Server 2025 Archives

Winsage

September 16, 2025

Microsoft says Windows September updates break SMBv1 shares

Microsoft has acknowledged that the September 2025 Windows security updates are causing connection difficulties with Server Message Block (SMB) v1 shares across various platforms, including Windows 11 versions 24H2, 23H2, and 22H2, and Windows 10 versions 22H2 and 21H2, as well as Windows Server 2025 and Windows Server 2022. The issue occurs when connecting to SMBv1 shares via the NetBIOS over TCP/IP (NetBT) protocol after installing the September 2025 update or later. Microsoft is working on a resolution and has provided a temporary workaround that involves enabling traffic on TCP port 445. SMBv1 has been largely phased out and officially deprecated since 2014, with Microsoft urging system administrators to eliminate support for it due to security vulnerabilities, especially after the 2017 leak of NSA exploits that targeted SMBv1.

Winsage

September 12, 2025

FTC should investigate Microsoft after Ascension ransomware attack, senator says

A U.S. senator, Ron Wyden, has requested an investigation by the Federal Trade Commission (FTC) into Microsoft's role in a ransomware attack on Ascension Health, alleging "gross cybersecurity negligence." The attack, which occurred in 2024, involved hackers using a method called "Kerberoasting" to exploit Microsoft’s Active Directory server, taking advantage of the outdated RC4 encryption standard. Wyden criticized Microsoft for not making the more secure Advanced Encryption Standard (AES) the default option in Windows and for failing to adequately warn customers about vulnerabilities related to Kerberoasting. Microsoft acknowledged that RC4 is outdated but stated that disabling it could disrupt customer systems. The company plans to disable RC4 by default in new installations of Active Directory Domains using Windows Server 2025 by early 2026. Wyden noted that the ransomware attack originated from a malicious link clicked by a contractor while using Microsoft’s Bing, leading to malware installation and subsequent ransomware deployment across Ascension’s systems. The attack severely impacted Ascension's operations, forcing its 140 hospitals to revert to manual processes for weeks and compromising sensitive data of nearly 6 million individuals. Patients in Texas, Illinois, and Tennessee have filed class action lawsuits against Ascension due to the breach. The Black Basta ransomware gang has been implicated in the attack, although they have not claimed responsibility.

Winsage

September 12, 2025

Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence

U.S. Senator Ron Wyden has urged the Federal Trade Commission (FTC) to investigate Microsoft for "gross cybersecurity negligence" linked to ransomware attacks on critical U.S. infrastructure, particularly in healthcare. Wyden's concerns were highlighted in a letter to FTC Chairman Andrew Ferguson, referencing a ransomware attack on Ascension that compromised personal and medical information of approximately 5.6 million individuals. The breach was initiated by a contractor clicking a malicious link on Microsoft's Bing, leading to exploitation of insecure default settings in Microsoft software. Wyden criticized Microsoft's use of the outdated RC4 encryption technology, which is vulnerable to attacks, and noted that Microsoft's software does not enforce a minimum password length for privileged accounts. Microsoft plans to phase out support for RC4 and implement additional security measures in future updates. The scrutiny follows previous criticisms of Microsoft's cybersecurity practices, including a report from the U.S. Cyber Safety Review Board.

Winsage

September 12, 2025

Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence

U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft for "gross cybersecurity negligence" linked to ransomware attacks on U.S. healthcare networks. In a letter to FTC Chairman Andrew Ferguson, Wyden expressed concerns about Microsoft's cybersecurity practices and its dominant market position, which he believes pose a national security risk. He referenced a ransomware attack on the healthcare system Ascension that affected 5.6 million individuals, attributed to the Black Basta group, and noted that the breach was initiated by a contractor clicking a malicious link on Microsoft's Bing search engine. The attackers exploited insecure default settings in Microsoft software, using a method called Kerberoasting that targets the Kerberos authentication protocol. This method takes advantage of the outdated RC4 encryption technology, which Microsoft still supports. Wyden criticized Microsoft's lack of adequate warnings about the risks associated with RC4 and pointed out that the software does not enforce a minimum password length of 14 characters for privileged accounts. Microsoft plans to phase out RC4 in future updates, with new installations of Active Directory Domains using Windows Server 2025 set to have RC4 disabled by default starting in Q1 of 2026. Additionally, a report from the U.S. Cyber Safety Review Board highlighted preventable errors that allowed Chinese threat actors to compromise Microsoft Exchange Online mailboxes. Despite these cybersecurity issues, Microsoft continues to secure lucrative federal contracts.

Winsage

September 10, 2025

Microsoft fixes app install issues caused by August Windows updates

Microsoft addressed a significant issue from the August 2025 security updates that led to unexpected User Account Control (UAC) prompts and installation challenges for non-administrative users across all versions of Windows. This issue arose from a security patch for the CVE-2025-50173 vulnerability, which posed a risk of privilege escalation for authenticated attackers. The updates affected various client and server platforms, including multiple versions of Windows 10 and Windows 11, as well as Windows Server 2025, 2022, and earlier versions. To mitigate these issues, the September 2025 Windows security update aims to reduce UAC prompts during MSI repairs, and IT administrators can disable UAC prompts for specific applications by adding them to an allowlist. UAC prompts will still be required for applications executing custom actions, but administrators can turn off these prompts for designated apps by adding new registry keys under HKEYLOCALMACHINESOFTWAREPoliciesMicrosoftWindowsInstaller. Additionally, Microsoft resolved another issue related to lag and stuttering problems with NDI streaming software on Windows 10 and Windows 11 systems.

