Microsoft fixes bug preventing Azure Virtual Desktop security updates

Microsoft Teams on Windows 11
(Image credit: Microsoft)

Microsoft this week resolved a bug that prevented Azure Virtual Desktop (AVD) devices from downloading and installing monthly security updates via Windows Server Update Services (WSUS). This issue had been ongoing since July.

According to an advisory, Microsoft was investigating a problem where devices running Windows 10 Enterprise multi-session, version 1909 might not download updates after May 2021.

"This is observed in the Settings app under the Windows Update setting, which will display the message 'You're up to date' even if no updates later than May 2021 have been installed," the advisory said.

Both the client (Windows 10 Enterprise multi-session, version 1909) and server (Windows Server multi-session, version 1909) versions of the software were affected.

Microsoft said it addressed the issue in the KB5005565 cumulative update in September for systems running Windows 10, version 2004, and later. There was no explanation as to why it took so long to implement the fix.

The advisory laid out two workarounds to fix the issue and enable users to deploy monthly security updates on Azure Virtual Desktop systems using WSUS if they were unable to the KB5005565 update.

The first workaround asks users to deploy the latest images from the Azure Marketplace, which will be up to date with all security updates. “We recommend that you deploy the latest image to your existing devices which run Windows 10 Enterprise Multi-Session, version 1909 (Azure Virtual Desktops (AVD)),” the advisory stated.

The second workaround, where image redeployment is not an option, requires users to manually download and install missing security updates from the Microsoft Update Catalog.

“Microsoft publishes monthly security updates on the second Tuesday of each month. You can download these updates from the Microsoft Update Catalog as Microsoft Update (.msu) files and deploy them using your management solution,” said Microsoft.

When these files are downloaded, organizations can add them to their endpoint management system and deploy them to devices running Windows 10 Enterprise or Education, version 1909.

The news comes as Microsoft finally makes Windows 11 available on Azure Virtual Desktop. Microsoft said that while the new operating system is out now, Trusted Launch is at preview. This is used to enable TPM 2.0 and secure boot as part of the VM configuration to take full advantage of the security capabilities in Windows 11.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.