January 2025 patches get released

Topic

New Reply

It’s the first of the year and the start of our ten month countdown to end of support (but not end of using) Windows 10. Today’s updates include the f
[See the full post at: January 2025 patches get released]

Susan Bradley Patch Lady/Prudent patcher

13 users thanked author for this post.

jburk07, dataman1701, Norio, Steve S., CAS, deuce120, Pim, Fred, abbodi86, PL1, Alex5723, lmacri, creem

Reply | Quote

Replies

“This month, Microsoft released 159(!) new CVEs in Windows and Windows Components, Office and Office Components, Hyper-V, SharePoint Server, .NET and Visual Studio, Azure, BitLocker, Remote Desktop Services, and the Windows Virtual Trusted Platform Module. Three of these were submitted through the Trend ZDI program. With the addition of the third-party CVEs, the entire release tops out at 161 CVEs.

Of the patches released today, 11 are rated Critical, and the other 148 are rated Important in severity. This is the largest number of CVEs addressed in any single month since at least 2017 and is more than double the usual amount of CVEs fixed in January. This comes on the heels of a record number of December patches and could be an ominous sign for patch levels in 2025. It will be interesting to see how this year shapes up.”

.NET updates for security this month so heads up.

https://www.zerodayinitiative.com/blog/2025/1/14/the-january-2025-security-update-review

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

jburk07, dataman1701, ChrisAVWood, PL1, Alex5723

Reply | Quote

AKB 2000003 has been updated for Group B Win7 and Win8.1 on Jan 14, 2025.

See #2739431 and #2739432 for information on Win7 and Win8.1 updates (Logged in Member access required).

5 users thanked author for this post.

jburk07, dataman1701, SueW, Pim, abbodi86

Reply | Quote

My WUMgr Scan shows Security Update KB5050411 connected to WinRE and the Expiration of W10 Support in October. MSRT / NetFrmWk – 22H2 – 3.5 – 4.8/4.81 — & the CU. 2 Macrium Bkups Ready but have never used them for WU since 2019…..

AND. I have a Samsung S23U and see a Driver Update 2.19.1.0 offered. When I Searched That Driver number I found an old Thread that a guy couldn’t connect to his computer AFTER that Driver Install. I first thought of Installing it – BUT Not Now…. FYI

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

1 user thanked author for this post.

jburk07

Reply | Quote

Here is the MS documentation for KB5050411 WinRE Update for Windows 10.
Supposedly:

IMPORTANT This update will not be offered if your Windows Recovery Environment (WinRE) meets any of the following conditions:

• If the WinRE recovery partition does not have sufficient free space, see the NOTE in the “Summary” section. The note provides instructions about how to increase the available free space in the WinRE recovery partition.

• If the WinRE recovery partition was manually updated by using the procedure in Add an update package to Windows RE and is already up to date.

• If the WinRE image has a version greater than or equal to version 10.0.19041.5363. To determine the version of your WinRE image, check the WinREVersion registry value at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion.

• If your running PC does not have a WinRE recovery partition. To verify if you have WinRE enabled, run the following command in an elevated command prompt: reagentc /info. If WinRE is enabled, you will see Windows RE status in the output with a value of Enabled. In this scenario, this update might be needed.

And in addition, this Summary:

This update automatically applies Safe OS Dynamic Update (KB5050199) to the Windows Recovery Environment (WinRE) on a running PC. The update installs improvements to Windows recovery features.

NOTE This update requires 250 MB of free space in the recovery partition to install successfully.

If you would like to make sure your device is offered this update, please follow the Instructions to manually resize your partition or use a sample script to increase the size of the WinRE recovery partition.

Once your partition has sufficient disk space, click Start > Settings > Windows Update > Check for updates to have the update offered to you and then install it.

6 users thanked author for this post.

abbodi86, AJ2000, jburk07, deuxbits, Lars220, Fred

Reply | Quote

Reads like we’ve travelled back in time to January 2024, WinRE once again..
Is it just me, or is this becoming tediously ridiculous? /heavy sigh

Windows - commercial by definition and now function...

2 users thanked author for this post.

Lars220, Deo

Reply | Quote

Just installed the January ‘25 updates.

“Control Panel | Programs | Programs and Features | Installed Updates” reports that KB5050411 was installed.

“Settings | Updates & Security | Windows Update | View update history” reports that KB5050411 was installed.

Powershell script “Get Update History.ps1” produces a CSV file which reports that KB5050411 FAILED.

See attached file which includes the failure message and the script content. [removed file]

Any idea why the Powershell script reports failure, even though the update appears to have succeeded?

Is there a reliable way to determine if the update was indeed successful?

