Patch Tuesday Megathread (2025-07-08)
Posted by AutoModerator@reddit | sysadmin | View on Reddit | 250 comments
Hello r/sysadmin, I'm u/AutoModerator, and welcome to this month's Patch Megathread!
This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.
For those of you who wish to review prior Megathreads, you can do so here.
While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.
Remember the rules of safe patching:
- Deploy to a test/dev environment before prod.
- Deploy to a pilot/test group before the whole org.
- Have a plan to roll back if something doesn't work.
- Test, test, and test!
longstride25@reddit
All my Win 2016 are failing the installation.
joshtaco@reddit
Check this place out! Feels pretty important, eh? Ready to roll this out to 8000 workstations/servers tonight
FCA162@reddit
"Every second Tuesday: loyalty tested, systems stressed."
Pushing this update out to 200 Domain Controllers (Win2016/2019/2022/2025) in coming days.
I will update my post with any issues reported.
EDIT1: 65% of DCs have been done. No installation issues detected. AD is still healthy.
thomasdarko@reddit
Hi.
Are those DC's Windows Server 2016?
frac6969@reddit
Wow you’re down 10,000 from last month.
joshtaco@reddit
I obfuscate my numbers each month for privacy reasons. It's thousands and thousands though, same difference
xxdcmast@reddit
People have probably already asked but what are you running for patching on an environment that large. And do you like it?
joshtaco@reddit
I've answered in the past if you truly truly want to know. and yes.
techguy1243@reddit
How long ago did you mention wasnt able to find it in your comment history. Found a lot of maps though.
bpear@reddit
Found it https://www.reddit.com/r/sysadmin/comments/108gvht/comment/j6a7jhn/ !
techguy1243@reddit
Thank you!
FlipFlopMacGee@reddit
this is the kind of dedication I am here for
joshtaco@reddit
years ago
Competitive_Guava_33@reddit
I post bullshit because I’m very important and it hides my true identity is peak Reddit
SeptemberTwentyFirst@reddit
Alternate theory - "I'm good at my job & engage regularly in a relevant subreddit with 1M+ users - offering what the community has found to be helpful/insightful content, ultimately leading to my account having a bit of a following - therefore I should be cautious about any personal details I share"
joshtaco@reddit
I would argue I'm not important at all, you guys are the ones that love commenting every month 🤣
damnedbrit@reddit
I assumed it was because you're still trying to recover 2,000 machines from last months fiesta
Dry_Beat_3854@reddit
My man, even if it were 80 servers and workstations, I'd be like:
thefinalep@reddit
I've taken the average of all numbers you've posted and identified who you are... You're Joshtaco
GeeToo40@reddit
🌮🚬🌮
Trooper27@reddit
Following your lead Admiral! Let's GO!!!!
FragKing82@reddit
Bro.
yankeesfan01x@reddit
May the force be with you my young Jedi.
mosyle_mac_admin@reddit
We have 2 physical WS2016 servers and both of them are stuck on boot screen.
Far_Reference9304@reddit
Patching 2016 servers tonight. A bit worried after reading some of the comments about a BSOD after patching. Did you manage to fix your servers? What was the cause for them getting stuck on the boot screen?
mosyle_mac_admin@reddit
Still not sure what to do, it is running after few restarts, this is update history:
f909@reddit
Anything need to be done to Windows 10 or 11 clients that are domain joined to avoid Kerberos issues?
gslone@reddit
Is anyone aware of this?
https://samba.plus/blog/detail/important-change-in-upcoming-microsoft-update-samba-affected-fix-available-soon
Apparently, all Samba member-servers with idmapping=ad will break after applying updates to AD DCs.
schuhmam@reddit
Could this effect a Synolgy NAS joined into an AD Domain?
MrComputerMan@reddit
I would expect it to since Samba will be in use. I'd keep an eye out for a DSM update for your NAS model. Download Center | Synology Inc.
No-Contribution1608@reddit
Updates to Samba are available since Monday: https://samba.plus/blog/detail/updated-samba-packages-address-microsoft-netlogon-change
n1ckst33r@reddit
are trunas also effected? or does the used a different backend?
n1ckst33r@reddit
https://ixsystems.atlassian.net/jira/software/c/projects/NAS/issues/NAS-136590?jql=project%20%3D%20%22NAS%22%20ORDER%20BY%20created%20DESC
looks like, not in default setups .
Olof_Lagerkvist@reddit
I had missed this entirely and had to emergency roll-back KB5062557 now on domain controllers.
I tried first to find out if there was for example a policy setting that could be used temporarily to get the old behavior in a Samba-compatible way, but I could not find anything useful.
n1ckst33r@reddit
samba has a new patch, this shoudl work with the new windows update
le-quack@reddit
Thanks for the heads up I hadn't see this.
lucidrenegade@reddit
Looks like the update broke creating a Windows Hello PIN on Windows 11 24H2. I had just rebuilt my test VMs and the July update got installed. On the 2 24H2 VMs, I'm getting error 0x80090010 when trying to set up a PIN. No issues on Windows 11 23H2. I uninstalled the July update on one of the 24H2 VMs and was able to create a PIN with no issue.
