Server 2025 Archives

Winsage

June 16, 2025

Windows Server update may disrupt IP refreshes

Microsoft has acknowledged that the June security update has caused complications for users of Windows Server systems, specifically affecting the Dynamic Host Configuration Protocol (DHCP) service, which is failing and leading to improper functioning of IP refreshes. The issue impacts multiple versions of Windows Server, including 2016 (KB5061010), 2019 (KB5060531), 2022 (KB5060526), and 2025 (KB5060842). Users have reported that the DHCP service may stop responding after installing the update, with one administrator noting their 2016 server crashed shortly after the update was applied. Microsoft is working on a solution and advises affected users to uninstall the update to restore functionality. The company has a history of DHCP-related issues dating back over a decade and has faced other problems with Windows Server updates in the past year, including issues with keyboard and mouse inputs and authentication challenges.

Winsage

June 16, 2025

Microsoft: June Windows Server security updates cause DHCP issues

Microsoft has identified an issue with the June 2025 security updates that causes the Dynamic Host Configuration Protocol (DHCP) service to freeze on certain Windows Server systems. This affects the service's ability to apply renewals of unicast IP addresses, impacting network operations. Microsoft has acknowledged that the DHCP Server service may intermittently stop responding after the update and is working on a resolution. Additionally, other issues affecting Windows Server systems have been addressed, including application failures and authentication problems on domain controllers. Out-of-band updates were previously issued to fix bugs causing Hyper-V virtual machines to restart or freeze, and emergency updates were released for issues with Windows containers on certain Windows Server versions.

Winsage

June 12, 2025

Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges

A critical security vulnerability, designated as CVE-2025-33067, has been identified in the Windows Task Scheduler, allowing attackers to escalate privileges to SYSTEM level access without prior administrative rights. This vulnerability is rated as "Important" with a CVSS score of 8.4 and is due to improper privilege management within the Windows Kernel’s task scheduling component. It affects multiple Windows versions, including Windows 10 (Versions 1607, 1809, 21H2, 22H2), Windows 11 (22H2, 23H2, 24H2), and Windows Server 2016-2025. Microsoft released security updates on June 10, 2025, to address this flaw across 27 different Windows configurations. The vulnerability requires local system access, no prior privileges, and no user interaction, making it particularly dangerous. Security researcher Alexander Pudwill discovered and disclosed the vulnerability.

Winsage

June 12, 2025

Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity

Microsoft released updates in June 2025 to address critical issues affecting Windows Server 2025 domain controllers, specifically authentication failures and network connectivity problems. The updates, encapsulated in KB5060842, resolved issues stemming from security update KB5055523, which altered certificate validation methods for Kerberos authentication. This change led to logging errors for self-signed certificates and affected Windows Hello for Business Key Trust deployments. Additionally, a separate issue prevented domain controllers from managing network traffic correctly after restarts, causing them to revert to standard firewall profiles. Microsoft provided a temporary workaround for administrators to manually restart network adapters until a permanent fix was implemented. The June updates addressed a total of 66 vulnerabilities, including 10 rated as Critical, and recommended immediate installation. Microsoft advised against setting the AllowNtAuthPolicyBypass registry key to ‘2’ for domain controllers using self-signed certificates until the latest updates were applied.

Winsage

June 12, 2025

Microsoft Patched Windows Server 2025 Restart Bug that Disconnects AD Domain Controller

Microsoft has released a patch, KB5060842, on June 10, 2025, to address a vulnerability in Windows Server 2025 that affected Active Directory Domain Controllers' ability to manage network traffic after system restarts. This issue stemmed from the improper initialization of domain firewall profiles during startup, leading to service interruptions and authentication failures. The patch corrects the initialization sequence of these profiles, ensuring proper network traffic management post-restart. Organizations using Windows Server 2025 are advised to implement this update to maintain the reliability of their Active Directory services.

