Key Takeaway
Microsoft has begun force-upgrading unmanaged Windows 11 24H2 Home and Pro devices to version 25H2 to address critical vulnerabilities including CVE-2023-28252. Unmanaged devices not enrolled in enterprise management tools will be automatically updated starting June 2024. Organizations should audit unmanaged endpoints and enforce patch management to maintain security compliance.
Microsoft has initiated a mandatory upgrade process for unmanaged devices running Windows 11 24H2 Home and Pro editions. Starting this week, these devices will be force-upgraded to Windows 11 25H2, the latest feature update. This policy applies specifically to unmanaged endpoints, which are devices not enrolled in centralized management solutions like Microsoft Endpoint Manager or Active Directory.
The upgrade aims to ensure devices benefit from the latest security fixes, performance improvements, and feature enhancements integrated into Windows 11 25H2. Notably, this update includes patches for known vulnerabilities such as CVE-2023-28252, a critical elevation of privilege flaw in the Windows Local Security Authority. Failing to update exposes endpoints to exploitation by threat actors who have leveraged this vulnerability in recent campaigns.
Organizations managing Windows 11 devices in enterprise environments must note that managed devices will not be subject to this forced upgrade, as administrators maintain control over update deployment through tools like Windows Update for Business and WSUS. However, unmanaged devices, often BYOD or home-use machines, will undergo automatic updates without user consent or deferral options.
The forced upgrade commenced on June 12, 2024, with Microsoft scheduling phased rollouts over the next 30 days to reduce disruption. Penalties for non-compliance are indirect but significant; devices running outdated Windows 11 versions will lack official support, miss critical security patches, and risk exposure to active exploits. Additionally, organizations relying on unmanaged devices may face increased incident response costs due to breaches originating from unpatched endpoints.
Security teams should immediately audit their environment to identify unmanaged Windows 11 24H2 Home and Pro devices. Implementing device management solutions or enrolling devices into Microsoft Endpoint Manager can provide control over update schedules and compliance reporting. Furthermore, verifying the deployment of Windows 11 25H2 using tools like Microsoft Endpoint Configuration Manager will help ensure all endpoints meet the new baseline.
Vendors such as CrowdStrike and SentinelOne have released updated detection rules targeting exploitation attempts against CVE-2023-28252, emphasizing the need for patch management alongside endpoint detection and response (EDR) capabilities. SOC analysts should monitor alerts related to Windows Local Security Authority anomalies and verify patch status across affected assets.
In summary, the forced upgrade to Windows 11 25H2 for unmanaged Home and Pro devices is a critical move by Microsoft to close security gaps. Organizations must act promptly to manage these endpoints, enforce patching policies, and leverage threat intelligence to mitigate risks tied to outdated Windows versions.
Original Source
BleepingComputer
Related Articles
Latin America’s Labor Market Dynamics: Implications for Cybersecurity Talent Acquisition
A recent study reveals Latin America's potential as a cybersecurity talent source due to its youthful, technically skilled workforce. Organizations must address regional infrastructure, language, and compliance challenges to effectively recruit and onboard talent from this region.
FCC Mandates Pre-Approval for All Foreign-Manufactured Routers Imported or Sold in the US
The FCC now requires pre-approval for all foreign-manufactured routers before they can be imported, marketed, or sold in the United States, with applicants required to disclose foreign investor relationships and submit a U.S. manufacturing relocation plan. The rule targets supply chain risks tied to documented exploitation campaigns by groups including Volt Typhoon and Salt Typhoon, which compromised SOHO and enterprise routers to gain persistent access to U.S. critical infrastructure. CISOs, procurement teams, and network engineers must audit hardware pipelines, monitor DoD and DHS exemption lists, and pressure vendors for compliance timelines now.
SEC Cybersecurity Disclosure Rule: What CISOs and Security Engineers Must Do Before the Deadlines Hit
The SEC's cybersecurity disclosure rule requires public companies to report material incidents on Form 8-K within four business days of a materiality determination, and to disclose risk management programs and board oversight annually in 10-K filings. Large accelerated filers have been subject to incident reporting requirements since December 18, 2023, with enforcement precedent already set through the SEC's fraud charges against SolarWinds and CISO Timothy Brown. Security teams must build materiality determination workflows, align IR playbooks to disclosure triggers, and ensure 10-K disclosures accurately reflect internal security posture.
RSAC 2026: AI-Driven Threats, Global Cyber Leadership Shifts, and the Policies Reshaping Defense Priorities
RSAC 2026 surfaced AI-assisted attack tooling, enforcement of EU NIS2 and the incoming EU AI Act, and structural shifts in U.S. and allied cyber leadership as the defining issues for security practitioners. SOC teams and CISOs face active NIS2 enforcement since October 2024, EU AI Act high-risk system deadlines in August 2026, and ongoing CISA KEV remediation obligations. Organizations must audit AI product compliance, validate vulnerability remediation workflows, and document NIS2 risk management measures now.