Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools
Microsoft has finally confirmed that some Windows Server 2019 and 2022 systems were "unexpectedly" upgraded to Windows Server 2025 on devices if updates were managed using third-party patch management tools.
The company also updated the Windows release health dashboard on November 6 to say that Windows Server 2025 is now offered as an optional update on Windows Server 2022 and Windows Server 2019 devices for organizations wanting an in-place upgrade.
"Some devices upgraded automatically to Windows Server 2025 (KB5044284). This was observed in environments that use third-party products to manage the update of clients and servers," Microsoft explained on Saturday.
"Please verify whether third-party update software in your environment is configured not to deploy feature updates. This scenario has been mitigated."
Redmond acknowledged this known issue after multiple days of widespread reports from Windows admins that their servers had been automatically upgraded overnight to a Windows Server version for which they don't even have a license.
It also said this optional update had the "DeploymentAction=OptionalInstallation" tag, indicating that patch management tools should've interpreted it as optional rather than as a recommended update that should be deployed.
Microsoft blamed for "procedural error"
While not explicitly named, Heimdal, one of the companies whose customers were affected by this issue, blamed the upgrade problems on a "procedural error on Microsoft side, both with the speed of release and the classification" in updates sent to customers seen by BleepingComputer and in social media replies from Heimdal employees.
Unfortunately, by the time Heimdal blocked KB5044284 on all server group policies, roughly 7% of their customers had already been upgraded to Windows Server 2025. When contacted by BleepingComputer, a Heimdal spokesperson was not immediately available for comment.
While it says the known issue is mitigated, Microsoft has yet to share how affected Windows admins can roll back the automatic upgrades besides restoring their systems from backups. The company didn’t immediately reply to a request for comment when BleepingComputer reached out earlier today.
It's worth noting that KB5044284 is a Patch Tuesday cumulative update for Windows 11 24H2 and, starting November, a Windows Server 2025 optional update. As Microsoft said over the weekend, this will not change any time soon since "future updates released for Windows Server 2025 and Windows 11, version 24H2 will share the same KB numbers, but will have different release note sites and links."
Microsoft says it resolved another issue where admins were offered to upgrade to Windows Server 2025 via a banner on the device's Windows Update page under Settings. The company added that this message was intended for those wanting an in-place upgrade. However, those who installed it found that they needed to purchase a license to use the new version of Windows Server. While a warning was displayed about the license requirement before the upgrade was installed, many admins felt it was misleading to offer the update in this manner if a license was required.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024