April 2025 updates out

Topic

New Reply

Once again it’s the second Tuesday of the month and it’s time for the major “B” week release better known as Patch Tuesday. And finally this issue “Ev
[See the full post at: April 2025 updates out]

Susan Bradley Patch Lady/Prudent patcher

9 users thanked author for this post.

Fred, jburk07, deuxbits, deuce120, Great Lake Bunyip, abbodi86, CAS, lmacri, Alex5723

Reply | Quote

Replies

AKB 2000003 has been updated for Group B Win7 and Win8.1 on April 8, 2025.

See #2761445 and #2761442 for information on Win7 and Win8.1 updates (Logged in Member access required).

6 users thanked author for this post.

rick41, jburk07, SueW, Pim, abbodi86, Guest

Reply | Quote

Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws

Today is Microsoft’s April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability (CVE-2025-29824).

This Patch Tuesday also fixes eleven “Critical” vulnerabilities, all remote code execution vulnerabilities.

The number of bugs in each vulnerability category is listed below:

49 Elevation of Privilege Vulnerabilities
9 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
17 Information Disclosure Vulnerabilities
14 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities..

4 users thanked author for this post.

ClearThunder, Fred, KevinG3, deuxbits

Reply | Quote

What Microsoft has fixed / closed off within April 2025 Cumulative Updates..
https://www.tenable.com/blog/microsofts-april-2025-patch-tuesday-addresses-121-cves-cve-2025-29824

Interesting long list of fixes for this month..so, with that, I’ve patched both W10 22H2 and W11 23H2 devices and have not witnessed any bugs for our home use. Although considering the possibilities, I chose to go now rather than wait and deal with collateral damage later (if affected)
W10 and W11 both exhibited a delay at 97% during update to display normality.
SFC/ DISM health all good here with systems.

Windows - commercial by definition and now function...

2 users thanked author for this post.

Fred, jburk07

Reply | Quote

2025-04 .NET 9.0.4 Security Update for x64 Client (KB5056687)

2025-04 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5055523)

Installed without incident. All running normally.

Now running Windows 11 Pro 24H2 build 26100.3775

--Joe

4 users thanked author for this post.

ClearThunder, Fred, Arch, TechTango

Reply | Quote

Hardened Windows user:
A side updates:

KB5054979 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 for x64
KB5055523 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems

No hiccups.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.3775).

B side updates:

KB5049622 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 for x64
KB5053598 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems
KB890830 Windows Malicious Software Removal Tool x64 – v5.132

No hiccups.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.3775).

I’ll wait for the push for my NAS and laptop.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

3 users thanked author for this post.

Fred, abbodi86, TechTango

Reply | Quote

bbearren wrote:

KB890830 Windows Malicious Software Removal Tool x64 – v5.132

This is the version released Feb 11, right? And you installed it April 8?

For my devices, WU did not deliver a March 11 version nor an April 8 version. My last one was delivered Feb 11 and it was version 5.132.

Reply | Quote

Any idea if the WinRE patch in this month’s updates is the same as the last one, as in those that got the last one won’t get this one, or is it a new one?

Reply | Quote

KB5057589 was reissued again today 4/8/25. Each time it reappears it is a different version with the same KB number. Each time it installs, it updates the WinRE again to a later Build.

So, yes, it is the same KB number, but a later/different update.

1 user thanked author for this post.

Fred

Reply | Quote

PKCano wrote:

KB5057589 was reissued again today 4/8/25. Each time it reappears it is a different version with the same KB number. Each time it installs, it updates the WinRE again to a later Build.

Hi PKCano:

I’m not sure this month’s KB5057589 update for the Windows Recovery Environment (rel. 08-Apr-2025, WinRE v10.0.19041.5728) for eligible Win 10 machines is a re-issue under the same KB number. AFAIK the previous two WinRE updates for Win 10 were KB5048239 (rel. 12-Nov-2024, WinRE v10.0.19041.5125) and KB5050411 (rel. 14-Jan-2025, WinRE v10.0.19041.5363).
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5608 * Firefox v137.0.1 * Microsoft Defender v4.18.25020.1009-1.1.25030.1 * Malwarebytes Premium v5.2.10.182-130.0.5212 * Macrium Reflect Free v8.0.7783

Reply | Quote

See #2761751 and #2761854 below.

