May 2025 updates are out

Topic

New Reply

Once again it’s the second Tuesday of the month. Time once again for the major “B” week release better known as Patch Tuesday. Remember at this time w
[See the full post at: May 2025 updates are out]

Susan Bradley Patch Lady/Prudent patcher

7 users thanked author for this post.

deuce120, James Denneny, deuxbits, Pim, abbodi86, lmacri, Alex5723

Reply | Quote

Replies

AKB 2000003 has been updated for Group B Win7 and Win8.1 on May12, 2024.

See #2773382 and #2773383 for information on Win7 and Win8.1 updates (Logged in Member access required).

4 users thanked author for this post.

JD, Pim, abbodi86, SueW

Reply | Quote

See update notice for AKB 2000003 at post #2774522.

 

1 user thanked author for this post.

SueW

Reply | Quote

https://www.ghacks.net/2025/05/13/microsoft-windows-security-updates-for-may-2025-are-now-available/

1 user thanked author for this post.

deuxbits

Reply | Quote

Hardened Windows user:
A side updates:

KB5058411 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems
KB5059200 .NET 8.0.16 Security Update for x64 Client
KB890830 Windows Malicious Software Removal Tool x64 – v5.133

No hiccups.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.4061).

B side updates:

KB5058411 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems
KB5007651 (Version 10.0.27777.1008) Update for Windows Security platform
KB890830 Windows Malicious Software Removal Tool x64 – v5.133

No hiccups.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.4061).

I’ll wait for the push on my unsupported NAS and E5420.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Got the push on my NAS and Laptop overnight.

NAS – Unsupported Hardware
KB5058411 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems
KB5059200 .NET 8.0.16 Security Update for x64 Client
KB890830 Windows Malicious Software Removal Tool x64 – v5.133

No hiccups.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.4061).

E5420 – Unsupported Hardware
KB5058411 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems
KB5059200 .NET 8.0.16 Security Update for x64 Client
KB890830 Windows Malicious Software Removal Tool x64 – v5.133

No hiccups.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.4061).

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Windows Malicious Software Removal Tool x64 – v5.133 (KB890830)

2025-05 .NET 9.0.5 Security Update for x64 Client (KB5059201)

2025-05 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5058411)

All installed without issues.

Now running Windows 11 Pro 24H2 build 26100.4061

--Joe

Reply | Quote

Windows 10 Pro 22H2.

Installed May updates.

All is well

1 user thanked author for this post.

lmacri

Reply | Quote

You will have to reinstall everything, but there is another way to escape the end of Windows 10 support in October – and it’s cheaper than a new PC.

https://www.theregister.com/2025/04/22/windows_10_ltsc/

<Moderator edit> removed formatting and most of article due to plagiarism. Please do NOT post screen grabs from other sites.
If you must post screen grabs, use the “paste plain text” option to remove formatting.

Reply | Quote

Folks, unless you are a business you cannot buy this version.  I practice legal computing here.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

deuxbits, Paul T

Reply | Quote

Seeing some reports of issues in businesses with bitlocker and KB5058379.

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

deuxbits, satrow, lmacri, Alex5723

Reply | Quote

Susan Bradley wrote:

Seeing some reports of issues in businesses with bitlocker and KB5058379

Windows 10: May 13 -KB5058379 Windows 10 leads to corruption and endpoints asking for bitlocker key

Latest KB5058379 released May 13 quality update failed in Windows 10 devices. Some devices it caused triggering bitlocker key window after restart. Still Update seems failed. Some fall in loop of restarts. Is there any known issue ? This is mainly affected devices managed by Intune.Lenovo Thinkpad. some cases Keyboard is getting disabled and user not able to pass the bitlocker keyCan someone shed some light here?…

Before running monthly updates I disable the A/V software. Maybe users running systems with Bitlocker should disable the service and enable after the update ?

* This has happened in the past, July 2024

Devices might boot into BitLocker recovery with the July 2024 security update
This issue is more likely to affect devices that have the Device Encryption option enabled. Resolved KB5041580

Reply | Quote

Hi.
Just wanted to mention that the by Alex posted link: https://www.windowsphoneinfo.com/threads/may-13-kb5058379-windows-10-leads-to-corruption-and-endpoints-asking-for-bitlocker-key.1485745/
is of “thread stealing” site.
The original thread sits here: https://answers.microsoft.com/en-us/windows/forum/all/may-13-kb5058379-windows-10-leads-to-corruption/58b3b179-70a0-4bd8-abae-c9b89dd9c9b9

3 users thanked author for this post.

deuxbits, satrow, Alex5723

Reply | Quote

W10 kb5058379 triggers Bitlocker Recovery
Windows 10 KB5058379 seems to be causing some PCs to boot into Windows Recovery that requires the BitLocker key…

Ref: https://www.windowslatest.com/2025/05/15/windows-10-kb5058379-locks-pcs-bitlocker-recovery-triggered-on-boot-bsods/

Based on reports seen by Windows Latest, the following versions/editions/OEMs of Windows 10 are affected:

Windows 10 22H2
Windows 10 21H2 LTSC / Enterprise
Dell, HP and Lenovo PCs

There’s a fix/ workaround within the article should your device be affected.

