Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Operating Systems Microsoft Windows

Sysadmin Shock As Windows Server 2025 Installs Itself After Update Labeling Error (theregister.com) 86

A security update mislabeling by Microsoft led to Windows Server 2022 systems unexpectedly upgrading to Windows Server 2025, impacting 7 percent of Heimdal customers and leaving administrators scrambling to manage unexpected licensing and configuration challenges. The Register reports: It took Heimdal a while to trace the problem. According to a post on Reddit: "Due to the limited initial footprint, identifying the root cause took some time. By 18:05 UTC, we traced the issue to the Windows Update API, where Microsoft had mistakenly labeled the Windows Server 2025 upgrade as KB5044284." It added: "Our team discovered this discrepancy in our patching repository, as the GUID for the Windows Server 2025 upgrade does not match the usual entries for KB5044284 associated with Windows 11. This appears to be an error on Microsoft's side, affecting both the speed of release and the classification of the update. After cross-checking with Microsoft's KB repository, we confirmed that the KB number indeed references Windows 11, not Windows Server 2025."

As of last night, Heimdal estimated that the unexpected upgrade had affected 7 percent of customers -- it said it had blocked KB5044284 across all server group policies. However, this is of little comfort to administrators finding themselves receiving an unexpected upgrade. Since rolling back to the previous configuration will present a challenge, affected users will be faced with finding out just how effective their backup strategy is or paying for the required license and dealing with all the changes that come with Windows Server 2025.

Sysadmin Shock As Windows Server 2025 Installs Itself After Update Labeling Error

Comments Filter:
  • by locofungus ( 179280 ) on Thursday November 07, 2024 @05:14AM (#64927219)

    There are far too many cases where fixes do far more than just fix things.

    This case appears to be an mistake on Microsoft's part, but it's not at all uncommon for fixes to deliberately change behaviour.

    Debian tries very hard not to update versions in a release and backport security fixes to the old version. But almost no other vendor seems to behave like that.

    • by RevRagnarok ( 583910 ) on Thursday November 07, 2024 @06:05AM (#64927277) Homepage Journal

      Calm down with the Debian cheerleading - you're describing the entire concept of "Enterprise Linux." All of them do that.

    • Redhat also does the backporting thing. IME they have even older versions than Debian in some cases, although it's been a while since I was dumb enough to mess with a rpm-based distribution, and certainly don't want to do business with enemies of the GPL.

    • This was a *mislabeled* backport security fix. Microsoft can't quite do like Debian because the parts of Windows are a bit more tightly coupled but, in general, Microsoft's security patches are relatively small.
    • "Mistake" ???? Microsoft has had their hands caught in the cookie jar multiple times already with consumer systems. Even when we consider that these are production servers, you can't tell me that Microsoft isn't hopeful for a day when they can just unilaterally delete the previous version of Windows from every system in existence.
  • Error? (Score:5, Insightful)

    by Bert64 ( 520050 ) <.moc.eeznerif.todhsals. .ta. .treb.> on Thursday November 07, 2024 @05:31AM (#64927233) Homepage

    paying for the required license

    If it's microsoft's error they should provide this for free, otherwise it's basically extortion (we screwed you, now pay up or your data is toast).

    • paying for the required license

      If it's microsoft's error they should provide this for free, otherwise it's basically extortion (we screwed you, now pay up or your data is toast).

      Exactly. This was an upgrade forced by the vendor. Either they can give the license away, or they can pay for all damages incurred.

    • by Luckyo ( 1726890 )

      Or at the very least microsoft should call and negotiate terms with relevant compensation.

    • paying for the required license

      If it's microsoft's error they should provide this for free, otherwise it's basically extortion (we screwed you, now pay up or your data is toast).

      It's just the way business is done now. Fuck up? Charge the customer. I hope they get their asses sued off for it, but it seems like nothing, no matter how nefarious and evil on the surface, every sticks to them these days.

