Microsoft resolved a months-long headache for Windows Server 2025 administrators on Tuesday, finally fixing a bug that caused the Windows Update Standalone Installer (WUSA) to fail with the cryptic ERROR_BAD_PATHNAME error. The June 2026 Patch Tuesday update, tracked as KB5094125, permanently addresses the servicing stack flaw that prevented manual installation of .msu update packages on affected servers.
The same Patch Tuesday also delivered a corresponding fix for Windows 11 versions 24H2 and 25H2, though through a separate cumulative update rather than a standalone KB. Microsoft had initially released a partial repair in an out-of-band update in May, but system admins reported the problem persisted under specific configurations until today's cumulative patch.
Understanding WUSA and Its Role in Windows Servicing
Windows Update Standalone Installer is a command-line and GUI tool that deploys .msu packages—Microsoft’s container format for Windows updates. It is the backbone for offline patch deployment, image integration, and environments where direct internet access is restricted. WUSA calls into the TrustedInstaller service to apply updates, and any corruption in the servicing stack—the set of DLLs and components that manage OS updates—can break WUSA entirely.
Unlike the online Windows Update client, which downloads and verifies updates through Microsoft’s servers, WUSA operates on locally sourced files. This makes it indispensable for air-gapped systems, WSUS servers that replicate content locally, and IT pros who build golden images by injecting updates into Windows images using DISM or third-party tools that invoke WUSA under the hood.
The ERROR_BAD_PATHNAME Glitch: A Technical Deep Dive
The error, presented to users as “ERROR_BAD_PATHNAME: The specified path is invalid” with hex code 0x800700A1, is a standard Win32 error. Normally, it indicates that a file path contains illegal characters, exceeds MAX_PATH limits, or points to a nonexistent directory. On Windows Server 2025 post-March 2026 updates, however, the error fired erroneously when WUSA attempted to validate the storage location of the .msu file during pre-installation checks.
According to Microsoft’s support article for KB5094125, the root cause was a regression in the servicing stack’s path normalization routine. A code change intended to improve update installation speed altered how WUSA enumerates package dependencies and temporary staging locations. Specifically, the path normalization failed for volumes accessed via volume GUID paths or mount points, returning a bad path error even when the physical path was correct. This also explained why certain network shares—especially those mapped through DFS or symbolic links—triggered the bug while simpler local paths sometimes did not.
From Regressions to Remediation: A Timeline of Disruption
The problem surfaced immediately after the March 2026 Patch Tuesday, when admins trying to install the monthly cumulative update for Server 2025 via WUSA were blocked. By early April, threads on the Windows Server Tech Community and Reddit’s r/sysadmin had drawn hundreds of responses. Administrators described stalled patch cycles, auditing failures, and frantic searches for workarounds.
“This was particularly disruptive for disconnected environments, where admins rely on standalone installers to patch air-gapped servers,” said Tom Warren, a senior systems engineer at a major financial firm, in a widely shared Reddit post. “We had to resort to injecting updates through Windows Update only, which isn’t always possible.”
Microsoft acknowledged the bug in an April 2026 tech community post, initially suggesting workarounds like placing the .msu in a short root path (e.g., C:\Temp) or using DISM.exe with the /Add-Package switch. Neither proved universally effective. DISM, while functional for some updates, often introduced TrustedInstaller permission conflicts, and many admins reported that even short paths failed on servers with non-trivial storage configurations.
In May 2026, Microsoft shipped an out-of-band preview update, KB5089432, which partially addressed the bug. It fixed local drive path resolution but left network paths and installations initiated via Remote Desktop sessions broken. Community feedback quickly highlighted the remaining edge cases, prompting Microsoft to promise a comprehensive fix for June.
The June 2026 Fix: KB5094125 Explained
KB5094125 re-architects the path validation in the servicing stack’s TrustedInstaller module. Instead of a single, fallible path check, the updated WUSA now performs a multi-stage validation that verifies the entire file access chain: parsing the NTFS path string, consulting the file system minifilter, and attempting a handle open in a sandboxed context before committing to the installation. This defensive design eliminates the edge cases that triggered false ERROR_BAD_PATHNAME results.
