This week on the PortalFuse Weekly KB Report, we're delivering a crucial deep dive into a significant out-of-band update released on May 19th, 2025. This patch is absolutely vital for Microsoft Intune administrators and IT pros managing Windows 10 environments. We're breaking down everything you need to know about this urgent release that addresses a critical security vulnerability and, importantly, requires manual deployment.

🔗 Read our full supporting blog article here: https://portalfuse.io/blog/portalfuse-weekly-kb-update-report-may-20-2025

📑 Access the full PortalFuse KB Report (2250520) discussed: PortalFuse Weekly KB Update Report - 2025-05-20 23:59:59.644000+00:00

Tune in as we dissect this multi-OS update targeting various Windows 10 editions, including Enterprise LTSC 2021, IoT Enterprise LTSC 2021, and Windows 10 22H2. We explore a severe security flaw linked to Intel Trusted Execution Technology (TXT) on specific 10th gen or later Intel vPro processors. This vulnerability could unexpectedly terminate the Local Security Authority Subsystem Service (LSASS), leading to major authentication failures and system instability.

We also cover the bundled latest servicing stack update (SSU) aimed at boosting the reliability of the entire Windows update pipeline – essential as Windows 10 nears its end-of-life. Plus, get the details on a known issue affecting Noto fonts (CJK text display) in Chromium browsers like Edge and Chrome at 96 DPI, and the all-important deployment guidance: this update is exclusively available via the Microsoft Update Catalog.

If you're involved in patch management or Windows administration, this episode is a must-watch for critical intel to keep your endpoints secure and stable!

Timeline:

• 00:00 🚀 Intro: Diving into the May 19th Out-of-Band Update
• 00:23 🎯 Focus Point: A Key Multi-OS Update for Intune Admins
• 00:41 ❗ Why Out-of-Band Updates Demand Immediate Attention
• 00:46 💻 Targeted Systems: Windows Versions & Update Goals (Security & Quality)
• 01:08 🛠️ Under the Hood: Latest Servicing Stack Update Inclusion
• 01:16 👍 Importance of the Servicing Stack Update for Update Stability
• 01:47 🔬 Deep Dive: Critical Vulnerability with Intel Trusted Execution Technology
• 01:58 ⚙️ Hardware Specifics: 10th Gen+ Intel vPro CPUs with TXT Affected
• 02:10 💔 System Impact: Local Security Authority Subsystem Service Termination & Auth Failures
• 02:28 ➡️ The Trigger: How a Previous Security Update Caused This Issue
• 03:07 ✨ Reliability Boost: Benefits of the Bundled Servicing Component
• 03:42 🤔 Clarification: "Medium Impact" Fix vs. "Critical" Underlying Risk
• 04:26 ⚠️ Known Issue: Noto Fonts & Blurry CJK Text in Chromium Browsers (96 DPI)
• 04:57 🔧 Workaround: Adjusting Display Scaling for Clearer Text
• 05:17 📢 Deployment Alert: Manual Download via Microsoft Update Catalog ONLY
• 06:02 ❓ CVE Status: Why No New CVEs for This Specific Fix?
• 06:46 📝 Summary: Out-of-Band Update Fixes LSASS, Bundles SSU
• 07:07 ✅ Recap: Font Glitch Workaround & Manual Deployment Reminder
• 07:23 💡 Final Thoughts: Navigating Complex Hardware-Specific Patch Management