Microsoft has recently confirmed a significant issue affecting application installations and repairs across various versions of Windows 10, Windows 11, and Windows Server. This problem arises from a security enhancement introduced in the August 2025 updates, which inadvertently triggers User Account Control (UAC) prompts for standard, non-administrator users during routine application operations.
Background of the Issue
The complication emerged following the release of security update KB5063878 on August 12, 2025. This update aimed to address a high-severity elevation of privilege vulnerability in the Windows Installer, identified as CVE-2025-50173. While the update effectively mitigated the security flaw, it unintentionally enforced administrator-level permissions for Windows Installer (MSI) repair and related functions that previously operated seamlessly for standard users. Consequently, users without administrative rights now encounter unexpected UAC prompts.
In environments where users cannot provide administrator credentials—a common scenario in corporate and educational settings—these operations fail, often resulting in an Error 1730, indicating insufficient access rights.
Affected Scenarios
The bug impacts several common scenarios, including:
– Executing MSI repair commands such as `msiexec /fu`.
– Launching applications that perform self-repair or initial user configuration, notably Autodesk products like AutoCAD, Civil 3D, and Inventor CAM.
– Installing applications that configure themselves on a per-user basis.
– Deploying software packages through Microsoft Configuration Manager (ConfigMgr).
This issue is particularly disruptive for organizations relying on multi-user devices, such as university computer labs and shared enterprise workstations. IT administrators have reported that applications utilizing a secondary MSI installer for per-user setup are frequently affected. One university IT administrator noted, We have several applications behaving this way, not just those from Autodesk. All software running a secondary MSI installer exhibits this behavior.
Mitigation Strategies
Microsoft has officially documented the issue and provided temporary solutions while developing a permanent fix.
For individual users who can, the immediate workaround is to right-click the application and select Run as administrator.
For managed IT environments, Microsoft has made a Known Issue Rollback (KIR) available. This allows administrators to revert the specific change causing the UAC prompts by deploying a special Group Policy. However, obtaining this KIR requires contacting Microsoft Support for business directly. Microsoft strongly advises against other workarounds, such as disabling related security features.
The company has stated it is working on a long-term solution that will be released in a future Windows update. This fix will aim to allow administrators to specify which applications are permitted to perform MSI repair operations without triggering a UAC prompt.
Impacted Platforms
The bug affects a wide range of platforms, including multiple versions of Windows 10 and 11, as well as Windows Server editions from 2012 to 2025.
Client Operating Systems:
– Windows 11, versions 24H2, 23H2, 22H2
– Windows 10, versions 22H2, 21H2, 1809
– Windows 10 Enterprise LTSC 2019, LTSC 2016
– Windows 10, version 1607
– Windows 10 Enterprise 2015 LTSB
Server Operating Systems:
– Windows Server 2025
– Windows Server 2022
– Windows Server, version 1809
– Windows Server 2019
– Windows Server 2016
– Windows Server 2012 R2
– Windows Server 2012
Understanding User Account Control (UAC)
User Account Control (UAC) is a security feature in Windows operating systems designed to prevent unauthorized changes to the system. It achieves this by prompting users for permission or administrative credentials before allowing actions that could potentially affect the system’s operation or security. While UAC enhances security by limiting application privileges, unintended prompts can disrupt user workflows, as seen in the current issue.
Broader Implications and Related Issues
This incident underscores the delicate balance between implementing security enhancements and maintaining user experience. Similar challenges have arisen in the past:
– Windows User Account Control Bypassed Using Character Editor to Escalate Privileges: A sophisticated technique exploited the Windows Private Character Editor to bypass UAC and achieve privilege escalation without user intervention, raising significant concerns for system administrators worldwide.
– Hackers Use .PIF Files and UAC Bypass to Drop Remcos Malware on Windows: A phishing campaign leveraged obsolete Windows file formats and advanced evasion techniques to distribute the Remcos Remote Access Trojan, employing UAC bypass methods to establish persistent access to compromised systems.
– Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access: A critical vulnerability in Windows 11 allowed attackers to escalate from a low-privileged user to full system administrator rights in just 300 milliseconds, exploiting a weakness in the Mobile devices feature through a sophisticated DLL hijacking technique.
Conclusion
The recent UAC bug highlights the complexities involved in enhancing system security without inadvertently disrupting user operations. Microsoft’s prompt acknowledgment and provision of temporary solutions demonstrate a commitment to addressing such issues. Users and administrators are encouraged to implement the recommended workarounds and stay informed about future updates to ensure a secure and efficient computing environment.