Winsage

June 11, 2025

Microsoft fixes unreachable Windows Server domain controllers

Microsoft addressed a significant issue with Windows Server 2025 domain controllers that made some servers unreachable after a restart, affecting applications and services reliant on them. The problem was due to servers loading the standard firewall profile instead of the intended domain firewall profile after a reboot, leading to improper network traffic management. This misconfiguration caused accessibility challenges for services and applications on affected servers. Microsoft released the KB5060842 security update to resolve this issue during the June 2025 Patch Tuesday. A temporary workaround involves manually restarting the network adapter on affected servers using the Restart-NetAdapter * PowerShell command, which must be done after each reboot until the update is installed. Additionally, Microsoft fixed another issue preventing some users from logging into accounts via Windows Hello after the installation of the KB5055523 April 2025 security update.

Winsage

June 11, 2025

Microsoft fixes Windows Server auth issues caused by April updates

Microsoft has resolved an authentication issue that arose after the April 2025 security updates on Windows Server domain controllers, primarily affecting Windows Server 2016, 2019, 2022, and 2025. The problem, acknowledged in early May, involved difficulties with Kerberos logons or delegations reliant on certificate-based credentials due to the April monthly security update (KB5055523). This issue could lead to authentication failures in environments using Windows Hello for Business Key Trust or Device Public Key Authentication, impacting various software solutions. Microsoft released cumulative updates to fix these issues and recommended installing the latest security updates. For those still facing problems, a temporary registry adjustment was advised. The authentication issues were linked to security enhancements addressing a high-severity vulnerability (CVE-2025-26647) that could allow privilege escalation through an input validation flaw in Windows Kerberos. Microsoft had previously addressed related authentication issues in April and issued emergency updates in November 2022 for Kerberos sign-in failures affecting Windows domain controllers.

Winsage

May 30, 2025

Microsoft May Patch Tuesday fails on some Windows 11 VMs

Microsoft's recent Patch Tuesday update for Windows 11 has faced significant issues, particularly affecting users on versions 22H2 and 23H2. The installation of the May 13 update is failing on some machines, especially in virtual environments, leading to recovery mode entries and boot errors. Users are advised to avoid the update temporarily. The error message indicates a problem with the ACPI.sys file, which is crucial for managing hardware resources. Windows 11 Home and Pro users are likely unaffected, as virtual machines are typically used in enterprise settings. Microsoft has not provided the number of impacted users or a workaround beyond uninstalling the patches, but engineers are working on a resolution. This incident follows previous patching challenges faced by Microsoft this year, including an emergency update for Windows 10 and issues with Remote Desktop sessions in earlier updates.

Winsage

May 29, 2025

Securing Windows Endpoints in 2025 Enterprise Environments

In 2025, 61% of organizations worldwide have adopted Zero Trust initiatives, up from 24% in 2021. Microsoft's Zero Trust framework centralizes security policy enforcement through the cloud, with integrated solutions like Microsoft Defender for Endpoint. AI is now a critical component of endpoint security, enabling systems to detect irregularities and autonomously isolate compromised devices. Microsoft introduced Quick Machine Recovery (QMR) to allow IT administrators to fix unbootable PCs remotely. Windows Server 2025 features enhanced security measures, including advanced algorithms and a customized security baseline with over 350 preconfigured settings. Additionally, 75% of organizations are consolidating security vendors, favoring comprehensive platforms like SentinelOne Singularity and Microsoft Defender XDR. Windows Defender Application Control (WDAC) has been enhanced to better regulate application usage, with Microsoft promoting its adoption over AppLocker.

Winsage

May 26, 2025

Windows 11 gets quantum-hardened cryptography technology

Microsoft has integrated post-quantum cryptography (PQC) into Windows 11, starting with the Canary build 27852, to protect against quantum computer threats. The upgrade to SymCrypt, Microsoft's cryptographic library, now supports two PQC algorithms: ML-KEM and ML-DSA. This enhancement aims to improve security, performance, and compatibility across platforms. PQC is also being adopted in industry standards such as TLS, SSH, and IPSec. SymCrypt underpins various Microsoft services and operating systems, including Microsoft 365, Azure, and Windows 11. Microsoft is preparing its ecosystem for future quantum attacks, with PQC currently trialed in Windows 11 and expected to reach Linux soon. There are no specific timelines for updates to BitLocker. Recent research demonstrated a D-Wave quantum computer's ability to crack military-grade encryption, highlighting the increasing threat of quantum computing to classical cryptography.