Microsoft has mounted a identified subject attributable to the August 2025 safety updates, which triggers sudden Person Account Management (UAC) prompts and app set up issues for non-admin customers on all Home windows variations.
This subject is attributable to a safety patch that mitigates a Home windows Installer privilege escalation vulnerability (CVE-2025-50173), which may allow authenticated attackers to achieve SYSTEM privileges.
To handle the CVE-2025-50173 safety flaw, Microsoft has applied new Person Account Management (UAC) prompts requesting admin credentials in numerous conditions to stop attackers from escalating permissions.
Nevertheless, these UAC prompts would even be displayed inadvertently in different eventualities, together with when attempting to put in apps that use Home windows Installer (MSI), when enabling Safe Desktop, and operating MSI restore instructions.
As defined when Microsoft acknowledged this bug final week, the entire checklist of affected platforms is in depth, and it consists of each shopper and server platforms:
- Shopper: Home windows 11, model 24H2; Home windows 11, model 23H2; Home windows 11, model 22H2; Home windows 10, model 22H2; Home windows 10, model 21H2; Home windows 10, model 1809; Home windows 10 Enterprise LTSC 2019; Home windows 10 Enterprise LTSC 2016; Home windows 10, model 1607; Home windows 10 Enterprise 2015 LTSB
- Server: Home windows Server 2025; Home windows Server 2022; Home windows Server, model 1809; Home windows Server 2019; Home windows Server 2016; Home windows Server 2012 R2; Home windows Server 2012
“To handle these points, the September 2025 Home windows safety replace (and later updates) reduces the scope for requiring UAC prompts for MSI repairs and allows IT admins to disable UAC prompts for particular apps by including them to an allowlist,” Microsoft stated.
“After putting in the September 2025 replace, UAC prompts will solely be required throughout MSI restore operations if the goal MSI file incorporates an elevated customized motion.”
As a result of UAC prompts will nonetheless be required for functions that carry out customized actions, Microsoft has supplied IT directors with a way to show off UAC prompts for particular apps after this replace by together with MSI information on an allowlist.
This requires including new SecureRepairPolicy and SecureRepairWhitelist registry keys beneath HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsInstaller utilizing the steps detailed in this help doc.
Microsoft has additionally resolved one other bug triggered by the August 2025 safety updates, which causes extreme lag and stuttering points with NDI streaming software program on Home windows 10 and Home windows 11 techniques.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
