Automatic update to Windows Server 2025 was a surprise to companies operating on Windows Server 2019 and 2022, especially in cases where updates were controlled through third-party funds. Many organizations reported the transition to a new version of the system that occurred without their consent and caused discontent among users. The problem affected the server systems that were updated, despite the declared update status as optional. Microsoft and independent suppliers of updates management services shift to each other responsibility for the incident.
On November 6, Microsoft updated the Windows updates monitoring panel by confirming that the update to Windows Server 2025 through the package KB5044284 KB5044284 in those environments where updates management were carried out by third-party products. It is recommended to check whether the update management software is configured to eliminate the installation of updates classified as functional. Microsoft noted that this update was marked as “Deployment = Optional Installation”, which was supposed to indicate its optional nature. However, third-party updates control tools interpreted this mark incorrectly, which led to mass update.
It is interesting that some of the affected companies did not have licenses for Windows Server 2025. According to BleepingComputer portal, among the victims there were clients of Heimdal, where about 7% of customers unintentionally received a new version of the server before Heimdal blocked the KB5044284 in group policies. Heimdal indicates classification errors and a high speed of updating as possible causes of the incident. However, at the time of publication, Microsoft did not provide instructions on the rollback of the update, except for recovery from backups.
KB5044284 is a cumulative update included in the Patch Tuesday initiative from Microsoft, and Windows Server 2025 was supposed as an optional update. However, errors in the control settings led to its automatic installation for corporate customers.