Windows - commercial by definition and now function...

1 user thanked author for this post.

lmacri

Reply | Quote

Microfix wrote:

W10 kb5058379 triggers Bitlocker Recovery
Windows 10 KB5058379 seems to be causing some PCs to boot into Windows Recovery that requires the BitLocker key…

Even if you have Bitlocker turned off at Control Panel | All Control Panel Items | BitLocker Drive Encryption? {I am a consumer}

Reply | Quote

If BL is off your disk is not encrypted and you will never need the recovery keys.

cheers, Paul

Reply | Quote

Do what Paul T says. If you want some extra peace of mind go to Services in the Control Panel and double click on Bitlocker. A small window will pop up where you can disable Bitlocker. There’s a small scroll bar in the pop up; scroll down and you’ll see the option to Disable. Click on Disable and then on Apply. It may not be required but whenever I do something like this I Restart the computer and then check to make sure the change took hold.

1 user thanked author for this post.

deuxbits

Reply | Quote

Updated two Win10 Pro 22H2 Build 19045.5737 to Build 19045.5854:
Win10 Pro in Parallels 20 VM on 2017 iMac4K (Intel Kaby Lake i7)
Win10 Pro hardware install on old Dell Studio XPS 1340 laptop

2050-05 CU for Win10 22H3 KB5058379.
Defender updates.
MSRT.

Observations:
+ No problems with either install. No Bitlocker, all Local IDs.
+ The WinRe was not updated and remained on April build 19041.5854
+ The empty C:\inetpub folder date was not changed (still April date)

2 users thanked author for this post.

abbodi86, lmacri

Reply | Quote

Updated two Win11 Pro 23H2 Build 22631.5191 to Build 22631.5335:
Two installations of Win11 Pro on ARM 23H2 in Parallels 20 VMs on Apple Silicon Macs.

2025-05 CU for Win11 23H2 KB5058405
Defender updates
MSRT (N/A on Apple Silicon)

Observations:
+ No problems with either install.
+ The WinRe was updated from Build 22621.5184 to Build 22621.5262
+ The empty C:\inetpub folder date was not changed (still April date)

2 users thanked author for this post.

abbodi86, SteveIT

Reply | Quote

Updated two Win11 Pro 24H2 Build 26100.3775 to Build 26100.4061:
One Win11 Pro 24H2 hardware install on a low-end AMD-based HP desktop.
One installation of Win11 Pro on ARM 24H2 in Parallels 20 VMs on M4Pro MacMini.

2025-05 CU for Win11 24H2 KB5058411
Defender updates
MSRT (N/A on Apple Silicon)

Background:
I bought the low-end AMD-based HP desktop (256GB SSD, low end CPU, and 8GB RAM) two or so years ago for two reasons. I wanted a cheap test Win11 machine. And, I had helped one of the residents where I live, who didn’t need much of a computer, buy the same model. So when they need an update/upgrade, which I support, I will know ahead of time if it works.
I upgraded that Win11 Pro 24H2 hardware install on the low-end AMD-based HP desktop from Win11 23H2 to Win11 24H2 a week ago using Windows Update to manage the upgrade. Didn’t have any problems (surprise! surprise!).

Observations:
+ No problems with either install.
+ The WinRe was updated from Build 26100.3762 to Build 26100.4054. The HP desktop experienced a second restart after the 100% – probably related with the WinRE update.
+ The empty C:\inetpub folder date was not changed (still April date)

2 users thanked author for this post.

abbodi86, SteveIT

Reply | Quote

Microfix wrote:

There’s a fix/ workaround within the article should your device be affected.

Just turn Bitlocker to off before any Windows update and turn it on after the update

I am turning off A/V before monthly updates.

Reply | Quote

Can any Win 10 users confirm that installing KB5058379 (OS Build 19045.5854) stopped the System Guard Runtime Monitor Broker service (SgrmBroker.exe) Event ID 7023 errors logged in their Event Viewer at Windows Logs | System at each Windows 10 startup?

