The August Windows security update has unexpectedly turned into a major headache for administrators. At the heart of the issue lies CVE-2025-50173, a vulnerability linked to the Windows Installer authentication process. The flaw allowed an authenticated local user to escalate privileges. To patch the hole, Microsoft modified the service’s logic, requiring the system to prompt for administrator credentials whenever MSI repair operations or related actions are executed.
From a purely technical standpoint, the problem is solved: the exploitation path is closed. Yet the side effects have proven far more troublesome. Even ordinary users now face unexpected UAC prompts when launching applications or during internal reconfiguration. The situation is worse with programs that automatically trigger MSI repair without displaying a user interface—these installations are simply aborted. Microsoft itself cited Office Professional Plus 2010 as an example: a standard user attempting installation or launch encounters error 1730 and cannot complete configuration.
These disruptions extend beyond office suites. Administrative credential prompts may appear during repair commands, when running Autodesk software, or when installing programs that support per-user customization. In effect, all supported editions of Windows are affected—from Windows 10 and Windows 11 to server releases including Windows Server 2012 and 2012 R2, now in the extended ESU phase.
For enterprises, this has created a genuine operational crisis. Microsoft’s interim guidance is to run applications explicitly as administrator. For system administrators, however, this borders on a nightmare scenario—granting elevated rights to ordinary employees undermines the very foundation of security models. As an alternative, Microsoft points to Known Issue Rollback (KIR), which allows changes to be reverted via Group Policy. Yet this mechanism is not universally available: it can only be enabled on Windows Server 2025 and 2022, Windows 11 versions 22H2 through 24H2, and Windows 10 builds 21H2 and 22H2.
In short, while the vulnerability has been addressed, the fix comes at the cost of severe usability issues for both users and IT departments. Should administrators disable the safeguards to maintain stability, it would effectively undo the hardening measures. Microsoft urges against such action, noting that an improved solution is in the works: in upcoming updates, system administrators will gain the ability to manually designate specific applications permitted to execute MSI repair operations without mandatory UAC prompts.
