Windows asks for admin rights where it shouldn’t after patch • The Register
Microsoft’s August 2025 Windows Security Update is causing pain for administrators after a fix for a vulnerability led to some unintended consequences.
The fix was related to CVE-2025-50173, which addressed an authentication issue in Windows Installer that could allow an authorized attacker to elevate privileges locally. Microsoft’s solution was to enforce the User Account Control (UAC) prompt for administrator credentials when performing Windows Installer (MSI) repair and related operations.
Problem solved? Yes and no. Yes, in that the vulnerability was addressed. No, in that UAC prompts for administrator rights can pop up unexpectedly for standard users. Make that a “hell no” for apps that instantiate an MSI repair operation without displaying a UI. Microsoft cited the example of installing and running Office Professional Plus 2010 as a standard user, which will now fail with Error 1730 during the configuration process.
UAC prompts for administrator rights can appear in various scenarios following the update, such as when you are running MSI repair commands, launching Autodesk applications, or installing applications that configure themselves per user.
The problem applies to pretty much every supported edition of Windows, and even some that are well into their Extended Security Updates (ESU) dotage. Windows Server 2012 and Windows Server 2012 R2 are affected, for example.
According to Microsoft, the workaround is to run apps as admin when possible. For administrators who have just sprayed coffee over their keyboard at the thought of normal users doing such a thing, Microsoft also recommends configuring the Known Issue Rollback (KIR) group policy. However, this only applies to Windows Server 2025 and 2022, as well as Windows 11 22H2 – 24H2, and Windows 10 21H2 and 22H2.
Microsoft’s fix needs to be a little more granular. Although the vulnerability has been addressed, the inconvenience could outweigh the benefits, particularly if frustrated users end up disabling related features, which is something Microsoft does not recommend.
According to Microsoft, its next step will be “allowing IT admins to permit specific apps to perform MSI repair operations without UAC prompts. This improvement will be released in a future Windows update.” ®
