update services Archives

Winsage

November 30, 2025

Microsoft warns Windows 11 users: If you can’t find password login option, it’s because… – The Times of India

Windows 11 users are experiencing a glitch where the password sign-in icon is missing from the lock screen after installing the non-security preview update KB5064081. This issue affects users with the August 2025 update or later on Windows 11 24H2 and 25H2 systems. Microsoft confirmed that the password functionality is still available by hovering over the area where the icon should be, allowing users to access the password text box. Microsoft has not provided a permanent fix yet. Additionally, other problems linked to recent updates include DRM-protected videos freezing and unexpected User Account Control prompts for non-admin users. Microsoft also addressed failures in security updates delivered through WSUS, which affected reset and recovery features in Windows 10 and Windows 10 Enterprise.

Winsage

November 29, 2025

Microsoft: Windows updates make password login option invisible

Microsoft has warned Windows 11 users about an issue where the password sign-in option may not appear on the lock screen after updates since August 2025, although the functionality is still available. This issue affects users who installed the KB5064081 non-security preview update or later on Windows 11 24H2 and 25H2 systems. Users can still log in by hovering over the area where the password icon should be, which reveals the button to access the password text box. Microsoft is working on a fix but has not provided a timeline. Additionally, Microsoft addressed other issues related to the KB5064081 update, including playback interruptions in DRM-protected video applications and installation problems for non-admin users. Earlier, Microsoft also released emergency updates to fix issues with security updates failing and problems with Windows reset and recovery features.

Winsage

November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.

Winsage

November 2, 2025

Windows 11 update names got simpler, drops YYYY-MM. Now, IT admins are going mad

Microsoft has introduced a new naming convention for Windows Update titles, moving away from the YYYY-MM format and the term cumulative. The October 2025 optional update is now labeled as “Security Update (KB5034123) (26100.4747)” instead of the previous detailed titles that included the release date and specific Windows version. This change has raised concerns among IT professionals and users, as it complicates the identification of updates and may lead to confusion between different types of updates. IT administrators have expressed frustration over the lack of critical information in the new titles, which they believe hinders troubleshooting and update management. Microsoft has acknowledged the feedback but remains committed to the new naming scheme, while updates accessed through the Microsoft Update Catalog or WSUS will retain their original naming structure.

Winsage

October 31, 2025

Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data

Counter Threat Unit™ (CTU) researchers are investigating a remote code execution vulnerability, CVE-2025-59287, in Microsoft’s Windows Server Update Service (WSUS). Microsoft released patches for affected Windows Server versions on October 14, 2025, and issued an out-of-band security update on October 23 after the emergence of proof-of-concept code. On October 24, Sophos detected exploitation of this vulnerability targeting internet-facing WSUS servers across various industries. The first recorded activity occurred at 02:53 UTC, where a threat actor executed a Base64-encoded PowerShell script to collect and exfiltrate sensitive information to Webhook.site. The script gathered data such as external IP addresses, Active Directory domain users, and network configurations, attempting to send this information via HTTP POST requests. By 11:32 UTC, the maximum limit of 100 requests was reached. Affected entities included universities and organizations in technology, manufacturing, and healthcare sectors, primarily in the United States. Censys scan data confirmed that the exploited servers had default WSUS ports 8530 and 8531 exposed publicly. CTU recommends organizations review vendor advisories, apply patches, identify exposed WSUS server interfaces, and examine logs for malicious activity. Sophos has implemented specific protections to detect related activities.

Winsage

October 30, 2025

Microsoft issues security update addressing critical vulnerability impacting Windows server services

Microsoft has released a security update to address a remote code execution vulnerability in various versions of Windows Server Update Services (WSUS). The Cybersecurity and Infrastructure Security Agency (CISA) has advised organizations to follow Microsoft's guidance to mitigate risks from potential cyberthreats. Scott Gee from the American Hospital Association highlighted the seriousness of the vulnerability, stating it allows attackers to gain complete control over a victim's system.

Winsage

October 30, 2025

Windows 11 is gaining a simplified naming scheme for updates going forward

Microsoft has introduced a new naming convention for Windows updates in Windows 11 to improve clarity for users. Each update type will be labeled during download and installation, such as "Security Update" for monthly security patches and "Driver Update" for driver enhancements. The new scheme includes relevant identifiers like KB number and version, omitting unnecessary technical details. This change applies to Windows OS quality updates, .NET Framework updates, driver updates, AI component updates, and Visual Studio updates. The new naming scheme will be visible in Windows Update and the Windows Update history page, but not in the Microsoft Update Catalog or Windows Server Update Services. Users cannot disable this server-side change.

Winsage

October 29, 2025

Microsoft fixes 0x800F081F errors causing Windows update failures

Microsoft has resolved an issue affecting Windows 11 24H2 systems that resulted in update failures with error code 0x800F081F, linked to missing language packs and feature payloads after the KB5050094 January 2025 preview cumulative update. The problem was acknowledged on October 15, and a fix was provided through the KB5067036 October 2025 preview update. For IT administrators unable to install the latest updates, a temporary workaround involves performing an In-Place Upgrade using Windows installation media or through Windows Settings. Additionally, since the start of the year, Microsoft has addressed several other update-related challenges, including issues with installing security updates via WSUS and failures when using the Windows Update Standalone Installer.

Winsage

October 29, 2025

Warnings Mount Over Windows Server Update Services Hacks

Concerns have increased regarding a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287, which allows unauthenticated attackers to execute arbitrary code. This vulnerability arises from a legacy serialization mechanism within WSUS, which is no longer actively developed. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, indicating its urgency. Cybersecurity firms have reported active exploitation attempts, with thousands of WSUS instances exposed to the internet. Attacks are primarily reconnaissance activities that could lead to broader network compromises. If an attacker compromises a single server, they could control the entire patch distribution system, enabling internal supply chain attacks and distributing malware disguised as legitimate Microsoft updates. Alerts have been issued by the Canadian Center for Cybersecurity and the Australian Cyber Security Centre regarding this global threat. Microsoft's initial patch on October 15 failed to fully resolve the issue, allowing attackers to exploit the vulnerability quickly. Attack vectors include exploiting the deserialization of AuthorizationCookie objects and unsafe deserialization via the ReportingWebService. The vulnerability is particularly concerning because WSUS is often neglected and should not be exposed to the internet.

Winsage

October 28, 2025

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild

On October 14, 2025, a critical remote code execution (RCE) vulnerability, CVE-2025-59287, was discovered in Microsoft's Windows Server Update Services (WSUS). The vulnerability allows remote, unauthenticated attackers to execute arbitrary code with system privileges on affected servers. It was initially addressed on October 14, but the patch was insufficient, leading to an urgent out-of-band update on October 23. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities Catalog on October 24, indicating its immediate threat. The vulnerability affects Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, specifically on servers with the WSUS role enabled. Attackers are exploiting the vulnerability by targeting publicly exposed WSUS instances on TCP ports 8530 (HTTP) and 8531 (HTTPS). Approximately 5,500 WSUS instances have been identified as exposed to the internet. Microsoft recommends disabling the WSUS Server Role or blocking inbound traffic to the high-risk ports as temporary workarounds for organizations unable to apply the emergency patches immediately.