Microsoft says Windows 10 security updates released during this month’s Patch Tuesday may fail to install with 0x8007000d errors, although initially displaying progress.

On systems affected by this known issue running client platforms (i.e., Windows 10 21H2 and Windows 10 22H2), the KB5031356 security update will fail to complete installation.

This confirms user reports surfacing since Tuesday, October 10, saying that downloading the update and trying to install it manually will also fail to deploy.

“Microsoft has received reports of an issue where Windows updates released October 10, 2023 (KB5031356) fail to install. Devices might initially display progress, but then fail to complete installation,” Redmond said.

“Based on our reports, some of the most common errors being encountered is Error 8007000D (ERROR_INVALID_DATA). This error can be found from the Windows Update view under System settings, by selecting Update History.”

​Microsoft encouraged users facing this problem to file a report through the company’s Feedback Hub.

Additionally, the company advised affected customers to consult this support page, offering supplementary guidance on resolving issues related to updating Windows.

Microsoft is currently investigating to discover the issue’s root cause and has committed to providing an update once further information becomes available.

This week, Microsoft also warned customers of incorrect BitLocker drive encryption errors in some managed Windows environments.

The known issue only impacts Windows environments where drive encryption is enforced for OS and fixed drives.

Earlier this year, the company fixed another issue impacting WSUS (Windows Server Update Services) servers upgraded to Windows Server 2022, causing them to stop pushing Windows 11 22H2 updates to enterprise endpoints.

Microsoft warns of incorrect BitLocker encryption errors

Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments.

According to Redmond, this known issue affects only client platforms, including Windows 11 21H2/22H2, Windows 10 21H2/22H2, and Windows 10 Enterprise LTSC 2019.

The issue also only impacts environments where drive encryption is enforced for OS and fixed drives.

Microsoft says Intune, its cloud-based unified endpoint management service, is one of the MDM platforms affected by the known issue. Still, it has not revealed what other MDM apps show these erroneous BitLocker errors.

‘Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the ‘Require Device Encryption’ setting for some devices in your environment,” the company said on the Windows Health dashboard.

“Affected environments are those with the ‘Enforce drive encryption type on operating system drives’ or ‘Enforce drive encryption on fixed drives’ policies set to enabled and selecting either ‘full encryption’ or ‘used space only’.”

Just a reporting issue waiting for a fix

Microsoft also clarified that this issue is caused by a reporting problem, and it does not impact drive encryption or the reporting of other device problems, including other BitLocker problems on MDM-enrolled Windows devices. 

To address this, admins can enable the “not configured” setting for the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies in Microsoft Intune.

The company added that it’s actively working on resolving the issue and will provide more details with an upcoming update.

Earlier this year, Redmond fixed a known issue impacting WSUS (Windows Server Update Services) servers upgraded to Windows Server 2022, which caused them to stop pushing Windows 11 22H2 updates to enterprise endpoints.

The same month, it fixed another bug causing video recording and playing failures in apps using the WVC1 codec on Windows 10 and Windows 11 systems.

Credit: Bleeping Computer