 

Reply | Quote

After telling me that KB5057589 failed (retry?) twice it successfully installed the .NET update and this month’s security update (KB5055518)
I thought I had resolved the RE issue months ago so I went into PowerShell and ran
reagentc /info only to be told “enabled”
So now I’m left wondering if I ever need the thing …..will it work?

Reply | Quote

From the pm list

Can confirm the same behavior after applying updates to a W10 Home v22H2 PC, with the empty C:\inetpub folder creation timestamp 2 seconds prior to the timestamp of the pagefile.sys, swapfile.sys, and other system files created at boot.

After applying the April patches to a handful of test machines (Win 10 LTSC 2019, Win10 22H2, and Win11 23H2/24H2), I noticed that they all gained a new, empty inetpub folder at the root of C:. Anyone else seeing the same?

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

lmacri, deuxbits

Reply | Quote

Yes, an empty inetpub folder was created in the C drive root directory after April updates were installed in a Win10 22H2 VM.

 

2 users thanked author for this post.

Fred, deuxbits

Reply | Quote

Haven’t yet installed the April updates but…

That folder is part of Microsoft’s IIS (Internet Information Services) and “normally” only gets created if one or more of the IIS features are enabled.

If it’s suddenly appearing after the April update, then either installation of the update requires part of IIS or Microsoft has decided to forcible enable part of it for everyone?

@Susan, suggest you check the IIS features under Turn Windows feature on or off to see if something’s changed on those PC’s.

4 users thanked author for this post.

KevinG3, jburk07, deuxbits, EricB

Reply | Quote

On my Win10 22H2 test system the April updates created the inetpub folder even though none of the IIS features were in use — all unchecked.

 

 

1 user thanked author for this post.

deuxbits

Reply | Quote

EricB wrote:

On my Win10 22H2 test system the April updates created the inetpub folder even though none of the IIS features were in use — all unchecked.

Here are two articles published today (09-Apr-2025) about the C:\inetpub folder. There are more questions than answers in both.

• https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/
• https://www.windowslatest.com/2025/04/09/windows-11-kb5055523-issue-creates-inetpub-folder-out-of-nowhere/

———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5608 * Firefox v137.0.1 * Microsoft Defender v4.18.25020.1009-1.1.25030.1 * Malwarebytes Premium v5.2.10.182-130.0.5212 * Macrium Reflect Free v8.0.7783

Reply | Quote

It just creates the folder, it touches nothing else (weird)

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

jburk07

Reply | Quote

I just updated one of my Win10 installations, documenting as I went.

+ Pre install WinRE v10.0.19041, Build 5363, mod. 1/15/2025
+ Windows Features: IIS – nothing checked
KB5055683 2025-04 CU for .NET Framework 3.5, 4.8, 4.8.1
KB5057589 2025-04 Security update for Win10 22H2
KB5055518 2025-04 CU for Win10 22H2
KB2267602 Intelligence update for Defender

Initiated  download/install:
KB5057589 Failed on Download error 0x080070643. I did not try to retry, I restarted after the CU completed.

After the reboot, KB5057589 was re-offered, installed successfully, did not require reboot.

Post Install information:

+ The WinRE partition was updated to v10.0.19041, Build 5728, mod 4/9/2025
+ Windows Features: IIS – nothing checked
+ In the root of the C:\Drive, an empty inetpub folder, the pagefile, and the swapfile were time stamped 9:50am.
+ A C:\$WinREAgent folder was time stamped 9:55am. This would account for the reboot and the installation of KB5057589 after the reboot.

 

7 users thanked author for this post.

lmacri, abbodi86, Fred, jburk07, deuxbits, Alex5723, DrBonzo

Reply | Quote

I had some interesting developments with my updating of my other two Win10 (all are Pro) 22H2 installations. The one above was in a Parallels VM on a 2017 7th gen (Kaby Lake) i7 iMac.

