Windows 10 (KB5053606 / KB5053596 / KB5053594 / KB5053618) March 2025 Patch Tuesday out

Win 10 Patch tuesday

It's the second Tuesday of the month, which means it's Patch Tuesday time again. As such, today, Microsoft is rolling out the monthly security update (also called "B release") for February 2025 on Windows Server 20H2 and Windows 10 for the latest supported versions, 20H2, 21H2, and 22H2.

The new updates are being distributed under KB5053606, bumping up the builds to 19044.5608 and 19045.5608. You can find standalone links to download the new update on the Microsoft Update Catalog at this link.

The major highlight of the release is security patches.

Highlights

This update addresses security issues for your Windows operating system.

This release has the following known issues:

Known issues in this update

Symptom	Workaround
Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro editions of Windows are affected.	Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:\ProgramData\ssh\logs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device. This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue.	Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear as a dialog box or notification. SgrmBroker.exe refers to the System Guard Runtime Monitor Broker Service. This service was originally created for Microsoft Defender, but it has not been a part of its operation for a very long time. Although Windows updates released January 14, 2025 conflict with the initialization of this service, no impact to performance or functionality should be observed. There is no change to the security level of a device resulting from this issue. This service has already been disabled in other supported versions of Windows, and SgrmBroker.exe presently serves no purpose. Note: There is no need to manually start this service or configure it in any way (doing so might trigger errors unnecessarily). Future Windows updates will adjust the components used by this service and SgrmBroker.exe. For this reason, please do not attempt to manually uninstall or remove this service or its components.	No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing 'cmd'. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”. Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.

Symptom

Workaround

Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.

This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro editions of Windows are affected.

Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps:

Open PowerShell as an Administrator.
Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed.

Use the following commands to update the permissions:

$directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl
Repeat the above steps for C:\ProgramData\ssh\logs.

Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.

Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024.

Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device.

This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue.

Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation.

Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.

The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’.

This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear as a dialog box or notification.

SgrmBroker.exe refers to the System Guard Runtime Monitor Broker Service. This service was originally created for Microsoft Defender, but it has not been a part of its operation for a very long time. Although Windows updates released January 14, 2025 conflict with the initialization of this service, no impact to performance or functionality should be observed. There is no change to the security level of a device resulting from this issue. This service has already been disabled in other supported versions of Windows, and SgrmBroker.exe presently serves no purpose.

Note: There is no need to manually start this service or configure it in any way (doing so might trigger errors unnecessarily). Future Windows updates will adjust the components used by this service and SgrmBroker.exe. For this reason, please do not attempt to manually uninstall or remove this service or its components.

No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps:

Open a Command Prompt window. This can be accomplished by opening the Start menu and typing 'cmd'. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”.
Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled
A message may appear afterwards. Next, enter the following text: reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD
Close the Command Prompt window.

This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization.

We are working on a resolution and will provide an update in an upcoming release.

Some of the older Windows 10 versions have also received updates today, which have been listed below with their respective release notes (KB) linked as well as links to download them at Microsoft's Update Catalog:

Version	KB	Build	Download	Support
1809	KB5053596	17763.7009	Update Catalog	Long-Term Servicing Channel (LTSC)
1607	KB5053594	14393.7876	Update Catalog
1507	KB5053618	10240.20947	Update Catalog

It is noteworthy that Windows 10 20H2 and Windows 10 1909 reached the end of servicing. Non-LTSC editions of 21H2 have also reached the end of servicing.