  • 'Helping IT' (Score:5, Insightful)

    by Njovich ( 553857 ) on Thursday November 07, 2024 @05:41AM (#64927243)

    So after all the issues at Fortinet, Crowdstrike, SolarWinds, Palo Alto, is it really worthwhile to use this kind of 'helpful' software? Seems to be causing more trouble than it's worth.

    • What is more trouble than it's worth? Security? You should see what trouble you get into when you don't have any at all. Big news this year: A couple of incompetent companies lost a lot of money, for everyone else IT admins had a very bad week. That's it. That's completely small irrelevant crap compared to suffering a major data breach or being infected by ransomware, or having internal development documents / IP being sold online.

      Security is a lot less cost and effort than not having security. It's like an

    • Are you really suggesting that the solution to security patches gone awry is to stop providing security patches? A good solution to security patches gone awry would be to improve software development techniques so that less security patches are needed and also improve the patching mechanism so they are less likely to go awry.
      • by srg33 ( 1095679 )
        No. The suggestion is to just apply MS updates (or verify in-house) and NOT waste money on some 3rd party middleman company that fails.
  • Every week there's another story about Microsoft screwing over its customers and/or user base. At what point do we stop posting these stories since these are a regular part of life, their incompetence something we'll just have to live with?

    • It's "news for nerds." Go upstairs and ask your mom if she's aware of Microsoft doing this. Assuming she hasn't heard you shouting about it through her floor.
  • Maybe.. (Score:4, Interesting)

    by eniac42 ( 1144799 ) on Thursday November 07, 2024 @06:12AM (#64927293) Journal
    Put a block on MS ip address range for the network so updates are blicked, lift it every 2 weeks to allow updates, keep a test machine running that looks for these problems before allowing the updates?
  • by diffract ( 7165501 ) on Thursday November 07, 2024 @06:16AM (#64927299)
    a big advertiser for Linux lately, I guess they didn't want to leave out the server space too
    • Same has been said about Windows Vista.
      Didn't happen then, probably won't happen now...

    • To put this in Linux terms, imagine your favorite distro just dropped a new server release and some third-party script you use for making sure upgrades get installed misread the instructions and helpfully performed a dist-upgrade for you.

      Would that be your distro's fault?

  • Just a couple of years ago, their MDE plan 2 untested updates pushed ot the world randomly deleted millions of users' icons, causing panic.
  • ... affected users will be faced with ...

    I think, it's the third time this year, someone else is responsible for Microsoft's neglect and dirty deeds. When the don't-install-Chrome debacle was reported, the journalist failed to hold Microsoft responsible for their actions. When Recall Snapshots was announced, it was reported as "creepy", without investigating its built-in security and privacy. (Originally, there was none.)

    We now have tech reporters playing favourites.

  • Do they at least get Start menu ads as part of the Downtime Enshittification Insecurity
    initiative?

  • People buy tools like Heimdal Asset Management Module because Microsoft's defaults and Microsoft's plus-ups for system management like InTune still do not do what they want. But it was still Heimdal's code and not Microsoft code that determined that this upgrade was required. And it did it because the metadata in KB5044284 was wrong. It is still Heimdal's error that their product decided to automatically upgrade these systems because a patch downloaded for one operating system was tagged as being for an
    • Both are to blame. Microsoft for not testing before release and Heimdal for not testing before release.

      I sense a pattern forming.....

      • What Microsoft test would have detected the incorrect metadata GUID? That metadata is there for information purposes, NOT to tell some automated tool to treat this as a dependency, grab another OS and install it before applying the update.
        • If the information has no value then why is it there at all?

          Good code is written on the assumption that users are a bunch of monkeys pounding randomly on the keyboard yet still does something rational in response, not fucking up their servers.

          And Jfc why is no one at MS checking this metadata anyway? Jfc, seriously, some intern enters this shit by hand while on the vpn from the bar? The entire process of release should be automated.