The fix replaces key servicing stack binaries (including wusa.dll, trustedinstaller.dll, and related components) and requires a system reboot. It is classified as a non-security update and respects active hours policies. Administrators can install it via Windows Update, the Microsoft Update Catalog (where it is available as an .msu file), WSUS, or management tools like Microsoft Endpoint Manager.
For those still running Server 2025 with the March or April updates, Microsoft strongly recommends applying KB5094125 directly, as it supersedes the partial May fix and contains no other changes that would alter system behavior.
Parallel Fixes for Windows 11 24H2 and 25H2
While the WUSA bug was most prominent on Server 2025, it also affected Windows 11 24H2 and 25H2 installations in specific deployment scenarios. Enthusiasts and IT shops that maintain offline Windows images for PC deployment occasionally encountered the same error when integrating .msu packages into custom installation media via WUSA.
For these client versions, Microsoft integrated the servicing stack fix into the June cumulative updates: KB5094130 for Windows 11 24H2 and KB5094132 for Windows 11 25H2. Because Windows 11’s default update mechanism heavily favors Windows Update, the bug flew under the radar for most users, but the cumulative update ensures parity with the server fix.
A quick reference table:
| OS Version | Affected? | Fix KB | Notes |
|---|---|---|---|
| Windows Server 2025 | Yes | KB5094125 | Standalone servicing stack update |
| Windows 11 24H2 | Limited | KB5094130 (CU) | Integrated into monthly cumulative update |
| Windows 11 25H2 | Limited | KB5094132 (CU) | Integrated into monthly cumulative update |
| Windows 10 | No | N/A | Not affected |
Testing and Deployment Recommendations
Early adopters in IT pro forums report that KB5094125 resolves the error for all previously identified scenarios, including network shares, DFS paths, and remote desktop sessions. “Just tested KB5094125 on 12 Server 2025 VMs with different storage configs, all good. The WUSA error is finally dead,” wrote a Reddit user with the handle ServerCrasher99.
Before broad deployment, Microsoft advises testing the update on a representative set of server roles, especially those using mount points, Storage Spaces, or non-standard drive letters. The revised path validation may interact subtly with third-party file system filters, so administrators should monitor event logs for any new warnings from filter drivers.
The update’s availability as an .msu file on the Microsoft Update Catalog presents a minor irony: some administrators may need to install it using the very tool it fixes. Microsoft notes that the catalog download itself is not affected by the bug because the downloader accesses the file directly via HTTP, not through the servicing stack’s path check. As a precaution, verify the SHA-256 hash listed on the catalog page before installation.
Broader Implications and Looking Ahead
The WUSA ERROR_BAD_PATHNAME saga highlights the delicate nature of Windows’ servicing stack—a component that, when broken, can silently cripple an organization’s ability to patch. For enterprises managing air-gapped networks or regulated environments where manual update installs are mandatory, any disruption to WUSA is a security concern in itself, delaying vulnerability mitigations.
Microsoft has not publicly committed to a long-term servicing stack hardening initiative, but a company engineer active in the Tech Community thread hinted that the regression stemmed from performance optimizations that bypassed critical validation steps. “We’ve updated our internal testing to cover a wider matrix of file paths and mount configurations,” the engineer wrote, “to ensure WUSA regressions are caught before release.”
For IT pros, the takeaway is clear: while Patch Tuesday remains the bedrock of Windows security maintenance, having a fallback plan—such as using the online Windows Update service when possible or maintaining alternative deployment mechanisms like DISM—is a practical safeguard against servicing stack bugs. With KB5094125, admins can finally put this specific error to rest, but the episode underscores the importance of thoroughly testing any patch on a non-production subset before fleet-wide rollout.
As Server 2025 continues to gain traction in datacenters, reliable offline update functionality will be paramount. Today’s fix removes a major friction point and restores confidence in the platform’s serviceability—at least until the next Patch Tuesday.