HANDS ON SharePoint
HANDS ON Teams
HANDS ON Lists
HANDS ON tek
M365 Admin
An updated version of the May 2025 Scan Cab is available
IMPORTANT: This notice is only relevant for environments where:
- Windows Server 2008 and Windows Server 2008 R2 updates are deployed under the Premium Assurance program
- Scan Cab is used to check for update compliance
- The May 2025 Scan Cab (released May 13, 2025 at 10:00 AM PT) was deployed before 11:00 AM PT on May 14, 2025.
An updated version of the May 2025 Scan Cab was made available at 11:00 AM PT on May 14, 2025. This Scan Cab includes new metadata corresponding to new updates for the following Windows versions:
- Windows Server 2008 R2
- Windows Server 2008
The new Windows updates for these server versions released May 13, 2025 at 6:00 PM PT included additional protections to address CVE-2025-32709, a security vulnerability in the Windows Ancillary Function Driver (AFD) for WinSock. The AFD component is akernel-mode driver that provides support for the WinSock API and is contained in the afd.sys file. The afd.sys driver manages the Winsock TCP/IP communications protocol. See the additional information section of this message for details.
How this affects your organization:
IT administrators who downloaded the Scan Cab between 10:00 AM PT on May 13, 2025, and 11:00 AM PT on May 14, 2025 should re-acquire and re-deploy their Scan Cab if it is used to assess updates for Windows Server 2008 or Windows Server 2008 R2.
No action is required on environments where Scan Cab is not employed and do not have Windows Server 2008 or Windows Server 2008 R2 devices enrolled in the Premium Assurance program. However, please note that there might be non-Microsoft applications which utilize Scan Cab. Review the documentation for any software and update deployment tools which might be in use for your organization, to understand if this is applicable in your environment.
What you need to do to prepare:
Administrators can re-deploy the updated Scan Cab via their usual processes. For detailed guidance, see the Additional information section below.
Additional information:
- Updated Scan Cab: Download the new Scan Cab here
- CVE-2025-32709: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- Windows Server 2008 R2: KB5061195 Out-of-band (Security-only update)
- Windows Server 2008 R2: KB5061196 Out-of-band (Monthly Rollup)
- Windows Server 2008: KB5061197 Out-of-band (Security-only update)
- Windows Server 2008: KB5061198 Out-of-band (Monthly Rollup)
- Announcing a smaller WSUS Scan Cab – Microsoft Tech Community: Learn more about WSUS and the Scan Cab process
- Using WUA to Scan for Updates Offline – Win32 apps | Microsoft Docs: Windows Update Agent (WUA) can be used to scan computers for security updates without connecting to Windows Update
- WSUS and the Catalog Site | Microsoft Docs: The Catalog Site used by WSUS to import updates and drivers
Message ID: MC1073882
