After installing Windows Server 2025 security update KB5087539 on both AWS EC2 VMs, communication between the servers stops working.

Hi Nitin Shinde,

The failure after installing this cumulative update is likely tied to the Network Location Awareness service reclassifying your AWS Elastic Network Adapters. When a major update or reboot disrupts network gateway MAC detection, Windows clears the network identification from the registry path HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles and defaults the connection to a Public profile. This causes the Windows Defender Firewall to instantly apply stricter rules and block your internal AWS VPC traffic. You can easily fix this by running the Set-NetConnectionProfile -NetworkCategory Private PowerShell command on the affected machines. Switching the category back to Private tells the OS to trust the local network again, restoring your inter-VM communication without compromising your external security boundaries.

If correcting the network profile does not resolve the issue, rolling back the update is your next step to restore production functionality. Executing wusa.exe /uninstall /kb:5087539 in an elevated command prompt. You must be aware that uninstalling cumulative security updates will expose your servers to the vulnerabilities they were designed to patch. Because Microsoft has not officially confirmed a regression bug for this specific inter-VM behavior on build 26100.32860, you should only execute this rollback if the environment is entirely non-functional and your security team accepts the risk. If you proceed, pausing automatic updates via the Group Policy path Computer Configuration \ Administrative Templates \ Windows Components \ Windows Update is the correct administrative action while you monitor the Windows release health dashboard for an official fix.

Hope this answer brought you some useful information.

VPHAN