Winsage

September 5, 2025

Microsoft fesses up to Windows update that caused UAC prompts

Microsoft has acknowledged that the August 2025 security updates for Windows have caused unexpected User Account Control (UAC) prompts for users across all supported versions of Windows. The affected client versions include Windows 11 (24H2, 23H2, 22H2) and Windows 10 (22H2, 21H2, 1809, Enterprise LTSC 2019, Enterprise LTSC 2016, 1607, Enterprise 2015 LTSB). The server versions impacted are Windows Server 2025, 2022, 2019, 2016, 2012 R2, and 2012. The updates included a security enhancement (KB5063878) that enforced UAC prompts for administrator credentials during Windows Installer (MSI) repair operations to address the vulnerability CVE-2025-50173. Various scenarios can trigger UAC prompts for non-administrative users, including executing MSI repair commands, launching Autodesk applications, installing user-specific applications, and deploying packages via Configuration Manager. Standard users attempting to run applications that initiate MSI repair operations without a user interface may encounter errors, such as Error 1730 when trying to install Office Professional Plus 2010. Microsoft is working on a solution to allow IT administrators to permit specific applications to perform MSI repairs without triggering UAC prompts, which will be included in a future update. In the meantime, users are advised to run applications as administrators when possible, and IT admins can mitigate the issue by configuring a special Group Policy using Known Issue Rollback (KIR) for the affected Windows versions.

Winsage

September 5, 2025

Microsoft says recent Windows updates cause app install issues

Microsoft has acknowledged that the August 2025 security updates are causing unexpected User Account Control (UAC) prompts and installation challenges for non-administrative users across all supported Windows versions. This issue arises from a security patch addressing the CVE-2025-50173 vulnerability, which could allow authenticated attackers to escalate their privileges. New UAC prompts require administrative credentials in various scenarios, affecting standard users deploying packages via Configuration Manager and launching certain Autodesk applications. The affected platforms include Windows 11 (versions 24H2, 23H2, 22H2), Windows 10 (various versions), and several Windows Server versions. Microsoft stated that if a standard user runs an app triggering an MSI repair operation without a user interface, it will result in an error message, such as Error 1730 when installing Office Professional Plus 2010. Microsoft is working on a solution to allow specific applications to conduct MSI repairs without triggering UAC prompts and recommends running applications with administrative privileges as a temporary workaround. Additionally, Microsoft is addressing lag and stuttering issues with NDI streaming software on Windows 10 and 11, and clarified that there is no connection between the August 2025 update and reported SSD and HDD issues.

Winsage

September 5, 2025

Windows asks for admin rights where it shouldn’t after patch

Microsoft's August 2025 Windows Security Update aimed to fix a critical vulnerability (CVE-2025-50173) related to the Windows Installer, which allowed for privilege escalation. The update enforced User Account Control (UAC) prompts for administrator credentials during MSI repair operations, causing disruptions for standard users and leading to issues such as Error 1730 during the installation of Office Professional Plus 2010. This problem affects nearly all supported editions of Windows, including Windows Server 2012 and 2012 R2. Microsoft suggested running applications with administrative privileges as a workaround and recommended configuring the Known Issue Rollback (KIR) group policy, applicable only to specific Windows versions. Future updates are planned to allow certain applications to perform MSI repairs without UAC prompts.

Winsage

September 4, 2025

Microsoft Confirms UAC Bug Breaks App Install On Windows 11 And 10 Versions

Microsoft has acknowledged an issue related to its security update KB5063878, released on August 12, 2025, which has caused application installation and repair failures on various versions of Windows 10, Windows 11, and Windows Server. This issue results in User Account Control (UAC) prompts for standard users performing routine application tasks due to enforced administrator-level permissions for Windows Installer (MSI) repair functions. Users encounter “Error 1730” indicating insufficient access rights, affecting actions such as executing MSI repair commands, launching applications requiring self-repair, installing per-user applications, and deploying software packages through Microsoft Configuration Manager. The problem significantly impacts multi-user devices in corporate and educational settings. Microsoft has provided temporary workarounds and is developing a long-term solution to allow administrators to specify applications that can perform MSI repairs without triggering UAC prompts. The affected operating systems include various versions of Windows 10 and 11, as well as Windows Server editions from 2012 to 2025.

Winsage

September 4, 2025

Microsoft fixes bug in Windows Server 2025 that disrupted installer

Microsoft acknowledged a significant issue with security update KB5063878, affecting applications using Windows Installer (MSI) for repairs, which triggered unexpected User Account Control prompts for non-administrator users. Notable impacted applications include Autodesk AutoCAD and older versions of Microsoft Office, such as Office Professional Plus 2010. This issue arose after the update was deployed on August 12, 2025, in the Windows Server 2025 environment. A resolution was implemented on September 3, 2025, mitigating the problem for most organizations. Additionally, an issue related to installations via Windows Server Update Services, which resulted in error code 0x80240069, has also been resolved.