Odd situation today. User apparently received a popup and somehow upgraded their Server 2022 compute box to Server 2025. The system did upgrade, but of course it’s now stuck in a Not Activated state since we haven’t purchased any Server 2025 OS, core, or RDP licenses.
Checking my own 2022 servers, yes Microsoft is apparently allowing you to push an upgrade to 2025 right from the Windows Update menu:
If you have system restore on you should be able to just do that. Beyond that you’ll need to wipe the system and pop windows 2022 back on it. You should be able to disable the upgrade option via SCCM or Intune depending on how your infrastructure is setup. You may have to reach out to MS support to get that setup on Intune though.
Group Policies should also allow you to disable various update and upgrade options, but I can not give you the one that does it since Windows Server is not my strong suit.
Apparently some RMM tools thought 2025 was a security update and pushed it though. It didn’t happen to me but apparently some companies had to do a little scramble.
Our RMM identified KB5044284 as a Security Update for Windows 10 and 11 prior for versions prior to 24H2. It was correctly identified as an Upgrade for devices already running Windows 11 24H2. The Microsoft Update catalog still lists this as a security update for Windows 11 and Microsoft Server Operating System-24H2.
As to blocking the feature updates, if you do that through group policy it’s pretty simple. Any value defined and enabled for 'Select the target Feature Update version" should prevent a new feature update from being installed.
Any way you look at it though, I can’t think of a better argument against allowing Microsoft to manage your patching.
