Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Operating Systems Microsoft Windows

Sysadmin Shock As Windows Server 2025 Installs Itself After Update Labeling Error (theregister.com) 61

A security update mislabeling by Microsoft led to Windows Server 2022 systems unexpectedly upgrading to Windows Server 2025, impacting 7 percent of Heimdal customers and leaving administrators scrambling to manage unexpected licensing and configuration challenges. The Register reports: It took Heimdal a while to trace the problem. According to a post on Reddit: "Due to the limited initial footprint, identifying the root cause took some time. By 18:05 UTC, we traced the issue to the Windows Update API, where Microsoft had mistakenly labeled the Windows Server 2025 upgrade as KB5044284." It added: "Our team discovered this discrepancy in our patching repository, as the GUID for the Windows Server 2025 upgrade does not match the usual entries for KB5044284 associated with Windows 11. This appears to be an error on Microsoft's side, affecting both the speed of release and the classification of the update. After cross-checking with Microsoft's KB repository, we confirmed that the KB number indeed references Windows 11, not Windows Server 2025."

As of last night, Heimdal estimated that the unexpected upgrade had affected 7 percent of customers -- it said it had blocked KB5044284 across all server group policies. However, this is of little comfort to administrators finding themselves receiving an unexpected upgrade. Since rolling back to the previous configuration will present a challenge, affected users will be faced with finding out just how effective their backup strategy is or paying for the required license and dealing with all the changes that come with Windows Server 2025.

Sysadmin Shock As Windows Server 2025 Installs Itself After Update Labeling Error

Comments Filter:
  • by locofungus ( 179280 ) on Thursday November 07, 2024 @05:14AM (#64927219)

    There are far too many cases where fixes do far more than just fix things.

    This case appears to be an mistake on Microsoft's part, but it's not at all uncommon for fixes to deliberately change behaviour.

    Debian tries very hard not to update versions in a release and backport security fixes to the old version. But almost no other vendor seems to behave like that.

    • Re: (Score:3, Insightful)

      by RevRagnarok ( 583910 )

      Calm down with the Debian cheerleading - you're describing the entire concept of "Enterprise Linux." All of them do that.

    • Redhat also does the backporting thing. IME they have even older versions than Debian in some cases, although it's been a while since I was dumb enough to mess with a rpm-based distribution, and certainly don't want to do business with enemies of the GPL.

    • This was a *mislabeled* backport security fix. Microsoft can't quite do like Debian because the parts of Windows are a bit more tightly coupled but, in general, Microsoft's security patches are relatively small.
    • "Mistake" ???? Microsoft has had their hands caught in the cookie jar multiple times already with consumer systems. Even when we consider that these are production servers, you can't tell me that Microsoft isn't hopeful for a day when they can just unilaterally delete the previous version of Windows from every system in existence.
  • Error? (Score:5, Insightful)

    by Bert64 ( 520050 ) <bert@@@slashdot...firenzee...com> on Thursday November 07, 2024 @05:31AM (#64927233) Homepage

    paying for the required license

    If it's microsoft's error they should provide this for free, otherwise it's basically extortion (we screwed you, now pay up or your data is toast).

    • paying for the required license

      If it's microsoft's error they should provide this for free, otherwise it's basically extortion (we screwed you, now pay up or your data is toast).

      Exactly. This was an upgrade forced by the vendor. Either they can give the license away, or they can pay for all damages incurred.

    • by Luckyo ( 1726890 )

      Or at the very least microsoft should call and negotiate terms with relevant compensation.

    • paying for the required license

      If it's microsoft's error they should provide this for free, otherwise it's basically extortion (we screwed you, now pay up or your data is toast).

      It's just the way business is done now. Fuck up? Charge the customer. I hope they get their asses sued off for it, but it seems like nothing, no matter how nefarious and evil on the surface, every sticks to them these days.

  • 'Helping IT' (Score:5, Insightful)

    by Njovich ( 553857 ) on Thursday November 07, 2024 @05:41AM (#64927243)

    So after all the issues at Fortinet, Crowdstrike, SolarWinds, Palo Alto, is it really worthwhile to use this kind of 'helpful' software? Seems to be causing more trouble than it's worth.

