Microsoft has successfully addressed a significant issue that arose from the August 2025 security updates, which inadvertently triggered unexpected User Account Control (UAC) prompts and installation challenges for non-administrative users across all versions of Windows. This complication stemmed from a security patch aimed at mitigating a vulnerability in the Windows Installer, identified as CVE-2025-50173, which posed a risk of privilege escalation for authenticated attackers seeking SYSTEM-level access.
In its efforts to rectify the CVE-2025-50173 security flaw, Microsoft introduced new UAC prompts that request administrative credentials in various scenarios, effectively curbing potential permission escalations by malicious actors. However, these prompts also surfaced unexpectedly during routine tasks, such as installing applications utilizing Windows Installer (MSI), enabling Secure Desktop, and executing MSI repair commands.
Affected Platforms
As Microsoft acknowledged last week, the impact of this bug is widespread, affecting a broad array of both client and server platforms:
- Client:
- Windows 11, version 24H2
- Windows 11, version 23H2
- Windows 11, version 22H2
- Windows 10, version 22H2
- Windows 10, version 21H2
- Windows 10, version 1809
- Windows 10 Enterprise LTSC 2019
- Windows 10 Enterprise LTSC 2016
- Windows 10, version 1607
- Windows 10 Enterprise 2015 LTSB
- Server:
- Windows Server 2025
- Windows Server 2022
- Windows Server, version 1809
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2012
To mitigate these issues, the September 2025 Windows security update, along with subsequent updates, aims to reduce the necessity for UAC prompts during MSI repairs. Additionally, IT administrators will have the capability to disable UAC prompts for specific applications by adding them to an allowlist. According to Microsoft, post-update, UAC prompts will only be necessary during MSI repair operations if the target MSI file includes an elevated custom action.
Recognizing that UAC prompts will still be required for applications executing custom actions, Microsoft has equipped IT administrators with a method to turn off these prompts for designated apps following the update. This process involves adding new registry keys—SecureRepairPolicy and SecureRepairWhitelist—under HKEYLOCALMACHINESOFTWAREPoliciesMicrosoftWindowsInstaller, as outlined in their support documentation.
Moreover, Microsoft has resolved another issue linked to the August 2025 security updates, which had caused significant lag and stuttering problems with NDI streaming software on both Windows 10 and Windows 11 systems.
