CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Windows 10 update bug triggers incorrect end-of-support alerts

First reported
Last updated
1 unique sources, 4 articles

Summary

Hide ▲

A bug in the October 2025 Windows 10 updates triggers incorrect end-of-support alerts on systems running Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, and Windows 10 22H2 enrolled in the Extended Security Updates program. The bug causes affected devices to display 'Your version of Windows has reached the end of support' messages, despite the systems still being under active support or security coverage. Microsoft has deployed a cloud configuration update to correct the erroneous message, but some devices may not receive it due to connectivity or configuration issues. IT administrators can use Known Issue Rollback (KIR) to remove the incorrect messages on enterprise-managed devices. Microsoft released the first Windows 10 extended security update (KB5068781) on November 11, 2025, to address the bug for all customers enrolled in the Extended Security Updates (ESU) program. However, the KB5068781 update was failing to install with 0x800f0922 errors on devices with corporate licensing. Microsoft has now released an emergency Windows 10 KB5072653 out-of-band update on November 17, 2025, to resolve these installation issues. Some corporate Windows admins have reported that WSUS and SCCM are not correctly indicating that a Windows 10 device needs the extended security update, even when it is correctly enrolled in the program. Microsoft plans to release a new Scan Cab with updated metadata to address this issue.

Timeline

  1. 04.11.2025 15:31 4 articles · 14d ago

    Incorrect end-of-support alerts triggered by Windows 10 update bug

    A bug in the October 2025 Windows 10 updates triggers incorrect end-of-support alerts on systems running Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, and Windows 10 22H2 enrolled in the Extended Security Updates program. The bug causes affected devices to display 'Your version of Windows has reached the end of support' messages, despite the systems still being under active support or security coverage. Microsoft has deployed a cloud configuration update to correct the erroneous message, but some devices may not receive it due to connectivity or configuration issues. IT administrators can use Known Issue Rollback (KIR) to remove the incorrect messages on enterprise-managed devices. Microsoft released the first Windows 10 extended security update (KB5068781) on November 11, 2025, to address the bug for all customers enrolled in the Extended Security Updates (ESU) program. However, the KB5068781 update was failing to install with 0x800f0922 errors on devices with corporate licensing. Microsoft has now released an emergency Windows 10 KB5072653 out-of-band update on November 17, 2025, to resolve these installation issues. Some corporate Windows admins have reported that WSUS and SCCM are not correctly indicating that a Windows 10 device needs the extended security update, even when it is correctly enrolled in the program. Microsoft plans to release a new Scan Cab with updated metadata to address this issue.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft Releases Emergency Update for Windows 10 ESU Enrollment Bug

Microsoft has issued an emergency out-of-band update (KB5071959) to fix a bug preventing Windows 10 users from enrolling in the Extended Security Updates (ESU) program. This update resolves an issue in the ESU enrollment wizard that caused failures during the enrollment process. Once installed, users can successfully enroll their devices and receive ongoing security updates. Windows 10 reached end-of-support on October 14, 2025, making ESU enrollment crucial for continued security updates. The ESU program costs $30 for home users and $61 per device per year for enterprises, with escalating costs for multi-year commitments.

Open in new tab

Microsoft October 2025 Updates Disable USB Input in Windows Recovery Environment

Microsoft's October 2025 security updates (KB5066835) initially disabled USB mice and keyboards in the Windows Recovery Environment (WinRE), affecting both client (Windows 11 24H2 and 25H2) and server (Windows Server 2025) platforms. This issue made WinRE unusable for troubleshooting or repairing the OS, prompting users to switch to Bluetooth or PS/2 input devices as a workaround. Microsoft has since released an emergency update (KB5070773) to resolve the issue, which started rolling out on October 21, 2025. This update restores USB functionality in WinRE, allowing users to navigate recovery options. Affected customers can also use touchscreen, PS/2 devices, or USB recovery drives as workarounds. OEMs and enterprises can use PXE in Configuration Manager to install the update, while IT administrators can deploy push-button reset features using Windows ADK and WinPE add-on.

