August 12, 2025—KB5063950 (Monthly Rollup)
Applies To
Release Date:
8/12/2025
Version:
Monthly Rollup
Windows Secure Boot certificate expirationÂ
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.
The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only are met as described in Connected Machine agent network requirements.
Support for Windows Server 2012 R2 will end in October 2026
Windows Server 2012 R2Â reached the end of support (EOS) on October 10, 2023.Â
Extended Security Updates (ESUs) are available for purchase and will continue for three years, renewable on an annual basis, until the final date on October 13, 2026. For information about the procedure to continue receiving security updates, see KB5031043.Â
We recommend that you upgrade to a later version of Windows Server. For more information, see Overview of Windows Server upgrades.
|
Change date |
Change description |
|
September 9, 2025 |
|
Summary
Learn more about this cumulative security update, including improvements, any known issues, and how to get the update.
Note For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, see Description of the standard terminology that is used to describe Microsoft software updates. To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history home page.
This security update includes fixes and quality improvements that were a part of the following update:
The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
-
[Internal Windows OS] Miscellaneous security improvements were made to internal Windows OS functionality. No additional issues are documented for this release.
For more information about the resolved security vulnerabilities, please refer to the Deployments | Security Update Guide and the August 2025 Security Updates.
Known issues in this update
Symptoms
A security improvement was included in the August 2025 Windows security update and later updates to enforce the requirement that User Account Control (UAC) prompt for administrator credentials when performing Windows Installer (MSI) repair and related operations. This improvement addressed security vulnerability CVE-2025-50173.
After installing the update, standard users might see a User Account Control (UAC) prompt in several scenarios.Â
-
Running MSI repair commands (such as msiexec /fu).
-
Opening Autodesk apps, including some versions of AutoCAD, Civil 3D and Inventor CAM, or when installing an MSI file after a user signs into the app for the first time.
-
Installing apps that configure per user.
-
Running Windows Installer during Active Setup.
-
Deploying packages through Manager Configuration Manager (ConfigMgr) that rely on user-specific "advertising" configurations.
-
Enabling Secure Desktop.
If a non-admin user runs an app that initiates an MSI repair operation without displaying UI, it will fail with an error message. For example, installing and running Office Professional Plus 2010 as a standard user will fail with Error 1730 during the configuration process.
Resolution
This issue is resolved by Windows updates released on and after September 9, 2025 (KB5065507). We recommend you install the latest update for your devices as it contains important improvements and issue resolutions, including this one.​​​​​​​
How to get this update
Before installing this update
To install any Windows Server 2012 R2 Monthly Rollup released on or after January 14, 2025, you must first install the latest Servicing Stack Update (SSU). If your device or offline image does not have the latest SSU installed, you cannot install this update.
Caution:Â Until you install the latest SSU, this update will not be offered to your device. To reduce your security risk, install the latest SSU as soon as possible.
-
If you use Windows Update, the latest SSU (KB5058529) will be offered to you automatically. After the latest SSU is installed, you will be able to install this update.
-
If you use the Update Catalog, you must download and install the latest SSU (KB5058529). After the latest SSU is installed, you will be able to install this update.
-
If you are a Windows Server Update Services (WSUS) administrator, you must approve SSU KB5058529 and this update KB5063950.
For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Language packs
If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Learn about adding a language pack to Windows.
Install this update
To install this update, use one of the following release channels.
|
Available |
Next step |
|
|
This update will be downloaded and installed automatically from Windows Update. |
|
Available |
Next step |
|
|
To get the standalone package for this update, go to the Microsoft Update Catalog website. To download updates from the Update Catalog, see Steps to download updates from the Windows Update Catalog. |
|
Available |
Next step |
|
|
This update will automatically sync with Windows Server Update Services (WSUS) if you configure Products and Classifications as follows:
|
File information
A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