My second Win10 was in a Parallels VM on a 2012 3rd gen (Haswell) i7 MacBookPro. the same updates were available from Windows Update. It progressed in the same way as the one above: KB5057589 failed on Download with the same error but installed after restart without requiring reboot, the time stamp in the C:\$WinREAgent folder was later than the swapfile and the pagefile, the WinRE was updated to Build 5728.

My third Win10 was a hardware install on an old Dell Studio XPS 1340 laptop. It is connected to the Internet by WiFi. It is slower (a lot) than the other two.
+ The C:\inetpub folder already existed with a 12/13/2022 time stamp. It contained two folders: temp dated 12/31/22 and history dated 11/18/23. The folder dates and content was not changed.
+  KB5055683 2025-04 CU for .NET Framework downloaded fairly quickly, but  KB5055518 2025-04 CU took a long time to download and install. In the meantime, while the CU was downloading, KB5057589 2025-04 Security update downloaded and installed WITHOUT ERROR.
So I checked the WinRE partition (14.65GB with 9GB+ free – it was from an upgrade from Win7) while waiting, and it was already updated to Build 5728.
+ KB5055518 2025-04 CU finally completed installing and I restarted. The reboot process took a long time at 90%. After the 100% mark, it started a “Cleaning Up” process which lasted a long time before it booted to the desktop. The other two had not done this.
+ Looking at the time stamp on the C:\ root, the C:\$WinREAgent folder was stamped at 2:02pm and the swapfile/pagefile were 2:50pm. This agrees with the WinRE being updated earlier.

My take on these happenings:
Perhaps the download error for KB5057589 2025-04 Security update (which apparently updates the WinRE partition) is because it tries to download too early and finds the WinRE still enabled, the normal state when the computer is running, and it cannot update it unless it is disabled. Perhaps the CU disables the WinRE (or leaves the WinRE disabled after it installs). That would explain why KB5057589 can download/install and re-enable the WinRE after the restart while not requiring another restart.

2 users thanked author for this post.

jburk07, DrBonzo

Reply | Quote

AFAIK, the ‘C:\inetpub‘ folder may be safely deleted, if no Internet Information Services (IIS) features are being used.

It was probably created as part of the monthly update process, when updating the IIS packages that Windows relies upon to enable (turn on) or disable (turn off) the related, optional features: those packages must be kept up-to-date, too, in order to ensure that an updated version of any given feature is used instead of an old, previous version of that feature containing security vulnerabilities that have been fixed since.

The above image shows the ‘%WINDIR%\servicing\Packages‘ folder contents of a Windows 10 v22H2 test system (with no IIS features enabled), updated with KB5055518, which had its IIS baseline packages (build 19041.1) cumulatively updated with at least a couple of major updates: one back in September, 2024 (build 19041.4957, along with the KB5043131 monthly preview) and, again, this month (build 19041.5737).

In the ‘%WINDIR%\Logs\CBS\CBS.log‘ file contents of that system we see several entries related to the IIS packages and their updated components and learn exactly what IIS optional features have been patched:

That doesn’t tell us why the ‘C:\inetpub‘ folder is being created in the first place. It may be happening either by the KB5055518 update itself (when updating the IIS packages that support these features) or be triggered by, and have a direct correlation with, the .NET Framework cumulative updates (KB5055683): an old comment suggests a possible relationship with the Windows Communication Foundation (WCF) HTTP Activation feature, that is part of the .NET Framework 3.5 core services and is deep buried into Windows 10/11 (not to be confused with the HTTP Activation feature, used to activate applications using HTTP protocols, that is part of the WCF Services that, in turn, are a component of the .NET Framework 4.8 Advanced Services).

The folder presence is a bit odd, though. It should have been removed after updating the IIS packages (as part of the final cleanup process) but, for all I can tell, it might be just a bug (an unintended leftover) and is, quite likely, safe to remove.

1 user thanked author for this post.

Alex5723

Reply | Quote

Speccy wrote:

or be triggered by, and have a direct correlation with, the .NET Framework cumulative updates (KB5055683)

I’ve installed .NET CU KB5055683, but not KB5055518, and can personally verify it did not create a C:\inetpub folder!