TheIntuneGoon@reddit
Ah. I started rolling out Windows Hello literally today and ran into this error a few times. I'm annoyed at this being a potential cause, but glad to know what it may be.
raphael_t@reddit
The fact that Microsoft did not manage to provide the oob patches for the DHCP server issue "in the coming days" for 3 weeks by now, enforcing unpatched status as a workaround, is a concerning decision from their side. Lets hope this month will not end in another disaster.
randomugh1@reddit
Probably step in the direction of making sure all dhcp clients are properly licensed with a CAL.
empe82@reddit
Probably Microsoft in a few weeks:
The DHCP Server functionality in Windows Server 2019, 2021 and 2025 is deprecated, please migrate to Azure Address Distribution (AAD is in preview) before November 11th 2025. Additional licenses may be required to be purchased. To work around this change, the monthly cumulative updates starting from November 11th 2025 need to be uninstalled.
pcrwa@reddit
"Update: Azure Address Distribution is now Copilot for Networks" - Microsoft, probably
judgethisyounutball@reddit
Entra IP?
meditonsin@reddit
.Net Copilot for Addressening
Significant-Smell47@reddit
This is so feasible I would have fell for it if I wasn’t so pissed I had to read it a second time.
TheJesusGuy@reddit
Shut your mouth right now.
Anticept@reddit
Motherfucker you got me good.
adx931@reddit
It sucks because you can only deploy that to just a single network block 192.168.3.0/29 without also having a Microsoft Fabric Defender Premium E7 plan which costs $19/user/month but is also bunded in Microsoft 365 Premium Plus E5 for the low price of $368/user/month, along with the Microsoft AdminTune P2 to manage it, which thankfully isn't licensed per user. It's per site, for $70,000 per month, but at least you can order it easily.
reol7x@reddit
Don't put that evil on my Ricky Bobby
BurtanTae@reddit
"Probably Microsoft in a few weeks:"
Okay, that's not official - don't scare me like that!
Stonewalled9999@reddit
I fell for it myself!
ceantuco@reddit
lol
oliland1@reddit
coolbeaner12@reddit
I used this as an excuse to migrate my last DHCP pools from windows server to our headends; it was long overdue...
KindlyGetMeGiftCards@reddit
They did release a OOB patch just a few hours ago:
https://support.microsoft.com/en-gb/topic/may-19-2025-kb5061768-os-builds-19044-5856-and-19045-5856-out-of-band-75b27cbd-072e-4c5a-b40e-87e00aaa42dd
Pretend_Sock7432@reddit
DHCP service might stop responding after installing the June 2025 update
Status Resolved
Affected platforms Server Versions Message ID Originating KB Resolved KB Windows Server 2016 WI1094110 KB5061010 KB5062560 Windows Server 2019 WI1094111 KB5060531 KB5062557 Windows Server 2022 WI1094112 KB5060526 KB5062572 Windows Server 2025 WI1094113 KB5060842 KB5062553
The DHCP Server service might intermittently stop responding after installing the June 2025 security update (the Originating KBs listed above) for the affected platforms listed below. This issue is affecting IP renewal for clients. Resolution: This issue was resolved by Windows updates released July 8, 2025, (the Resolved KBs listed above), and updates released after that date. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.
Fallingdamage@reddit
Good news. Ill wait a couple weeks just to make sure, but I havent updated since may due to this issue and not wanting to deal with the bs.
DragonspeedTheB@reddit
They just released a notice saying it's fixed in the July updates.
"Resolution: This issue was resolved by Windows updates released July 8, 2025, (the Resolved KBs listed above), and updates released after that date. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one. "
Low_Butterscotch_339@reddit
Microsoft support gave us a workaround via registry for DHCP but did not actually recommend using and instead wait for a few days for the update to be fixed. They provided detail to the root cause also. For these reasons I am not sharing.
Trooper27@reddit
Agreed. I've been checking on this since last month and still no word from them.
Fa7her@reddit
Seriously. I've been impatiently waiting on it.
Low_Butterscotch_339@reddit
Reminder with today’s Microsoft patch release that the July 2025 hardening change is in affect!
Kerberos Authentication protections for CVE-2025-26647 KB5057784 | Enforced by Default phase
Updates released in or after July 2025, will enforce the NTAuth Store check by default.
The AllowNtAuthPolicyBypass registry key setting will still allow customers to move back to Audit mode if needed. However, the ability to completely disable this security update will be removed.
https://support.microsoft.com/en-us/topic/protections-for-cve-2025-26647-kerberos-authentication-5f5d753b-4023-4dd3-b7b7-c8b104933d53
ThomasMoeller@reddit
All our event 45 went away with the June updates. Has anyone started to see event 21 pop up in DC logs?
Clients aren't updated yet.
BerkeleyFarmGirl@reddit
Yeah I just set up a filter for this and the errors stop after the DCs got patched. I presume we're good to go as a result.
ZealousidealClock494@reddit
So I have a few machines giving the event 45. How do I fix them? The link really doesn't say. It also states that if it is a computer account with a serial of 01, it can be ignored?
Haven't really found what I need to do to these PCs or why they are the only ones throwing this event id.
JM_Actual@reddit
I found the same event log warnings as you for Machine Public Key Cryptography for Initial Authentication (PKINIT) logons (SerialNumber =01).
I used this custom event view XML query to search the system log for event 45 or 21 and excluded any PKINIT logons.
*[EventData[Data[@Name='SerialNumber'] and (Data='01')]]
1759@reddit
I'm seeing this as quoted from: https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#logon-might-fail-with-windows-hello-in-key-trust-mode-and-log-kerberos-events
I'm taking this to mean that since these self-signed certs would never actually be chained to a CA in the NTStore, these EventID 45 errors are false and can be ignored, provided that the errors refer to a self-signed cert such as a Windows client cert.
