Full Report
Microsoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalone Installer (WUSA). [...]
Analysis Summary
# Vulnerability: Windows Update Installation Failure via WUSA from Network Shares
## CVE Details
- CVE ID: Not explicitly assigned in the provided context (This appears to be a known operational issue/bug, not a security vulnerability.)
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: Windows 11 (specifically 24H2), Windows Server 2025 (implied by context discussing recent updates for these platforms), Windows Server 2022 (mentioned in relation to the KIR fix).
- Versions: Windows 11 version 24H2, Windows Server 2025.
- Configurations: Updates attempted for installation via the `WUSA` tool when the update package (`.msu` file) is sourced from a network share.
## Vulnerability Description
Recent Windows updates may fail to install correctly using the Windows Update Standalone Installer (`WUSA`) utility if the update package (`.msu`) is located on a network share. Updates may install correctly if the package is copied and run locally. Additionally, a secondary, temporary issue may cause the Update History page to incorrectly display that a restart is required after successfully installing an `.msu` file and restarting.
## Exploitation
- Status: Not applicable (Operational issue, not a security vulnerability leading to unauthorized access or control).
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: No direct impact noted.
- Integrity: Inability to apply necessary security or operational updates via the standard network deployment path.
- Availability: Temporary disruption to system maintenance/patching process.
## Remediation
### Patches
No direct security patch is explicitly mentioned for this specific installation failure bug. Microsoft is mitigating the issue via Known Issue Rollback (KIR).
* **KIR Fix (Automated for Home/Non-managed):** Mitigation is being rolled out automatically via Known Issue Rollback (KIR) for home and non-managed business devices.
* **KIR Fix (Manual for IT Admins):** IT administrators can deploy a fix by installing and configuring the specific Known Issue Rollback Group Policy available for Windows 11 24H2 and Windows Server 2022 (note the mention of 2022 here, although 2025 was contextually affected).
* KIR Policy Link (Defanged): `hxxps://download.microsoft.com/download/14b2e824-2a34-4504-a46b-13c8b75221d3/Windows%2011%2024H2%20and%20Windows%20Server%202025%20KB5062660%20250806_17201%20Known%20Issue%20Rollback.msi`
### Workarounds
1. **Local Installation:** Copy the `.msu` update file locally (e.g., to the C: drive) and run `WUSA` from that local path instead of the network share.
2. **Wait for Future Update:** Devices not managed by IT can wait for the issue to resolve itself through the ongoing KIR rollout or in a future cumulative Windows update.
## Detection
- **Indicators of Compromise:** Installation failures reported when using `WUSA` pointing to network shares. Update History inconsistencies (showing necessary restart when none is needed).
- **Detection Methods and Tools:** Monitoring Windows Update error logs within the system for installation failures when the source path is network-based.
## References
- Vendor Advisory: Microsoft advisory concerning update installation failure via WUSA.
- Relevant links:
* `hxxps://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-windows-server-2025-updates-may-fail-from-network-shares/`