Microsoft’s September Patch Tuesday has quietly closed two disruptive Windows regressions introduced in August — one that interfered with MSI-based app installs by unexpectedly surfacing User Account Control (UAC) prompts for standard users, and another that crippled NDI-based streaming performance for many multi‑PC OBS/NDI setups. Both problems were first tracked publicly on Microsoft’s Windows Release Health dashboard in August and September 2025, and Microsoft’s cumulative updates released September 9, 2025 (notably KB5065426 for Windows 11 24H2 and matching updates for Windows 10 branches) contain the fixes that restore previous functionality while preserving the security hardening that originally triggered the regressions. (learn.microsoft.com)
Two technical patterns explain the behavior:
The practical symptom set was:
Microsoft also added a managed‑admin control so IT teams can explicitly permit (allowlist) MSI packages to perform repair operations without prompting on their managed devices. That is intended as a safer and more granular alternative to the earlier KIR Group Policy patch. The Release Health notes confirm organizations no longer need to deploy the KIR policy and can instead adopt the allowlist mechanism introduced with the September updates. Administrators should follow Microsoft’s KB guidance to add MSI package entries to the allowlist rather than relying on broad, less controlled workarounds. (learn.microsoft.com)
Action checklist (short):
Source: Neowin Microsoft patches Windows bugs impacting NDI streaming performance and app installs
August’s security hardening and the unintended fallout
In mid‑August 2025 Microsoft shipped a set of security updates to address a local elevation‑of‑privilege vulnerability in Windows Installer tracked as CVE‑2025‑50173. The mitigation tightened how Windows Installer (MSI) handles authentication and privilege elevation so that certain repair and patch operations now require explicit elevation. That change fixed the security flaw, but it also created two visible and painful side effects for real‑world workflows: unexpected UAC prompts and failures for non‑admin users when MSI repair or patch operations ran silently, and degraded Network Device Interface (NDI) streaming performance when using RUDP transport. (support.microsoft.com, nvd.nist.gov)- The UAC/MSI problem surfaced when standard users launched applications or invoked MSI repair operations (for example, using msiexec /fu), causing unexpected prompts or outright failures (Error 1730 in some cases) for apps that would previously have repaired themselves without admin interaction. Commonly reported victims included legacy enterprise installers and auto‑repair sequences in applications such as Autodesk products and some Office configurations. (support.microsoft.com)
- The NDI problem produced severe stutter, lag and choppy audio/video for streaming apps using the NDI protocol’s default RUDP transport. The regression was particularly noticeable when “Display Capture” sources were used on the sending PC and afflicted low‑latency multi‑PC streaming setups used by creators and broadcast engineers. (support.microsoft.com, support.streamlabs.com)
What went wrong (deep dive)
UAC + MSI: security tradeoffs that collided with legacy behaviors
The August security fix closed a Windows Installer weakness by strengthening authentication checks during patch and repair operations. As a consequence, Windows became stricter about when to prompt for admin consent. The vulnerability mitigation was correct from a security posture: it prevents unsigned or improperly authenticated MSI/patch operations from being silently applied and potentially exploited for privilege escalation. But the enforcement was broader than what some installers expected.Two technical patterns explain the behavior:
- Many installers rely on custom actions (scripted or binary steps inside an MSI) to perform per‑user initialization on first run, to launch ancillary installers, or to perform post‑install configuration. When Windows detects any custom action that would require elevation, it surfaces a UAC challenge. If the process that invokes the MSI was a standard user and the MSI attempted a repair without a visible UI, the lack of interactive elevation caused the operation to fail. (learn.microsoft.com, support.microsoft.com)
- Silent or unattended patches (msp/msi) that were previously permitted because they were signed or because installation context assumptions were looser, now faced new checks verifying whether elevated actions are actually required — and if they are, the system blocks or prompts. This broke deployments that expected repairs or patches to run without admin interaction. The net result was an infuriating and hard‑to‑diagnose class of failures for admins and end users. (stackoverflow.com)
NDI/RUDP: an unexpected touchpoint in the networking stack
NDI (Network Device Interface) uses several transport modes; RUDP (Reliable UDP) is the default because it aims to balance low latency with packet reliability. The August update introduced a change in how the OS processed certain RUDP flows (timing/acknowledgment/queue handling), which for NDI’s workload produced severe jitter and stuttering even on otherwise healthy LANs.The practical symptom set was:
- Choppy frames and audio dropouts in OBS or NDI Tools when the source used Display Capture.
- Problems persisted even under low bandwidth conditions, indicating the issue was not congestion but protocol handling in the OS networking/TCP‑stack‑adjacent code paths.