Thank you.

Moderator Edit: Please do not attach files that we need to download, verify as safe, and open to read contents.

Reply | Quote

Check the Build in the WinRE. Has it been updated? If you don’t know what the build was previously, it also includes a “modified date.”
That’s what KB5050411 is for.

In an elevated Command Prompt:

reagentc /info

Replace the “4” partition number with the number reported above.
In an elevated Command Prompt:

Dism /Get-ImageInfo /ImageFile:\\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\winre.wim /index:1

Reply | Quote

Result of reagentc command:

reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration
Information:

Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk1\partition4\Recovery\WindowsRE
Boot Configuration Data (BCD) identifier: 645b3f61-bfcb-11ee-8309-a4bb6d404d7a
Recovery image location:
Recovery image index: 0
Custom image location:
Custom image index: 0

REAGENTC.EXE: Operation Successful.

Not sure what you meant by “Replace the “4” partition number with the number reported above”, though I did have to change the harddisk number.

Result of DISM command:

Dism /Get-ImageInfo /ImageFile:\\?\GLOBALROOT\device\harddisk1\partition4\Recovery\WindowsRE\winre.wim /index:1

Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Details for image : \\?\GLOBALROOT\device\harddisk1\partition4\Recovery\WindowsRE\winre.wim

Index : 1
Name : Microsoft Windows Recovery Environment (x64)
Description : Microsoft Windows Recovery Environment (x64)
Size : 2,692,806,052 bytes
WIM Bootable : No
Architecture : x64
Hal : <undefined>
Version : 10.0.19041
ServicePack Build : 5363
ServicePack Level : 0
Edition : WindowsPE
Installation : WindowsPE
ProductType : WinNT
ProductSuite :
System Root : WINDOWS
Directories : 3871
Files : 18364
Created : 12/7/2019 – 2:11:48 AM
Modified : 2/6/2025 – 11:11:22 AM
Languages :
en-US (Default)
The operation completed successfully.

“Modified” date indicates today, so presumably the update was successful? (Is 10.0.19041 the right version?)

Thank you.

Reply | Quote

Bruce wrote:

Not sure what you meant by “Replace the “4” partition number with the number reported above”

Looks good to me.
Sometimes the WinRE partition is not partition4. So that’s why.

 

1 user thanked author for this post.

Bruce

Reply | Quote

Bruce wrote:

Version : 10.0.19041 ServicePack Build : 5363 ServicePack Level : 0

Hi Bruce:

Just to add to PKCano’s comment in post # 2745921, the important information in the output for your DISM/Get-ImageInfo /ImageFile… command is the ServicePack Build: 5363 (i.e., not Version: 10.0.19041).

From the release notes for the KB5050411 WinRE update of 14-Jan-2025, which state in part:

IMPORTANT This update will not be offered if your Windows Recovery Environment (WinRE) meets any of the following conditions:

• If the WinRE image has a version greater than or equal to version 10.0.19041.5363. To determine the version of your WinRE image, see the “Methods to verify the WinRE version installed” section.

As noted in the above quote, the reagentc /info and DISM/Get-ImageInfo /ImageFile… commands suggested by PKCano to find your current WinRE build are  also available at the bottom of the release notes for KB5050411 (and most other WinRE updates) under “Method 2: Use the DISM command“.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5371 * Firefox v135.0.0 * Microsoft Defender v4.18.24090.11-1.1.24090.11 * Malwarebytes Premium v5.2.5.158-1.0.5135 * Macrium Reflect Free v8.0.7783

Reply | Quote

Bruce wrote:

Moderator Edit: Please do not attach files that we need to download, verify as safe, and open to read contents.

Does this mean that attachments should not be used unless they’re inserted into content?

If this is a new rule it should be included in the rules.

Reply | Quote

Attachments that everyone can see, like a PNG/JPEG are fine. Attaching a DOC file with screenshots etc is not, for the reason stated.

cheers, Paul

Reply | Quote

Hardened Windows user:
A side updates:

KB5050021 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems
KB5049624 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for x64
KB5050525 .NET 8.0.12 Security Update for x64 Client
KB890830 Windows Malicious Software Removal Tool x64 – v5.131

No hiccups.

Now running Windows 11 Pro Version 23H2 (OS Build 22631.4751). I’ll wait for the push on my NAS and E5420.

B side updates:

KB5050009 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems
KB5049622 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 for x64
KB5007651 Update for Windows Security platform – (Version 10.0.27703.1006)
KB890830 Windows Malicious Software Removal Tool x64 – v5.131

No hiccups.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.2894).

I’ll wait for the push for my NAS and laptop.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

4 users thanked author for this post.

