January Windows updates may fail if Citrix SRA is installed
Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device.
As part of today's January 2025 Patch Tuesday, Microsoft released the Windows 11 KB5050009 and Windows 10 KB5049981 updates to fix numerous security vulnerabilities, including zero-day flaws.
The release notes for both updates warn that they may fail to install on devices with Citrix Session Recording Agent (SRA) version 2411 installed.
"Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings," reads the KB5050009 support bulletin.
"However, when restarting the device to complete the update installation, an error message with text similar to "Something didn't go as planned. No need to worry – undoing changes" appears."
"The device will then revert to the Windows updates previously present on the device."
Microsoft says this issue should only impact a limited number of organizations, as SRA 2411 was released at the end of November. Home users are not expected to be impacted.
Citrix and Microsoft are working together to resolve this issue, but in the meantime, Citrix has released a support bulletin that contains a basic workaround.
"As a workaround, stop the Session Recording Monitoring service, install the Microsoft security update, and enable the Session Recording Monitoring service," explains the Citrix support bulletin.
Citrix says that the January 2025 security update is failing as it's unable to update some drivers while Session Recording 2411 is installed.
To disable the Session Recording Monitoring service, follow these steps:
- Go into the Services Management Console by pressing Win + R, typing services.msc, and pressing Enter.
- Scroll down until you see Citrix Session Recording Monitor Service.
- Right-click on the service and select Properties.
- Click the Stop button to stop the service, and once stopped, set it to "Disabled" and press the OK button.
- You can now install the January Windows updates.
- When the updates are installed, enable the service by repeating the above steps, but this time setting it to "Automatic" and then clicking the Start button.
Citrix also shared steps for disabling the service through PowerShell and the Windows Command Prompt.
The latest Windows updates should now be installed, and you are protected from the latest security vulnerabilities.
FBI Wraps Up Eradication Effort of Chinese 'PlugX' Malware
Allstate car insurer sued for tracking drivers without permission
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalSec-Fetch-Dest Header Has an Invalid Value
HighSession Fixation
InformationalBase64 Disclosure
InformationalSec-Fetch-Site Header is Missing
MediumBypassing 403
InformationalSplit Viewstate in Use
Free online web security scanner