So, as your screenshot of C:\Windows\servicing\Packages indicates, it must have something to do with fact that KB5055518 updates several of the IIS packages.

Reply | Quote

PKCano wrote:

+ The C:\inetpub folder already existed with a 12/13/2022 time stamp. It contained two folders: temp dated 12/31/22 and history dated 11/18/23. The folder dates and content was not changed.

I installed both KB5050683 and KB5055518. See my two posts above. ???

NOTE: BTW the C:\inetpub folder is showing up in both my Win10 and Win11 installs where it wasn’t there before (with the exception above). So, it must be common to installs in both versions, wherever it’s coming from.

Reply | Quote

ghacks : Microsoft Windows Security Updates for April 2025 are now available

..Windows 10 version 22H2: 60 vulnerabilities, 4 critical, 56 important
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability — CVE-2025-26663
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability —
CVE-2025-26670
Windows TCP/IP Remote Code Execution Vulnerability — CVE-2025-26686
Windows Hyper-V Remote Code Execution Vulnerability — CVE-2025-27491

Windows 11 version 22H2 and 23H2: 66 vulnerabilities, 2 critical, 64 important
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability — CVE-2025-26663
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability —
CVE-2025-26670
Windows Hyper-V Remote Code Execution Vulnerability — CVE-2025-27491

Windows 11 version 24H2: 66 vulnerabilities, 3 critical, 30 important
Same as Windows 11, Version 22H3…

2 users thanked author for this post.

Fred, deuxbits

Reply | Quote

2025-04 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 for x64 (KB5054979)
and
2025-04 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5055523)
installed with no apparent problems (but it is early).

I could have sworn that I had paused updates until May 2 but these updates were installed anyway. Is it possible that is related to installation of
Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.427.138.0) – Current Channel (Broad)?

Reply | Quote

April update KB5055518 did NOT resolve the System Guard Runtime Monitor Broker service event log error on my test system.  After the update –

1 user thanked author for this post.

lmacri

Reply | Quote

Susan Bradley wrote:

In the meantime, you can view the vulnerability details on Dustin Child’s blog.

Let’s take a closer look at some of the more interesting updates for this month, starting with the vulnerability currently being exploited in the wild:

– CVE-2025-29824 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
This privilege escalation bug is listed as under active attack and allows a threat actor to execute their code with SYSTEM privileges. These types of bugs are often paired with code execution bugs to take over a system. Microsoft gives no indication of how widespread these attacks are. Regardless, test and deploy this update quickly.

The April 2025 Security Update Review

CLFS exploit activity
Following PipeMagic deployment, the attackers launched the CLFS exploit in memory from a dllhost.exe process.

The exploit targets a vulnerability in the CLFS kernel driver. It’s notable that the exploit first uses the NtQuerySystemInformation API to leak kernel addresses to user mode. However, beginning in Windows 11, version 24H2, access to certain System Information Classes within NtQuerySystemInformation became available only to users with SeDebugPrivilege, which typically only admin-like users can obtain. This meant that the exploit did not work on Windows 11, version 24H2, even if the vulnerability was present.

Exploitation of CLFS zero-day leads to ransomware activity

1 user thanked author for this post.

deuxbits

Reply | Quote

recently from BleepingComputer – Microsoft: April 2025 updates break Windows Hello on some PCs

1 user thanked author for this post.

deuxbits

Reply | Quote

… in very obscure circumstances:

We’re aware of an edge case of Windows Hello issue affecting devices with specific security features enabled. After installing this update and performing a Push button reset or Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, some users might be unable to login to their Windows services using Windows Hello facial recognition or PIN.
…
Note: This issue only affects devices where System Guard Secure Launch or Dynamic Root of Trust for Measurement (DRTM) feature is enabled after installing this update. Devices with Secure Launch or DRTM enabled prior to this update, or those with these features disabled, are not impacted by this issue.

