No word from Microsoft about shocking installation of Windows Server 2025 • The Register

Microsoft remains silent about the release of Windows Server 2025 earlier this week in the form of a security update, much to the chagrin of affected administrators.

On November 5, Microsoft apparently mislabeled the Windows Server 2025 upgrade with a Globally Unique Identifier (GUID) for updates. As a result, some administrators had to deal with it a surprising installation of Windows Server 2025 thanks to software patching, downloading and installing what was labeled as an update, but instead turned out to be a completely new operating system.

The mislabeling itself was not enough to trigger an install. However, some implementations of third-party patch software have misclassified and applied them to servers. The problem was initially noticed by a customer of security company Heimdal, who unexpectedly found Windows Server 2025 running on their hardware in the office.

According to Heimdal, Microsoft incorrectly labeled the Windows Server 2025 upgrade as KB5044284, a security update.

Morten Kjaersgaard, chairman and founder of Heimdal, told us The Register: “We noticed that the Microsoft Server 2025 migration is automatic, which is staggeringly dangerous given the operational risk to customers experiencing unexpected downtime.

“Additionally, and extremely worryingly, the license check for Server 2025 only happens after the upgrade, which is completely irrational and puts even more risk for end users as you will then be forced to pay for a new license, after your upgrade, as a reversal is virtually impossible to guarantee.

“Imagine if your electric car – say a Tesla – got an automatic software update, but you couldn’t drive the new version until you entered your credit card details to pay the full recommended retail price for the upgrade again. Tesla would do that immediately. going bankrupt, especially because you already paid for the car once.

Days after we asked the company for comment, a Microsoft spokesperson said El Reg “we’re looking into this” and promised an update if it had anything to add. Silence since then.

For affected administrators, silence will not be acceptable. Kjaersgaard told us on November 7 that Microsoft had pulled the update, but he had seen no sign of a rollback becoming available. He noted that such a rollback would be “technically very challenging” and said Heimdal would be committed to ensuring affected customers have a path forward through the company’s Microsoft contacts.

A problematic update causing problems on Windows hardware? It all sounds quite familiar, although fortunately the scope is more limited.

Jim Gaynor, editorial vice president at IT consultancy Directions on Microsoft, drew parallels with the CrowdStrike incident. He said: “This highlights the need for customers to carefully monitor their patch/update management systems to avoid unintended consequences, and also to have robust backup and recovery processes in place to recover from a failed patch/update of any software also. After all, the CrowdStrike incident was only four months ago – it’s the same lesson.

“It also highlights the risk of Microsoft promoting paid and/or potentially disruptive upgrades through ‘trusted’ channels that were traditionally reserved for items that customers could accept more or less blindly. Items that customers were encouraged to quickly accept in the name of maintaining security.

“Putting something like an OS upgrade into that channel that requires paid license keys to activate means that a small error in labeling or classification or even a misclick from a harried user can have quite serious consequences.

“In general, vendors, whether CrowdStrike, Microsoft or someone else, need to be careful about how they present and deliver updates and patches – and putting a paid upgrade in the channel used for updates and patches, is risky and, in my opinion, an ill-considered move that does not serve their customers.” ®