Microsoft 365 Service Degradation Bypassed Windows Driver Auto-Update Controls

Severity

Medium

Detail

Microsoft has resolved a Microsoft 365 service degradation issue that temporarily bypassed Windows driver auto-update controls, causing unintended driver installations on managed devices. The incident affected systems configured with policies designed to restrict automatic driver updates, particularly in enterprise environments where change management and update governance are strictly enforced.

The issue was tracked as Microsoft reference MO1332784 and NHSmail reference INC46841357, with reports emerging on June 3, 2026, before being resolved the following day.

How?

The issue originated from a failure within a caching service used by Windows Update. During the disruption, affected devices temporarily lost enrollment information that identifies them as being managed by enterprise solutions such as Microsoft Intune or other Mobile Device Management (MDM) platforms.

As a result, Windows Update incorrectly classified some managed systems as non-enrolled devices. This caused driver approval restrictions and policy-based controls to be bypassed, allowing drivers to be automatically installed without administrative authorization.

Although the installations occurred outside expected change-control processes, Microsoft confirmed that all affected drivers were legitimate, Microsoft-signed drivers that had passed the company’s standard validation and approval procedures. No malicious drivers were distributed, and the incident was not attributed to a security compromise.

However, the event demonstrated how failures in underlying service dependencies can impact policy enforcement, potentially leading to unexpected system changes, compliance concerns, and operational disruptions in regulated environments.

Conclusion

While Microsoft confirmed that the issue did not introduce a direct security threat, the incident highlights the importance of maintaining visibility into update mechanisms and policy enforcement controls. Unexpected driver installations can affect system stability, compatibility, and compliance requirements, even when the updates originate from trusted sources.

Organizations should review endpoint logs for unauthorized driver installations that occurred during the affected period, validate that update policies are functioning as intended, and maintain monitoring for policy deviations across managed devices. Microsoft has fully mitigated the issue and is conducting a further review to improve the resilience of Windows Update services and prevent similar disruptions in the future.

Source

https://cybersecuritynews.com/microsoft-365-degradation-bypassed-windows-driver/