- Switching NDI Receive Mode to Single TCP or UDP (Legacy) mitigated the symptoms because those transports bypassed the RUDP code paths affected by the Windows update. (support.microsoft.com, support.streamlabs.com)
Microsoft’s mitigation timeline and official guidance
- August 12, 2025 — Microsoft releases the security updates that include the Windows Installer changes and other fixes. Post‑deployment reports surface both the UAC/MSI and NDI regressions. Microsoft posts acknowledged advisories and workarounds in the Windows Release Health dashboard and KB articles. (support.microsoft.com)
- Mid to late August 2025 — Vendors and third parties publish practical workarounds:
- For NDI: change the NDI Receive Mode from RUDP to TCP or UDP on affected machines (NDI Access Manager → Advanced → Receive Mode). This was recommended by NDI tooling vendors and Streamlabs. (support.streamlabs.com, vmix.com)
- For UAC/MSI: Microsoft offered a Known Issue Rollback (KIR) Group Policy for managed environments as a temporary mitigation; non‑admin users were also told to run affected programs as administrator where possible. KIR had to be obtained/configured through Microsoft’s support channels and was intended as a stop‑gap for enterprise deployments. (support.microsoft.com)
- September 9, 2025 — Microsoft’s Patch Tuesday cumulative updates (delivered via KB5065426 and corresponding KBs for other channels) include targeted fixes and behavior adjustments that resolve both issues without undoing the security hardening. The Windows Release Health pages list both the UAC/MSI and NDI issues as Resolved as of the September 9 updates. (learn.microsoft.com)
What the September fixes actually change
UAC/MSI: more targeted prompting and an admin allowlist
The September cumulative updates adjust Windows Installer’s elevation logic so that a UAC prompt is only required for MSI repair operations when the MSI package actually contains an elevated custom action. In plain terms: if a repair/patch doesn’t need privileged system changes, Windows won’t interrupt the user; if a repair legitimately intends to run elevated code, the prompt remains — which preserves security posture while reducing false positives. (learn.microsoft.com)Microsoft also added a managed‑admin control so IT teams can explicitly permit (allowlist) MSI packages to perform repair operations without prompting on their managed devices. That is intended as a safer and more granular alternative to the earlier KIR Group Policy patch. The Release Health notes confirm organizations no longer need to deploy the KIR policy and can instead adopt the allowlist mechanism introduced with the September updates. Administrators should follow Microsoft’s KB guidance to add MSI package entries to the allowlist rather than relying on broad, less controlled workarounds. (learn.microsoft.com)
NDI: RUDP regressions fixed in the OS
The September updates correct the timing/packet handling regression that caused RUDP‑backed NDI streams to stutter. After installing the September 9 cumulative updates (or later), streaming apps using NDI no longer require the manual Receive Mode change to TCP/UDP: RUDP streams should resume normal low‑latency, reliable behavior without manual intervention. Microsoft’s Release Health explicitly notes that devices updated on or after September 9 do not need the workaround. (learn.microsoft.com, support.microsoft.com)What this means for users, streamers and IT admins
For home users and streamers
- If you were affected by NDI stutter and you have not yet installed the September 9 cumulative update or later, apply Windows Update now. If you cannot apply the update immediately (e.g., you are mid‑broadcast), keep the temporary NDI Receive Mode workaround in your toolkit: change Receive Mode to Single TCP or UDP through NDI Access Manager on all source and destination machines. (support.streamlabs.com, vmix.com)
- After updating to the September cumulative update, revert any manual transport changes you made for NDI, re‑test streams, and confirm CPU/latency characteristics for your setup. Some streamers reported slightly different CPU tradeoffs when using TCP vs RUDP; with the OS fix you regain the original tradeoff that RUDP provided. (support.streamlabs.com)
For IT administrators and enterprise deployment teams
- Prioritize deployment of the September cumulative updates (KB5065426 for Windows 11 24H2 and the matching KBs for Windows 10 servicing branches) to your pilot rings and then broad rollout. The releases resolve both the MSI/UAC regression and the NDI regression while preserving the CVE mitigation. (learn.microsoft.com)
- If you had applied the KIR Group Policy to mitigate the UAC prompts, you can remove it after validating the September update in your environment; Microsoft’s Release Health explicitly states the KIR group policy is no longer necessary for this issue. However, do not remove KIR until you have confirmed the fix in your test group. (learn.microsoft.com)
- Use the new allowlist capability for tightly scoped exceptions rather than broad permission changes. Microsoft’s policy surface includes ADMX/MDM policy entries for Windows Installer behaviors such as AllowLockdownPatch and related ADMX_MSI controls — but exercise caution: adding MSI packages to allowlists should be limited, documented, and monitored because it relaxes the elevation checks for those specific packages. Audit and logging around allowlist entries are recommended. (learn.microsoft.com)
Practical step‑by‑step: how to respond right now
- Confirm current state:
- Open Settings → Windows Update → Update History.
