An out-of-band security update, KB5070881, intended to fix a critical Windows Server Update Service (WSUS) vulnerability (CVE-2025-59287) has inadvertently disabled hotpatching for some Windows Server 2025 devices. This vulnerability, which allows remote code execution, was actively being exploited when the patch was released. The Netherlands National Cyber Security Centre confirmed the exploit's severity, prompting the U.S. Cybersecurity and Infrastructure Security Agency to warn government agencies to secure their systems. Over 2,600 WSUS instances were found online with exposed default ports. After the problematic update, Microsoft stated that certain Hotpatch-enrolled systems lost their enrollment status, meaning they would not receive hotpatch updates anymore. Microsoft has since halted the rollout of KB5070881 to those systems and indicated that affected devices will only receive regular monthly security updates, which require a system restart. For those who downloaded the buggy update but haven’t deployed it, Microsoft released KB5070893, which fixes the vulnerability without disrupting hotpatching. This allows machines that install it to remain eligible for future hotpatch updates. In addition to addressing the CVE-2025-59287 flaw, Microsoft has made changes to its WSUS error reporting, disabling the display of synchronization error details. The company also acknowledged a separate bug that affected the Windows 11 Task Manager and resolved issues with the Media Creation Tool and specific update errors for Windows 11 24H2 systems.