AJ2000, SteveIT, Fred, fernlady

Reply | Quote

I just went in to check updates because I couldn’t remember the pause date.
KB5007651 was listed but I’m safe for the time being, I hope! January 28th is
when I should be worried, correct?

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

2025-01 Cumulative Update for Windows 11 Version 24H2 for x64-based

2025-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 for x64 (KB5049622)

2025-01 .NET 9.0.1 Security Update for x64 Client (KB5050526)

Windows Malicious Software Removal Tool x64 – v5.131 (KB890830)

All installed with no problems.

Now running Windows 11 Pro Version 24H2 OS build 26100.2894.

--Joe

1 user thanked author for this post.

AJ2000

Reply | Quote

I just hit Download error – 0x80070643 on KB5050411 on my Windows 10 at home.  Ugh.

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

AJ2000, jburk07, deuxbits, Lars220, Fred

Reply | Quote

Microsoft switched from dancing to Ballroom Dancing

* _ ... _ *

Reply | Quote

with the occasional breakdancing to hip-hop patch drop..

Windows - commercial by definition and now function...

Reply | Quote

The Windows security updates for January 2025 are now available

.Windows 10 version 22H2: 120 vulnerabilities, 5 critical, 115 important

Windows 11 version 22H2 and 23H2: 120 vulnerabilities, 5 critical, 115 important

Windows 11 version 24H2: 121 vulnerabilities, 9 critical, 46 important

Windows Server 2008 R2 (extended support only): 78 vulnerabilities: 6 critical, 72 important

Windows Server 2012 R2 (extended support only): unknown

Windows Server 2016: 110 vulnerabilities: 7 critical, 103 important

Windows Server 2019: 117 vulnerabilities: 7 critical, 112 important

Windows Server 2022: 121 vulnerabilities: 7 critical, 114 important

Windows Server 2025: 125 vulnerabilities: 7 critical, 118 important…

2 users thanked author for this post.

AJ2000, Fred

Reply | Quote

Micro$oft did it all by itself when everyone was sleeping
no warnings, no choices [ 2025 ‘-(   ]
Windows 11 Pro 23H2 Build.22631.4751

 

* _ ... _ *

1 user thanked author for this post.

Alex5723

Reply | Quote

I never understood the significance of counting CVEs and vulnerabilities each month

3 users thanked author for this post.

deuce120, Mark, Microfix

Reply | Quote

Likely attributed to the lack of useful OS or browser good news across the interweb. Reminds me of the old NIKE®™ slogan: ‘just do it!’
..and test yourself

Windows - commercial by definition and now function...

Reply | Quote

Hi abbodi86,

True, for most consumer and casual users, vulnerability counting can just be a curiosity. I’m one who does find curiosity in such things.

For my job however, vulnerability counting becomes essential since when you are briefing C-Suite leaders or reporting to your manager at end of the quarter or month, its very useful to know how many vulnerabilities were fixed and how severe they were. Briefing the C-Suite on this and other areas of interests to them can not only help keep your job but also justify how large the cyber security team is and to keep or increase your budget for next year.

The same data also serves as an important reference to patching teams who work late nights on Friday nights and on weekend to patch everything during out of office hours so that everything is in order for the start of business on Monday. Knowing how many vulnerabilities and how sever they are allows these patching teams to patch the most severe and numerous vulnerabilities first.

I hope this is useful on why such data can be important. Thanks.

1 user thanked author for this post.

abbodi86

Reply | Quote

What’s the problem..?

Windows - commercial by definition and now function...

Reply | Quote

I only received KB 50449981 and KB5050188. I did not receive KB 5050411, KB5046613 or KB5048239. My OS is Win 10 Pro 22H2 (19045.5247). For the time being I have hid the two updates I received for later installation.

Do I get missing updates from MS Update Catalog or just leave well enough alone and just install what I received? Any thoughts?

Peace, CAS

Reply | Quote

Never-mind. It appears that the “missing” updates all relate to windows recovery environment which I do not use. All my drives are backed up to an external hard drive whenever there’s an MS update, a change to my browser or a significant app.  I found and interesting discussion on this topic here.

Peace, CAS

Reply | Quote

No problems w/Win10 updates here.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

4 users thanked author for this post.

Rob Kay, lmacri, AJ2000, jburk07

Reply | Quote

Updated Win10 on my desktop machine.  All went smooth.  No issues.

Desktop mobo Asus TUF X299 Mark 1, CPU: Intel Core i7-7820X Skylake-X 8-Core 3.6 GHz, RAM: 32GB, GPU: Nvidia GTX 1050 Ti 4GB. Display: Four 27" 1080p screens 2 over 2 quad.

