Server 2019 (KB5062557) supersedes KB5060531.
      • 2025-02 Cumulative Update for Windows Server 2016 (KB5052006) supersedes KB5049993.
      • 2025-01 Cumulative Update for Windows 10 22H2/21H2 (KB5049981) supersedes KB5048652.

    This shows that for supported Windows Server/Windows 10 versions, installing the latest cumulative security update for that version brings the system current with all previously released security fixes that are still applicable, including earlier CVE remediations.

    Therefore, for Windows Server 2025:

    • If KB5075899 (Feb 2026) is the latest cumulative security update for that OS version and it supersedes KB5060842 (Jul 2025), then installing KB5075899 is sufficient; it will include the fixes from KB5060842, including the mitigation for CVE-2025-49735.
    • To confirm this for the specific CVE and KB pair, check the “Supersedes” chain and the “Security Updates” mapping for that CVE in the Microsoft Security Update Guide, and verify that KB5075899 is listed as the current update for Windows Server 2025.

    In operational terms: for a server that is fully patched with the latest cumulative update for its OS version, there is normally no need to install older CUs separately for the same branch; they are already included.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.