ZealousidealClock494@reddit
Ahh. This makes more sense. I remember looking back when this all began last year and had no corresponding events so I just let it go. The events I see started in May and continue though this month because I didn't apply June updates to my DCs due to the DHCP issue.
Let 'er rip I guess.
mancmagic@reddit
How'd you get on? Exactly the same situation. Just checked for event 45 which I still have a few and shit bricks reading they should have stopped....before realising I didn't update in June also due to the DHCP issues.
ZealousidealClock494@reddit
That's a Sunday issue. Honestly there's only 5 machines reporting 45 errors so I'm just going to send it and if I have to deal with them after that's fine.
ZealousidealClock494@reddit
Yeah that's what I was reading in he Microsoft post. User is a machine id with a $ AND source/subject are both the same CN AND 01 for the type.
Probably good to go I'd suspect.
TheJesusGuy@reddit
Can someone explain this one to me? I have no idea what this change is actually doing and whether I need to do anything for my on-prem setup. Kerberoes is already running.
techvet83@reddit
Reminder: there was false 45 event ids showing up in the logs until the June patches were released. For example, see Resolved issues in Windows Server 2022 | Microsoft Learn. We noticed this ourselves. The 45 event codes we were seeing after the April patches were applied went away as soon as the June patches were applied.
willwilson82@reddit
Does this enforcement only apply if you run your own CA? My DC's are patched up but not seeing any event 45 entries which I suppose is good....
nikken1985-hl@reddit
Yeah, noticed it to, but even with the June Patches and no longer events loged. Once we switched to Enforcement mode, gpupdate failed on all clients with LDAP binding errors. So we switched back to Monitor Mode and hope it will get better before October.
Krypty@reddit
Thank you very much. I swear I'd go crazy if it weren't for Reddit sometimes. I peaked at one of my DC's, saw a wave of event ID 45's, and was going to look through it during work hours tomorrow.
Saw your comment, remoted back in - no events after June updates. Praise be.
rpickens6661@reddit
AHHHHHHH!!!!! And I see nothing since then. Back to naps with cats. Thanks.. for now.
Fallingdamage@reddit
Not a single Event 45 found on my DCs. Looks like im good.
ZealousidealClock494@reddit
No. It is in the system log. Filter for id 45.
This is what got me. I just looked in security.
SoonerMedic72@reddit
Yikes! Nice catch.
ZealousidealClock494@reddit
No, this is what got me because I just searched the standard windows logs. They are in the Kerberos Key Distribution Center log
rpickens6661@reddit
I thought this only applied to smart card authentication. Is this all systems?
rpickens6661@reddit
No really. Can someone give me a head check?
FCA162@reddit
Microsoft EMEA security briefing call for Patch Tuesday July 2025
The slide deck can be downloaded at aka.ms/EMEADeck (available)
The live event starts on Wednesday 10:00 AM CET (UTC+1) at aka.ms/EMEAWebcast.
The recording is available at aka.ms/EMEAWebcast.
The slide deck also contains worth reading documents by Microsoft.
What’s in the package?:
July 2025 Security Updates - Release Notes - Security Update Guide - Microsoft
KB5062553 Windows Server 2025
KB5062572 Windows Server 2022
KB5062557 Windows Server 2019
KB5062560 Windows Server 2016
KB5062597 Windows Server 2012 R2
KB5062592 Windows Server 2012
KB5062553 Windows 11, version 24H2
KB5062552 Windows 11, version 22H2, Windows 11, version 23H2
KB5044280 Windows 11, version 21H2 (All editions of Windows 11, version 21H2 are at end of service)
KB5062554 Windows 10, version 21H2, Windows 10, version 22H2
FCA162@reddit
Tenable: Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719)
Latest Windows hardening guidance and key dates - Microsoft Support
July 2025
jwckauman@reddit
anyone know why Microsoft doesn't publish the SQL Server CUs at the same time as Windows, Office, and Exchange CUs? We would prefer to install the SQL CUs at the same time, but they come too late in the week. Usually on the Thursday following Patch Tues, which by that point we've started testing the other patches.
chicaneuk@reddit
Anyone having issues with WSUS syncing with Microsoft? I have a couple of servers which have all tried a number of times since 5am and all failing despite being able to successfully test connectivity to the numerous Windows Update destinations successfully.
Liquidretro@reddit
I was getting the sync but had to reboot my server to see this months patches. That seems to have fixed it.
1grumpysysadmin@reddit
Yup, worldwide Microsoft issue. Also affecting Outlook email. This is going to be a tedious day. Good luck everyone.
chicaneuk@reddit
The WSUS issue is resolved now at least.. was able to sync late last night and deploy updates this morning.
redsedit@reddit
Mine is syncing now, although all of a sudden, about 7000 patches have been reset to unapproved.
kgborn@reddit
I have many reports here in Germany - see my English blog post
https://borncity.com/win/2025/07/09/wsus-has-synchronization-problems-july-9-2025/
4dv4nc3d@reddit
born wie immer beste Stelle zum schnell nachschauen, ob was feigelt.
danke für deine Arbeit.
