A security update for Windows Server Update Service (WSUS) addressing a critical vulnerability has inadvertently disabled hotpatching on some Windows Server 2025 devices. Microsoft has halted the update for hotpatch-enrolled systems and released a new patch (KB5070893) that fixes the vulnerability without disrupting hotpatching. Administrators are advised to pause updates, install the new patch, and monitor their systems for continued security and stability.
CISA has ordered U.S. government agencies to urgently patch a critical Windows Server WSUS vulnerability (CVE-2025-59287) that is actively exploited in attacks, with evidence of in-the-wild exploitation. Microsoft released emergency updates, and agencies are advised to disable the WSUS role if patches cannot be immediately applied. Over 2,800 WSUS instances are exposed online, highlighting the urgency of patching to prevent remote code execution by attackers.
Microsoft has issued an emergency security update for Windows Server to address a critical vulnerability (CVE-2025-59287) actively exploited in attacks, with urgent recommendations from the Cybersecurity and Infrastructure Security Agency for organizations to update immediately to prevent remote code execution threats.
Microsoft has issued an emergency security update for Windows Server due to a critical vulnerability (CVE-2025-59287) that is actively being exploited in attacks, with CISA warning federal agencies to apply the update immediately to prevent remote code execution and system compromise.
Microsoft released a critical out-of-band update for Windows Server Update Services (WSUS) to fix a severe vulnerability (CVE-2025-59287) that allows remote code execution, affecting servers with the WSUS role enabled. The update is urgent, especially as WSUS is deprecated, prompting Microsoft to recommend switching to cloud-based solutions like Intune. A reboot is required, and administrators are advised to disable the role or block specific ports if immediate patching isn't possible.
Microsoft has fixed a known issue causing Windows upgrade failures with error 0x8007007F on some Windows 11 and Windows Server systems, affecting specific upgrade paths from earlier versions. The problem was resolved as of August 15, 2025, and users are advised to retry upgrades if they encounter the error. The company also released additional updates to address related bugs affecting Windows reset, recovery, and update processes.
Microsoft's June 2025 security updates for Windows Server have caused DHCP service to freeze on some systems, affecting IP address renewals. Microsoft is working on a fix and has addressed other issues in recent updates, including authentication problems and container launch failures.
Microsoft has released emergency out-of-band updates to address a memory leak in the LSASS process causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. The issue affects servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates, leading to ballooning memory usage and unexpected reboots. Admins can download and install the emergency updates from the Microsoft Update Catalog to resolve the problem.
Microsoft has identified a critical memory leak in the March 2024 Windows Server security update, affecting Windows domain controllers and causing widespread crashes. The issue stems from a memory leak within the Local Security Authority Subsystem Service (LSASS) process, impacting various Windows Server platforms. Microsoft is actively working on a fix, but in the meantime, there is no workaround other than uninstalling the problematic update from affected domain controllers. This is not the first time Microsoft has encountered LSASS-related issues, with similar problems occurring in previous updates.
The March 2024 Windows Server updates are causing domain controllers to crash and reboot due to a memory leak in the Local Security Authority Subsystem Service (LSASS) process. Admins are advised to uninstall the KB5035855 and KB5035857 updates as a temporary workaround until Microsoft officially addresses the issue. This is not the first time LSASS memory leaks have affected domain controllers, with similar issues reported in December 2022 and March 2022.
Customer reports indicate that the October Patch Tuesday updates for Windows Server are causing virtual machines (VMs) on Hyper-V hosts to fail to start, displaying "failed to start" errors. The issue seems to be triggered by specific updates, and affected administrators have found that uninstalling these updates resolves the problem. Microsoft has not yet acknowledged the issue, but previous incidents with Hyper-V VMs and VMware ESXi have prompted emergency updates in the past.