According to Lawrence Abrams’s 13-May-2025 BleepingComputer article Windows 10 KB5058379 update fixes SgrmBroker errors in Event Viewer this bug should be fixed after the May 2025 Patch Tuesday updates are installed on Win 10.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5737 * Firefox v138.0.3 * Microsoft Defender v4.18.25030.2-1.1.25040.1 * Malwarebytes Premium v5.3.0.186-132.0.5253 * Macrium Reflect Free v8.0.7783

Reply | Quote

May updates installed on my “Canary” machine w/o issue. Note: this is an “UNSUPPORTED” computer:
Processor: i7-7700
TPM: 1.2

So for now at least MS is still allowing updated on unsupported hardware.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

abbodi86

Reply | Quote

RetiredGeek wrote:

May updates installed on my “Canary” machine w/o issue. Note: this is an “UNSUPPORTED” computer:

Hi RetiredGeek:

Am I correct that your “Canary” machine is running Win 11 v24H2?

In future it would be helpful if you could mention your Windows OS version so others don’t have to google your KB numbers.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5737 * Firefox v138.0.3 * Microsoft Defender v4.18.25030.2-1.1.25040.1 * Malwarebytes Premium v5.3.0.186-132.0.5253 * Macrium Reflect Free v8.0.7783

1 user thanked author for this post.

deuxbits

Reply | Quote

Imarci,

You are correct 24H2 Win 11 Pro. Sorry for the omission!

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

deuxbits

Reply | Quote

I just updated another “unsupported: computer to the latest Win 11 Pro 24H2.

This is a mini-pc with a Gibabyte MB (GB-BXi3-5010)
CPU: i3-5010U

Notes: Can’t turn on Core Isolation due to incompatible Intel video/audio drivers for the CPU (integrated graphics). If I delete the drivers and turn on Core Isolation and restart the computer boots but with the “Basic Windows Drivers”. The video works OK, but the settings you can change are limited and the Audio doesn’t work at all. The Intel Driver assistant offers no updates.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

Cybertooth

Reply | Quote

Microfix wrote:

There’s a fix/ workaround within the article should your device be affected.

Update from MSFT Support –

A support ticket has already been raised with the Microsoft Product Group (PG) team, and they are actively working on a resolution. In the meantime, Microsoft has provided the following workaround steps:

1. Disable Secure Boot

Access the system’s BIOS/Firmware settings.

Locate the Secure Boot option and set it to Disabled.

Save the changes and reboot the device.

2. Disable Virtualization Technologies (if issue persists)

Re-enter BIOS/Firmware settings.

Disable all virtualization options, including:

Intel VT-d (VTD)

Intel VT-x (VTX)

Note: This action may prompt for the BitLocker recovery key, so please ensure the key is available.

3. Check Microsoft Defender System Guard Firmware Protection Status
You can verify this in one of two ways:

Registry Method

Open Registry Editor (regedit).

Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard

Check the Enabled DWORD value:

1 → Firmware protection is enabled

0 or missing → Firmware protection is disabled or not configured

GUI Method (if available)

Open Windows Security > Device Security, and look under Core Isolation or Firmware Protection.

4. Disable Firmware Protection via Group Policy (if restricted by policy)
If firmware protection settings are hidden due to Group Policy, follow these steps:

Using Group Policy Editor

Open gpedit.msc.

Navigate to: Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security

Under Secure Launch Configuration, set the option to Disabled.

Or via Registry Editor

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard]

“Enabled”=dword:00000000

Important: A system restart is required for this change to take effect.

* This is a joke.

Reply | Quote

Microfix wrote:

Windows 10 KB5058379 seems to be causing some PCs to boot into Windows Recovery that requires the BitLocker key… There’s a fix/ workaround within the article should your device be affected.

According to the Neowin article Microsoft blames Intel as KB5058379 takes Windows PCs on a BitLocker recovery reboot ride posted today (17-May-2025) an out-of-band hotfix is expected soon.

“…From its preliminary investigation, Microsoft learned that a conflict with Intel TXT (Trusted Execution Technology) is the root of the issue, though, at that time, a detailed explanation was not provided. However, it led to a simple workaround for the BitLocker recovery and reboot issue by going into the BIOS of affected Intel-based PCs and disabling the TXT feature there….

… The company says it is working on a fix for this bug on an urgent basis, and thus, an out-of-band update, similar to the one for Windows 11 24H2, will be released soon. You can find the issue entry here on Microsoft’s official Windows Health Dashboard website.”