K4p4h4l4@reddit
same here
FCA162@reddit
The issue has been addressed through a service-side repair activity and should be resolved. WSUS sync and update activities are expected to proceed as usual at this time.
flamingo-racer@reddit
Our WSUS server is starting to sync, it's at 10% so still not 100% sure everything is sorted
flamingo-racer@reddit
Yep, got to 10% and failed with an unknown error. Slight progress maybe as its a different error at least..
ResponsiveName@reddit
https://www.askwoody.com/forums/topic/wsus-failing-to-sync-updates-started-today-9-july-2025/#post-2790154
Melo_1983@reddit
Now its ok (italy)
stovku@reddit
I had one of mine fail its scheduled sync. I triggered a manual sync at the end of the day and that worked for me.
sccmguy@reddit
Same. Here's to hoping that Microsoft gets what I can only assume is a major screw up on their end fixed before our CISO gives us the patching deadline for this month (which is usually only a few days!)...
flamingo-racer@reddit
Currently having it in the UK.
We're raising a ticket with Microsoft for an answer. I'll update here if we find anything out.
Consistent-Web1548@reddit
Our escalation engineer just says they are still investigating.
flamingo-racer@reddit
Yep, I have just received a very similar email I expect l.
johndooks000@reddit
Still have issues synching, 7:25am east coast
rerhart@reddit
Same here in Minnesota
zugman@reddit
Yes, I noticed sync fails starting this morning.
gerbaix_volser@reddit
same here
coolbeaner12@reddit
also having issues here; midwest US. Commenting to receive updates on this.
AciidSn3ak3r@reddit
Us too.
satsun_@reddit
US here. Our July 8th 2:29 AM CST sync was good, but failed at 2:29 AM CST July 9 and subsequent retries have failed.
CheaTsRichTeR@reddit
Same here (Germany) And many more here https://www.borncity.com/blog/2025/07/09/wsus-hat-synchronisationsprobleme-9-juli-2025 (english version not availabe (yet?)
chicaneuk@reddit
Thanks! Google Translate does a decent enough job of translating it :)
Melo_1983@reddit
Same from Italy
IndyPilot80@reddit
Same... "A connection attempt failed because the connected party did not properly respond after a period of time..."
FragKing82@reddit
Yeah, same...
PoodleH@reddit
Yep. Failing since 0435 BST.
jmittermueller@reddit
Same here
chicaneuk@reddit
I just managed to complete a sync successfully so may be fixed..
Consistent-Web1548@reddit
Same (UK)
FCA162@reddit
MS Windows release health: The April 2025 Windows RE update might show as unsuccessful in Windows Update
Status: Resolved
After installing the April 2025 Windows Recovery Environment update [the Originating KBs listed above], you might see the following error message in the Windows Update settings page: 0x80070643 – ERROR_INSTALL_FAILURE. This error message is not accurate and does not impact the update or device functionality. The Windows Recovery Environment (WinRE) is a recovery environment that can repair common causes of unbootable operating systems.
This error is observed when the device installs the WinRE update when there is another update in a pending reboot state. Although the error message suggests the update did not complete, the WinRE update is typically applied successfully after the device restarts. Windows Update might continue to display the update as failed until the next daily scan, at which point the update is no longer offered and the failure message is cleared automatically.
Resolution:
The ERROR_INSTALL_FAILURE error message that was previously observed with the Originating KBs listed above installed before 2 PM PT on April 21, 2025 has been resolved with the Windows update released July 8, 2025 (the Resolved KBs listed above). We recommend you install the latest update for your device as it contains important improvements and issue resolutions.
Please note: This update does not remove the incorrect error message which might still appear in the Windows Update History page.
Users who installed the Originating KBs listed above after 2 PM PT on April 21, 2025, should not observe the incorrect error message about the install failure. If the update is already installed, it will not be offered again, and the status of this update can be verified with the Dism /Online /Get-Packages command.
FCA162@reddit
MS Windows release heath: DHCP service might stop responding after installing the June 2025 update
Status: Resolved
The DHCP Server service might intermittently stop responding after installing the June 2025 security update (the Originating KBs listed above) for the affected platforms listed below. This issue is affecting IP renewal for clients.
Resolution: This issue was resolved by Windows updates released July 8, 2025, (the Resolved KBs listed above), and updates released after that date. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.
bobbox@reddit
After updating to these July patches i can't get Nvidia nView to work, enabling it causes any windows attached to it to crash. I quickly realized how old nView 149.77 was and tried updating to nvidia RTX Desktop Manager 205.28 but it also disables/crash shortly after enabling. using Windows10 with a Nvidia Quadro P400
Any ideas or alternatives? All i want is the "Move to next display" button
TheLostITGuy@reddit
Win + Shift + Right/Left Arrowis built in and arguably much quicker than taking your hand of the keyboard to grab your mouse and click a button.bobs143@reddit
Any news on if DHCP issues were fixed in this moths updates? I skipped updating DHCP servers last moth due to the issues reported.
ceantuco@reddit
Yes, the issue has been fixed. It is weird because I had not issues with our 2019 DHCP server last month after updating.
https://support.microsoft.com/en-us/topic/june-10-2025-kb5060531-os-build-17763-7434-32fce7e7-305d-4d32-913f-3fdc0709a763#id0ebbl=windows_server_2019
I will update our DHCP server on Tuesday next week. Wish me luck lol
1grumpysysadmin@reddit
Allegedly it is fixed per Microsoft.
bberg22@reddit
I think someone confirmed it is fixed per MS somewhere in this thread.