3 users thanked author for this post.

AJ2000, jburk07, deuxbits

Reply | Quote

So far, I am still receiving updates to all of my “unsupported” Win11 machines, despite the warning I received while upgrading to 24H2. All four successfully updated with:

2025-01 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5050009)

2025-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 for x64 (KB5049622)

Currently: OS Build 26100.2894

Reply | Quote

Updated x3 Windows 11 Pro 23H2:
Two installations of Win11 Pro on ARM in Parallels 20 VMs on Apple Silicon Macs, one Win11 Pro hardware install on a low-end HP desktop.

2025-01 Update for Windows security platform KB5007651
2025-01 .NET Framework 3.5/4.8.1 KB5049621
2025-01 CU KB5050021 for Win11 23H2
Defender updates
MSRT (N/A for Windows 11 on ARM)

Observations:
+ All three updates proceeded without problems.
+ The HP desktop (h/w install) restarted at 30%, hesitated for quite a while at 93-94%, then restarted again before the login screen. The two installations in the VMs did not experience the second restart.
+ The WinRE Build was updated from 22631.4455 -> 22631.4742.

3 users thanked author for this post.

abbodi86, SteveIT, Microfix

Reply | Quote

Updated x3 Windows 10 Pro 22H2:
Win10 Pro in Parallels 20 VM on 2017 iMac4K (Intel Haswell i7)
Win10 Pro in Parallels 18 VM on 2012 MacBook Pro (Intel Ivy Bridge i7)
Win10 Pro hardware install on old Dell Studio XPS 1340 laptop

2025-01 CU for .NET 3.5/4.8/4.8.1 KB5050188
2025-01 CU KB5049981 for Win10 22H2
** 2025-01 Security Update for Windows 10 22H2 KB5050411 failed on download error 0x80070643
Defender updates
MSRT
** After the restart
2025-01 Security Update for Windows 10 22H2 KB5050411

Observations:
+ The updates installed on all machines (eventually).
+ KB5050411 was in the initial Windows Update queue. It failed, giving “Download error 0x80070643.” There was a “Retry” link under the listing. On the first machine, I clicked the “Retry” link while the CU KB5049981 was installing and Windows Update changed to “Searching for Updates” for a long time. I finally closed the Settings App, reopened it, and the CU KB5049981 installation was requesting a restart. After the restart, I checked the WinRE Build and it was still on 19041.5125. In Windows Update, KB5050411 was again offered, downloaded, and installed without a request for restart. The WinRE Build changed to 19041.5363 with modification date 01/15/2025.
On the second machine, the same thing occurred with the “Download error” for  KB5050411, but I left it as is with “Retry” and restarted when the CU KB5049981 requested. KB5050411 was again offered in Windows Update after the restart, downloaded, and installed without a request for restart.
CONCLUSION: It seems that the 2025-01 CU KB5049981 must be installed first, before the Security Update for Windows 10 22H2 KB5050411, in order for the latter to install and update the WinRE partition.
+ The WinRE partitions on all three machines updated from Build 19041.5125 ->Build 19041.5363 after the installation of KB5050411 with the modification date of 01/15/2025.

9 users thanked author for this post.

Rob Kay, abbodi86, lmacri, AJ2000, TechTango, jburk07, dataman1701, deuxbits, Lars220

Reply | Quote

PKCano wrote:

+ The WinRE partitions on all three machines updated from Build 19041.5125 ->Build 19041.5363 after the installation of KB5050411 with the modification date of 01/15/2025.

Did you have 250 MB free space before installing KB5050411 on your 3 Windows 10 Pro 22H2 machines?

Reply | Quote

Anyone encountering the ‘Bitlocker’ bug?
Seems to affect W10 and 11 devices that have a TPM chip where upon checking the bitlocker settings, displays ‘For your security, some settings are managed by your administrator’

See the following for more info:
https://www.bleepingcomputer.com/news/microsoft/windows-bitlocker-bug-triggers-warnings-on-devices-with-tpms/

Microsoft says it’s currently working on a fix and will provide more details about the issue when it has more information.

Windows - commercial by definition and now function...