Open in new tab

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 183 flaws

Microsoft's October 2025 Patch Tuesday marks the end of free security updates for Windows 10, with the release of the final cumulative update KB5066791. This update addresses 183 vulnerabilities, including six zero-day flaws, and is mandatory for all Windows 10 users. Extended Security Updates (ESU) are available for purchase for up to three years for enterprise users and one year for consumers. The patches cover a range of vulnerabilities, including critical remote code execution and elevation of privilege issues. The zero-day vulnerabilities affect various components, such as Windows SMB Server, Microsoft SQL Server, Windows Agere Modem Driver, Windows Remote Access Connection Manager, AMD EPYC processors, and TCG TPM 2.0. Some of these flaws have been publicly disclosed or actively exploited. The update also includes fixes for vulnerabilities in third-party components, such as IGEL OS and AMD EPYC processors. Additionally, Microsoft Office users should be aware of CVE-2025-59227 and CVE-2025-59234, which exploit the Preview Pane. The update is the largest on record for Microsoft, with 183 CVEs, pushing the number of unique vulnerabilities released so far this year to more than 1,021. The update includes fixes for a wide range of vulnerabilities, including remote code execution (RCE), elevation of privilege, data theft, denial of service (DoS), and security feature bypass issues. The update also marks the end of life for Windows 10, meaning Microsoft will no longer issue regular patches for vulnerabilities in the operating system as part of its regular Patch Tuesday updates. Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are also reaching end-of-life. Windows 10 users can opt for Extended Security Updates (ESU) for one year at a cost of $30, or install Linux as an alternative. Linux Mint is recommended for Windows 10 users transitioning to Linux, with compatibility for most computers from the last decade. The October 2025 Windows security updates cause smart card authentication and certificate issues across all Windows 10, Windows 11, and Windows Server releases. The issue is due to a security fix designed to address a security feature bypass vulnerability (CVE-2024-30098) in the Windows Cryptographic Services. Affected users may experience various symptoms, including the inability to sign documents, failures in applications using certificate-based authentication, and smart cards not being recognized as CSP providers in 32-bit apps. The issue can be detected by the presence of Event ID 624 in the System event logs for the Smart Card Service prior to installing the October 2025 Windows security update. The fix is enabled by setting the DisableCapiOverrideForRSA registry key value to 1 to isolate cryptographic operations from the Smart Card implementation. Users experiencing authentication problems can manually resolve the issue by disabling the DisableCapiOverrideForRSA registry key. The DisableCapiOverrideForRSA registry key will be removed in April 2026, and users are advised to work with their application vendors to resolve the underlying problem. Microsoft also fixed another known issue breaking IIS websites and HTTP/2 localhost (127.0.0.1) connections after installing recent Windows security updates. Microsoft has released out-of-band (OOB) security updates for a critical-severity Windows Server Update Service (WSUS) vulnerability (CVE-2025-59287) with publicly available proof-of-concept exploit code. The vulnerability can be exploited remotely in low-complexity attacks that do not require user interaction, allowing threat actors without privileges to target vulnerable systems and run malicious code with SYSTEM privileges. Microsoft has released security updates for all impacted Windows Server versions, including Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. Workarounds for admins who can't immediately install these emergency patches include disabling the WSUS Server Role or blocking all inbound traffic to Ports 8530 and 8531 on the host firewall. The OOB update supersedes all previous updates for affected versions, and users are advised to install it as soon as possible.

Open in new tab

Windows September 2025 updates cause SMBv1 share connection issues

Microsoft's September 2025 Windows security updates have introduced a known issue affecting connections to Server Message Block (SMB) v1 shares over the NetBIOS over TCP/IP (NetBT) protocol. This issue impacts various Windows client and server platforms, including Windows 11, Windows 10, Windows Server 2025, and Windows Server 2022. Users may fail to connect to shared files and folders using SMBv1 after installing these updates. Microsoft is actively working on a resolution and has provided a temporary workaround to mitigate the problem. The issue arises because either the SMB client or the SMB server has the September 2025 security update installed.

Open in new tab

Microsoft September 2025 Patch Tuesday addresses 81 vulnerabilities, including two zero-days

Microsoft's November 2025 Patch Tuesday addressed 63 vulnerabilities, including one actively exploited zero-day vulnerability (CVE-2025-62215), a critical Remote Code Execution flaw (CVE-2025-60724), and several other notable vulnerabilities. The updates also included fixes for multiple elevation of privilege, remote code execution, information disclosure, denial-of-service, and spoofing vulnerabilities. Microsoft has released the first extended security update (ESU) for Windows 10, advising users to upgrade to Windows 11 or enroll in the ESU program. The KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support on October 14, 2025, includes fixes for 63 flaws and one actively exploited elevation-of-privilege vulnerability. The September 2025 Patch Tuesday addressed 80 vulnerabilities, including 13 critical vulnerabilities. The updates fixed a range of issues, including privilege escalation, remote code execution, information disclosure, and denial-of-service vulnerabilities. The patches also covered a critical flaw in Azure Networking and addressed a new lateral movement technique dubbed BitLockMove. Additionally, security updates were released by multiple vendors, including Adobe, Cisco, Google, and others. The September 2025 update included 38 elevation of privilege (EoP) vulnerabilities. The two zero-day vulnerabilities were CVE-2025-55234 in Windows SMB Server and CVE-2024-21907 in Microsoft SQL Server. The SMB vulnerability was exploited through relay attacks, while the SQL Server flaw involved improper handling of exceptional conditions in Newtonsoft.Json. The updates also included hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing to assess compatibility issues. The KB5065429 cumulative update for Windows 10 22H2 and 21H2 included fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update enabled auditing SMB client compatibility for SMB Server signing and SMB Server EPA, and included an opt-in feature for administrators to allow outbound network traffic from Windows 10 devices.

Open in new tab