McShadow19@reddit
Has anyone already applied the updates on DHCP server(s)? Did everything run smoothly or were there unexpected issues? I'm curious how it went.
We are about to start updating our servers in group stages starting tomorrow.
ZDI Update Summary
Borncity Summary
bobs143@reddit
Please let us know. I skipped updating my DHCP servers last moth because of the issue.
McShadow19@reddit
I will do. Updating first DHCP server is planned on Thursday next week.
ceantuco@reddit
please let us know how your updates go. Good luck!
frac6969@reddit
This update has a new Changjie input method for Traditional Chinese for both Windows 10 and Windows 11 and apparently it's completely broken. Workaround is to toggle to the old input method.
MrHavishamIOM@reddit
Windows 365 Cloud PCs - after installing/rebooting after KB5062553 (OS Build 26100.4652), several W365 Cloud PCs wouldn't boot. Even after a Restart in Endpoint management. Different customers/environments.
Limited ability to troubleshoot with W365.
ShadowXVII@reddit
Getting a BSOD (Memory Management / Driver Verifier failure) on an old machine since these three updates applied last night:
2025-07 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5062560).2025-07 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 for x64 (KB5062064).2025-07 Servicing Stack Update for Windows Server 2016 for x64-based Systems (KB5062799)Taken it out into a VM and safe mode says "We couldn't complete the changes. Undoing changes". Will see if I can determine root cause...
ZechnKaas@reddit
Just threw my bits in here, patched:
4x 2016
6x 2019
10x 2022
so far no issues.
ShadowXVII@reddit
Yeh, I think this is quite a niche issue, so I wouldn't hold off rolling out. Microsoft said it's only been logged once before but they never found a solve 🫠
Will post here if I find anything interesting. At least the workaround gets the machine back up and running.
ZechnKaas@reddit
thanks for the update, was just cautious as someone mentioned issues with 2025 too
can add 3 more 2016 without issues too :)
gl
SuperDaveOzborne@reddit
What is your hosting environment?
ShadowXVII@reddit
Added more info to original comment -- Azure.
SuperDaveOzborne@reddit
Thanks, we use vsphere and have already patched one 2016 server, but was going to do the Exchange 2016 server tonight. Sounds like we probably don't have to worry about this issue.
MikeWalters-Action1@reddit
Here are the standout third-party vulnerabilities disclosed ahead of July 2025’s Patch Tuesday:
catherder9000@reddit
Reason #14 to not buy Brother printers for a real work environment.
Forgotthebloodypassw@reddit
They used to be good on ink policy but no more it seems.
catherder9000@reddit
The thing that killed them for me was the ludicrous 100k limit on their fuser life on "business" or "enterprise" models (printer still printing perfect print jobs but the counter "is boss") and then refuse to print until it's replaced. And the cost of the new fuser being within $20 of the price of an entirely new printer of the same model? What a pricing plan they have...
Have been completely happy with all the new Canons though! Pile of 1440s and three 3725s and not one issue in >2 years (knock wood).
falcon4fun@reddit
I have found it's really better to pay for rent service for all MFUs and don't think about any problems with components, limits, malfunctions, replacements and etc. Service company sends automatically required components for you before counter expiration or changes unit in case of problem.
ajscott@reddit
You can reset the counter on the drums and fusers with the control pad. There are multiple videos online showing how for the various models.
catherder9000@reddit
You sure can! For one single print. And then you have to reset it again.
Brother printers are toys made for low volume mom & pop shops.
Forgotthebloodypassw@reddit
They had such a great rep but then enshitification set in. A great pity.
MacWorkGuy@reddit
Change your printers default password - if you arent doing that then this is on you really.
cbiggers@reddit
As far as I know, this only affects if you keep the default password. Which even if it is the randomly generated one is still a poor policy, for reasons just like this.
jwckauman@reddit
Question for u/MikeWalters-Action1 . Why doesn't CVE-2025-49719 - Security Update Guide - Microsoft - Microsoft SQL Server Information Disclosure Vulnerability count as a zero day? According to Microsoft, it's a publicly disclosed vulnerability although it hasn't been seen exploited 'in the wild' yet.
MikeWalters-Action1@reddit
CVE-2025-49719 technically cannot be classified as a “zero-day” vulnerability based on the standard industry definition. A zero-day vulnerability refers to a security flaw that is being actively exploited in the wild before a patch is available (hence “zero days” of protection).
jwckauman@reddit
thanks. seems like different sites use different definitions. for example. Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws
fengshui1001@reddit
HI, has anyone seen the 2025-07 Cumulative Update for Windows 11 Version 24H2 (KB5062553) keeps failing with a message "Failed to install on 9/07/2025 - 0x8024001e"? And I can't launch onedrive after restart...
Electrical_Arm7411@reddit
I'm seeing about 50% failure rate on my pilot group of 24H2 laptops (KB5062553).
0x80070570 which corresponds to a "The file or directory is corrupted and unreadable." error. I'm using Manage Engine for patch deployment, maybe there's deployment issues on their side as some of my pilot systems successfully got the update.
