Microsoft Blocks Windows 11 Automated Installation After Critical Security Flaw

Microsoft disables hands-free deployment in WDS due to CVE-2026-0386 vulnerability affecting Windows Server 2008-2025.

By Content Team

Mar 16, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft is disabling hands-free deployment in Windows Deployment Services after discovering CVE-2026-0386, a critical vulnerability that lets attackers steal credentials and execute code during network OS installations. The flaw affects Windows Server 2008 through 2025, exposing the Unattend.xml configuration file over unauthenticated channels.

Starting January 13, 2026, administrators can manually disable the feature. By April 2026, Microsoft will automatically block it entirely unless organizations explicitly re-enable it through registry settings.

The vulnerability carries SYSTEM-level privileges and poses supply chain risks in enterprise environments. Microsoft recommends migrating to secure alternatives like Intune or Configuration Manager before the April deadline.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Google Rushes Chrome Security Update to Fix Critical WebView Vulnerability

Jan 7, 2026

US Investigates Claims Meta Can Read Encrypted WhatsApp Messages

Feb 1, 2026

North Korean Hackers Exploit VS Code to Remotely Control Victims' Computers

Jan 23, 2026

Saudi Arabia Ordered to Pay £3m to London Dissident Over Pegasus Spying

Jan 29, 2026