Microsoft’s August 2025 Windows Security Update has stirred a wave of frustration among system administrators, following a fix intended to address a critical vulnerability. This vulnerability, identified as CVE-2025-50173, was linked to an authentication issue within the Windows Installer, which posed a risk of privilege escalation for authorized attackers. In response, Microsoft opted to enhance security by enforcing the User Account Control (UAC) prompt for administrator credentials during Windows Installer (MSI) repair and related operations.
Unintended Consequences of a Security Fix
While the vulnerability has indeed been mitigated, the solution has introduced a new set of challenges. The UAC prompts for administrator rights can now appear unexpectedly for standard users, leading to significant disruptions. This is particularly problematic for applications that initiate MSI repair operations without a user interface. A notable example cited by Microsoft is the installation and execution of Office Professional Plus 2010, which now encounters Error 1730 during its configuration process when run by a standard user.
The ripple effects of this update extend across nearly all supported editions of Windows, including those nearing the end of their Extended Security Updates (ESU). For instance, both Windows Server 2012 and Windows Server 2012 R2 are experiencing similar issues.
In light of these complications, Microsoft has suggested a workaround: running applications with administrative privileges when feasible. However, this recommendation may cause alarm for administrators concerned about granting normal users such permissions. To alleviate some of the burden, Microsoft also advises the configuration of the Known Issue Rollback (KIR) group policy. It’s important to note, though, that this solution is limited to specific versions—namely Windows Server 2025 and 2022, as well as Windows 11 22H2 – 24H2 and Windows 10 21H2 and 22H2.
Despite addressing the initial vulnerability, Microsoft’s fix lacks the necessary granularity to fully alleviate user frustration. The inconvenience caused by unexpected UAC prompts could lead users to disable related features, a move that Microsoft does not endorse. Looking ahead, the tech giant has indicated plans to enhance the situation by enabling IT administrators to allow specific applications to perform MSI repair operations without triggering UAC prompts. This improvement is slated for inclusion in an upcoming Windows update.
