Microsoft Releases June 2025 Security Baseline for Windows Server 2025
In June 2025, Microsoft unveiled the updated security baseline package for Windows Server 2025 (v2506), which is now accessible for download via the Microsoft Security Compliance Toolkit. Organizations can now implement and customize recommended configurations to enhance their security postures effectively.
Proactive Adaptation to Security Threats
As cyber threats evolve and new features emerge within Windows, Microsoft plans to increase the frequency of updates to the Windows Server baseline. This approach is a response to both the changing cybersecurity landscape and valuable community feedback. Windows Server security baselines consist of a set of Microsoft-approved configuration settings designed to help administrators create secure, standardized server environments.
Key Changes in the Latest Update
This marks the first significant update to the Windows Server 2025 security baseline since January. Below is a summary of the modifications:
| Security Policy | Change Summary |
|---|---|
| Deny log on through Remote Desktop Services | Allows remote logons for non-administrator local accounts, with “BUILTIN\Guests” added to both Domain Controller (DC) and Member Server (MS). |
| WDigest Authentication | Removed from the baseline. |
| Allow Windows Ink Workspace | Removed from the baseline. |
| Audit Authorization Policy Change | Set to “Success” on both DC and MS. |
| Include command line in process creation events | Enabled on both DC and MS. |
| Control whether exclusions are visible to local users | Moved to Not Configured, as it is overridden by the parent setting. |
Significant Adjustments Explained
Among these adjustments, two changes stand out: the removal of WDigest Authentication and the introduction of the command-line inclusion in process creation events. The decision to eliminate WDigest Authentication aligns with evolving security practices; it was initially implemented to prevent the storage of plaintext passwords in memory, a vulnerability that has since been addressed through updates in Windows Server 2022.
Furthermore, enabling the command line in process creation events enhances monitoring capabilities, thereby assisting in the detection of suspicious activities that could masquerade as legitimate operations. By capturing command-line arguments, this feature provides a more comprehensive view of system activities.
Further Information
To dive deeper into the specifics of these updates and how they might impact your organization, you can refer to Microsoft’s detailed announcement about this security baseline enhancement.
Leave a Reply