You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-local/security-update/security-update.md
+98-5Lines changed: 98 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Security updates for Azure Local, version 23H2
3
-
description: Security updates for Azure Local, version 23H2.
2
+
title: Security updates for Azure Local
3
+
description: Security updates for Azure Local.
4
4
author: alkohli
5
5
ms.topic: conceptual
6
6
ms.date: 07/14/2025
@@ -12,6 +12,100 @@ ms.reviewer: alkohli
12
12
13
13
This article lists the various security updates that are available for Azure Local.
14
14
15
+
::: moniker range="=azloc-2507"
16
+
17
+
## July OS security updates (KB5062570 and KB5062553) for Azure Local
18
+
19
+
For the 2507 release of Azure Local, Microsoft released two security updates, each corresponding to a specific OS build. The following table provides the details of these security updates, including their associated OS builds and release dates.
20
+
21
+
| Security update | OS build | Release date |
22
+
|--|--|--|
23
+
| KB5058384 | 25398.1732 | July 8, 2025 |
24
+
| KB5058411 | 26100.4652 | July 8, 2025 |
25
+
26
+
# [OS build 25398.xxxx](#tab/os-build-25398-xxxx)
27
+
28
+
This section provides the 2507 security updates associated with OS build **25398.1732**.
29
+
30
+
## Improvements
31
+
32
+
This security update includes quality improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change.
33
+
34
+
-**[DNS Server]** Fixed: This update addresses an issue where a full zone transfer can't be completed from a Windows DNS server to another DNS server when Extension Mechanisms for DNS is enabled.
35
+
36
+
-**[Language and character support]** Fixed: An issue that affected some Chinese characters and experienced compliance issues with GB18030. These characters didn't display correctly or weren't accepted when using extended Unicode. A modern ICU-based solution now properly supports GB18030-2022 requirements.
37
+
38
+
-**[Performance]** Fixed: This update addresses an issue that prevented the complete removal of unused language packs and Feature on Demand packages, which previously led to unnecessary storage use and longer Windows Update installation times.
39
+
40
+
-**[Security]** Fixed: This update upgrades the curl tool in Windows to version 8.13.0 to help protect against potential security risks, including unauthorized access to data or service disruptions.
41
+
42
+
-**[Microsoft RPC Netlogon protocol]** Fixed: This update includes a security hardening change to the Microsoft RPC Netlogon protocol. This change improves security by tightening access checks for a set of remote procedure call (RPC) requests. After this update is installed, Active Directory domain controllers will no longer allow anonymous clients to invoke some RPC requests through the Netlogon RPC server. These requests are typically related to domain controller location. Certain file and print service software can be affected, including Samba. If your organization uses Samba, please refer to the [Samba release notes](https://www.samba.org/samba/history/samba-4.22.3.html).
43
+
44
+
For more information about security vulnerabilities, see the [Security Update Guide](https://portal.msrc.microsoft.com/security-guidance) and the [July 2025 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2025-July).
45
+
46
+
## Known issues
47
+
48
+
Microsoft is not currently aware of any issues with this update.
49
+
50
+
## To install
51
+
52
+
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](/windows/deployment/update/servicing-stack-updates) and [Servicing Stack Updates (SSU): Frequently Asked Questions](https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe).
53
+
54
+
To install the LCU on your Azure Local instance, see [Update Azure Stack Local instances](../update/about-updates-23h2.md).
55
+
56
+
## File list
57
+
58
+
For a list of the files that are provided in this update, download the file information for [Cumulative update KB5062570.](https://go.microsoft.com/fwlink/?linkid=2326815).
59
+
60
+
61
+
# [OS build 26100.xxxx](#tab/os-build-26100-xxxx)
62
+
63
+
This section provides the 2507 security updates associated with OS build **26100.4652**.
64
+
65
+
## Improvements
66
+
67
+
This security update includes quality improvements. Here is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change.
68
+
69
+
-**[Graphics]** Fixed: This issue occurs only if the June 2025 non-security update (KB5060829) is installed. The cursor might shift out of place after pressing **ALT+Tab** to switch away from certain games running in full screen exclusive mode, when the game resolution doesn't match the desktop resolution.
70
+
71
+
-**[Multimedia]** Fixed: This update addresses an issue where notification sounds didn't play. Affected sounds included those for on-screen alerts, volume adjustments, and sign-in.
72
+
73
+
-**[Windows Firewall]** Fixed: This update addresses an issue found in Event Viewer as Event 2042 for Windows Firewall with Advanced Security. The event appears as "Config Read Failed" with the message "More data is available." For more information about this issue, see "Error events are logged for Windows Firewall" in the Windows Health Dashboard.
74
+
75
+
For more information about security vulnerabilities, see the [Security Update Guide](https://portal.msrc.microsoft.com/security-guidance) and the [July 2025 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2025-July).
76
+
77
+
## Known issues
78
+
79
+
The following are known issues with this update:
80
+
81
+
### Azure Local VM with Trusted Launch disabled
82
+
83
+
**Symptom**
84
+
85
+
A small subset of Generation 2 Azure Virtual Machines (VMs) with Trusted Launch disabled and Virtualization-Based Security (VBS) enforced via registry key might be unable to boot after installing this update.
86
+
87
+
To check if your virtual machine might be impacted:
88
+
89
+
1. Check if your VM is created as "Standard".
90
+
91
+
1. Check if VBS is enabled. Open **System Information** (msinfo32.exe) and confirm that Virtualization-based security is running and that the Hyper-V role is not installed on the VM.
92
+
93
+
**Workaround**
94
+
95
+
The workaround is addressed in [KB5064489](https://support.microsoft.com/topic/july-13-2025-kb5064489-os-build-26100-4656-out-of-band-14a82ab2-100f-4dd4-8141-f490ec90c8f4).
96
+
97
+
## To install
98
+
99
+
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](/windows/deployment/update/servicing-stack-updates) and [Servicing Stack Updates (SSU): Frequently Asked Questions](https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe).
100
+
101
+
To install the LCU on your Azure Local instance, see [Update Azure Stack Local instances](../update/about-updates-23h2.md).
102
+
103
+
## File list
104
+
105
+
For a list of the files that are provided in this update, download the file information for [Cumulative update KB5062553.](https://go.microsoft.com/fwlink/?linkid=2326816).
106
+
107
+
::: moniker-end
108
+
15
109
::: moniker range="=azloc-2506"
16
110
17
111
## June OS security updates (KB5060118 and KB5060842) for Azure Local
@@ -262,8 +356,8 @@ This issue likely affects a limited number of organizations as version 2411 of t
262
356
263
357
**Workaround**
264
358
265
-
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update.
266
-
Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
359
+
The issue has been resolved in Citrix Session Recording Agent version 2503, released on April 28, 2025, and newer versions.
360
+
267
361
268
362
## To install
269
363
@@ -322,7 +416,6 @@ This issue likely affects a limited number of organizations as version 2411 of t
322
416
323
417
The issue has been resolved in Citrix Session Recording Agent version 2503, released on April 28, 2025, and newer versions.
324
418
325
-
326
419
## To install
327
420
328
421
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](/windows/deployment/update/servicing-stack-updates) and [Servicing Stack Updates (SSU): Frequently Asked Questions](https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments