Table of Contents
- Why Do You Need the March 2026 Windows Server Patch Tuesday Updates for Your Infrastructure?
- Windows Server 2025 Updates
- Windows Server 2022 and 23H2 Updates
- Update KB5078734 for Windows Server 23H2
- Update KB5078766 for Windows Server 2022
- Windows Server 2016 and 2019 Updates
- Update KB5078752 for Windows Server 2019
- Update KB5078938 for Windows Server 2016
- Windows Server 2012 and 2012 R2 Updates (ESU Required)
Why Do You Need the March 2026 Windows Server Patch Tuesday Updates for Your Infrastructure?
March 2026 Windows Server Patch Tuesday: Comprehensive Update Guide
Microsoft released cumulative security and quality updates for supported Windows Server versions on March 10, 2026. These updates address specific vulnerabilities outlined in the March 2026 Microsoft Security Update Summary. Installing these patches ensures your server environment maintains optimal security, stability, and hardware compatibility.
Below is a detailed breakdown of the updates across all active and legacy Windows Server environments.
Windows Server 2025 Updates
Microsoft issued cumulative update KB507874 for Windows Server 2025. This package delivers essential security patches and targeted system reliability enhancements.
- Secure Boot Certificate Management: Microsoft updated the telemetry data requirements for Secure Boot. The system now utilizes high-confidence diagnostic data to identify devices eligible for new Secure Boot certificates. Microsoft uses a controlled, phased rollout. Devices must demonstrate successful update signals before receiving new certificates. Servers rarely qualify for automatic certificate updates due to limited diagnostic data, though Microsoft does not explicitly exclude them.
- Hardware Error Reporting: Modern server infrastructures require precise error handling. This update enables Windows Server 2025 to support newer server platforms featuring up to 64 Machine Check Architecture (MCA) banks. The operating system now accurately parses and configures advanced error sources. This ensures administrators receive reliable hardware error reports on modern architectures, including recent AMD EPYC‑based systems.
Windows Update downloads and installs this patch automatically. Administrators can also source it via WSUS, Windows Update for Business (WUfB), or the Microsoft Update Catalog. The installation includes the latest Servicing Stack Update (SSU).
Windows Server 2022 and 23H2 Updates
Microsoft provided distinct update packages for Windows Server 23H2 and Windows Server 2022 to improve system integrity and operational stability.
Update KB5078734 for Windows Server 23H2
- Secure Boot Delivery: This update implements the same phased, data-driven Secure Boot certificate rollout described for Server 2025.
- Graphics Stability: High-intensity graphic applications and 3D workloads benefit from improved GPU configuration stability. This enhancement also resolves specific shutdown failures tied to certain GPU states.
- Font Accuracy: Microsoft updated the system fonts to include the new Saudi Riyal currency symbol. This maintains visual consistency across text rendering.
- Windows System Image Manager (WSIM): Administrators now receive a warning dialog when selecting catalog files. This prompt verifies that the chosen file originates from a trusted source, improving overall deployment security.
Update KB5078766 for Windows Server 2022
This update mirrors the core security enhancements of the 23H2 patch, focusing strictly on the Secure Boot certificate delivery mechanisms and the WSIM trusted catalog verification improvements.
Both updates contain the latest SSU and distribute automatically through standard Windows Update channels, WSUS, and WUfB.
Windows Server 2016 and 2019 Updates
Administrators managing older server iterations must apply the following cumulative updates to maintain system security.
Update KB5078752 for Windows Server 2019
- Secure Boot and WSIM: This patch includes the phased Secure Boot certificate deployment and the WSIM trusted source warning dialog.
- File History Integrity: Control Panel backups now function correctly when processing file names that contain specific Chinese characters and Private Use Area characters.
Update KB5078938 for Windows Server 2016
This package aligns Server 2016 with current security standards by implementing the WSIM trusted catalog verification prompt and the updated Secure Boot certificate telemetry requirements.
Administrators should review Microsoft’s specific installation sequence regarding the Service Stack Update (SSU) before applying either the 2016 or 2019 cumulative updates.
Windows Server 2012 and 2012 R2 Updates (ESU Required)
Windows Server 2012 and 2012 R2 reached their official end of support in October 2023. Organizations must possess an active Extended Security Updates (ESU) license to receive and apply these patches.
- Update KB5078774 for Windows Server 2012 R2
- Update KB5078775 for Windows Server 2012
Both monthly rollups provide miscellaneous security improvements specifically targeting internal Windows operating system functionality. Microsoft documents no known issues for these releases.
Administrators must install the latest Servicing Stack Update (SSU) before manually installing the KB5078775 update via the Microsoft Update Catalog or WSUS. SSU installations are permanent and cannot be uninstalled.