Microsoft has released the September 2025 Windows security update to fix problems introduced by the August 2025 patches.
The earlier updates inadvertently caused unexpected User Account Control (UAC) prompts and disrupted application installations for non-administrative users across multiple Windows versions.
CVE-2025-50173 vulnerability and security patch
The issue originated from a patch addressing CVE-2025-50173, a Windows Installer privilege escalation vulnerability. If exploited, attackers could gain SYSTEM privileges, compromising affected systems.
To mitigate this risk, Microsoft introduced new UAC prompts, requiring administrative credentials in more scenarios to prevent unauthorized privilege escalation.
Unintended UAC prompt behavior
The updated UAC system produced unexpected prompts in routine cases, including:
- Installing applications using Windows Installer (MSI)
- Enabling Secure Desktop
- Running MSI repair commands
This disrupted workflows for non-admin users, who encountered frequent and unnecessary requests for admin credentials.
Affected Windows versions
Microsoft confirmed that the bug impacted a broad list of platforms, including:
- Client systems: Windows 11 (24H2, 23H2, 22H2), Windows 10 (22H2, 21H2, 1809, LTSC 2019, LTSC 2016, version 1607, Enterprise 2015 LTSB)
- Server systems: Windows Server 2025, 2022, version 1809, 2019, 2016, 2012 R2, 2012
September 2025 update adjustments
The September 2025 update refines UAC handling:
- UAC prompts during MSI repairs now appear only if the MSI file contains elevated custom actions.
- IT admins can disable UAC prompts for specific applications by creating an allowlist.
Registry allowlist configuration
Microsoft introduced new registry keys to give administrators control:
-
SecureRepairPolicy
-
SecureRepairWhitelist
These can be added under:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
The configuration allows trusted MSI files to bypass unnecessary UAC prompts, reducing disruptions in managed environments.
Fix for NDI streaming performance issues
Alongside the UAC changes, Microsoft also addressed a second bug from the August 2025 updates. The flaw caused lag and stuttering in NDI streaming software on Windows 10 and 11 systems.
The fix improves performance and stability for NDI applications widely used in broadcasting and live streaming setups.