2 users thanked author for this post.

deuxbits, PKCano

Reply | Quote

Have not seen that.  But then again I only have bitlocker enabled on Windows 11 machines like the copilot+ one.  I don’t have it on a Windows 10 unmanaged machine.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

deuxbits

Reply | Quote

Accidental update tester reporting in, I usually wait for Patch Lady advice for safe updating, but somehow I messed up with WuMgr and got KB5050411 installed. It is a new improved Windows Recovery Environment update. I had been hiding them because of the troubles they had. This one installed ok, so I thought I would let others know. Mayank Parmar at the Windows Latest website has an article out today that gives good information:

https://www.windowslatest.com/2025/01/15/microsoft-confirms-windows-10-kb5048239-reinstalling-bug-kb5050411-fixes-it/

P.S. just re-read PKCano notes, for info, I did not install any other 2025-01 updates, only the KB5050411 installed by itself without the other updates. Also, I do not like being “accidental” update tester, just wanted to share my experience. “It” installed without others, ymmv.

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

4 users thanked author for this post.

AJ2000, jburk07, deuxbits, PL1

Reply | Quote

Well, this is odd. I’ve been ‘offline’ ethernet unplugged since Dec 28/2024. Win 10 22H2 Pro. GP edit set to “2”.

Usually, anytime I boot or sign into sleeping PC offline, I get “you’re up to date!” and can proceed with plugging in ethernet to use winshowhide when I plug in later. Has worked flawlessly for yrs. (ie pulling PC off internet days before Black Tues. Not sure what to do now. Totally odd. (NO, I have not yet put it online!)

Reply | Quote

Setting Windows Updates GP to 2 – Notify for download and auto install doesn’t stop the Windows Update service from running update check every 22 hrs (±4 hrs), unless you’ve paused updates, in simply prevents it from automatically downloading & installing the updates; you get a Download button when updates are available.

If there’s no internet connection when the update service runs it’s update check, you’ll get that message.

So, if you haven’t seen it since Dec 28, it means either updates were paused and it’s been more than the “maximum allowed pause time” of 35 days or you’ve never powered up/used your PC during the active hours you have set until yesterday.

FYI, your display indicates the update service ran it’s check Jan 15 at 05:18 PM which means, unless you pause updates again, the next check will happen Jan 16 between 10:18:37 AM and 03:18:37 PM (provided your PC is powered up during those hours.)

 

1 user thanked author for this post.

Deo

Reply | Quote

Thx @n0ads. No ‘pause’ ever used, “metered” connection always ‘on’.

PC always offline 2 days prior to Patch Tues. First time I have ever seen this msg occurring while ‘offline’ even though PC is sleeping (I don’t turn PC off when offline) since 2021. In this case, after seeing that, I did restart offline  (which again in past has never posed a problem) to same result. Time of day has never been an issue (shift worker, so morn/noon/night, no prior issue such as this). Even when MR b/up or itunes b/up offline.

Still offline, I awoke PC still offline at 4:57pm today= back to normal! “You’re up to date!’

Offered KB5049981 & Net kb 5050188. KB5050411 not offered as my WINRE is too small.  Hidden via winshowhide until all clear by Defcon. All is back to ‘well’. TY

Reply | Quote

Windows 11 Pro 23H2 report:
Device: Alder Lake – 12th Gen

Installed the following:
kb5050525 .NET security update 8.012
kb5049624 .NET 4.81 CU
kb5050021 CU for Windows 11 23H2

Behavioural Observations:
Double restart invoked during kb5050021 CU installation.
Updating did wipe out some older ‘history of updates’…
Bitlocker still OFF on TPM v2.0 with NO’ administrator warning’.
No changes to O&O Shutup pre-configured switch settings.

Now on OS Build: 22631.4751
SFC check no violations and DISM image is healthy.

Windows - commercial by definition and now function...

1 user thanked author for this post.

AJ2000

Reply | Quote

Fred wrote:

Micro$oft did it all by itself when everyone was sleeping
no warnings, no choices [ 2025 ‘-(   ]
Windows 11 Pro 23H2 Build.22631.4751

 

Did what exactly?
Update to 23H2, you should be on that?

If you have not wrested control of the update from Windows, run WuMgr now and select “Disable Windows Update” on the “Auto Update” tab, then reboot.

cheers, Paul

Reply | Quote

Hi Susan:

Windows Update successfully installed all updates offered for the January 2025 Patch Tuesday on my Win 10 Pro v22H2 laptop, and I haven’t noticed any problems so far. This includes:

• KB5049981: 2025-01 Cumulative Update for Win 10 Version 22H2 for x64 (OS Build 19045.5371)
• KB5050188: 2025-01 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64
• KB5050525: 2025-01 .NET 8.0.12 Security Update for x64 Client
• KB890830 : Windows Malicious Software Removal Tool x64 – v5.131

As usual, I observed the early “Restart Now” glitch that always occurs when Windows Update delivers a .NET Framework update with my other my Patch Tuesday updates (see my attached image). I simply waited for the KB5049981 monthly Quality Update to finish installing and reach a status of “Pending Restart” before I clicked the “Restart Now” button.

