Microsoft Fixes Windows Server 2025 Upgrade Issue

Microsoft has fixed a bug that caused unauthorized upgrades to Windows Server 2025 for users of Windows Server 2019 and 2022. This fix restores normal upgrade functionality, ensuring better control over server updates.

VulnerabilitiesMEDIUMUpdated: Apr 15, 2026Published: Apr 15, 2026

Vulnerability Identifier

—

Medium

CISA KEV: NOEPSS: —

Vendor

Microsoft

Affected Product

Windows Server 2019, 2022

Vulnerability TypeUpgrade Management Issue

Attack Vector—

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Workaround Available—

CIA Triad Impact

None

Medium

Exploit Maturity

Unproven

PoC Available

Weaponized

Actively Exploited

Vulnerability Timeline

Reported to Vendor2024-09-01

Patch Released2026-04-15

Public Disclosure2026-04-15

Affected Environments

Windows Server 20192022

Patch Available

Yes

Technology

Check Windows Update settings for unauthorized upgrades.

Review server logs for unexpected upgrade notifications.

Ensure third-party update management software is configured correctly.

#windows_server_2019#windows_server_2022#windows_server_2025

Featured image for Microsoft Fixes Windows Server 2025 Upgrade Issue

Original Reporting

BCBleepingComputer·Sergiu Gatlan

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, Microsoft fixed a problem that upgraded some servers without permission.

What Happened

Microsoft recently announced that it has resolved a significant issue affecting users of Windows Server 2019 and 2022. This problem caused systems to automatically upgrade to Windows Server 2025 without authorization. The issue was first recognized in September 2024, following numerous complaints from system administrators who found their servers unexpectedly upgraded overnight.

Who's Affected

Organizations running Windows Server 2019 and 2022 were primarily affected by this issue. Many of these users reported that their systems upgraded to Windows Server 2025, which they did not have licenses for. This unexpected behavior disrupted operations and raised concerns among IT departments.

What Data Was Exposed

While there was no direct data exposure reported due to this upgrade issue, the unauthorized upgrades could have potentially led to compliance and licensing issues for organizations. The lack of control over system updates may have also raised security concerns regarding untested features in the new server version.

What You Should Do

Microsoft has now fixed the issue, and users can check for upgrades through the Windows Update settings once again. It is advisable for organizations to review their update management processes and ensure that third-party update management software is correctly configured to prevent similar issues in the future. Additionally, companies should monitor their systems closely during upgrade cycles to avoid unexpected changes.

Technical Details

The root cause of the problem was attributed to both Microsoft and third-party update management software. Microsoft acknowledged that the upgrade issues stemmed from a procedural error on their side, particularly regarding the speed of release and classification. The company has since re-enabled the upgrade offer, allowing users to perform in-place upgrades as intended.

Conclusion

This resolution is a relief for many IT administrators who faced operational disruptions due to the unexpected upgrades. Organizations should remain vigilant and proactive in managing their server environments, especially during major update cycles.

🔒 Pro Insight

🔒 Pro insight: This incident highlights the importance of robust update management processes to avoid unauthorized system changes.

BCBleepingComputer· Sergiu Gatlan

Read Original

Twitter LinkedIn WhatsApp Telegram

Related Pings

Preview image for Microsoft Fixes Two Zero-Days in April Patch Tuesday

Vulnerabilities

HIGH

Microsoft Fixes Two Zero-Days in April Patch Tuesday

Microsoft has patched two zero-day vulnerabilities, including one actively exploited. These flaws could lead to serious security risks in enterprise environments. It's crucial for sysadmins to update their systems immediately.

IMInfosecurity Magazine

Apr 16, 2026

Read Ping Read Source

Vulnerabilities

HIGH

Microsoft Patches SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft has released patches for 169 vulnerabilities, including a critical zero-day in SharePoint. This highlights ongoing security challenges for users. Immediate action is recommended to mitigate risks.

THThe Hacker News

Apr 16, 2026

Read Ping Read Source

Vulnerabilities

MEDIUM

Microsoft SharePoint - Medium-Severity Flaw Exploited

A medium-severity flaw in Microsoft SharePoint has been exploited, raising alarms among cybersecurity experts. Organizations must act quickly to mitigate risks and protect sensitive data.

CSCybersecurity Dive

Apr 16, 2026

Read Ping Read Source

Vulnerabilities

CRITICAL

Critical nginx UI Tool Vulnerability Exposes Web Servers

A critical vulnerability in the nginx UI tool has been discovered, allowing full server compromise. With hundreds of thousands of users, the risk is significant. Immediate action is required to patch this flaw and secure systems.

CSCSO Online

Apr 15, 2026

Read Ping Read Source

Preview image for Windows 11 Recall Vulnerability - TotalRecall Reloaded Exposed

Vulnerabilities

HIGH

Windows 11 Recall Vulnerability - TotalRecall Reloaded Exposed

A new tool has uncovered vulnerabilities in Windows 11's Recall feature. This exposes sensitive user data to unauthorized access. Users should consider disabling Recall to protect their privacy.

ARArs Technica Security

Apr 15, 2026

Read Ping Read Source

Vulnerabilities

HIGH

NIST Narrows Scope of CVE Analysis Amid Rising Vulnerabilities

NIST has announced a significant change in its approach to analyzing vulnerabilities, narrowing its focus to critical software and systems amid a surge in submissions.

CSCyberScoop+1 more

Apr 15, 2026

Read Ping Read Source