  • I think I would have been a bit suspicious of a 5GB+ download (the smallest Windows Server 2022 upgrade I could find) for a "security update". This is roughly 7x larger than the largest Windows Server 2022 update, and 12x larger than any update for about 2 years.

    I know disk space is cheap, but even if this was my home computer I would be wary of an update that is large enough to replace the entire OS.

    • Do you constantly keep an eye on bandwidth usage? On my 300Mbps connection 5gb would take a few minutes.

    • KB5044284 was not an OS upgrade, I contains updates to 328 files and is a pretty standard Windows update. The problem is that one metadata field in this updated indicated (in GUID form) that it was for Windows Server 2025. The BIG mistake was on the part of Heimdal Asset Management Module, which rather than OPTION-1) ignoring this metadata, or OPTION-2) deciding there was an OS mismatch and skipping, this 3rd party asset management tool decided on OPTION-3) It needed to upgrade the OS before applying the
  • by Mspangler ( 770054 ) on Thursday November 07, 2024 @09:34AM (#64927571)

    The security update is a whole new operating system?

    Somehow that seems appropriate when discussing Microsoft.

    • Agreed, although replacing one MS operating system with another is certainly not an upgrade.
    • It would be more appropriate if the new OS was Linux.
    • by gweihir ( 88907 )

      Indeed. The real question is "Is it an update or a downgrade?" though and whether it actually fixes any security problems or at least more than it introduces.

  • Unsolicated goods,
  • "impacting 7 percent of Heimdal customers."

    Heimdall (two L's) would have seen this coming.

  • And people wonder why tech people are well paid. We are there with the right skills at the right time when vendors, and hardware, and people, shit the bed. Always standing by to wipe technical ass.

    • by gweihir ( 88907 )

      Sad but true. To be fair, MS incompetence is a major job creator for IT and IT Security experts. We should be grateful to them. Well, maybe.

  • by laughingskeptic ( 1004414 ) on Thursday November 07, 2024 @12:57PM (#64928153)
    KB5044284 contains updates to 328 files and is a pretty standard Windows update. (https://support.microsoft.com/en-us/topic/october-8-2024-kb5044284-os-build-26100-2033-6baf4a06-9763-4d9b-ba8a-f25ba6ed477b) The Microsoft mistake is that one metadata field in this updated indicated (in GUID form) that it was for Windows Server 2025. The BIG mistake was on the part of Heimdal's Asset Management Module, which rather than OPTION-1) ignoring this metadata, or OPTION-2) deciding there was an OS mismatch and skipping, this 3rd party asset management tool decided on OPTION-3) It needed to upgrade the OS before applying the patch.

    Choosing OPTION-3 was a very bad choice and has little to do with Microsoft's metadata error.
    • For decades, people have been telling Microsoft that security updates and feature updates should be separated.

      This is the cost of not having them separated. But, I am sure the end result is still acceptable to Microsoft as long as their goals are achieved. Your goals are utterly irrelevant to Microsoft. They are too big to fail.

  • Always good for surprises. Just never any good surprises. You would think they are a bit more careful with their corporate customers, but apparently not.

  • MS updates system A to system B without user interaction, and then asks money for system B's license? How unscrupulous can they get? At least when they were updating Windows 7/8 to Windows 10, the old licenses remained valid. I guess they need more money now.

  • I wonder how many of these OS updates failed due to the lack of disk space to complete the update.
  • What testing? They're Microsoft.
  • Long gone are the days of the 5 nines, and for anyone wondering, 5 nines represents 99.999% uptime. Who in their rigth mind has anything on the production side set to auto update? This is the exact reason we have labs and test beds. Apply to the lab/test bed wait a day or two (maybe even longer depending on how mission critical your servers are) then roll out to production. I feel like this is a direct result of firing the oldies who cost more and hiring a bunch if new sys admins who cost less.

The opossum is a very sophisticated animal. It doesn't even get up until 5 or 6 PM.

Working...