Microsoft Known Issue

Free Trial
Known issues in Microsoft Patches:
 
Microsoft often releases patches to address security and reliability issues. Sometimes, patches itself will introduce unprecedented issues after installing them. Here's the updated list of all the known issues in Microsoft patches and possible workaround for them.

Oops! No results for your search.

workaround
Apr 15, 2025
KB5058920
2025-04 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5058920)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Apr 15, 2025
KB5058920
2025-04 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5058920)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025, or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear"
This issue is addressed in KB5055526.
workaround
Apr 15, 2025
KB5058922
2025-04 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5058922)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Apr 15, 2025
KB5058919
2025-04 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5058919)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Apr 9, 2025
KB5055596
2025-04 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5055596)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated.
workaround
Apr 9, 2025
KB5055523
2025-04 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5055523)
"We're aware of an edge case of Windows Hello issue affecting devices with specific security features enabled. After installing this update and performing a Push button reset or Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, some users might be unable to login to their Windows services using Windows Hello facial recognition or PIN. Users might observe a Windows Hello Message saying "Something happened and your PIN isn't"
To login using PIN, follow the Set my PIN prompt on the logon screen to re-enroll into Windows Hello. To use Face Logon, re-enroll in Windows Hello Facial recognition go to Settings > Accounts > Sign-in options > Facial recognition (Windows Hello), and select Set up. Follow the on-screen instructions.
workaround
Apr 9, 2025
KB5055523
2025-04 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5055523)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox from the Microsoft Store on Windows."
Roblox is working on a resolution to address this issue. Please refer to the Roblox support site for updates. Until the resolution is available, players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Apr 9, 2025
KB5055528
2025-04 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5055528) (CVE-2025-29824)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Apr 9, 2025
KB5055528
2025-04 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5055528) (CVE-2025-29824)
"Audit Logon/Logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the "Audit logon events" policy with Security Setting of "No auditing". This issue might only manifest as a reporting inconsistency. It’s possible that logon events are correctly being "
Adjustments to the Windows registry will prevent this issue. Important: This workaround contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows. Open the Windows registry editor and navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Audit\SystemPolicy\LogonLogoff\AccessRights Right-click AccessRights > Permissions, select Advanced. Then, change owner to Administrators, check Replace owner on subcontainers and objects, select Apply and OK. In the Permissions window, select Administrators, check Full Control under “Allow”, select Apply and OK. Modify the GUID key to the following value: {0CCE924B-69AE-11D9-BED3-505054503030} Enable the subcategory with the correct GUID using the following command (open a Run dialog, then type the following command and press Enter): auditpol /set /subcategory:{0CCE924B-69AE-11D9-BED3-505054503030} /success:enable /failure:enable Reverse the permission changes: Right-click AccessRights > Permissions, select Advanced. Then, change owner to "NT SERVICE\TrustedInstaller”, check Replace owner on subcontainers and objects, select Apply and OK. In the Permissions window, select Administrators, check Read under “Allow”, select Apply and OK. Next Steps Microsoft is working on a resolution and will provide more information when it is available.
workaround
Apr 9, 2025
KB5055518
2025-04 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5055518) (CVE-2025-29824)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Apr 9, 2025
KB5055518
2025-04 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5055518) (CVE-2025-29824)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025, or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear"
No specific action is required; however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing 'cmd'. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator.” Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Apr 9, 2025
KB5055519
2025-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5055519) (CVE-2025-29824)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Apr 9, 2025
KB5055519
2025-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5055519) (CVE-2025-29824)
"Audit Logon/Logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the "Audit logon events" policy with Security Setting of "No auditing". This issue might only manifest as a reporting inconsistency. It’s possible that logon events are correctly being "
Adjustments to the Windows registry will prevent this issue. Important: This workaround contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows. Open the Windows registry editor and navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Audit\SystemPolicy\LogonLogoff\AccessRights Right-click AccessRights > Permissions, select Advanced. Then, change owner to Administrators, check Replace owner on subcontainers and objects, select Apply and OK. In the Permissions window, select Administrators, check Full Control under “Allow”, select Apply and OK. Modify the GUID key to the following value: {0CCE924B-69AE-11D9-BED3-505054503030} Enable the subcategory with the correct GUID using the following command (open a Run dialog, then type the following command and press Enter): auditpol /set /subcategory:{0CCE924B-69AE-11D9-BED3-505054503030} /success:enable /failure:enable Reverse the permission changes: Right-click AccessRights > Permissions, select Advanced. Then, change owner to "NT SERVICE\TrustedInstaller”, check Replace owner on subcontainers and objects, select Apply and OK. In the Permissions window, select Administrators, check Read under “Allow”, select Apply and OK. Next Steps Microsoft is working on a resolution and will provide more information when it is available.
workaround
Apr 9, 2025
KB5055521
2025-04 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5055521) (CVE-2025-29824)
"Audit Logon/Logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the "Audit logon events" policy with Security Setting of "No auditing". This issue might only manifest as a reporting inconsistency. It’s possible that logon events are correctly being "
