WSUS Archives

Winsage

June 2, 2025

Microsoft ships emergency patch to fix Windows 11 installation issues

Microsoft has addressed a significant issue affecting certain Windows 11 systems after the installation of the KB5058405 security update from May 2025. Users reported encountering 0xc0000098 recovery errors linked to ACPI.sys, indicating that the operating system could not be loaded. This problem primarily affects Windows 11 versions 22H2 and 23H2 in enterprise settings, particularly among Azure Virtual Machines, Azure Virtual Desktop, and on-premises virtual machines hosted on platforms like Citrix or Hyper-V. Microsoft has released the KB5062170 non-security out-of-band update to resolve the installation and boot problems, which can be manually installed from the Microsoft Update Catalog. For Azure customers facing difficulties after implementing the May 2025 update, Microsoft recommends using Azure Virtual Machine repair commands as a temporary workaround. Users of Windows Home or Pro editions in home environments are unlikely to encounter these issues.

Winsage

May 29, 2025

Microsoft: Windows 11 might fail to start after installing KB5058405

Microsoft has acknowledged that some Windows 11 systems may experience startup failures after installing the KB5058405 cumulative update, resulting in a 0xc0000098 recovery error related to ACPI.sys. This issue affects Windows 11 versions 22H2 and 23H2, particularly in enterprise settings like Azure Virtual Machines and on-premises virtual machines. Home users are less likely to encounter these problems. Microsoft is investigating the issue and will provide updates.

Winsage

May 28, 2025

Microsoft surprises with emergency patch KB5061977 for Windows 11 24H2

On May 27, Microsoft released an out-of-band update, KB5061977, for Windows 11 version 24H2, elevating the operating system build to 26100.4066. This emergency patch addresses a security vulnerability currently being exploited, likely related to remote code execution or privilege escalation. The update is available through Windows Update, Windows Update for Business, WSUS, and the Microsoft Update Catalog. Organizations are urged to prioritize its installation, especially on publicly accessible or critical systems. The update focuses on security and reliability improvements, with no new features introduced. The issuance of this update outside regular maintenance windows presents challenges for IT administrators, emphasizing the need for proactive patch management strategies.

Winsage

May 15, 2025

Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network

Microsoft's May 2025 Patch Tuesday addressed 72 vulnerabilities in Windows Remote Desktop services, including two critical vulnerabilities, CVE-2025-29966 and CVE-2025-29967, which are heap-based buffer overflow issues. These flaws allow unauthorized attackers to execute arbitrary code over a network, posing significant risks. The vulnerabilities have been rated as "Critical" and classified under CWE-122. They affect various versions of Windows operating systems utilizing Remote Desktop services. Although there have been no reported active exploitations, experts warn of the potential dangers, urging users to apply patches immediately. The update also addressed five actively exploited zero-day vulnerabilities in other Windows components. Patches are available through Windows Update, WSUS, and the Microsoft Update Catalog.

Winsage

May 13, 2025

Windows 11 upgrade block lifted after Safe Exam Browser fix

Microsoft has lifted an upgrade block that prevented certain users of the Safe Exam Browser from installing the Windows 11 2024 Update due to compatibility concerns. The block was initially implemented in September to protect users from issues with Safe Exam Browser version 3.7 or earlier. Users are encouraged to upgrade to Safe Exam Browser version 3.8 or later before proceeding with the Windows 11 24H2 update. If users still encounter the safeguard hold after 48 hours of updating, they should contact Safe Exam Browser Support. The Windows 11 24H2 feature update is now available for all compatible PCs, except those under safeguard holds. Microsoft has resolved issues that previously blocked the update for some users and has removed other compatibility holds for specific devices and applications. However, some upgrade blocks remain due to incompatible hardware and software. Windows 11 24H2 began its rollout in May 2024 for enterprise testing, with a broader release in October.