1 user thanked author for this post.

deuxbits

Reply | Quote

EricB wrote:

April update KB5055518 did NOT resolve the System Guard Runtime Monitor Broker service event log error on my test system.  After the update –

same result happens with the Windows 11 KB5055528 23H2 & KB5055523 24H2 updates; the “System Guard Runtime Monitor Broker service” event log error messages still occur, so the Microsoft support KB articles for those April 2025 updates are correct

Reply | Quote

@EP I was responding to the blog post by Susan Bradley in which she wrote “And finally this issue “Event Viewer displays an error for System Guard Runtime Monitor Broker service” is now resolved in the April updates. KB5055518 for Windows 10 22H2 fixes the issue.  I think.  I got an alert saying “Resolution: This issue was resolved by Windows updates released April 8, 2025 (the Resolved KBs listed above), and later. ” but the KB update history still acts like it’s not resolved?”

 

Reply | Quote

Windows 10 Pro 22H2.
Installed April updates.
All is well.

Still ask for restart after .Net updates.
Runs CleanUp as last update step.

5 users thanked author for this post.

jburk07, lmacri, Fred, deuxbits, DrBonzo

Reply | Quote

Thank you to the earlier posters giving results for their tests.

Anyone try deleting the new c:\inetpub folder?

And here we go – starting updates on a few Win10 Pro 22H2 test machines. I feel that the appropriate song to play now would be by Big Audio Dynamite – “The Bottom Line”, with the opening lyric – “The horses are on the track” 😉

 

 

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

Cybertooth

Reply | Quote

Susan Bradley wrote:

It just creates the folder, it touches nothing else (weird)

I have the folder (empty) on my Windows 10 Pro 22H2 after applying April updates.

Reply | Quote

I just nuked the c:\inetpub folder as there was nothing in it on both W10 & 11
No ill effects, it’s just a placeholder during patching whether required or not.
Edit: Now MSFT informs NOT to delete it…many thanks for the late update MSFT

Windows - commercial by definition and now function...

3 users thanked author for this post.

jburk07, Fred, deuxbits

Reply | Quote

On my first Win10 Pro 22H2 test machine I’m seeing the same behavior others have reported with KB5057589 2025-04 Security update for Win10 22H2. It fails the first time around, but on retry it’s happy.

The other two updates:

KB5055683 2025-04 CU for .NET Framework 3.5, 4.8, 4.8.1
KB5055518 2025-04 CU for Win10 22H2

Succeeded the first time around. See PKCano’s post above for more complete details on the behavior of the various bits and pieces.

The whole business seemed to take forever…. onto the next test machine(s)

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

jburk07

Reply | Quote

I have not installed the April patches yet, however, wanted to comment that KB5050411 (rel. 14-Jan-2025) is still out in the wild and I was offered it again with the March 2025 updates.

It failed again and it stated RETRY, which after the other patches installed, I selected the RETRY and it disappeared. If the computer does not need it, why is it still being offered AND if it had installed last year and also disappeared in my installation history, why is it being offered again? Seems to me that it is a patch that will not go away. Also, I tried WUSHOWHIDE and it did not capture it, just the other patches, which I wanted to install but not KB5050411.

I do have this on installed
<h4 id=”page-header”>KB5048239: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: November 12, 2024</h4>

Win 10 Home 22H2

Reply | Quote

See #2761554. It is a different KB number, but KB5050411 works the same way.

1 user thanked author for this post.

Win7and10

Reply | Quote

So how should I proceed the next time any of these WINRE updates are offered? They will not install. Should I have run WU again after rebooting to see if it will install?

Thanks for the advice.

Win 10 Home 22H2

Reply | Quote

Check you Update History in WU. If it’s not there….
Check WU and see if it shows up again. Maybe it will install, maybe it won’t.
If it doesn’t, don’t worry about it.

 

Reply | Quote

Did the Windows 11 (Pro) update. It seems to have been smooth sailing. Yes, I backed up first

Reply | Quote

Quick fix for Office 2016 msi

April 10, 2025, update for Office 2016 (KB5002623)

This update fixes the known issue in KB5002700 that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding.

2 users thanked author for this post.