Adjustments to the Windows registry will prevent this issue. Important: This workaround contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows. Open the Windows registry editor and navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Audit\SystemPolicy\LogonLogoff\AccessRights Right-click AccessRights > Permissions, select Advanced. Then, change owner to Administrators, check Replace owner on subcontainers and objects, select Apply and OK. In the Permissions window, select Administrators, check Full Control under “Allow”, select Apply and OK. Modify the GUID key to the following value: {0CCE924B-69AE-11D9-BED3-505054503030} Enable the subcategory with the correct GUID using the following command (open a Run dialog, then type the following command and press Enter): auditpol /set /subcategory:{0CCE924B-69AE-11D9-BED3-505054503030} /success:enable /failure:enable Reverse the permission changes: Right-click AccessRights > Permissions, select Advanced. Then, change owner to "NT SERVICE\TrustedInstaller”, check Replace owner on subcontainers and objects, select Apply and OK. In the Permissions window, select Administrators, check Read under “Allow”, select Apply and OK. Next Steps Microsoft is working on a resolution and will provide more information when it is available.
workaround
Apr 9, 2025
KB5055526
2025-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5055526) (CVE-2025-29824)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Apr 9, 2025
KB5055526
2025-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5055526) (CVE-2025-29824)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025, or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear"
No specific action is required; however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing 'cmd'. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator.” Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Apr 9, 2025
KB5055526
2025-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5055526) (CVE-2025-29824)
"Audit Logon/Logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the "Audit logon events" policy with Security Setting of "No auditing"."
Adjustments to the Windows registry will prevent this issue. Important: This workaround contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows. Open the Windows registry editor and navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Audit\SystemPolicy\LogonLogoff\AccessRights Right-click AccessRights > Permissions, select Advanced. Then, change owner to Administrators, check Replace owner on subcontainers and objects, select Apply and OK. In the Permissions window, select Administrators, check Full Control under “Allow”, select Apply and OK. Modify the GUID key to the following value: {0CCE924B-69AE-11D9-BED3-505054503030} Enable the subcategory with the correct GUID using the following command (open a Run dialog, then type the following command and press Enter): auditpol /set /subcategory:{0CCE924B-69AE-11D9-BED3-505054503030} /success:enable /failure:enable Reverse the permission changes: Right-click AccessRights > Permissions, select Advanced. Then, change owner to "NT SERVICE\TrustedInstaller”, check Replace owner on subcontainers and objects, select Apply and OK. In the Permissions window, select Administrators, check Read under “Allow”, select Apply and OK. Next Steps Microsoft is working on a resolution and will provide more information when it is available.
workaround
Apr 9, 2025
KB5055609
2025-04 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5055609)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated.
workaround
Apr 9, 2025
KB5055523
2025-04 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5055523)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Mar 20, 2025
KB5053598
2025-03 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5053598) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"Were aware of an issue with the Microsoft Copilot app affecting some devices. The app is unintentionally uninstalled and unpinned from the taskbar. Note: This issue has not been observed with the Microsoft 365 Copilot app."
This issue has been fixed, and the affected devices are being returned to their original state. You can also reinstall the app from the Microsoft Store and pin it to the taskbar.
workaround
Mar 20, 2025
KB5053606
2025-03 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5053606) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"After installing this update, you might observe issues with USB connected dual-mode printers that support both USB Print and IPP Over USB protocols. You might observe that the printer unexpectedly prints random text and data, including network commands and unusual characters. Resulting from this issue, the printed text might often start with the header "POST /ipp/print HTTP/1.1", followed by other IPP (Internet Printing Protocol) related headers. This issue tends to"
This issue is mitigated using Known Issue Rollback (KIR). IT administrators can mitigate this issue by following the steps mentioned in the Resolution section of this known issue in Windows release health site.
workaround
Mar 20, 2025
KB5053606
2025-03 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5053606) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"Were aware of an issue with the Microsoft Copilot app affecting some devices. The app is unintentionally uninstalled and unpinned from the taskbar. Note: This issue has not been observed with the Microsoft 365 Copilot app."
This issue has been fixed, and the affected devices are being returned to their original state. You can also reinstall the app from the Microsoft Store and pin it to the taskbar.
workaround
Mar 12, 2025
KB5053995
2025-03 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5053995) (ESU) (CVE-2025-24991) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Mar 12, 2025
KB5053888
2025-03 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5053888) (ESU) (CVE-2025-24991) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Mar 12, 2025
KB5053598
2025-03 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5053598) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox from the Microsoft Store on Windows."
Roblox is working on a resolution to address this issue. Please refer to the Roblox support site for updates. Until the resolution is available, players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Mar 12, 2025
KB5053598
2025-03 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5053598) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Mar 12, 2025
KB5053602
2025-03 Cumulative Update for Windows 11 Version 23H2 for arm64-based Systems (KB5053602) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Mar 12, 2025
KB5053606
2025-03 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5053606) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Mar 12, 2025
KB5053606
2025-03 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5053606) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear "
No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing cmd. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”. Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLMSystemCurrentControlSetServicesSgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Mar 12, 2025
