Windows Server Update Services Archives

Winsage

May 25, 2026

How I Changed the SID on My Windows Server Without Reinstalling (And Why You Should Care)

Cloning a Windows Server machine can lead to issues with duplicate Security Identifiers (SIDs). A Security Identifier (SID) is a unique string assigned to every machine, user, and group in Windows, functioning like a fingerprint. Duplicate SIDs can cause problems such as domain join failures, incorrect WSUS reporting, inconsistent Group Policy application, and licensing issues. The author initially attempted to use sysprep to change the SID after cloning, which resulted in stripping the domain join and causing SQL Server to fail. The author then discovered Wittytool Disk Clone, which includes a SID changer that successfully generated a new SID and updated all necessary references without disrupting the server's configuration or applications. The process took only six minutes and worked similarly on Windows Server 2019. It is more efficient to generate a new SID during the cloning process rather than afterward. Important precautions include taking a snapshot or backup before making changes and being aware that changing the SID on domain controllers is more complex. Reactivation of Windows may also be required after the SID change.

Winsage

May 19, 2026

Microsoft confirms patching issues in restricted Windows networks

Microsoft has issued a service alert indicating that customers in restricted network environments may encounter Windows Update failures, specifically error code 0x80010002, after installing the January 2026 optional non-security preview updates. Affected devices might download the February monthly Windows security update but could struggle with updates released in March and beyond due to changes in download timeout requirements. Microsoft is working on a resolution, and IT administrators can use Known Issue Rollback (KIR) as a workaround by configuring the appropriate Group Policy for their Windows version. A device restart is required to apply these settings. Historical issues include a bug fixed in April 2025 affecting WSUS installations and another issue resolved in August 2025 related to the Windows 11 24H2 cumulative update. Additionally, a KIR fix was provided for a known issue causing the May 2026 Windows 11 security update to fail with error code 0x800f0922.

Winsage

April 7, 2026

How to prevent updates on Windows 10 desktops

Organizations may pause or block Windows updates to maintain system stability and compatibility, particularly to avoid disruptions with legacy applications or customized environments, manage bandwidth consumption, and protect fortified Windows configurations. IT departments can disable updates using several methods: 1. Centralized patch management tools like WSUS or Microsoft Intune allow control over update deployment. 2. Configuring Group Policy settings can notify users of available updates without automatic installation. 3. Disabling the Windows Update service halts all future updates until re-enabled. 4. Setting a connection as metered can reduce automatic updates, though some critical updates may still download. In Windows 11, similar strategies apply, but organizations must consider the risks of blocking updates due to the end of regular security updates for Windows 10 and align their strategies with Microsoft's evolving update delivery methods.

Winsage

November 30, 2025

Microsoft warns Windows 11 users: If you can’t find password login option, it’s because… – The Times of India

Windows 11 users are experiencing a glitch where the password sign-in icon is missing from the lock screen after installing the non-security preview update KB5064081. This issue affects users with the August 2025 update or later on Windows 11 24H2 and 25H2 systems. Microsoft confirmed that the password functionality is still available by hovering over the area where the icon should be, allowing users to access the password text box. Microsoft has not provided a permanent fix yet. Additionally, other problems linked to recent updates include DRM-protected videos freezing and unexpected User Account Control prompts for non-admin users. Microsoft also addressed failures in security updates delivered through WSUS, which affected reset and recovery features in Windows 10 and Windows 10 Enterprise.

Winsage

November 29, 2025

Microsoft: Windows updates make password login option invisible

Microsoft has warned Windows 11 users about an issue where the password sign-in option may not appear on the lock screen after updates since August 2025, although the functionality is still available. This issue affects users who installed the KB5064081 non-security preview update or later on Windows 11 24H2 and 25H2 systems. Users can still log in by hovering over the area where the password icon should be, which reveals the button to access the password text box. Microsoft is working on a fix but has not provided a timeline. Additionally, Microsoft addressed other issues related to the KB5064081 update, including playback interruptions in DRM-protected video applications and installation problems for non-admin users. Earlier, Microsoft also released emergency updates to fix issues with security updates failing and problems with Windows reset and recovery features.

Winsage

November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.

Winsage

November 2, 2025

Windows 11 update names got simpler, drops YYYY-MM. Now, IT admins are going mad

Microsoft has introduced a new naming convention for Windows Update titles, moving away from the YYYY-MM format and the term cumulative. The October 2025 optional update is now labeled as “Security Update (KB5034123) (26100.4747)” instead of the previous detailed titles that included the release date and specific Windows version. This change has raised concerns among IT professionals and users, as it complicates the identification of updates and may lead to confusion between different types of updates. IT administrators have expressed frustration over the lack of critical information in the new titles, which they believe hinders troubleshooting and update management. Microsoft has acknowledged the feedback but remains committed to the new naming scheme, while updates accessed through the Microsoft Update Catalog or WSUS will retain their original naming structure.

Winsage

October 31, 2025

Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data

Counter Threat Unit™ (CTU) researchers are investigating a remote code execution vulnerability, CVE-2025-59287, in Microsoft’s Windows Server Update Service (WSUS). Microsoft released patches for affected Windows Server versions on October 14, 2025, and issued an out-of-band security update on October 23 after the emergence of proof-of-concept code. On October 24, Sophos detected exploitation of this vulnerability targeting internet-facing WSUS servers across various industries. The first recorded activity occurred at 02:53 UTC, where a threat actor executed a Base64-encoded PowerShell script to collect and exfiltrate sensitive information to Webhook.site. The script gathered data such as external IP addresses, Active Directory domain users, and network configurations, attempting to send this information via HTTP POST requests. By 11:32 UTC, the maximum limit of 100 requests was reached. Affected entities included universities and organizations in technology, manufacturing, and healthcare sectors, primarily in the United States. Censys scan data confirmed that the exploited servers had default WSUS ports 8530 and 8531 exposed publicly. CTU recommends organizations review vendor advisories, apply patches, identify exposed WSUS server interfaces, and examine logs for malicious activity. Sophos has implemented specific protections to detect related activities.

Winsage

October 30, 2025

Microsoft issues security update addressing critical vulnerability impacting Windows server services

Microsoft has released a security update to address a remote code execution vulnerability in various versions of Windows Server Update Services (WSUS). The Cybersecurity and Infrastructure Security Agency (CISA) has advised organizations to follow Microsoft's guidance to mitigate risks from potential cyberthreats. Scott Gee from the American Hospital Association highlighted the seriousness of the vulnerability, stating it allows attackers to gain complete control over a victim's system.

Winsage

October 30, 2025

Windows 11 is gaining a simplified naming scheme for updates going forward

Microsoft has introduced a new naming convention for Windows updates in Windows 11 to improve clarity for users. Each update type will be labeled during download and installation, such as "Security Update" for monthly security patches and "Driver Update" for driver enhancements. The new scheme includes relevant identifiers like KB number and version, omitting unnecessary technical details. This change applies to Windows OS quality updates, .NET Framework updates, driver updates, AI component updates, and Visual Studio updates. The new naming scheme will be visible in Windows Update and the Windows Update history page, but not in the Microsoft Update Catalog or Windows Server Update Services. Users cannot disable this server-side change.