I was not offered the KB5050411 Windows Recovery Environment Update for Windows 10 Version 22H2 (rel. 14-Jan-2025), but this was expected since my WinRE partition does not have the required 250 MB of free space (currently 96.7 MB free space, version 10.0.19041 / Build 3920, last modified 16-Jan-2024).

I have TPM 2.0 and BitLocker drive encryption is turned OFF on my Win 10 Pro machine, and I do not see the “For your security, some settings are managed by your administrator” alert in my BitLocker control panel described in the 15-Jan-2025 BleepingComputer article Windows BitLocker bug triggers warnings on devices with TPM.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5371 * Firefox v134.0.1 * Microsoft Defender v4.18.24090.11-1.1.24090.11 * Malwarebytes Premium v5.2.4.157-1.0.5116 * Macrium Reflect Free v8.0.7783

Reply | Quote

lmacri wrote:

Windows Update successfully installed all updates offered for the January 2025 Patch Tuesday on my Win 10 Pro v22H2 laptop, and I haven’t noticed any problems so far.

That’s good to hear, @lmacri.

But, could you please go into your events log for Windows to see if you have any errors related to the System Guard Runtime Monitor broker service? There aren’t any overt symptoms except for an event log entry, apparently.

If you do have any entries concerning that service that have appeared since installing the January updates, see the following Topic started by @CAS here on AskWoody for more details and to “commiserate”:

https://www.askwoody.com/forums/topic/system-guard-runtime-broker-service-error/

From the sounds of things in that Topic, it appears that the service is unable to start due to insufficient permissions after some have installed the January update for Windows, KB5049981, on their machines.

Reply | Quote

Bob99 wrote:

could you please go into your events log for Windows to see if you have any errors related to the System Guard Runtime Monitor broker service?

Hi Bob99:

See my 20-Jan-2025 post # 2740940 in CAS’ topic System Guard runtime broker service Error. This is a minor bug that has no effect on system performance and Microsoft has already released a bulletin (Message ID WI982633) stating that this glitch will be fixed in a future Win 10 release.  From that bulletin:

“This service was originally created for Microsoft Defender, but it has not been a part of its operation for a very long time. Although Windows updates released January 14, 2025 conflict with the initialization of this service, no impact to performance or functionality should be observed.

There is no change to the security level of a device resulting from this issue. This service has already been disabled in other supported versions of Windows, and SgrmBroker.exe presently serves no purpose.”

———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5371 * Firefox v134.0.1 * Microsoft Defender v4.18.24090.11-1.1.24090.11 * Malwarebytes Premium v5.2.4.157-1.0.5116 * Macrium Reflect Free v8.0.7783

3 users thanked author for this post.

windbg, Bob99, PL1

Reply | Quote

https://www.neowin.net/news/microsoft-released-windows-kb5050411-update-to-fix-kb5048239-that-wont-stop-installing/

Microsoft fixed KB5048239 WinRE update that kept installing over and over with a new KB5050411 (KB5050199)..

These WinRE dynamic updates are not pushed through Windows Update and are also available for manual downloading from the Windows Update Catalog website.

KB5050199, KB5050198, KB5050120, and KB5050121

Reply | Quote

Alex5723 wrote:

… These WinRE dynamic updates are not pushed through Windows Update and are also available for manual downloading from the Windows Update Catalog website. KB5050199, KB5050198, KB5050120, and KB5050121

Hi Alex5723:

I might have misunderstood the purpose of your post # 2740722, but it appears the KB5050199 Safe OS Dynamic Updates recently posted on the Microsoft Update Catalog at https://www.catalog.update.microsoft.com/Search.aspx?q=KB5050199 are .CAB files that can be used to patch (slipstream) Win 10 ISO installation media with the latest WinRE version. The 19-Jan-2025 Neowin article Microsoft released Windows KB5050411 update to fix KB5048239 that won’t stop installing you referenced says as much and states:

“For those who may not be aware, these Dynamic Update packages are meant to be applied to existing Windows images prior to their deployment. In a Techcommunity blog post about Windows 10 Dynamic Updates, Microsoft explained Dynamic Updates in more detail regarding its various components and uses. These packages include fixes to Setup.exe binaries, SafeOS updates for Windows Recovery Environment, and more …”

I know there are ways for advanced users to use DISM /Online /Add-Package commands in Command Prompt or PowerShell to install updates distributed as .CAB files, but for Win 10 users like me who were not offered the KB5050411 WinRE update in Jan 2025 (which installs the KB5050199 Safe OS Dynamic Update on a running PC to patch the WinRE to v10.0.19041.5363) I don’t think the KB5050199 .CAB file is meant to be downloaded and run like “regular” standalone .MSU and .EXE installers on the Microsoft Update Catalog. Even if KB5050199 was offered as a standalone .MSU installer, I suspect it would still require at least 250 MB of free space on the WinRE partition in order to install successfully.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5371 * Firefox v134.0.1 * Microsoft Defender v4.18.24090.11-1.1.24090.11 * Malwarebytes Premium v5.2.4.157-1.0.5116 * Macrium Reflect Free v8.0.7783

3 users thanked author for this post.

