ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "π¨ CRITICAL UPDATE ALERT! PortalFuse Weekly KB Report: May 2025 Out-of-Band Fix for Windows 10 π¨"
Episode Synopsis
This week on the PortalFuse Weekly KB Report, we're delivering a crucial deep dive into a significant out-of-band update released on May 19th, 2025. This patch is absolutely vital for Microsoft Intune administrators and IT pros managing Windows 10 environments. We're breaking down everything you need to know about this urgent release that addresses a critical security vulnerability and, importantly, requires manual deployment.
Β
π Read our full supporting blog article here: https://portalfuse.io/blog/portalfuse-weekly-kb-update-report-may-20-2025
π Access the full PortalFuse KB Report (2250520) discussed: PortalFuse Weekly KB Update Report - 2025-05-20 23:59:59.644000+00:00
Β
Tune in as we dissect this multi-OS update targeting various Windows 10 editions, including Enterprise LTSC 2021, IoT Enterprise LTSC 2021, and Windows 10 22H2. We explore a severe security flaw linked to Intel Trusted Execution Technology (TXT) on specific 10th gen or later Intel vPro processors. This vulnerability could unexpectedly terminate the Local Security Authority Subsystem Service (LSASS), leading to major authentication failures and system instability.
Β
We also cover the bundled latest servicing stack update (SSU) aimed at boosting the reliability of the entire Windows update pipeline β essential as Windows 10 nears its end-of-life. Plus, get the details on a known issue affecting Noto fonts (CJK text display) in Chromium browsers like Edge and Chrome at 96 DPI, and the all-important deployment guidance: this update is exclusively available via the Microsoft Update Catalog.
Β
If you're involved in patch management or Windows administration, this episode is a must-watch for critical intel to keep your endpoints secure and stable!
Timeline:
00:00 π Intro: Diving into the May 19th Out-of-Band Update
00:23 π― Focus Point: A Key Multi-OS Update for Intune Admins
00:41 β Why Out-of-Band Updates Demand Immediate Attention
00:46 π» Targeted Systems: Windows Versions & Update Goals (Security & Quality)
01:08 π οΈ Under the Hood: Latest Servicing Stack Update Inclusion
01:16 π Importance of the Servicing Stack Update for Update Stability
01:47 π¬ Deep Dive: Critical Vulnerability with Intel Trusted Execution Technology
01:58 βοΈ Hardware Specifics: 10th Gen+ Intel vPro CPUs with TXT Affected
02:10 π System Impact: Local Security Authority Subsystem Service Termination & Auth Failures
02:28 β‘οΈ The Trigger: How a Previous Security Update Caused This Issue
03:07 β¨ Reliability Boost: Benefits of the Bundled Servicing Component
03:42 π€ Clarification: "Medium Impact" Fix vs. "Critical" Underlying Risk
04:26 β οΈ Known Issue: Noto Fonts & Blurry CJK Text in Chromium Browsers (96 DPI)
04:57 π§ Workaround: Adjusting Display Scaling for Clearer Text
05:17 π’ Deployment Alert: Manual Download via Microsoft Update Catalog ONLY
06:02 β CVE Status: Why No New CVEs for This Specific Fix?
06:46 π Summary: Out-of-Band Update Fixes LSASS, Bundles SSU
07:07 β Recap: Font Glitch Workaround & Manual Deployment Reminder
07:23 π‘ Final Thoughts: Navigating Complex Hardware-Specific Patch Management
Β
π Read our full supporting blog article here: https://portalfuse.io/blog/portalfuse-weekly-kb-update-report-may-20-2025
π Access the full PortalFuse KB Report (2250520) discussed: PortalFuse Weekly KB Update Report - 2025-05-20 23:59:59.644000+00:00
Β
Tune in as we dissect this multi-OS update targeting various Windows 10 editions, including Enterprise LTSC 2021, IoT Enterprise LTSC 2021, and Windows 10 22H2. We explore a severe security flaw linked to Intel Trusted Execution Technology (TXT) on specific 10th gen or later Intel vPro processors. This vulnerability could unexpectedly terminate the Local Security Authority Subsystem Service (LSASS), leading to major authentication failures and system instability.
Β
We also cover the bundled latest servicing stack update (SSU) aimed at boosting the reliability of the entire Windows update pipeline β essential as Windows 10 nears its end-of-life. Plus, get the details on a known issue affecting Noto fonts (CJK text display) in Chromium browsers like Edge and Chrome at 96 DPI, and the all-important deployment guidance: this update is exclusively available via the Microsoft Update Catalog.
Β
If you're involved in patch management or Windows administration, this episode is a must-watch for critical intel to keep your endpoints secure and stable!
Timeline:
00:00 π Intro: Diving into the May 19th Out-of-Band Update
00:23 π― Focus Point: A Key Multi-OS Update for Intune Admins
00:41 β Why Out-of-Band Updates Demand Immediate Attention
00:46 π» Targeted Systems: Windows Versions & Update Goals (Security & Quality)
01:08 π οΈ Under the Hood: Latest Servicing Stack Update Inclusion
01:16 π Importance of the Servicing Stack Update for Update Stability
01:47 π¬ Deep Dive: Critical Vulnerability with Intel Trusted Execution Technology
01:58 βοΈ Hardware Specifics: 10th Gen+ Intel vPro CPUs with TXT Affected
02:10 π System Impact: Local Security Authority Subsystem Service Termination & Auth Failures
02:28 β‘οΈ The Trigger: How a Previous Security Update Caused This Issue
03:07 β¨ Reliability Boost: Benefits of the Bundled Servicing Component
03:42 π€ Clarification: "Medium Impact" Fix vs. "Critical" Underlying Risk
04:26 β οΈ Known Issue: Noto Fonts & Blurry CJK Text in Chromium Browsers (96 DPI)
04:57 π§ Workaround: Adjusting Display Scaling for Clearer Text
05:17 π’ Deployment Alert: Manual Download via Microsoft Update Catalog ONLY
06:02 β CVE Status: Why No New CVEs for This Specific Fix?
06:46 π Summary: Out-of-Band Update Fixes LSASS, Bundles SSU
07:07 β Recap: Font Glitch Workaround & Manual Deployment Reminder
07:23 π‘ Final Thoughts: Navigating Complex Hardware-Specific Patch Management
In God we trust