Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: Configuration Manager (current branch, version 2503)
Summary of KB32480179
An update is available to administrators who opted in through a PowerShell script to the early update ring deployment for Microsoft Configuration Manager current branch, version 2503. You can access the update in the Updates and Servicing node of the Configuration Manager console.
This update addresses important, late-breaking issues resolved after version 2503 became available globally. This article summarizes the most significant change. It doesn't apply to sites that downloaded version 2503 on April 23, 2025, or a later date. Therefore, it isn't listed in the Configuration Manager console for those sites.
Issues that are fixed
- PXE clients remain stuck in the "Waiting for Approval" stage after updating to Configuration Manager version 2503. The condition happens if the Require a password when computers use PXE option isn't selected.
The SMSPXE.log file contains errors like the following.
PXE::CRYPT::CalcHMACBuffer failed; 0x80090008 PXE::CRYPT::CreateVarFileKey failed; 0x80090008
Note
Both default and custom boot images need to be updated after installing this hotfix. For more information, see Update distribution points with the boot image.
- The vulnerability described in CVE-2025-47178 is resolved. Customers can confirm the vulnerability is patched by checking the version of smsprov.dll. A file version of 5.0.9135.1002 or higher indicates the issue is resolved.
Update information for Microsoft Configuration Manager version 2503 early update ring
This update is available in the Updates and Servicing node of the Configuration Manager console. It only appears for environments that were installed by using the publicly available early update ring builds of version 2503. These builds were available for download between March 31 and April 22, 2025.
To verify which build is installed, add the Package GUID column to the details pane of the Updates and Servicing node in the console. This update applies to first wave installations of version 2503 from packages that have the following GUIDs:
- 8576527E-DDE9-4146-8ED9-DB91091C38EF
- 0E12248F-A617-4707-912D-DFED6E2C5D55
Restart information
This update doesn't require a computer restart but will initiate a site reset after installation.
Update replacement information
This update doesn't replace any previously released update.
Additional installation information
After you install this update on a primary site, preexisting secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. This reinstallation doesn't affect configurations and settings for the secondary site. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.
If the value 0 is returned, all the fixes that are applied to the primary site aren't installed for the secondary site. You should use the Recover Secondary Site option to update the secondary site.
Version information
The following major components are updated to the versions specified:
| Component | Version |
|---|---|
| Configuration Manager site | 5.2503.9135.1003 |
Configuration manager clients aren't affected by this update.
File information
File information is available in the downloadable KB32480179_FileList text file.
Release history
- May 8, 2025: Initial hotfix release