Winsage

May 6, 2025

Microsoft pushes fix for Windows 11 update 0x80240069 errors

Microsoft has resolved an issue that affected the delivery of Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) after the installation of the April 2025 security updates. Users reported upgrade problems, specifically encountering error code 0x80240069 during attempts to update from Windows 11 23H2 or 22H2. The update complications primarily impact enterprise environments using WSUS, while home users are less likely to experience these issues. Microsoft is rolling out a fix through Known Issue Rollback (KIR) for enterprise-managed devices, requiring IT administrators to implement the KIR Group Policy on affected endpoints. Additionally, Microsoft is addressing a separate issue where some PCs were upgraded to Windows 11 despite Intune policies preventing such upgrades.

Tech Optimizer

May 5, 2025

Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses

X Business, an e-commerce store specializing in handmade home décor, experienced a cybersecurity incident involving a malware strain called Chimera. The attack began during a routine update to their inventory management system and escalated within 12 hours, resulting in halted customer orders, locked employee accounts, and a crashed website. The attackers demanded a ransom of 0,000 in cryptocurrency, threatening to expose sensitive customer data. Chimera is an AI-driven malware that adapts its code to evade detection, targeting both Windows and macOS systems. It exploited a zero-day vulnerability in Windows' Print Spooler service and bypassed macOS security measures by forging code signatures. The malware used social engineering tactics to deceive employees into activating malicious payloads, leading to compromised systems and encrypted customer data. The recovery process took 48 hours, utilizing cybersecurity tools like CrowdStrike Falcon and SentinelOne Singularity to identify and isolate the malware. Data restoration was achieved through Acronis Cyber Protect and macOS Time Machine, while vulnerabilities were addressed with Qualys and emergency patch deployment via WSUS. The network security framework was improved using Cisco Umbrella and Zscaler Private Access to implement a Zero Trust architecture. The incident highlights the need for small enterprises to adopt proactive cybersecurity strategies, including a 3-2-1 backup approach, Zero Trust models, investment in AI-driven defense tools, and employee training to recognize social engineering attempts.

Winsage

May 1, 2025

Windows 11 update failure stops machines from updating to version 24H2 using WSUS

Business and enterprise users are facing challenges upgrading to Windows 11 24H2 due to an issue stemming from an update released on April 8th, which primarily affects machines using Windows Server Update Services (WSUS). Windows 11 Home users are not impacted by this issue. Microsoft is investigating a fix but has not yet provided a solution, leaving users who installed the April 8th update unable to upgrade. The affected versions of Windows 11 include 23H2 and 22H2.

Winsage

May 1, 2025

Windows 11 April security patch quietly blocks 24H2 update, but are you impacted?

Microsoft is preparing to release the Windows 11 25H2 update in October, aimed at facilitating the transition to Windows 11 24H2. However, the rollout of Windows 24H2 has faced issues, with many PCs experiencing blocks due to third-party applications and technical problems. The April security patch, released on April 8, has complicated the upgrade process for some users, particularly those with the patch KB5055528 installed, leading to error code 0x80240069. This issue mainly affects IT administrators using Windows Server Update Services (WSUS), while individual users on Windows 11 Home are largely unaffected. Microsoft is investigating the problem and plans to release a fix by the next Patch Tuesday on May 13. Additionally, organizations are advised to explore alternative update management solutions, as WSUS is no longer under active development.

Winsage

April 30, 2025

Microsoft: Windows 11 24H2 updates fail with 0x80240069 errors

Microsoft has acknowledged a significant issue affecting enterprise users trying to upgrade to Windows 11 24H2 via Windows Server Update Services (WSUS) after installing the April 2025 security updates, specifically the monthly security update KB5055528. Users with Windows 11 23H2 or 22H2 are encountering Windows Update Service errors with the code 0x80240069, preventing the download process for Windows 11 24H2 from initiating or completing. Microsoft confirmed that devices with the April security update might be unable to update via WSUS. WSUS, primarily used in enterprise settings, has been deprecated as of September 2024, but Microsoft will continue to support existing functionalities. Additionally, Microsoft is addressing a "latent code issue" that has caused some devices to upgrade to Windows 11 despite Intune policies against such upgrades.