Sysadmin shock as Windows Server 2025 installs itself

Sysadmin shock as Windows Server 2025 installs itself after update labeling error

Screens sprayed with coffee after techies find Microsoft’s latest OS in unexpected places

Administrators are reporting unexpected appearances of Windows Server 2025 after what was published as a security update turned out to be a complete operating system upgrade.

The problem was flagged by a customer of web app security biz Heimdal. Arriving at the office on the morning of November 5, they found, to their horror, that every Windows Server 2022 system had either upgraded itself to Windows Server 2025 or was about to.

Sysadmins are cautious by nature, so an unplanned operating system upgrade could easily result in morning coffee being sprayed over a keyboard.

Heimdal’s services include patch management, and it relies on Microsoft to label patches accurately to ensure the correct update is applied to the correct software at the correct time. In this instance, what should have been a security update turned out to be Windows Server 2025.

It took Heimdal a while to trace the problem. According to a post on Reddit: “Due to the limited initial footprint, identifying the root cause took some time. By 18:05 UTC, we traced the issue to the Windows Update API, where Microsoft had mistakenly labeled the Windows Server 2025 upgrade as KB5044284.”

It added: “Our team discovered this discrepancy in our patching repository, as the GUID for the Windows Server 2025 upgrade does not match the usual entries for KB5044284 associated with Windows 11. This appears to be an error on Microsoft’s side, affecting both the speed of release and the classification of the update. After cross-checking with Microsoft’s KB repository, we confirmed that the KB number indeed references Windows 11, not Windows Server 2025.”

The Register has contacted Heimdal for more information and will update this piece should the security organization respond. We also asked Microsoft to comment almost 24 hours ago. Since then? Crickets.

As of last night, Heimdal estimated that the unexpected upgrade had affected 7 percent of customers – it said it had blocked KB5044284 across all server group policies. However, this is of little comfort to administrators finding themselves receiving an unexpected upgrade.

Since rolling back to the previous configuration will present a challenge, affected users will be faced with finding out just how effective their backup strategy is or paying for the required license and dealing with all the changes that come with Windows Server 2025.

1 point