Microsoft has confirmed the release of a revised security update for Windows 11 24H2, specifically targeting systems that encountered compatibility issues with the initial June 2025 Patch Tuesday release. The update, identified as KB5060842 or KB5060999, addresses vulnerabilities and conflicts affecting a limited set of devices, though Microsoft has not disclosed specific hardware or software incompatibilities1. This marks a rare instance of a revised Patch Tuesday update, highlighting the challenges of maintaining compatibility across diverse enterprise environments.
Technical Details of the Revised Update
The revised update resolves 66 vulnerabilities, including an actively exploited WebDAV zero-day (CVE-2025-33053) and an SMB privilege escalation flaw. Additional fixes address Windows Hello sign-in failures, Remote Desktop graphics errors, and Hyper-V VM freezes1. Microsoft’s Release Health dashboard notes ongoing issues, such as Safe Exam Browser incompatibility and system crashes caused by the sprotect.sys driver, which has prompted a safeguard hold on affected devices2.
For administrators, the update is distributed via Windows Update, but devices under compatibility holds will not receive it until Microsoft resolves the underlying conflicts. Enterprises can track these holds using Windows Update for Business policies2.
Workarounds for Unsupported Hardware
While Microsoft officially discourages installing Windows 11 24H2 on unsupported hardware, community-driven methods exist. These include patching the ISO for in-place upgrades, using the Installation Assistant, or modifying registry keys to bypass TPM and CPU checks3, 4. However, such workarounds may block future feature updates and are not recommended for production environments.
Common upgrade errors, such as “This PC Can’t Be Upgraded” or failure code 0x80240069, often stem from corrupted update caches or unmet system requirements. Running the Windows Update Troubleshooter or resetting update components can mitigate these issues5.
Relevance to Security Professionals
The revised update underscores the importance of patch management in mitigating vulnerabilities like CVE-2025-33053, which could be leveraged in targeted attacks. Red teams should note the SMB privilege escalation flaw, while blue teams should prioritize deploying the update to systems not under compatibility holds.
For incident responders, monitoring for exploitation attempts involving the patched vulnerabilities is critical. Microsoft’s safeguard holds also highlight the need for testing updates in staging environments before broad deployment.
Conclusion
Microsoft’s release of a revised Windows 11 24H2 update reflects the complexities of maintaining security across heterogeneous hardware. Organizations should assess compatibility holds and prioritize deploying the update to supported systems. Unsupported hardware workarounds remain a stopgap solution with inherent risks.
References
- “Microsoft creates separate Windows 11 24H2 update for incompatible PCs,” BleepingComputer, Jun. 11, 2025.
- “Windows 11 24H2 known issues and workarounds,” Microsoft Release Health, May 2025.
- “How to update Windows 11 22H2 to 24H2 on unsupported PC,” Microsoft TechCommunity, 2025.
- “How to upgrade to Windows 11 whether your PC is supported or not,” Ars Technica, Oct. 2024.
- “Microsoft Windows 11 24H2 updates fail with 0x80240069 errors,” BleepingComputer, 2025.