PKCano, Microfix

Reply | Quote

Looks like that patch (5002623) for the patch (5002700) is only available for manual installation, no WSUS, no Microsoft Update Catalog… 🙁

Tipp: Öffne AGB und klick auf die Erweiterung

Tipp: Öffne AGB und klick auf die Erweiterung

Tipp: Öffne AGB und klick auf die Erweiterung

Tipp: Öffne AGB und klick auf die Erweiterung

Reply | Quote

b wrote:

… in very obscure circumstances:

Workaround :

To login using PIN, follow the Set my PIN prompt on the logon screen to re-enroll into Windows Hello.

To use Face Logon, re-enroll in Windows Hello Facial recognition go to Settings > Accounts > Sign-in options > Facial recognition (Windows Hello), and select Set up. Follow the on-screen instructions.

Reply | Quote

Win11 23H2 and 24H2 Updates today 4/10/2025.

+ Updated x3 Windows 11 Pro 23H2:
Two installations of Win11 Pro on ARM 23H2 in Parallels 20 VMs on Apple Silicon Macs, and One Win11 Pro 23H2 hardware install on a low-end AMD-based HP desktop.
2025-04 CU for Win11 23H2 KB5055528
2025-04 CU for .NET Framework 3.5/4.8.1 KB5054980
Defender updates

+ Updated one Windows 11 Pro 24H2 :
One installation of Win11 Pro on ARM 24H2 in Parallels 20 VMs on M4Pro MacMini
2025-04 CU for Win11 24H2 KB5055523
2025-04 Cu for .NET Framework 3.5/4.8.1 KB5054979
Defender updates

Observations:
+ The C:\inetpub folder, in all cases, was created where it previously didn’t exist.
+ The WinRE partition was updated in all cases. The Win11 23H2 was updated from Build 4890 to Build 5184.  The Win11 24H2 was updated from Build 3321 to Build 3762.
+The Win11 Pro 23H2 hardware install on a low-end AMD-based HP desktop experienced two restarts, one at the usual 30% and the second after the end before booting to the desktop.

All installations are up and running with no obvious problems. If something shows up with use, I’ll report here.

Update: Suggested Notifications got turned back ON in Settings\System\Notifications  in one of the 23H2 installations.

4 users thanked author for this post.

abbodi86, SteveIT, satrow, Microfix

Reply | Quote

Microsoft recommends that the inetpub folder that is created after installing the April updates should not be deleted.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204

Update notice from MS says – “Added FAQ to explain that after installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device. **This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.** This behavior is part of changes that increase protection and does not require any action from IT admins and end users. This is an informational change only.”

6 users thanked author for this post.

Microfix, jburk07, PKCano, WCHS, lmacri, Alex5723

Reply | Quote

This behavior is part of changes that increase protection

No explanation how an empty folder can increase protection.

Mod Edit: to attribution

1 user thanked author for this post.

Cybertooth

Reply | Quote

@Alex5723 Please edit your post to correct the attribution.  The statement that you quoted was made by Microsoft, not me.  Thank you.

I agree with you that Microsoft’s explanation is more than a little vague.

1 user thanked author for this post.

Cybertooth

Reply | Quote

attribution removed – pertains to MSFT docs

Windows - commercial by definition and now function...

1 user thanked author for this post.

EricB

Reply | Quote

I think the System Guard Runtime may have taken a one whole day vacation, but here we go again

Reply | Quote

Take Action: Out-of-band updates to address issues with local policy events in Active Directory group policy

Microsoft has identified an issue where audit logon/logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the “Audit logon events” policy with security setting of “No auditing”. An out-of-band (OOB) update has been released today, April 11, 2025, to address this issue.

https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3520

Reply | Quote

Windows home users are unlikely to be affected by this issue, as logon auditing is generally only necessary in enterprise environments. This OOB update is a non-security release, and organizations that are not affected by this issue don’t need to install this update.

Reply | Quote

Microsoft_MVP as usual

why do you felt anyone is pointing fingers? 🙂

1 user thanked author for this post.