Deo, windbg, PKCano

Reply | Quote

Installed:

KB5050021 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems
KB5049624 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for x64
KB5050525 .NET 8.0.12 Security Update for x64 Client
KB890830 Windows Malicious Software Removal Tool x64 – v5.131

for Windows 23H2 Pro

It took some time, and the Cumulative Update for Windows tried to restart twice, but didn’t complete the second time. No obvious anomalies noted.

Mark

 

 

Reply | Quote

Running a VM under Hyper-V?
Reports coming in that an sgrmbroker 0x80070005 error is thrown in event viewer and system logs in Win10 22H2 post Jan 14-2025 patching of either kb5049981 or Windows Server 2022 kb5049983.

Ref and more detail:
https://borncity.com/win/2025/01/21/windows-10-server-2022-microsoft-confirms-sgrmbroker-issues-after-jan-2025-update/

Temporary Fix: Until MSFT either issue an OoB or KIR

cmd (as admin) insert the following code then press ENTER:

sc.exe config sgrmagent start=disabled

Don’t close the cmd prompt yet..

Followed by this and press ENTER:

reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD

Windows - commercial by definition and now function...

Reply | Quote

Microfix wrote:

Running a VM under Hyper-V? Reports coming in that an sgrmbroker 0x80070005 error is thrown in event viewer and system logs in Win10 22H2 post Jan 14-2025 patching of either kb5049981 or Windows Server 2022 kb5049983. Ref and more detail: https://borncity.com/win/2025/01/21/windows-10-server-2022-microsoft-confirms-sgrmbroker-issues-after-jan-2025-update/

Hi Microfix:

The Windows 10 glitch with the System Guard Runtime Monitor Broker service isn’t restricted to VMs. See my 20-Jan-2024 post # 2740945 above and the ongoing discussion in CAS’ 16-Jan-2025 topic System Guard Runtime Broker Service Error.

As noted in the borncity.com article you referenced, “Microsoft states that there is no need to start this service manually or configure it in any way (this could cause unnecessary errors). Future Windows updates will adjust the components used by this service and SgrmBroker.exe.”
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5371 * Firefox v134.0.1 * Microsoft Defender v4.18.24090.11-1.1.24090.11 * Malwarebytes Premium v5.2.4.157-1.0.5116 * Macrium Reflect Free v8.0.7783

1 user thanked author for this post.

Microfix

Reply | Quote

Classic Outlook crashes on reply and forward

ISSUE

After updating to Version 2412 (Build 18324.20168) classic Outlook may crash when starting a new email, or when replying or forwarding an email.

You can confirm if this is the issue by looking at the Windows Event Viewer Application Log for crash Event 1000 or Event 1001, and the following event details:  

Faulting application name: OUTLOOK.EXE, version: 16.0.18324.20168, time stamp: 0x677828da
Faulting module name: OUTLOOK.EXE, version: 16.0.18324.20168, time stamp: 0x677828da ..

This issue is fixed for Current Channel with Version 2501 Build 18429.20000 estimated to be released January 28, 2025.

To work around the issue, you can revert to the prior Version 2411 (Build 18227.20162)..

1 user thanked author for this post.

windbg

Reply | Quote

BEWARE OUT THERE..
Windows 11 24H2 is Now in ‘Broad Deployment’ as of 21st January 2025!
That’s for eligible devices running either Windows 10 or 11..

Ref:
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2

The importance of having recent system images take effect….

Windows - commercial by definition and now function...

Reply | Quote

Is this KB5007651 for 24H2?

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

KBKB5007651 is for Win11 23H2 Home and Pro.

Reply | Quote

Good, I was afraid to download when it was time. Thanks PK

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

Check Susan’s Master Patch List about installation.

 

Reply | Quote

Microsoft 365 – Semi-Annual Enterprise Channel – Version 2408 (Build 17928.20392)

The January 14, 2025 security update is causing, at least for us, problems initially opening attached files (so far PDF and DOCX).  By default, our PDFs open using the Edge browser.

The issue is when you initially double-click the PDF attachment, you receive an error from Microsoft Outlook “You don’t have appropriate permissions to perform this operation.”

