Microsoft blames unexpected Windows driver updates on caching issue
by Sergiu Gatlan · BleepingComputerOn Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates.
In an admin center incident report (MO1332784), Microsoft blamed the issue on a misconfiguration in the Windows Update caching service that temporarily dropped device enrollment information, causing some Windows devices to be treated as non-enrolled and preventing driver-approval controls from being applied correctly.
The Intune Support Team also acknowledged the issue on Twitter and Reddit, saying the company was actively working to mitigate it.
"We've received a report of an issue where users' Windows devices that have configured policies to prevent auto updates are installing drivers," Microsoft said when it acknowledged the issue on Tuesday afternoon, June 2.
"As we work to remediate the impact, we've determined that the drivers being installed are Microsoft approved/signed and that they don't pose a security threat."
Microsoft updated the affected service cache and the enrollment status for affected devices to mitigate the impact and, in a Wednesday update, confirmed that the issue had been resolved.
"We've validated that this issue is resolved following impact remediation confirmation from a subset of previously affected users," it added.
"We're continuing to review how this caching service temporarily dropped Windows device enrollment information to better inform how to detect, prevent, and respond to similar service issues in the future."
While the company has yet to share how many regions or customers were affected by this issue, Windows admins have reported having to deal with tens of thousands of devices unexpectedly getting BIOS and driver updates, in many cases causing audio or video devices to stop functioning.
In April, Microsoft resolved a known issue causing systems running Windows Server 2019 and 2022 to upgrade to Windows Server 2025 "unexpectedly."
Last month, Microsoft also addressed a bug that installed driver updates on some Autopatch-managed Windows 11 devices across the European Union, even when administrative policies were configured to restrict driver deployment.
Test every layer before attackers do
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.