CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

August 2025 Windows Security Updates Cause Recovery and Reset Failures

First reported
Last updated
πŸ“° 1 unique sources, 5 articles

Summary

Hide β–²

Microsoft's August 2025 Windows security updates cause failures in reset and recovery operations, streaming issues, and app installation problems on Windows 10 and older versions of Windows 11. The issue affects multiple system recovery and reset features, including 'Reset my PC' and the 'Fix problems using Windows Update' tool. The bug impacts specific Windows versions and updates, and Microsoft has released out-of-band updates to address the issues. The affected updates include KB5063875 for Windows 11 23H2 and 22H2, KB5063709 for Windows 10 22H2 and LTSC 2021 versions, and KB5063877 for Windows 10 LTSC 2019 versions. The issue also affects remote resets using the RemoteWipe CSP. Microsoft has confirmed the bug and is working on a resolution. They have previously addressed similar issues with Known Issue Rollback (KIR) fixes. Additionally, the August 2025 Windows security updates cause severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems. Microsoft has released the KB5065426 and KB5065429 updates to fix these streaming issues. The August 2025 security updates also trigger unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. The issue is caused by a security patch addressing the CVE-2025-50173 Windows Installer privilege escalation vulnerability. The September 2025 Windows security update addresses this issue by reducing the scope for requiring UAC prompts for MSI repairs and enabling IT admins to disable UAC prompts for specific apps by adding them to an allowlist.

Timeline

  1. 04.09.2025 14:57 πŸ“° 2 articles

    August 2025 Windows Security Updates Cause App Installation Issues

    The August 2025 Windows security updates trigger unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. The issue is caused by a security patch addressing the CVE-2025-50173 Windows Installer privilege escalation vulnerability. The affected platforms include both client and server versions of Windows, such as Windows 11 (24H2, 23H2, 22H2), Windows 10 (22H2, 21H2, 1809, LTSC 2019, LTSC 2016, 1607, 2015 LTSB), and various Windows Server versions. Microsoft has released the September 2025 Windows security update to address these issues. The update reduces the scope for requiring UAC prompts for MSI repairs and allows IT administrators to disable UAC prompts for specific apps by adding them to an allowlist. This update is a significant step in mitigating the issues introduced by the August 2025 updates, providing a more stable environment for Windows users. The update includes new registry keys to manage UAC prompts for specific apps, ensuring that UAC prompts will only be required during MSI repair operations if the target MSI file contains an elevated custom action. This approach helps balance security and usability, allowing administrators to control UAC prompts more effectively.

    Show sources
    Open in new tab
  2. 22.08.2025 15:25 πŸ“° 2 articles

    August 2025 Windows Security Updates Cause Streaming Issues

    Microsoft has resolved severe lag and stuttering issues with NDI streaming software affecting Windows 10 and Windows 11 systems after installing the August 2025 security updates. The company confirmed these problems after receiving widespread reports from users who experienced a range of performance issues while using various streaming apps, including OBS (Open Broadcast Software) and NDI Tools. The streaming issues were triggered by the KB5063878 and KB5063709 security updates on Windows 11 24H2 and Windows 10 21H2/22H2 devices. The NDI team confirmed that the buggy Windows updates can cause NDI traffic to drop unexpectedly after deployment, with performance problems occurring only with RUDP connections. A temporary workaround was available for those who could not immediately deploy the updates, which required changing the NDI Receive Mode to use TCP or UDP instead of RUDP. Microsoft released the KB5065426 and KB5065429 updates to address this known issue on the two impacted Windows versions. The September 2025 Patch Tuesday security updates also address unexpected User Account Control (UAC) prompts and app installation problems for non-admin users.

    Show sources
    Open in new tab
  3. 19.08.2025 16:39 πŸ“° 2 articles

    August 2025 Windows Security Updates Cause Recovery and Reset Failures

    Microsoft's August 2025 Windows security updates cause failures in reset and recovery operations on Windows 10 and older versions of Windows 11. The issue affects multiple system recovery and reset features, including 'Reset my PC' and the 'Fix problems using Windows Update' tool. The bug impacts specific Windows versions and updates, and Microsoft is working on a fix to be delivered via out-of-band updates. The affected updates include KB5063875 for Windows 11 23H2 and 22H2, KB5063709 for Windows 10 22H2 and LTSC 2021 versions, and KB5063877 for Windows 10 LTSC 2019 versions. The issue also affects remote resets using the RemoteWipe CSP.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Critical SessionReaper vulnerability patched in Adobe Commerce and Magento Open Source

