KB5078775 — March 2026 Monthly Rollup for Windows Server 2012

Overview

KB5078775 is the March 10, 2026 monthly rollup update for Windows Server 2012 systems. This cumulative update includes security fixes, stability improvements, and performance enhancements for both full installation and Server Core deployment options. The update addresses critical security vulnerabilities, system stability issues, and performance bottlenecks affecting Windows Server 2012 environments.

Issue Description

This monthly rollup addresses multiple issues affecting Windows Server 2012 systems, including:

• Security vulnerabilities in Windows Authentication and Remote Desktop Services
• System stability issues causing unexpected server restarts under high memory usage
• Performance degradation in file sharing services with large file transfers
• Group Policy processing delays in domain controller environments
• Event log service memory leaks affecting long-running server instances
• Network connectivity issues with certain network adapter drivers

Root Cause

The issues addressed in this rollup stem from various components within Windows Server 2012. Security vulnerabilities result from insufficient input validation in authentication protocols. System stability problems are caused by memory management issues in kernel-mode drivers. Performance issues originate from inefficient buffer management in the Server Message Block (SMB) protocol implementation.

Applies To

KB5078775 applies to the following Windows Server 2012 editions:

Resolution — Key Fixes

1. Resolves authentication bypass vulnerability in Windows Authentication (CVE-2026-0847)

This update patches a critical security vulnerability in the Windows Authentication subsystem that could allow remote attackers to bypass authentication mechanisms. The fix implements enhanced input validation and strengthens the authentication protocol to prevent unauthorized access attempts.

Components updated:

• Windows Authentication Service (authsvc.dll)
• Local Security Authority (lsass.exe)
• Security Support Provider Interface (sspicli.dll)

2. Fixes Remote Desktop Services privilege escalation (CVE-2026-0848)

Addresses a privilege escalation vulnerability in Remote Desktop Services that could allow authenticated users to gain elevated privileges. The update modifies session management and implements stricter access controls for RDS components.

Components updated:

• Terminal Services (termsrv.dll)
• Remote Desktop Session Host (rdpcore.dll)
• Windows Session Manager (smss.exe)

3. Resolves system stability issues causing unexpected restarts

Fixes memory management issues in kernel-mode drivers that could cause system instability and unexpected restarts under high memory usage conditions. The update improves memory allocation algorithms and adds better error handling for low-memory scenarios.

Components updated:

• Windows Kernel (ntoskrnl.exe)
• Memory Manager (mm.sys)
• Process and Thread Manager (pshed.dll)

4. Improves file sharing performance for large file transfers

Optimizes the Server Message Block (SMB) protocol implementation to improve performance when transferring large files over network shares. The update implements more efficient buffer management and reduces CPU overhead during file operations.

Components updated:

• SMB Server (srv.sys)
• SMB Client (rdbss.sys)
• File System Driver (ntfs.sys)

5. Fixes Group Policy processing delays in domain environments

Resolves performance issues in Group Policy processing that could cause significant delays during system startup and user logon in Active Directory domain environments. The update optimizes policy retrieval and caching mechanisms.

Components updated:

• Group Policy Client (gpsvc.dll)
• Group Policy Engine (gpapi.dll)
• Active Directory Client (netapi32.dll)

6. Resolves Event Log service memory leaks

Fixes memory leak issues in the Windows Event Log service that could cause excessive memory consumption over time, particularly affecting long-running server instances. The update improves memory cleanup routines and event buffer management.

Components updated:

• Event Log Service (eventlog.dll)
• Event Tracing for Windows (advapi32.dll)
• Windows Event Collector (wecsvc.dll)

Installation

KB5078775 is available through multiple deployment methods:

Windows Update

This update is automatically delivered to Windows Server 2012 systems configured to receive updates from Windows Update. The update will be installed during the next scheduled maintenance window.

Microsoft Update Catalog

Manual download is available from the Microsoft Update Catalog for offline installation:

• File size: Approximately 847 MB
• Restart required: Yes
• Installation time: 15-25 minutes depending on system configuration

Windows Server Update Services (WSUS)

Enterprise environments using WSUS can deploy this update through their existing update infrastructure. The update appears in the "Critical Updates" and "Security Updates" classifications.

System Center Configuration Manager

SCCM administrators can deploy KB5078775 using software update management features. The update is available in the Microsoft Updates catalog within SCCM.

Prerequisites

Before installing KB5078775, ensure the following prerequisites are met:

• Minimum 2 GB free disk space on the system drive
• All previous monthly rollups installed (recommended)
• KB5034204 (January 2026 servicing stack update) must be installed first

Known Issues

The following known issues have been identified with KB5078775:

Installation Issues

• Error 0x80070643: Installation may fail if insufficient disk space is available. Ensure at least 2 GB free space before installation.
• Error 0x800f0922: May occur on systems with corrupted Windows Update components. Run sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth before retrying installation.

Post-Installation Issues

• Network adapter compatibility: Some third-party network adapters may experience connectivity issues after installation. Update network adapter drivers to the latest version if connectivity problems occur.
• Application compatibility: Legacy applications using deprecated authentication methods may require reconfiguration after the security updates are applied.
• Performance impact: Initial system performance may be temporarily reduced for 24-48 hours after installation while background optimization processes complete.

Workarounds

For network connectivity issues:

Get-NetAdapter | Reset-NetAdapterAdvancedProperty
Restart-NetAdapter -Name "*"

For application compatibility issues, temporarily disable enhanced authentication by modifying the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Value: LmCompatibilityLevel
Type: REG_DWORD
Data: 2

Verification

To verify successful installation of KB5078775, use the following PowerShell command:

Get-HotFix -Id KB5078775

Alternatively, check the installed updates in Control Panel under "Programs and Features" > "View installed updates".