- Verify whether your devices have the September 9, 2025 cumulative update (KB5065426 on 24H2 or the equivalent KB for the OS in question). (learn.microsoft.com)
- If you run NDI/OBS streaming and still see stutter:
- If you can’t update immediately, change NDI Receive Mode to Single TCP or UDP via NDI Access Manager (Advanced → Receive Mode). Repeat on each sending and receiving machine. (support.streamlabs.com, vmix.com)
- When you can, install the September cumulative update and re‑enable your standard RUDP flows to test end‑to‑end behavior. (learn.microsoft.com)
- If you manage fleets and saw UAC/MSI issues:
- Pilot KB5065426 (or corresponding KBs) on a small number of representative devices.
- Confirm MSI repair/patch scenarios that previously failed now succeed without unwanted prompts.
- If you had deployed KIR, plan to remove it only after the pilot verifies the fix.
- If you need specific apps to be explicitly allowed to perform repairs without prompting, follow Microsoft’s KB guidance to add MSI package hashes/identifiers to the administrative allowlist (use scoped ADMX/MDM controls). Maintain an audit trail. (learn.microsoft.com)
Critical analysis — strengths, caveats and residual risk
What Microsoft did well
- Microsoft identified two separate, tangible regressions quickly and used its Windows Release Health dashboard to publicize the problems and recommended mitigations. That transparency reduced the time to triage for vendors and admins. (learn.microsoft.com)
- The September fixes show a sensible approach: preserve the security hardening (CVE mitigation) while introducing more granular logic (only prompt when an MSI contains an elevated custom action) and providing managed allowlisting for exceptions. This is a measured balance between security and operational continuity. (learn.microsoft.com)
- Microsoft’s collaboration with ecosystem vendors (NDI, streaming tool providers) and the quick publication of vendor workarounds (NDI/Streamlabs/vMix) helped end users keep production workflows running while the OS fix was prepared. (support.streamlabs.com, vmix.com)
Remaining caveats and risks
- Allowlisting introduces risk. Any mechanism that permits specific installers to bypass UAC prompts reduces the protection surface; if administrators add too many entries or poorly document them, that could be exploited by malware that mimics allowed installers. The allowlist should be used sparingly, audited, and combined with endpoint security controls and software inventory checks. (learn.microsoft.com)
- Some third‑party installers authored with non‑compliant custom actions (for example, incorrectly scheduled or immediate custom actions that should be deferred) may continue to behave unpredictably until vendors update their packages. The long‑term fix for many vendors is to re‑author installers to follow modern MSI guidelines (deferred execution for system modifications, proper MSI tables, and explicit manifest/requested execution levels). Administrators should work with ISVs to get MSI packages that are UAC‑compliant. (learn.microsoft.com)
- Although Microsoft’s Release Health marks these issues as Resolved as of the September 9 updates, complex enterprise environments — especially those with tightly managed update rings and mixed OS versions — may see lag before every device receives the fix. Administrators must still plan rollouts carefully and retain fallback plans for production events. (learn.microsoft.com)
Final verdict and recommendations
Microsoft’s September Patch Tuesday release delivered the right fixes: it retained the critical security mitigation for CVE‑2025‑50173 while reducing operational disruption with a more nuanced prompting model and a targeted admin allowlist for exceptions. The NDI regression is also addressed, restoring the expected low‑latency behavior for creators who rely on RUDP. That said, the incident highlights two recurring truths about modern OS servicing: security hardening can have unexpected compatibility costs, and rapid, well‑documented mitigations plus clear communication are essential for minimizing real‑world impact.Action checklist (short):
- Install the September 9, 2025 cumulative updates (KB5065426 and matching KBs) on pilot devices, then roll out broadly. (learn.microsoft.com)
- If you’re a streamer and can’t update immediately, change NDI Receive Mode to TCP or UDP until the update is applied. Revert and re‑test after updating. (support.streamlabs.com)
- If your organization deployed KIR for the MSI/UAC issue, plan to remove it after validating the September update in your test ring. Use Microsoft’s new allowlist capability for narrowly scoped exceptions and monitor allowlist entries carefully. (learn.microsoft.com)
- For application vendors: review MSI custom actions and authoring practices to ensure UAC compliance and to avoid future repair/repair‑time elevation surprises. (learn.microsoft.com)
Source: Neowin Microsoft patches Windows bugs impacting NDI streaming performance and app installs