NOTE: I believe the new out-of-band cumulative update for Windows 11 mentioned in that article (KB5061258 / Build 26100.3983; rel. 16-May-2025) only applies to Windows 11 v24H2 LTSC for Enterprise clients .
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5854 * Firefox v138.0.3 * Microsoft Defender v4.18.25030.2-1.1.25040.1 * Malwarebytes Premium v5.3.0.186-132.0.5253 * Macrium Reflect Free v8.0.7783

3 users thanked author for this post.

windbg, Alex5723, PKCano

Reply | Quote

This is impacting the hotpatching channel not the main one – so if you installed

the no reboot patches this will impact you

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

lmacri wrote:

Microsoft blames Intel

Has Intel changed anything in Intel Trusted Execution Technology (txt) in the last months…?
Not to my knowledge as the bug affecting Intel’s 10th Gen CPU and up . So maybe it is Microsoft to blame, not Intel.

Reply | Quote

These are the new hotpatch style of updates

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Alex5723

Reply | Quote

Susan Bradley wrote:

These are the new hotpatch style of updates

Intel has hotpatch updates to its CPUs / Firmware without users notice ?

Reply | Quote

There’s two different updates that I’ve seen discussed but they are two different issues:

One – Windows 10  – if bitlocker is enabled it’s triggering needing the recovery key only occurring with machines with bitlocker enabled.  If you don’t have bitlocker enabled, you won’t be impacted.

Then there’s an out of band patch released for machines that are enrolled in the hotpatch/no reboot channel May 16, 2025—Hotpatch KB5061258 (OS Build 26100.3983) Out-of-band – Microsoft Support

 

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Alex5723

Reply | Quote

Hi Susan:

Windows Update successfully installed all updates offered for the May 2025 Patch Tuesday on my Win 10 Pro v22H2 laptop, and I haven’t noticed any problems so far. This includes:

• KB5058379: 2025-05 Cumulative Update for Win 10 Version 22H2 for x64 (OS Build 19045.5854)
• KB5059200: 2025-05 .NET 8.0.16 Security Update for x64 Client
• KB890830 : Windows Malicious Software Removal Tool x64 – v5.133

As expected, my May 2025 Patch Tuesday updates:

• Did NOT offer a cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64.
• Did NOT request a BitLocker recovery key after installation of KB5058379 (what I expected since my BitLocker is OFF at Control Panel | System and Security | BitLocker Drive Encryption on my Win 10 Pro machine; see the 17-May-2025 Neowin article Microsoft blames Intel as KB5058379 takes Windows PCs on a BitLocker recovery reboot for more information).
• Did NOT fix my DeviceSetupManager Event ID 131 errors logged multiple times a day in the Event Viewer at Applications and Services Logs | Microsoft | Windows | DeviceSetupManager | Admin (see Susan Bradly’s 06-Sep-2024 topic New Windows 11, lots of Events 131).
• DID fix my System Guard Runtime Monitor Broker service (SgrmBroker.exe) Event ID 7023 errors previously logged in the Event Viewer at Windows Logs | System at each Windows 10 startup (see Lawrence Abrams’s 13-May-2025 BleepingComputer article Windows 10 KB5058379 update fixes SgrmBroker errors in Event Viewer).

———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5854 * Firefox v138.0.3 * Microsoft Defender v4.18.25030.2-1.1.25030.1 * Malwarebytes Premium v5.3.0.186-132.0.5253 * Macrium Reflect Free v8.0.7783

2 users thanked author for this post.

WCHS, Deo

Reply | Quote

Installed the May updates on two Windows 10 Pro 22H2 computers with no problems.

Note: just like last month’s KB5055518 update, this month’s KB5058379 did not create an empty inetpub folder on my PC’s! (see my post #2762930 in the April 2025 updates out thread)

The fact it’s not being created on either of my PC’s (even though Microsoft insists it must exist and indicates, if it doesn’t, their update will create it) makes me wonder exactly why are my PC’s, which are not failing to install the updates, are not getting it?!?!

Reply | Quote

Susan Bradley wrote:

Folks, unless you are a business you cannot buy this version.  I practice legal computing here.

There’s a comment below the Register article where someone suggests buying Windows Server 2022:

A weird mixture of Win11 underpinnings with Win10 UI. No new gen Processor required. TPM 2.0 is optional, not mandatory. Will be supported until ~Early 2033.

Completely legal to buy for one person. No Volume licensing, normal people like us can buy a license directly from Microsoft OR from CD-Key providers (not forced to go to CD-Key providers like with LTSCs), no weird download links, Download directly from MS.

 
Can anybody here attest to the accuracy of the above comment?

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2022

looks like 2026 for mainstream support and 2031 for extended support

Edit to add: Other information is here:

https://learn.microsoft.com/en-us/windows-server/get-started/hardware-requirements?tabs=cpu&pivots=windows-server-2022

1 user thanked author for this post.

Cybertooth

Reply | Quote