MadCoderOne@reddit
2025-07 Cumulative Update for Windows 11 Version 24H2 (KB5062553) failed for me as well with a different code (0x80240069) on 1/1 machines so far
MadCoderOne@reddit
it installed the 2nd time, I guess Ill start rolling the dice on more test machines
fengshui1001@reddit
Same here - it installed successfully on the second attempt. time to resume the update rings from Intune.
ceantuco@reddit
it installed fine for me yesterday on 2 test machines.
fate3@reddit
Seeing a bunch of issues with 2016 update rolling back in our environment
raresolid@reddit
Which update fails? What role does your 2016 server do?
fate3@reddit
the July CU, various roles, some SQL cluster, some non-prod dev servers
raresolid@reddit
Found it: https://www.reddit.com/r/sysadmin/s/zLQeWnchj6
fate3@reddit
raresolid@reddit
I just saw someone else in here with the same issue, they went into registry hive and disabled something and it booted. It was in an Azure environment.
Chance_Row7529@reddit
Was the error DRIVER_VERIFIER_DETECTED_VIOLATION?
Did someone by chance run Driver Verifier on some/all of these 2016 machines? That's a driver testing/debugging tool in Windows and it explicitly can cause the computer to crash (by design). Unless the update somehow ran that tool, but that seems unlikely as this isn't a widely reported issue.
fate3@reddit
Yes it was, I don't suspect anyone would have.
SuperDaveOzborne@reddit
Are these VMs or physicals? If VMs what is your hosting environment?
fate3@reddit
All physical I think
ceantuco@reddit
no issues on our side. 2016 DC, FS and PS.
fate3@reddit
interesting, thanks
ceantuco@reddit
no problem.
Drivingmecrazeh@reddit
KB5062553 (CU)
Windows 11 Pro 24H2
Failure - 0x80073712
Not going to try any other machines for a bit of time.
ceantuco@reddit
Updated test Win 10 & Win 11 ok. Updated 2019, 2022 and 2025 test servers ok.
Will update production later this week.
Jblarew@reddit
Are your servers in Azure? Just curious as I'm having an issue with clean/new 2025 server not booting after update in Azure.
bf0921@reddit
Any update on this? We have two that had issues and we had to roll them back from a backup.
Jblarew@reddit
I also restored from backup and tried again with same results on the azure version of 2025 server.
I was able to reproduce the issue on the 2025 Azure Datacenter version with new vm.
I tried the 2025 Datacenter, non-Azure version, and it installed the update without an issue.
What I noticed on the azure version is when the update ran, it did 2 updates of this patch at the same time and then a reboot. On the non-azure version it did an update, then reboot, then another update for the same patch. So not sure if that's the root issue.
Sorry to hear about your trouble. Since this is a new server from us, the deployment of the non-azure version of 2025 server looks like it will be our resolution.
retoxnz@reddit
Our Azure VM AVD deployments using Win11 24h2 machines are having an issue during deployment. The last step of our deployment process is running Windows Updates and it never boots past the Hyper-V boot screen. I've reverted to 23h2 and it doesn't have the issue. I also manually updated our Win11 24h2 multi-session machines and they patched fine but new 24h2 VMs continue to have issues.
ceantuco@reddit
No they are not. I run my test servers and workstations on Proxmox lol
FCA162@reddit
Windows release health: WSUS update and sync operation fail with timeout errors
Status: Confirmed
Devices trying to synchronize updates from Microsoft Updates using Windows Server for Update Services (WSUS) might fail to complete the synchronization process. As a result, updates cannot be deployed using WSUS or Configuration Manager.
WSUS synchronization tasks are frequently configured to occur automatically in business and enterprise environments, although manual tasks are also possible. Error logs for WSUS are usually found in the SoftwareDistribution.log file under C:\Program Files\Update Services\LogFiles\. Common messages may include text similar to "Unable to connect to the remote server" and "A connection attempt failed because the connected party did not properly respond after a period of time"
There is no workaround at this time. A problematic update revision in the storage layer has been identified as potentially causing this issue, and repairs are in progress.
Next steps: We are working on a resolution and will provide more information when it is available.
Lad_From_Lancs@reddit
Server 2025 core
2025-07 Cumulative Update for Microsoft server operating system version 24H2 for x64-based Systems (KB5062553)
Seems to really struggle installing! These are new physical servers with nothing running on them other than Hyper V (one of them only got installed today and is just at the point where I've got all the drivers installed!)
One however does seem to have eventually taken it.... just trying to tickle the t'other now
Stonewalled9999@reddit
2025 seems like in that is sucks hard installing patches. My 4 test 2025 servers I ended up downloading the MSU and running manually and even that was over an hour per server (VM 4vCPU 16 GB RAM, sadly spinning rust)
Lad_From_Lancs@reddit
The install overall was screwed...... im not that deep into it - rebuilding the server from scratch and going back to GUI!
Jblarew@reddit
I deployed 2025 datacenter azure version from Microsoft standard image in Azure and then ran updates about 2pm EST on 7/8. Server created, joined to domain, rebooted and logged in without issues, then ran windows update..that's all. Server vm was sent reboot command from windows update screen and it's sitting on Hyper-V in the diagnostic page now at 1 hour. I think the KB5062553 patch breaks 2025 server boot process somehow, but since it's in Azure I can't really get to the vm to troubleshoot easily. I imagine we'll get more reports in next 24 hours that the patch breaks 2025 server.
Lad_From_Lancs@reddit
Fresh install with gui installed the updates no issues! I think there was a problem with one of the installs :)
SomeWhereInSC@reddit
Pushed the below updates (from Action1) to my Windows 11 23H2 system (thank you for your service to those who brave 24H2, I'm holding strong with 23H2). The install took 21 minutes until first reboot request, then 2 restarts for about 10 minutes until back to desktop. 31 minutes total.
