Microsoft has finally confirmed that some Windows Server 2019 and 2022 systems were "unexpectedly" upgraded to Windows Server 2025 on devices if updates were managed using third-party patch management tools.
The company also updated the Windows release health dashboard on November 6 to say that Windows Server 2025 is now offered as an optional update on Windows Server 2022 and Windows Server 2019 devices for organizations wanting an in-place upgrade.
"Some devices upgraded automatically to Windows Server 2025 (KB5044284). This was observed in environments that use third-party products to manage the update of clients and servers," Microsoft explained on Saturday.
"Please verify whether third-party update software in your environment is configured not to deploy feature updates. This scenario has been mitigated."
Redmond acknowledged this known issue after multiple days of widespread reports from Windows admins that their servers had been automatically upgraded overnight to a Windows Server version for which they don't even have a license.
It also said this optional update had the "DeploymentAction=OptionalInstallation" tag, indicating that patch management tools should've interpreted it as optional rather than as a recommended update that should be deployed.
Microsoft blamed for "procedural error"
While not explicitly named, Heimdal, one of the companies whose customers were affected by this issue, blamed the upgrade problems on a "procedural error on Microsoft side, both with the speed of release and the classification" in updates sent to customers seen by BleepingComputer and in social media replies from Heimdal employees.
Unfortunately, by the time Heimdal blocked KB5044284 on all server group policies, roughly 7% of their customers had already been upgraded to Windows Server 2025. When contacted by BleepingComputer, a Heimdal spokesperson was not immediately available for comment.
While it says the known issue is mitigated, Microsoft has yet to share how affected Windows admins can roll back the automatic upgrades besides restoring their systems from backups. The company didn’t immediately reply to a request for comment when BleepingComputer reached out earlier today.
It's worth noting that KB5044284 is a Patch Tuesday cumulative update for Windows 11 24H2 and, starting November, a Windows Server 2025 optional update. As Microsoft said over the weekend, this will not change any time soon since "future updates released for Windows Server 2025 and Windows 11, version 24H2 will share the same KB numbers, but will have different release note sites and links."
Microsoft says it resolved another issue where admins were offered to upgrade to Windows Server 2025 via a banner on the device's Windows Update page under Settings. The company added that this message was intended for those wanting an in-place upgrade.
However, those who installed it found that they needed to purchase a license to use the new version of Windows Server. While a warning was displayed about the license requirement before the upgrade was installed, many admins felt it was misleading to offer the update in this manner if a license was required.
Comments
SoftwareSourcery - 3 days ago
I think the RMM & update management vendors placing blame on Microsoft are doing so to deflect blame - they built their castle on-top of an unstable method of filtering / sourcing windows update metadata.
Microsoft started to offer in-place upgrades to Windows Server operating systems delivered via windows update, and the way these vendors assumed windows update worked in the past was no longer true. The behavior in the past of there never being in-place updates offered via windows update on servers was not a guarantee, Microsoft just hadn't done it before.
The update was correctly categorised as a Feature Update (upgrade to Server 2025), the vendors who installed it did so due to their own misunderstanding rather than Microsoft mis-classifying it. At no point was the actual update that upgraded servers to 2025 categorised as a security update - although other updates that shared the same KB number were categorised as security updates. Windows update KB numbers are not unique identifiers per-update, many updates commonly share the same KB number - there is a separate update ID which is globally unique per update.
Do I like this system? No not really.
Is it complicated and a lot of people don't understand it? Yes.
It it Microsoft's fault that systems whose windows updates were managed by these vendors were upgraded to 2025? No.
There's an excellent article here: https://patchmypc.com/windows-server-2025
DyingCrow - 3 days ago
"KB5044284 is a Patch Tuesday cumulative update for Windows 11 24H2 and, starting November, a Windows Server 2025 optional update."
WHY????
Conspiracy theorists suggest that M$ did it to "encourage" adoption and licence purchasing for server 2025.
SoftwareSourcery - 3 days ago
The only devices impacted were those whose windows update was managed by a few specific vendors, if you were using WSUS, Azure Update Manager, SCCM etc. - you wouldn't have been impacted (or any of the third parties that designed their software better).
If you were manually patching the server with no tools, this update was optional and very clearly marked as an Upgrade to Server 2025. It also prompted you about license compliance interactively if you chose to install it.
"Conspiracy theorists suggest that M$ did it to "encourage" adoption and licence purchasing for server 2025."
If I was Microsoft and trying to force Server 2025 onto those who don't have license compliance for it, I wouldn't limit my target to a few specific vendors who do update management, I'd make sure everyone got it especially those who don't have any form of update management.
ken_smon - 2 days ago
"Conspiracy theorists suggest that M$ did it to "encourage" adoption and licence purchasing for server 2025."
I suspect it was more general incompetence than maliciousness.
Also, why do they need to reuse KB #s for unrelated updates?
More general incompetence, most likely.