update services Archives

Winsage

April 18, 2026

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has officially resolved the incident involving the unexpected upgrade to Windows Server 2025, which occurred over a year ago and caused significant disruption for system administrators. The upgrade was automatic, with no rollback option, and was attributed to third-party products managing updates. Additionally, Microsoft's cumulative update KB5082063 has introduced new issues, causing LSASS crashes on non-Global Catalog domain controllers in environments using Privileged Access Management, leading to repeated restarts and potential inaccessibility of domains. Microsoft has acknowledged this problem and promised a resolution soon.

Winsage

April 16, 2026

Microsoft Overhauls Windows Update for First Time in 15 Years Starting April

Microsoft is transforming its Windows Update system, starting in April, marking the most significant overhaul in over 15 years. The new system will centralize the management of operating system patches, drivers, and application updates, aiming to enhance user experience by simplifying the update process and improving reliability. Users will experience fewer interruptions, as updates will be consolidated into a single restart cycle, and updates will be scheduled during idle times to minimize disruptions. The update system will also expand support for driver and hardware updates. This transformation aligns with Microsoft's long-term vision for AI-enhanced PCs and cloud-integrated systems, enabling scalable updates for AI features and improving compliance for enterprise users. The rollout will begin gradually in April to mitigate risks associated with compatibility and execution.

Winsage

April 7, 2026

How to prevent updates on Windows 10 desktops

Organizations may pause or block Windows updates to maintain system stability and compatibility, particularly to avoid disruptions with legacy applications or customized environments, manage bandwidth consumption, and protect fortified Windows configurations. IT departments can disable updates using several methods: 1. Centralized patch management tools like WSUS or Microsoft Intune allow control over update deployment. 2. Configuring Group Policy settings can notify users of available updates without automatic installation. 3. Disabling the Windows Update service halts all future updates until re-enabled. 4. Setting a connection as metered can reduce automatic updates, though some critical updates may still download. In Windows 11, similar strategies apply, but organizations must consider the risks of blocking updates due to the end of regular security updates for Windows 10 and align their strategies with Microsoft's evolving update delivery methods.

Winsage

November 30, 2025

Microsoft warns Windows 11 users: If you can’t find password login option, it’s because… – The Times of India

Windows 11 users are experiencing a glitch where the password sign-in icon is missing from the lock screen after installing the non-security preview update KB5064081. This issue affects users with the August 2025 update or later on Windows 11 24H2 and 25H2 systems. Microsoft confirmed that the password functionality is still available by hovering over the area where the icon should be, allowing users to access the password text box. Microsoft has not provided a permanent fix yet. Additionally, other problems linked to recent updates include DRM-protected videos freezing and unexpected User Account Control prompts for non-admin users. Microsoft also addressed failures in security updates delivered through WSUS, which affected reset and recovery features in Windows 10 and Windows 10 Enterprise.

Winsage

November 29, 2025

Microsoft: Windows updates make password login option invisible

Microsoft has warned Windows 11 users about an issue where the password sign-in option may not appear on the lock screen after updates since August 2025, although the functionality is still available. This issue affects users who installed the KB5064081 non-security preview update or later on Windows 11 24H2 and 25H2 systems. Users can still log in by hovering over the area where the password icon should be, which reveals the button to access the password text box. Microsoft is working on a fix but has not provided a timeline. Additionally, Microsoft addressed other issues related to the KB5064081 update, including playback interruptions in DRM-protected video applications and installation problems for non-admin users. Earlier, Microsoft also released emergency updates to fix issues with security updates failing and problems with Windows reset and recovery features.

Winsage

November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.

Winsage

November 2, 2025

Windows 11 update names got simpler, drops YYYY-MM. Now, IT admins are going mad

Microsoft has introduced a new naming convention for Windows Update titles, moving away from the YYYY-MM format and the term cumulative. The October 2025 optional update is now labeled as “Security Update (KB5034123) (26100.4747)” instead of the previous detailed titles that included the release date and specific Windows version. This change has raised concerns among IT professionals and users, as it complicates the identification of updates and may lead to confusion between different types of updates. IT administrators have expressed frustration over the lack of critical information in the new titles, which they believe hinders troubleshooting and update management. Microsoft has acknowledged the feedback but remains committed to the new naming scheme, while updates accessed through the Microsoft Update Catalog or WSUS will retain their original naming structure.

Winsage

October 31, 2025

Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data

Counter Threat Unit™ (CTU) researchers are investigating a remote code execution vulnerability, CVE-2025-59287, in Microsoft’s Windows Server Update Service (WSUS). Microsoft released patches for affected Windows Server versions on October 14, 2025, and issued an out-of-band security update on October 23 after the emergence of proof-of-concept code. On October 24, Sophos detected exploitation of this vulnerability targeting internet-facing WSUS servers across various industries. The first recorded activity occurred at 02:53 UTC, where a threat actor executed a Base64-encoded PowerShell script to collect and exfiltrate sensitive information to Webhook.site. The script gathered data such as external IP addresses, Active Directory domain users, and network configurations, attempting to send this information via HTTP POST requests. By 11:32 UTC, the maximum limit of 100 requests was reached. Affected entities included universities and organizations in technology, manufacturing, and healthcare sectors, primarily in the United States. Censys scan data confirmed that the exploited servers had default WSUS ports 8530 and 8531 exposed publicly. CTU recommends organizations review vendor advisories, apply patches, identify exposed WSUS server interfaces, and examine logs for malicious activity. Sophos has implemented specific protections to detect related activities.

Winsage

October 30, 2025

Microsoft issues security update addressing critical vulnerability impacting Windows server services

Microsoft has released a security update to address a remote code execution vulnerability in various versions of Windows Server Update Services (WSUS). The Cybersecurity and Infrastructure Security Agency (CISA) has advised organizations to follow Microsoft's guidance to mitigate risks from potential cyberthreats. Scott Gee from the American Hospital Association highlighted the seriousness of the vulnerability, stating it allows attackers to gain complete control over a victim's system.

Winsage

October 30, 2025

Windows 11 is gaining a simplified naming scheme for updates going forward

Microsoft has introduced a new naming convention for Windows updates in Windows 11 to improve clarity for users. Each update type will be labeled during download and installation, such as "Security Update" for monthly security patches and "Driver Update" for driver enhancements. The new scheme includes relevant identifiers like KB number and version, omitting unnecessary technical details. This change applies to Windows OS quality updates, .NET Framework updates, driver updates, AI component updates, and Visual Studio updates. The new naming scheme will be visible in Windows Update and the Windows Update history page, but not in the Microsoft Update Catalog or Windows Server Update Services. Users cannot disable this server-side change.