2025-07 .NET 8.0.18 Update for x64 Client (KB5063326)
2025-07 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for x64 (KB5056580)
2025-07 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5062552)
ahtivi@reddit
24H2 updates via PS module took about 1 hour and 45 minutes to download and install before restart was prompted. 2 restarts took less than 3 minutes
Stonewalled9999@reddit
My test pc took hours to download (IIRC is was 2.8GB for the Cumulative) and chugged along and then reverted, So, most of Monday was my PC unusable. I hope I was an anomaly for 24H2
ResponsiveName@reddit
Yesterday my last WSUS sync log shows success.
Today my first WSUS sync log has failed:
WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 20.10.149.151:443
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetRevisionIdList(Cookie cookie, ServerSyncFilter filter)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetRevisionIdList(ServerSyncFilter filter, Boolean isConfigData)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
Until about one hour ago I wasn't able to ping that IP address, but now it started to reply to ping, but still failed...
Anyone with the same issue?
I saw on a german blog that someone complains about the same issue today...
Redeptus@reddit
South East Asia here, we're failing too. Had complaints from infra (I'm in cybersec) and they wanted us to check out our firewalls. Aged-out errors in our logs and 503 errors in WSUS logs
ResponsiveName@reddit
https://www.askwoody.com/forums/topic/wsus-failing-to-sync-updates-started-today-9-july-2025/#post-2790154
DeltaSierra426@reddit
Looks like this month is finally taking us to a decent Windows 11 24H2 and Server build quality. About time, lol!
...and then we'll get jacked up again next month...
lucidrenegade@reddit
Jinx
kn33@reddit
This seems to have triggered a Defender alert for me on a physical Server 2019 machine.
"Possible attempt to modify Code Integrity policy"
It looks like it was updating the secure boot certificate, and tripped over its own feet.
Hard_Working_Employe@reddit
I had a couple of these alarms this morning, but when I checked now they are all "automatically resolved". I didn't do anything, guess Microsoft noticed the false/positive alarm.
Jazzlike-Love-9882@reddit
Same. Hey at least I’m glad to see the sensors are working ¯_(ツ)_/¯
Hard_Working_Employe@reddit
Got the alert on the two Windows Server 2019, but not on a Windows Server 2016, updated today.
Lazy-Card-3570@reddit
woke up with multple "Possible attempt to modify Code Integrity" alerts from our defender.
Glad found this post.
Good start in the day.. :D
zaphod777@reddit
I've seen this on a few too
CrocodileWerewolf@reddit
I’m seeing this too, both on a physical machines and VMs
frac6969@reddit
Got the same thing but on a test VM. It’s only marked suspicious so I hope it went through.
DArchitect91@reddit
my new pc recently updated to this updated and started behaving slower and more laggy
is anyone else having lag issues after this update?
thanks for any info and or help
Electronic-Hotel-201@reddit
The update finally downloaded on my laptop after nearly a month!
mielcajc@reddit
Seem to be synching okay now. No errors reported or seen in the log. SCCM here. Had to re-run our ADRs.
However not seeing 2025-07 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5062557) in the software updates.
Ryee_rice08@reddit
sync is bad here for us still
brucelourenco@reddit
Guys I'm new with following MS updates. I'm reviewing the updates for the my customer's environment and I would like to know why some patches released July 8, 2025 doesn't be shown here:
https://msrc.microsoft.com/update-guide/
For example:
KB5062158: https://support.microsoft.com/en-us/topic/july-8-2025-security-and-quality-rollup-for-net-framework-2-0-3-0-3-5-sp1-4-6-2-for-windows-server-2008-sp2-kb5062158-66c3a154-ed53-444f-97cc-6cc3714bde8d
KB5062558: https://support.microsoft.com/en-us/topic/kb5062558-cumulative-security-update-for-internet-explorer-july-8-2025-f168b6e4-a995-4e01-8523-bb5f09797e63
Any ideas?
Thanks
brucelourenco@reddit
Another one:
KB5062064: https://support.microsoft.com/en-us/topic/july-8-2025-kb5062064-cumulative-update-for-net-framework-4-8-for-windows-10-version-1607-and-windows-server-2016-bf6da057-6cad-48e8-a84d-4a90333d4ca3
Ryee_rice08@reddit
East coast 847AM failing to sync.
WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
we upstream to microsoft. Looks like other people are seeing this issue as well. Thought it was just our WSUS server on the fritz... guess not (hopefully)
techvet83@reddit
Born City has a discussion about the issue at https://borncity.com/win/2025/07/09/wsus-has-synchronization-problems-july-9-2025/.
Ryee_rice08@reddit
seems like no solution yet and we are stuck in limbo. thanks!
Redeptus@reddit
Send like we're back, our admin says they're able to sync again to wsus.
Ryee_rice08@reddit
must be luck. no dice here east coast 1040am
Msoft09@reddit
looks like you are the lucky one to sync, still nothing here
SirBastille@reddit
I take it CVE-2025-47981 isn't getting much attention, despite being a 9.8, because the vulnerable setting isn't enabled by default on server OS installations?
jordanl171@reddit
I'm trying to confirm it's not on by default on Server installations. great news if it's not a server default.
SirBastille@reddit
Based off this page, it's not enabled by default on servers. I'm getting Veeam B&R vibes where the issue is severe but one would have to go against best practices to become vulnerable to the security flaw.
