Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Windows: Security updates cause problems with UAC and app installation

Redazione RHC : 5 September 2025 12:38

Microsoft has announced that the August 2025 Windows security updates may cause unexpected User Account Control (UAC) prompts and issues when installing apps. The bug affects non-administrator users on all supported versions of Windows.

The issue is caused by a patch that addresses a privilege escalation vulnerability in Windows Installer (CVE-2025-50173). This vulnerability allowed authenticated attackers to gain SYSTEM-level privileges.

To address this issue, Microsoft has implemented new User Account Control prompts that require administrator credentials in various situations to prevent potential escalations of privilege by attackers. In some scenarios, these prompts may occur when running MSI repair commands (such as msiexec /fu), as well as when installing applications that automatically configure themselves for individual users and run Windows Installer during active installation.

These changes may also prevent users from: deploying packages through Configuration Manager (ConfigMgr) that depend on user-specific advertising configurations; enabling Secure Desktop; run Autodesk applications, including some versions of AutoCAD, Civil 3D, and Inventor CAM.

The full list of affected platforms is extensive and includes both client and server versions.

  • Windows 11 24H2
  • Windows 11 23H2
  • Windows 11 22H2
  • Windows 10 22H2
  • Windows 10 21H2
  • Windows 10 1809
  • Windows 10 Enterprise LTSC 2019
  • Windows 10 Enterprise LTSC 2016
  • Windows 10 1607
  • Windows 10 Enterprise 2015 LTSB
  • Server: Windows Server 2025
  • Windows Server 2022
  • Windows Server 1809
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012.

“The August 2025 Windows Security Update (KB5063878) and subsequent updates included an improvement to ensure that User Account Control (UAC) prompts for administrator credentials when performing Windows Installer (MSI) repair and related operations.” The developers explain. “If a standard user runs an application that initiates an MSI repair operation without displaying a user interface, the operation will fail and an error message will be displayed. For example, installing and running Office Professional Plus 2010 as a standard user will fail and an error 1730 will be displayed during the setup process.”

Microsoft has stated that it is already working on a fix for this issue. Administrators will soon be able to allow some applications to perform MSI repair operations without requiring UAC intervention.

Until a fix is released, Microsoft recommends that users run applications that use Windows Installer (MSI) as administrator.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli