CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Windows Updates Cause RemoteApp Connection Failures in Azure Virtual Desktop

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

Recent Windows updates, including the November 2025 KB5070311 non-security update and a recent Windows 365 update, are causing RemoteApp connection failures in Azure Virtual Desktop environments on Windows 11 24H2/25H2 and Windows Server 2025 devices. This issue primarily affects enterprise users, leaving full desktop sessions unaffected. The incident began on Tuesday at 19:00 UTC, with users experiencing sign-in failures and intermittent access issues to their Cloud PCs. Microsoft has provided temporary mitigations, including a registry key modification, a Known Issue Rollback (KIR) for Windows Pro and Enterprise devices, and workarounds such as accessing Cloud PCs through the Windows App Web Client or using the Remote Desktop client for Windows. Microsoft is working on a permanent fix but has not provided a timeline.

Timeline

  1. 18.12.2025 12:04 2 articles · 27d ago

    Windows Updates Cause RemoteApp Connection Failures in Azure Virtual Desktop

    Recent Windows updates, including the November 2025 KB5070311 non-security update and a recent Windows 365 update, are causing RemoteApp connection failures in Azure Virtual Desktop environments on Windows 11 24H2/25H2 and Windows Server 2025 devices. This issue primarily affects enterprise users, leaving full desktop sessions unaffected. The incident began on Tuesday at 19:00 UTC, with users experiencing sign-in failures and intermittent access issues to their Cloud PCs. Microsoft has provided temporary mitigations, including a registry key modification, a Known Issue Rollback (KIR) for Windows Pro and Enterprise devices, and workarounds such as accessing Cloud PCs through the Windows App Web Client or using the Remote Desktop client for Windows. Microsoft is working on a permanent fix but has not provided a timeline.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Windows Updates Break VPN Access for WSL Users

Recent Windows 11 security updates, including KB5067036 and KB5072033, are causing VPN networking failures for enterprise users running Windows Subsystem for Linux (WSL). The issue affects users with mirrored mode networking enabled, preventing access to corporate resources. The problem stems from VPN applications' virtual network interfaces failing to respond to Address Resolution Protocol (ARP) requests. This impacts OpenVPN and enterprise VPN solutions like Cisco Secure Client. Microsoft is investigating the issue but has not yet provided a fix or workaround.

Open in new tab

Microsoft December 2025 Updates Break Message Queuing Functionality

Microsoft's December 2025 security updates caused Message Queuing (MSMQ) failures across Windows 10 22H2, Windows Server 2019, and Windows Server 2016 systems. The issue arose from security model changes that modified permissions on a critical system folder, leading to errors in MSMQ queues and IIS sites. Affected systems experienced inactive queues, resource errors, and application failures. Microsoft has released an out-of-band update (KB5074976) via Update Catalog to address the issue. The company initially advised enterprise customers to contact support for a temporary workaround, and the update is now available for download.

Open in new tab

Active Exploitation of Critical Microsoft WSUS Flaw

A critical vulnerability in Microsoft Windows Server Update Service (WSUS), CVE-2025-59287, is being actively exploited in the wild. This flaw, with a CVSS score of 9.8, allows attackers to drop malicious payloads and execute arbitrary commands on infected hosts. The vulnerability affects WSUS versions 3.32.x and was discovered by Eye Security and Huntress. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered U.S. government agencies to patch the flaw, which was added to the Known Exploited Vulnerabilities catalog. Organizations using WSUS are advised to apply the out-of-band security updates provided by Microsoft to mitigate the risk of exploitation. The flaw was originally patched by Microsoft as part of its Patch Tuesday updates, but attackers have since weaponized it to deploy .NET executables and Base64-encoded PowerShell scripts. Shadowserver is tracking over 2,800 WSUS instances with default ports exposed online. The vulnerability is a deserialization of untrusted data flaw that allows unauthenticated attackers to achieve remote code execution with system privileges by sending malicious encrypted cookies to the GetCookie() endpoint. A compromised WSUS server could potentially be used to distribute malicious updates to the entire network of client computers, making it particularly dangerous for large enterprises. Huntress advised isolating network access to WSUS and blocking inbound traffic to TCP ports 8530 and 8531 as remediation steps. The out-of-band (OOB) security update KB5070881 for CVE-2025-59287 broke hotpatching on some Windows Server 2025 devices. Microsoft has released a new update, KB5070893, to address the issue without disrupting hotpatching. Administrators are advised to install this update to maintain hotpatching functionality.

Open in new tab

Microsoft Releases November and December 2025 Patch Tuesday Updates for Windows 11

Microsoft has released Windows 11 cumulative updates KB5074109 and KB5073455 for versions 25H2/24H2 and 23H2. These updates address security vulnerabilities and various issues, including fixes for compatibility, networking, power & battery, Secure Boot, Windows Deployment Services, and WinSqlite3.dll. New features introduced include various bug fixes and improvements. The updates are mandatory and include the January 2026 Patch Tuesday security patches. Microsoft has also resolved a known issue causing security applications to incorrectly flag WinSqlite3.dll as vulnerable to CVE-2025-6965. The issue affected various Windows platforms, including Windows 10, Windows 11, and Windows Server 2012 through Windows Server 2025. Microsoft updated WinSqlite3.dll in the January 13, 2026 updates to address false positive detections. Additionally, Microsoft has released the KB5072753 out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly. This update is recommended for Windows 11, version 25H2 devices instead of the November 2025 hotpatch update (KB5068966). Microsoft has announced that it will not release optional updates in December, but Patch Tuesday updates will continue as scheduled. Nvidia has confirmed that the October 2025 Windows 11 updates (KB5066835) cause gaming performance issues on Windows 11 24H2 and 25H2 systems. Nvidia released the GeForce Hotfix Display Driver version 581.94 to address these issues. The October updates also caused other issues such as broken localhost HTTP connections, smart card authentication problems, and broken Windows Recovery Environment (WinRE) on systems with USB mice and keyboards.

Open in new tab

Azure Front Door CDN Outage Affecting Microsoft 365 Services

Microsoft is addressing an outage impacting Azure Front Door CDN, which is disrupting access to Microsoft 365 services and admin portals. The incident began around 07:40 UTC, affecting users in Europe, Africa, and the Middle East. Microsoft has restored approximately 98% of the service, with ongoing efforts to fully resolve the issue. The outage has caused delays and timeouts for users attempting to access Azure and Entra portals. Some users may experience intermittent issues with Microsoft 365 services and cloud PCs. Microsoft is actively monitoring telemetry and initiating failovers to accelerate recovery.

Open in new tab