[Edit:] Tracked it down to our anti-virus software causing it.  I’m not smart enough to know how to delete this reply.

Reply | Quote

Microfix wrote:

The importance of having recent system images take effect….

..and using InControl / TRV

Reply | Quote

Since my pause updates were about to expire I updated today
and kept my fingers crossed. So far everything is fine!

2025-01 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for x64 (KB5049624)
2025-01 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5050021)
Advanced Micro Devices, Inc. – Display – 32.0.11027.2001
Update for Windows Security platform – KB5007651 (Version 10.0.27703.1006)
Windows Malicious Software Removal Tool x64 – v5.131 (KB890830)

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

I am not seeing KB5007651 in the Master Patch List for Windows 11 ???

Reply | Quote

That’s just an av pattern update – I consider that more like “plumbing “.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Just a quick question – is there any order to how the Jan patches are to be installed? I have Win 10 22H2 and was offered KBs 5050411, 5050188, and 5049981. I usually just do them all at once, but should I do one at a time, and start with 5049981 first? Or doesn’t it matter now that MS has had time to look at these?

Thanks!

Reply | Quote

You can run all three at once. If you get a download error on 5050411 (Win RE update), come back after the reboot for 5050411 and it should install without requesting reboot. (My personal experience)

1 user thanked author for this post.

LHiggins

Reply | Quote

Thanks! Much easier! Will post back if I have any issues!

Reply | Quote

In another post DrCard:)) claims he/she got the NEW Outlook installed with the January update.

Is this possible? Has anyone else reported this result?

Should we install Susan’s .reg or .bat block BEFORE installing the January CU on Windows 10?

Also, can someone advise whether Susan’s .reg or the .bat file is the best option choice? And for the novice, specifically how to properly utilize/install either file.

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

Tex265 wrote:

NEW Outlook installed with the January update.

Is this possible? Has anyone else reported this result?

Outlook new installed as preview on PCs with preview/get the latest updates = on

1 user thanked author for this post.

PL1

Reply | Quote

Alex5723 wrote:

Outlook new installed as preview on PCs with preview/get the latest updates = on

Unless:

Reply | Quote

@Alex5723,

Drcard:)) wrote:

I have a Windows 10 22H2 Home PC and the Get the latest updates when they are available is set to Off. Windows Update offers KB5050081 as a quality update available so it has Not installed KB5050081. That PC downloaded and installed the following January updates on 1/15/25: KB5049981 – Cumulative update KB5050188 – Net Framework update KB5050411 – Security update The New Outlook was downloaded and installed with those updates and KB5050081 was not installed. …

I added some bolding to the already-existing bolding in that quote.

So, Alex, according to DrCard:)), it installed even with that setting in the OFF position, contrary to your post.

 

Reply | Quote

I have all the settings you described as off, and I did not install the January updates yet as they are on pause. I have the old and new outlook on my laptop that installed on its own!

Thoughts?

Win 10 Home 22H2

Reply | Quote

Alex5723 wrote:

Outlook new installed as preview on PCs with preview/get the latest updates = on

You’re right about this. I got the new outlook installed with Other MSFT Products set to OFF on Win11 24H2.

Reply | Quote

From the Previews are previews thread.

Drcard:)) wrote:
According to Microsoft it was installed as part of the original 24H2 install.

Windows 11 builds after 23H2 have the new Outlook app preinstalled for all users.

So, if you updated your OS to Windows 11 24H2, the new Outlook was part of that update and not the January updates (See Block new Outlook preinstall on Windows for details.)

1 user thanked author for this post.

PL1

Reply | Quote

I was offered Update for Windows Security platform – KB5007651 (Version 10.0.27703.1006) again. Anyone else get a duplicate? It installed January 26, 2025

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

It hasn’t shown up again on the two of my installations that I checked.
Did it install successfully the first time, or did it get an error and fail?

Reply | Quote

No error, says it installed

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

If that is the only thing offered, it probably won’t hurt to see if it installs again. If there is a Preview .NET also offered, block that.

Reply | Quote

It downloaded and installed, the only thing that changed that I can tell is the installation date for today. No .net’s.

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

Win10 22H2 Pro with GP ‘2’ & winshowhide. Local accounts only.  Jan 2025 updates with Msoft products set to ‘on’:

• CU kb 5049981
• .Net 5050188
• in Control panel>Programs>Programs&features>installed updates: kb5049613

All seems ok. kb890830 did NOT show up as installed until reboot (and vanished during install) was only oddity.

Susan’s reg file 7000002 to block previously downloaded held-no outlook.

Reply | Quote