    • What is more trouble than it's worth? Security? You should see what trouble you get into when you don't have any at all. Big news this year: A couple of incompetent companies lost a lot of money, for everyone else IT admins had a very bad week. That's it. That's completely small irrelevant crap compared to suffering a major data breach or being infected by ransomware, or having internal development documents / IP being sold online.

      Security is a lot less cost and effort than not having security. It's like an

    • Are you really suggesting that the solution to security patches gone awry is to stop providing security patches? A good solution to security patches gone awry would be to improve software development techniques so that less security patches are needed and also improve the patching mechanism so they are less likely to go awry.
      • by srg33 ( 1095679 )
        No. The suggestion is to just apply MS updates (or verify in-house) and NOT waste money on some 3rd party middleman company that fails.
  • Every week there's another story about Microsoft screwing over its customers and/or user base. At what point do we stop posting these stories since these are a regular part of life, their incompetence something we'll just have to live with?

  • Maybe.. (Score:3, Interesting)

    by eniac42 ( 1144799 ) on Thursday November 07, 2024 @06:12AM (#64927293) Journal
    Put a block on MS ip address range for the network so updates are blicked, lift it every 2 weeks to allow updates, keep a test machine running that looks for these problems before allowing the updates?
  • a big advertiser for Linux lately, I guess they didn't want to leave out the server space too
  • Just a couple of years ago, their MDE plan 2 untested updates pushed ot the world randomly deleted millions of users' icons, causing panic.
  • ... affected users will be faced with ...

    I think, it's the third time this year, someone else is responsible for Microsoft's neglect and dirty deeds. When the don't-install-Chrome debacle was reported, the journalist failed to hold Microsoft responsible for their actions. When Recall Snapshots was announced, it was reported as "creepy", without investigating its built-in security and privacy. (Originally, there was none.)

    We now have tech reporters playing favourites.

  • Do they at least get Start menu ads as part of the Downtime Enshittification Insecurity
    initiative?

  • People buy tools like Heimdal Asset Management Module because Microsoft's defaults and Microsoft's plus-ups for system management like InTune still do not do what they want. But it was still Heimdal's code and not Microsoft code that determined that this upgrade was required. And it did it because the metadata in KB5044284 was wrong. It is still Heimdal's error that their product decided to automatically upgrade these systems because a patch downloaded for one operating system was tagged as being for an
    • Both are to blame. Microsoft for not testing before release and Heimdal for not testing before release.

      I sense a pattern forming.....

      • What Microsoft test would have detected the incorrect metadata GUID? That metadata is there for information purposes, NOT to tell some automated tool to treat this as a dependency, grab another OS and install it before applying the update.
  • I think I would have been a bit suspicious of a 5GB+ download (the smallest Windows Server 2022 upgrade I could find) for a "security update". This is roughly 7x larger than the largest Windows Server 2022 update, and 12x larger than any update for about 2 years.

    I know disk space is cheap, but even if this was my home computer I would be wary of an update that is large enough to replace the entire OS.

    • Do you constantly keep an eye on bandwidth usage? On my 300Mbps connection 5gb would take a few minutes.

    • KB5044284 was not an OS upgrade, I contains updates to 328 files and is a pretty standard Windows update. The problem is that one metadata field in this updated indicated (in GUID form) that it was for Windows Server 2025. The BIG mistake was on the part of Heimdal Asset Management Module, which rather than OPTION-1) ignoring this metadata, or OPTION-2) deciding there was an OS mismatch and skipping, this 3rd party asset management tool decided on OPTION-3) It needed to upgrade the OS before applying the
  • by Mspangler ( 770054 ) on Thursday November 07, 2024 @09:34AM (#64927571)

    The security update is a whole new operating system?

    Somehow that seems appropriate when discussing Microsoft.

  • Unsolicated goods,
  • "impacting 7 percent of Heimdal customers."

    Heimdall (two L's) would have seen this coming.

  • And people wonder why tech people are well paid. We are there with the right skills at the right time when vendors, and hardware, and people, shit the bed. Always standing by to wipe technical ass.

"When it comes to humility, I'm the greatest." -- Bullwinkle Moose

Working...