KB5053596
2025-03 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5053596) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Mar 12, 2025
KB5053599
2025-03 Cumulative Update for Microsoft server operating system version 23H2 for x64-based Systems (KB5053599) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 14, 2025
KB5052072
2025-02 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5052072) (ESU) (CVE-2025-21418)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Feb 14, 2025
KB5052038
2025-02 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5052038) (ESU) (CVE-2025-21418) (CVE-2025-21377)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Feb 14, 2025
KB5052000
2025-02 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5052000) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 14, 2025
KB5052000
2025-02 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5052000) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 14, 2025
KB5051987
2025-02 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5051987) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox from the Microsoft Store on Windows."
Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Feb 14, 2025
KB5051987
2025-02 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5051987) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 14, 2025
KB5051987
2025-02 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5051987) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 14, 2025
KB5051989
2025-02 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5051989) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 14, 2025
KB5051989
2025-02 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5051989) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 14, 2025
KB5051974
2025-02 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5051974) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 14, 2025
KB5051974
2025-02 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5051974) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 14, 2025
KB5051974
2025-02 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5051974) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. "
No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing 'cmd'. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”. Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Feb 14, 2025
KB5051980
2025-02 Cumulative Update for Microsoft server operating system version 23H2 for x64-based Systems (KB5051980) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 14, 2025
KB5051979
2025-02 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5051979) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. "
No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing 'cmd'. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”. Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Feb 14, 2025
KB5051979
2025-02 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5051979) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 14, 2025
KB5051979
2025-02 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5051979) (CVE-2025-21391) (CVE-2025-21418) (CVE-2025-21377)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 10, 2025
KB5052819
2025-01 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5052819)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 10, 2025
KB5052819
2025-01 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5052819)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 10, 2025
KB5052819
2025-01 Cumulative Update Preview for Microsoft server operating system version 21H2 for x64-based Systems (KB5052819)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear "
No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing cmd. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”. Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLMSystemCurrentControlSetServicesSgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Feb 10, 2025
KB5050094
2025-01 Cumulative Update Preview for Windows 11 Version 24H2 for x64-based Systems (KB5050094)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows."
Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Feb 10, 2025
KB5050094
2025-01 Cumulative Update Preview for Windows 11 Version 24H2 for x64-based Systems (KB5050094)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 10, 2025
KB5050094
2025-01 Cumulative Update Preview for Windows 11 Version 24H2 for x64-based Systems (KB5050094)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 10, 2025
KB5050081
2025-01 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5050081)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 10, 2025
KB5050081
2025-01 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5050081)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 10, 2025
KB5050081
2025-01 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5050081)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear "
No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing cmd. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”. Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLMSystemCurrentControlSetServicesSgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Feb 3, 2025
KB5050092
2025-01 Cumulative Update Preview for Windows 11 Version 23H2 for arm64-based Systems (KB5050092)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Feb 3, 2025
KB5050092
2025-01 Cumulative Update Preview for Windows 11 Version 23H2 for arm64-based Systems (KB5050092)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Feb 3, 2025
KB5050008
2025-01 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5050008) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback. DACs (Digital-to-Analog Converters) are commonly used in scenarios where users need to improve the quality of their audio systems. A few scenarios w"
Users can avoid this issue by avoiding the use of an external DAC in the connection process and directly plugging your audio device to your PC. We are working on a resolution and will provide an update in an upcoming release.
workaround
Feb 3, 2025
KB5050009
2025-01 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5050009) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback. DACs (Digital-to-Analog Converters) are commonly used in scenarios where users need to improve the quality of their audio systems. A few scenarios w"
This issue is addressed in KB5050094.
workaround
Feb 3, 2025
KB5050009
2025-01 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5050009) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB cameras. Your device might not recognize the camera is on."
This issue is addressed in KB5050094.
workaround
Feb 3, 2025
KB5050021
2025-01 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5050021) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback. DACs (Digital-to-Analog Converters) are commonly used in scenarios where users need to improve the quality of their audio systems. A few scenarios w"
This issue is addressed in KB5050092.
workaround
Feb 3, 2025
KB5050021
2025-01 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5050021) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB cameras. Your device might not recognize the camera is on."