Adobe has patched a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms, dubbed SessionReaper. This flaw, with a CVSS score of 9.1, could allow unauthenticated attackers to take control of customer accounts via the Commerce REST API. The patch was released on September 9, 2025, following an emergency notification to selected customers on September 4, 2025. Adobe Commerce on Cloud customers were already protected by a WAF rule deployed as an interim measure. The vulnerability is considered one of the most severe in the platform's history, with potential for widespread exploitation. Administrators are advised to apply the patch immediately, as it disables certain internal Magento functionalities that may affect custom or external code. The affected versions include Adobe Commerce 2.4.9-alpha2 and earlier, 2.4.8-p2 and earlier, 2.4.7-p7 and earlier, 2.4.6-p12 and earlier, 2.4.5-p14 and earlier, and 2.4.4-p15 and earlier. The affected versions also include Adobe Commerce B2B 1.5.3-alpha2 and earlier, 1.5.2-p2 and earlier, 1.4.2-p7 and earlier, 1.3.4-p14 and earlier, and 1.3.3-p15 and earlier. The affected versions include Magento Open Source 2.4.9-alpha2 and earlier, 2.4.8-p2 and earlier, 2.4.7-p7 and earlier, 2.4.6-p12 and earlier, and 2.4.5-p14 and earlier. The Custom Attributes Serializable module versions 0.1.0 to 0.4.0 are also affected.

Open in new tab

Active exploitation of SAP S/4HANA command injection vulnerability CVE-2025-42957

A critical command injection vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited in the wild. The flaw allows attackers with low-privileged user access to execute arbitrary ABAP code, potentially leading to full system compromise. The vulnerability affects both on-premise and private cloud editions of SAP S/4HANA. The exploit can result in unauthorized modification of the SAP database, creation of superuser accounts, and theft of password hashes. Organizations are advised to apply patches immediately and monitor for suspicious activity. The vulnerability was fixed by the vendor on August 11, 2025, but several systems have not applied the available security updates, and these are now being targeted by hackers who have weaponized the bug. SecurityBridge discovered the vulnerability and reported it to SAP on June 27, 2025, and even assisted in the development of a patch. SecurityBridge and Pathlock have confirmed active exploitation of the vulnerability. The patch for CVE-2025-42957 is relatively easy to reverse engineer, and successful exploitation gives attackers access to the operating system and all data in the targeted SAP system. Organizations are urged to implement additional security measures, such as SAP's Unified Connectivity framework (UCON), to restrict RFC usage and monitor logs for suspicious activity.

Open in new tab

High-Severity Use-After-Free Vulnerability in Chrome's V8 Engine Patched

Google has released Chrome 140 to patch a high-severity use-after-free vulnerability (CVE-2025-9864) in the V8 JavaScript engine. This flaw, reported by the Yandex Security Team, could lead to heap corruption and potential remote code execution (RCE) through crafted HTML pages. The update also addresses three medium-severity bugs in Chrome’s Toolbar, Extensions, and Downloads components. Users are advised to update immediately to mitigate risks. The vulnerability affects multiple platforms, including Windows, macOS, and Linux. Google has not reported any active exploitation in the wild.

Open in new tab

Microsoft resolves Windows 11 24H2 certificate enrollment error

Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages in Windows 11 24H2 after installing the July 2025 preview and subsequent updates. The error, related to the 'Microsoft Pluton Cryptographic Provider', was triggered by a feature still under development. The fix will roll out over the next four weeks. The error did not impact Windows processes and could be safely ignored. Microsoft confirmed the resolution and provided details on the rollout timeline.

Open in new tab

Exploit chain in Sitecore Experience Platform enables remote code execution

Three new vulnerabilities in the Sitecore Experience Platform can be chained to achieve remote code execution (RCE). The flaws include HTML cache poisoning, RCE through insecure deserialization, and information disclosure via the ItemService API. Patches for these vulnerabilities were released in June and July 2025. The exploit chain leverages a combination of pre-authentication and post-authentication vulnerabilities to compromise fully-patched instances of the platform. Additionally, a zero-day vulnerability (CVE-2025-53690) has been exploited by threat actors to deliver malware, including WeepSteel, and perform extensive reconnaissance and lateral movement. The flaw is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2025 Sitecore guides. The attackers target the '/sitecore/blocked.aspx' endpoint, which contains an unauthenticated ViewState field, and achieve RCE under the IIS NETWORK SERVICE account by leveraging CVE-2025-53690. The malicious payload dropped by the attackers is WeepSteel, a reconnaissance backdoor that gathers system, process, disk, and network information. The attack observed by Mandiant stemmed from a documentation issue involving sample machine keys provided for customer use. Sitecore advised customers to rotate and secure ASP.NET machine keys, encrypt elements in web.config files, and restrict access to administrators only. CISA has ordered FCEB agencies to update their Sitecore instances by September 25, 2025.

Open in new tab