PKCano

Reply | Quote

abbodi86 wrote:

Microsoft_MVP as usual

why do you felt anyone is pointing fingers? 🙂

I have no idea what that means.

I was pointing out that most people do not need to “Take Action”.

Reply | Quote

Further Info:
OoB (Out of Band) updates for Windows 10/ 11 and Windows Server 2016-2019 editions via the MS Catalog only, patches dated 04/11/25.

Catalog:
https://www.catalog.update.microsoft.com/Search.aspx?q=%222025-04%22

Support Ref:
https://support.microsoft.com/en-us/topic/april-11-2025-kb5058919-os-builds-22621-5192-and-22631-5192-out-of-band-349d28f6-cdb4-44c0-b2de-21153fd39652

Windows - commercial by definition and now function...

1 user thanked author for this post.

PKCano

Reply | Quote

Hi Susan:

Windows Update successfully installed all updates offered for the April 2025 Patch Tuesday on my Win 10 Pro v22H2 laptop, and I haven’t noticed any problems so far. This includes:

• KB5055518: 2025-04 Cumulative Update for Win 10 Version 22H2 for x64 (OS Build 19045.5737)
• KB5055683: 2025-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64
• KB5056686: 2025-04 .NET 8.0.15 Security Update for x64 Client

The only surprise so far is that my Windows Update (paused until 11-Apr-2025) did NOT offer this month’s KB5055683 .NET Framework update with my other April 2025 Patch Tuesday updates, so I did not observe the early “Restart Now” glitch that normally occurs when Windows Update delivers a .NET Framework update with my other my Patch Tuesday updates (see the second image in Alex5723’s post # 2761793). However, KB5055683 was delivered by Windows Update when it ran its next automatic check for available updates on 12-Apr-2025 (see attached image), so all is well.

As expected, my April 2025 Patch Tuesday updates:

• Did NOT offer a KB890830 Malicious Software Removal Tool (MSRT) update.
• Did NOT offer this month’s KB5057589 Windows Recovery Environment update for Win 10 mentioned in PKCano’s 09-Apr-2025 post # 2761854 that updates the  WinRE to v10.0.19041.5728 (expected since my since my WinRE partition only has 96.7 MB of free disk space and does not meet the minimum system requirements).
• Created a new empty folder at C:\inetpub folder (see EricB’s 11-Apr-2025 post # 2762221).
• Did NOT fix my System Guard Runtime Monitor Broker service (SgrmBroker.exe) Event ID 7023 error logged once in the Event Viewer at Windows Logs | System during each Windows 10 startup  (see CAS’s 16-Jan-2025 System Guard Runtime Broker Service Error).
• Did NOT fix my DeviceSetupManager Event ID 131 errors logged multiple times a day in the Event Viewer at Applications and Services Logs | Microsoft | Windows | DeviceSetupManager | Admin (see Susan Bradly’s 06-Sep-2024 topic New Windows 11, lots of Events 131).

———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5737 * Firefox v137.0.1 * Microsoft Defender v4.18.25030.2-1.1.25030.1 * Malwarebytes Premium v5.2.10.182-130.0.5212 * Macrium Reflect Free v8.0.7783

2 users thanked author for this post.

WCHS, PKCano

Reply | Quote

Running 24H2 Pro here.  I posted about this on another thread, but as I read this thread and read Alex’s post, the bug bit me and I am awaiting for everything to download.  As usual, even though I have Settings set to update only Windows updates, it’s currently downloading ‘fixes’ for Realtek (4 of them, no less), and an Intel software component.   Maybe a future update will include a fix that actually lets the user control what updates they want to install without having to use a third-party piece of software, or worse, a registry hack.

Perhaps I’m dreaming……………

"War is the remedy our enemies have chosen. And I say let us give them all they want" ----- William T. Sherman

Reply | Quote

You have that ability now in Pro. In Group Policy (under Windows Update) you can set Updates to notify you before download/install and they will not until you click on the “Download” button (that’s NOT the “Check for Updates” button). AND, you can block driver updates that come with Windows Update.

3 users thanked author for this post.

GeeBeeDee, Alex5723, PL1

Reply | Quote