This issue is addressed in KB5050092.
workaround
Feb 3, 2025
KB5049981
2025-01 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5049981) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear "
No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing cmd. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”. Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLMSystemCurrentControlSetServicesSgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Feb 3, 2025
KB5049981
2025-01 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5049981) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback. DACs (Digital-to-Analog Converters) are commonly used in scenarios where users need to improve the quality of their audio systems. A few scenarios w"
This issue is addressed in KB5050081.
workaround
Feb 3, 2025
KB5049981
2025-01 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5049981) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB cameras. Your device might not recognize the camera is on."
This issue is addressed in KB5050081.
workaround
Feb 3, 2025
KB5049993
2025-01 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5049993) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback. DACs (Digital-to-Analog Converters) are commonly used in scenarios where users need to improve the quality of their audio systems. A few scenarios w"
Users can avoid this issue by avoiding the use of an external DAC in the connection process and directly plugging your audio device to your PC. We are working on a resolution and will provide an update in an upcoming release.
workaround
Feb 3, 2025
KB5049983
2025-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5049983) (CVE-2025-21275) (CVE-2025-21308)
"The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’. This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear "
No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer. To do so, you can follow these steps: Open a Command Prompt window. This can be accomplished by opening the Start menu and typing cmd. The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”. Once the window is open, carefully enter the following text: sc.exe config sgrmagent start=disabled A message may appear afterwards. Next, enter the following text: reg add HKLMSystemCurrentControlSetServicesSgrmBroker /v Start /d 4 /t REG_DWORD Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up. Note that some of these steps might be restricted by group policy set by your organization. We are working on a resolution and will provide an update in an upcoming release.
workaround
Feb 3, 2025
KB5049983
2025-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5049983) (CVE-2025-21275) (CVE-2025-21308)
"After installing this security update, you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback. DACs (Digital-to-Analog Converters) are commonly used in scenarios where users need to improve the quality of their audio systems. A few scenarios w"
Users can avoid this issue by avoiding the use of an external DAC in the connection process and directly plugging your audio device to your PC. We are working on a resolution and will provide an update in an upcoming release.
workaround
Jan 16, 2025
KB5050061
2025-01 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5050061) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the How to get this update section of this article.
workaround
Jan 16, 2025
KB5050063
2025-01 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5050063) (ESU)
"After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History."
This is expected in the following circumstances: If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181. If you do not have an ESU MAK add-on key installed and activated. If you have an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, see the Obtaining Extended Security Updates for eligible Windows devices blog post. For information on the prerequisites, see the "How to get this update" section of this article.
workaround
Jan 16, 2025
KB5050008
2025-01 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5050008) (CVE-2025-21308)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Jan 16, 2025
KB5050008
2025-01 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5050008) (CVE-2025-21308)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Jan 16, 2025
KB5050009
2025-01 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5050009) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"We’re aware of an issue where players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows."
Players on Arm devices can play Roblox by downloading the title directly from www.Roblox.com.
workaround
Jan 16, 2025
KB5050009
2025-01 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5050009) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Jan 16, 2025
KB5050009
2025-01 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5050009) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Jan 16, 2025
KB5050021
2025-01 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5050021) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Jan 16, 2025
KB5050021
2025-01 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5050021) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Jan 16, 2025
KB5049981
2025-01 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5049981) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Jan 16, 2025
KB5049981
2025-01 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5049981) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275) (CVE-2025-21308)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
workaround
Jan 16, 2025
KB5049984
2025-01 Cumulative Update for Microsoft server operating system version 23H2 for x64-based Systems (KB5049984) (CVE-2025-21333) (CVE-2025-21334) (CVE-2025-21335) (CVE-2025-21275)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Jan 16, 2025
KB5049983
2025-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5049983) (CVE-2025-21275) (CVE-2025-21308)
"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro "
Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps: Open PowerShell as an Administrator. Update the permissions for C:ProgramDatassh and C:ProgramDatasshlogs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed. Use the following commands to update the permissions: $directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl Repeat the above steps for C:ProgramDatasshlogs. Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.
workaround
Jan 16, 2025
KB5049983
2025-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5049983) (CVE-2025-21275) (CVE-2025-21308)
"Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when rest"
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation. Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.

Disclaimer:This webpage is intended to provide you information about patch announcement for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors websites. You can get more information by clicking the links to visit the relevant pages on the vendors website.

 

Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.

Trusted by

Back to Top