Server 2025 Archives

Winsage

April 2, 2025

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has made hotpatch updates available for business customers using Windows 11 Enterprise 24H2 on x64 systems, allowing seamless installation of security updates without device reboots. Hotpatching modifies in-memory code of active processes to deploy updates without interrupting user activities. Devices under a hotpatch-enabled quality update policy will receive updates quarterly, with no restarts required for eight months of the year. A Microsoft subscription is necessary to activate hotpatching, and devices must meet specific prerequisites, including an x64 CPU and enabled Virtualization-based Security. Hotpatch updates can be managed through Microsoft Intune, and devices on Windows 10 and versions 23H2 and lower will continue to receive standard updates. Microsoft initially introduced hotpatch support for Windows Server Azure Edition in February 2022 and has expanded testing to include Windows 11 24H2.

Winsage

March 28, 2025

Windows 11 roadmap? Great for next week but not next year

Microsoft has released a roadmap for Windows 11 that outlines enhancements and features through April 2025, aiming to improve transparency in its development processes. The roadmap highlights the need for clarity on upcoming releases to help IT professionals manage changes, though the timeline for new features raises concerns due to their proximity to release dates. The Improved Voice Access feature is scheduled for a non-security update in April 2025. The Copilot+ PC platform, which will host these features, has not gained significant market traction, potentially leaving administrators unprepared for implementation. Several features, such as Click to Do and Recall, have remained in preview since November 2024 without clear timelines for general availability. The roadmap appears to focus more on consumer-oriented features, with IT professionals seeking clarity on enterprise-critical functionalities and issues like disruptions to printing capabilities. Microsoft has indicated that the roadmap's initial focus is on client devices, with future announcements anticipated, including a potential "Windows Server 2025 surprise installation" and the removal of the Windows 10 upgrade block around October 2025.

Winsage

March 28, 2025

Windows Server 2025 freezing after February patch

Microsoft has issued a cautionary note about a problematic patch released in February 2025 that affects Remote Desktop sessions on Windows Server 2025. Users may experience freezing issues shortly after connecting, particularly after installing the February 2025 Security update (KB5051987) and subsequent updates. The advisory states that after installing this update, Remote Desktop sessions may freeze, causing mouse and keyboard inputs to become unresponsive. Microsoft has not provided a timeline for a resolution. Additionally, a similar issue was reported with Windows 11 version 24H2, where UDP-based Remote Desktop sessions would disconnect after 65 seconds when connecting to Windows Server 2016 or earlier. This issue was resolved with updates released on March 27, 2025 (KB5053656) and later. For enterprise-managed devices with the March 27 update or later, no Known Issue Rollback (KIR) or special Group Policy is needed to fix the disconnection issue. Microsoft has no further comments regarding the situation with Windows Server 2025 at this time.

Winsage

March 28, 2025

Microsoft fixes Remote Desktop issues caused by Windows updates

Microsoft has addressed an issue affecting Remote Desktop Protocol (RDP) and Remote Desktop Services (RDS) connections for users connecting from Windows 11 24H2 to RDS hosts on earlier versions of Windows Server 2016, which arose after installing Windows updates since January 2025. Users reported disconnections after 65 seconds when establishing UDP connections. Affected users were advised to install the KB5053656 preview update to resolve the issue, which will be generally available with next month's cumulative updates. Additionally, Microsoft is working on fixing another issue causing Remote Desktop freezes on Windows Server 2025 and is investigating connection errors related to data restoration on Windows 11 24H2 systems. A bug causing USB printers to print random text has also been resolved.

Winsage

March 28, 2025

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.

Winsage

March 27, 2025

Windows Server 2025 updates cause problems

Microsoft has acknowledged a known issue affecting Remote Desktop sessions on Windows Server 2025 systems after the installation of the February 2025 security update (KB5051987), where mouse and keyboard inputs become unresponsive, requiring users to disconnect and reconnect to regain control. A fix is forthcoming in a future Windows update. Additionally, Microsoft has implemented a Known Issue Rollback (KIR) to resolve Remote Desktop and RDS connection challenges related to Windows 11 24H2 updates, which may cause RDP disconnections lasting up to 65 seconds on affected devices. A comprehensive solution for these issues is expected in next month’s cumulative updates.

Winsage

March 27, 2025

Recent Windows Server 2025 updates cause Remote Desktop freezes

Microsoft has acknowledged a significant issue affecting Remote Desktop functionality on Windows Server 2025 systems, which arose after the installation of security updates released since February 2025. Users may experience freezes in Remote Desktop sessions shortly after connecting, with unresponsive mouse and keyboard inputs requiring a disconnect and reconnect to regain functionality. This issue also affects Windows 11 24H2 systems, but Microsoft addressed it for Windows 11 users with an optional update (KB5052093) released on February 25. A fix for Windows Server 2025 devices is planned for an upcoming update. Additionally, Microsoft has implemented Known Issue Rollback (KIR) to reverse problematic non-security updates related to Remote Desktop and Remote Desktop Services (RDS) connection issues from Windows 11 24H2 updates since January 2025. Users may experience Remote Desktop Protocol (RDP) disconnections lasting up to 65 seconds when connecting from Windows 11 24H2 devices to RDS hosts on Windows Server 2016 systems. A permanent fix for RDP disconnection issues is planned for next month's cumulative updates. Microsoft is also investigating connection errors on Windows 11 24H2 systems related to restoring data from SMB network shares or Backup & Replication servers.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affecting various Windows operating systems, including Windows 7, Server 2008 R2, Windows 11 v24H2, and Server 2025, allows attackers to capture NTLM authentication credentials through interactions with malicious files in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been fully documented. Security researchers have developed micropatches available for free until Microsoft releases a permanent fix. These micropatches support a wide range of Windows versions, including legacy and currently supported systems. The micropatches have been automatically distributed to affected systems with the 0patch Agent installed.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affects all Windows operating systems from Windows 7 to Windows 11 v24H2 and Server 2025, allowing attackers to capture NTLM authentication credentials through malicious files viewed in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view previously downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been publicly documented. Security researchers have developed micropatches through 0patch to temporarily mitigate the issue, which will be available at no cost until Microsoft releases a permanent solution. The micropatches support various Windows versions, including legacy and currently supported systems, and can be automatically deployed without requiring system reboots.

Winsage

March 26, 2025

Windows Passwords At Risk As New 0-Day Confirmed—Act Now

Windows users are facing multiple zero-day vulnerabilities affecting various operating system versions, including Windows 7, Server 2008 R2, and Windows 11 v24H2, with no official patch available from Microsoft. A new vulnerability allows attackers to obtain NTLM credentials by having a user view a malicious file in Windows Explorer. This vulnerability is distinct from a previously reported incident and remains undisclosed until Microsoft issues a patch. NTLM vulnerabilities can enable credential theft, and while not classified as critical, they have been exploited in real-world attacks. Users may need to wait for the next Patch Tuesday for an official fix, but can utilize a micro-patch solution from ACROS Security's 0patch to address the vulnerability temporarily.