FlickKnocker@reddit
Really can't find a lot of technical data about this one. If that GPO is disabled, I'm reading that it just reduces the risk, but not entirely resolves it, but I don't know if that's just poor writing skills, like do they mean "if you turn it back on, you're vulnerable" (no shit), or does it mean that there are other ways to exploit the vulnerability even if it's disabled?
jtheh@reddit
It is disabled by default for all machines joined to a domain.
TheDarthSnarf@reddit
CVE-2025-47981 is bad enough that Microsoft released patches for past end-of-life Server 2008 R2, 2012 and 2012 R2...
techie_1@reddit
I tried installing this on an old 2012 server that doesn't have ESU and it says not applicable. Must be for ESU only.
joshtaco@reddit
That's just normal ESU
Lambicjunkie@reddit
Anyone having problem syncing WSUS? I’ve seen failed syncs this morning at two different installations. Same problem when retrying manually.
jmittermueller@reddit
See below
Mysterious-Worth6529@reddit
Great. My Azure update policies that say not to update and restart and servers tonight are going to update and restart the servers tonight.
mwerte@reddit
Don't you know that Microsoft knows best and you should just bend over and kiss your ass goodbye?
RedmondSecGnome@reddit
The ZDI has posted their analysis of the Microsoft patches here. Still nothing from Adobe?
DragonspeedTheB@reddit
My PatchMyPC Sync just picked up Adobe updates.
RedmondSecGnome@reddit
Yeah - looks like they finally published. I wonder why there was a delay? The ZDI updated their blog with the details. https://www.zerodayinitiative.com/blog/2025/6/10/the-june-2025-security-update-review
DragonspeedTheB@reddit
Makes you a little worried that something got shoved out the door half baked.
Moru21@reddit
I don’t see an update for curl.
CybersecurityGuruAE@reddit
Here is a free breakdown of the Patch Tuesday release: https://feedly.com/cve/security-advisories/microsoft
wrootlt@reddit
Oh no, not the VSCode Python extension again. Was such a pain to resolve last time. Because it is user side extension and is there a way to trigger its update other than asking user to open VSCode that they used months ago to allow it to update. In some cases i was just wiping extension folder from the systems. The problem is it creates so many different paths for myriads of extension versions and i cannot use wildcard to not to delete the good ones (latest).
IndyPilot80@reddit
Anyone else seeing KB5063326 .NET 8.0.18 Server as being expired in WSUS?
coming-around@reddit
does anyone have advice on getting the Windows10.0-KB5001716-AMDx64.msi for an offline install?
Accurate_String_662@reddit
Sharing in case it helps anyone else triaging patches today:
https://feedly.com/cve/security-advisories/microsoft/2025-07-08-july-2025-patch-tuesday-10-critical-vulnerabilities-amid-130-cves
yodaut@reddit
anyone have any idea why the .net framework update for win11 22h2 (not 23h2) is showing up a different/new product category this month (Windows 11 UUP Preview vs. Windows 11)?
https://catalog.update.microsoft.com/Search.aspx?q=5056580
did MS screw this one up?
jaritk1970@reddit
Bleepingcomputer.com links:
https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2025-patch-tuesday-fixes-one-zero-day-137-flaws/
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5062554-cumulative-update-released-with-13-changes-fixes/
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5062553-and-kb5062552-cumulative-updates-released/
EsbenD_Lansweeper@reddit
Here is the Lansweeper summary + audit. Top highlights are a SQL Server RCE, a KDC Proxy Service RCE and a SharePoint RCE. A total of 137 new fixes were released with 14 rated as critical.
coming-around@reddit
hiding the chrome download button on the third panel...
mezzanine_enjoyer@reddit
Installing - 100%.....
good luck all!
abz786@reddit
Was the DHCP issue from last month resolved in this month's patchs?
1grumpysysadmin@reddit
Back from the abyss... at least that's how it feels for me... our testing begins on Win 11, Server 2016,2019,2022.... nothing to report at the moment except its a CU and a DOT NET update kind of month. Hopefully nothing major. goes sideways.
Automox_@reddit
Patch Tuesday Rundown:
137 CVE’s
0 Zero-Days
🔒 Reminder: Secure Boot Certificates Expire June 2026
Devices shipped before 2025 need new Microsoft Secure Boot certs or future boot updates will fail.
While non-Windows specific, be sure to keep an eye out for these vulnerabilities and exploits.
Tech-Talker@reddit
https://fortiguard.fortinet.com/psirt
Tech-Talker@reddit
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
schuhmam@reddit
I am faced with the problem of having old (but still good functioning) Fujitsu computers at a customer's premises. These are most likely affected by the issue from last month (I had never released the updates, so everything is ‘fine’). If I release the updates, they will be broken by the applied UEFI (dbx?) updates.
How can I reliably ensure that these blacklist updates are not installed, and the systems remain functional? I currently only see the following options:
1) Do not install any more updates
2) Switch off Secure Boot (then I would have to do without Credential Guard)
3) Deactivate these blacklist updates (I don't know how to do this, and I don't know if it is even possible). I have read something about setting AutomaticUpdates to 0 in the registry. But this is not a policy. This value will be overwritten during the cumulative update in July. Also disabling some task or other similar things like that is not a sufficient solution.
Xbutterking@reddit
Well Sec updates are cumulative. You could push the months prior from catalog manually if you want to give them semi what up to date.
fieroloki@reddit
katos8858@reddit