Full Report
Microsoft has fixed a known issue preventing Windows 11 24H2 feature updates from being delivered via Windows Server Update Services (WSUS) after installing the April 2025 security updates. [...]
Analysis Summary
# Vulnerability: Windows Update Errors Preventing 24H2 Installation (Error 0x80240069)
## CVE Details
- CVE ID: N/A (This is a known functional/update bug, not a security vulnerability requiring a CVE.)
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: Windows 11
- Versions: Windows 11 22H2, Windows 11 23H2 (Issue occurs during attempts to update/upgrade to 24H2)
- Configurations: Enterprise-managed devices where the update download/initiation fails.
## Vulnerability Description
The described issue is a functional bug causing Windows updates (specifically the upgrade pathway to Windows 11 version 24H2) to fail initiation or completion, resulting in the error code `0x80240069`. Affected systems may also show logs indicating that the Windows Update service (`wuauserv`) stopped unexpectedly.
## Exploitation
- Status: Not applicable (Functional Bug)
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: None (Related to update failure)
- Integrity: Low (System update process integrity is broken)
- Availability: Medium (Prevents access to the latest features and security updates provided in 24H2 or subsequent patches)
## Remediation
### Patches
The fix is being rolled out automatically via Known Issue Rollback (KIR). No specific traditional KB patch package is detailed for direct installation on consumer CUs in this summary, rather the automated KIR mechanism.
### Workarounds
For **enterprise-managed devices** running Windows 11 22H2/23H2:
1. **Install the Known Issue Rollback Group Policy:** Download and install the specific `.msi` file provided by Microsoft.
2. **Deploy the Policy:** Use the Group Policy Editor (Local Computer Policy or Domain policy) to target the affected Windows version.
3. **Restart:** Restart the affected devices to apply the Group Policy setting which leverages KIR to resolve the update failure.
*Note: Microsoft is also addressing a separate latent code issue causing unauthorized upgrades on devices blocked via Intune.*
## Detection
- **Indicators of Compromise (IOCs):** Windows Update logs showing error code `0x80240069`.
- **Detection Methods and Tools:** Review of Windows Update logs; monitoring for the unexpected stoppage of the `wuauserv` service.
## References
- [Vendor advisory/Guidance on deploying KIR](https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/)
- [News Source](https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-fix-for-windows-11-update-0x80240069-errors/)