The sysadmin was seized with panic when Windows Server 2025 installed itself as a result of an error in the labeling of the update.

Web app security firm Heimdal experienced an unexpected wake-up call when customers discovered their systems had automatically upgraded from Windows Server 2022 to Windows Server 2025, causing a major security blunder.

Key Points:

1. Unexpected Upgrade: The real issue arose when a patch labeled as a security update for Windows Server 2022, specifically KB5044284, turned out to be a full OS upgrade to Windows Server 2025.

2. Root Cause: Heimdal traced the issue to an error in the Windows Update API. The KB number for this update was supposed to be associated with a security fix for Windows 11 but had mistakenly been linked to the Windows Server 2025 upgrade. This was an oversight on Microsoft's part, and it led to the unexpected OS upgrade.

3. Impact: By 18:05 UTC on November 5, Heimdal had traced the issue, and by the time they had alerted their customers, 7 percent of their user base had already been affected. These were systems that either upgraded to Windows Server 2025 without warning or were about to.

4. Admin Reactions: As you might imagine, sysadmins are not thrilled. The sudden, unplanned upgrade could lead to issues ranging from compatibility problems to license mismatches and potentially even data loss. For many admins, the real nightmare here is that rolling back to the previous system state won’t be simple or quick.

5. No Comment from Microsoft: Although both Heimdal and The Register reached out for comment, Microsoft hasn't responded after nearly 24 hours, which could add to the frustration of affected customers.

   
   

Administrators are concerned about their backup strategy and the costs and changes associated with moving to Windows Server 2025 due to incorrect labeling. Heimdal is blocking the update across server group policies, but the damage could be done to many customers. Microsoft's response and plans to compensate affected businesses are expected, leaving administrators scrambling to recover.