Windows Update Alert: NTLM Vulnerability (CVE-2025-24054) & Critical WinRE Fixes Impacting Windows 11

Staying ahead in the world of Windows management requires constant vigilance, especially when it comes to security and stability updates. This week (April 23-29, 2025) brings important news from Microsoft, including a notable NTLM vulnerability relevant for those managing Windows devices.

Let’s break down the key takeaways from our latest reports:

  1. Security Report – April 29, 2025
  2. KB Update Report – April 29, 2025

Security Spotlight: CVE-2025-24054 – NTLM Hash Disclosure Vulnerability

While described as a relatively quiet week on the major exploit front, a significant vulnerability requires attention:

  • CVE-2025-24054: This is an NTLM Hash Disclosure Spoofing Vulnerability affecting Windows.
  • The Risk: It carries a network attack vector, is rated low complexity to exploit, and critically, has a high confidentiality impact. A successful exploit could lead to the disclosure of NTLM hashes, which attackers can attempt to crack offline to gain credentials.
  • Why It Matters: This has been a long standing issue with Windows that wasn’t addressed until several researchers reported the same findings.
  • Remediation: Apply the relevant Microsoft KB security patches for your affected Windows systems immediately. Admins using #Intune should prioritize the deployment of these security updates.
  • More Details: For specifics on affected builds and patches, see the full PortalFuse Security Report or Microsoft’s Security Update Guide for CVE-2025-24054.

Key KB Updates: Critical Fixes and #Windows11 24H2 Enhancements

Beyond the specific security patch for CVE-2025-24054, several other KB updates released this week address critical issues and introduce features, heavily focusing on the upcoming Windows 11 24H2 and Windows Server 2025:

  1. CRITICAL: WinRE Startup Failure Fixed (KB5057781)
  • Problem: A significant issue arose where the Windows Recovery Environment (WinRE) failed to start after installing the April 2025 security update (KB5055523). This primarily impacted modern devices, especially ARM64 Copilot+ PCs with Secure Launch enabled.
  • Impact: This failure blocked essential recovery tools like Push-Button Reset (PBR) and In-Place Upgrades – critical for system maintenance and recovery scenarios often managed or initiated via #Intune.
  • Resolution: KB5057781 specifically addresses this WinRE failure for #Windows11 24H2 and Windows Server 2025, restoring vital recovery capabilities. It also includes general WinRE stability improvements.
  1. Preview Update Bug Fixes (KB5055627 for Win 11 24H2)

This optional preview update addresses several bugs reported after the April security update, including:

  • Blue Screen errors (0x18B).
  • Intermittent connectivity loss after sleep (DHCP related).
  • System halts with redirected user profiles on VHD(X) files.
  • Windows Hello (Facial/PIN) login failures after certain resets.
  • Incorrect boot file updates during Sysprep scenarios.
  1. New Features & Enhancements (Primarily #Windows11 24H2 & #Copilot+ PCs)

The preview update (KB5055627) and related KBs also roll out new features and optimizations, largely targeted at the next generation of AI-powered PCs:

  • Recall (Preview): A major new AI feature for Copilot+ PCs, allowing users to search through a visual timeline of their past activity.
  • Click to Do (Preview): Quick actions on screen content.
  • Improved Windows Search: Semantic indexing for natural language queries (Copilot+ PCs).
  • AI Component Optimizations: Specific KBs (KB5058685KB5058688) enhance AI performance for image processing and language models on Qualcomm, Intel, and AMD hardware.
  • Setup & OOBE Improvements: Updates (KB5055643, KB5059093) aim to make the OS installation and initial setup experience smoother and more robust.
  1. Known Issues:

Be aware of ongoing known issues, such as difficulties running Roblox on Arm devices and potential conflicts with Citrix components during update installation.

Why This Matters for #Intune Admins & Windows Management

  • Prioritize Patching: CVE-2025-24054 reinforces the need for diligent security patching. Use #Intune policies to deploy the necessary security updates swiftly.
  • Address WinRE Urgently: If managing upcoming #Windows11 24H2 devices, especially Copilot+ PCs, deploying KB5057781 is critical to ensure recovery environments are functional. Target affected device groups specifically if needed.
  • Test Preview Updates: While KB5055627 contains useful fixes, as a preview update, test it thoroughly within pilot groups before broad deployment. Monitor for the known issues (like Citrix conflicts).
  • Prepare for 24H2: These updates signal the stabilization and feature rollout for #Windows11 24H2. Understand the new AI capabilities and hardware dependencies (#Copilot+ PCs) for future procurement and deployment strategies.

Conclusion

This week highlights the dual focus of Windows updates: addressing immediate security risks like the NTLM vulnerability (CVE-2025-24054) and stabilizing and enhancing the platform for future releases like Windows 11 24H2. For IT professionals managing environments with #Intune, staying informed, prioritizing security patches, addressing critical functional fixes like the WinRE issue, and carefully testing preview updates are essential steps.

For the full technical details and specific KB numbers, please refer to the complete articles: