Microsoft has resolved a frustrating bug in the Windows Update Standalone Installer (WUSA) that caused certain .msu update packages to fail with an ERROR_BAD_PATHNAME (0x800700a1) when administrators attempted to install them from network shares. The issue primarily impacted Windows 11 24H2, Windows 11 25H2, and Windows Server 2025 systems, affecting updates released from May 28, 2025 onward. The fix, delivered through a servicing stack update (SSU), restores reliable deployment workflows for IT professionals who rely on shared network repositories for patch management.
The Windows Update Standalone Installer explained
WUSA, or the Windows Update Standalone Installer (wusa.exe), is the native Microsoft tool for applying .msu update files to Windows operating systems. These .msu packages are the standard format for distributing standalone updates—including cumulative updates, security patches, and hotfixes—outside the typical Windows Update channel. System administrators frequently download .msu files from the Microsoft Update Catalog and store them on network shares to deploy across multiple machines, reducing internet bandwidth and ensuring consistency.
When launched, WUSA extracts the .msu file, which is essentially a compressed cabinet archive containing a .cab file with the actual update payload and XML metadata, then hands the installation process to the Trusted Installer. Historically, this process has been robust whether the .msu resides on a local drive or a remote UNC path. However, a regression introduced in early 2025 disrupted that reliability for certain network-based installations.
How the ERROR_BAD_PATHNAME bug manifests
Administrators encountering the bug see a standard Windows error dialog with the code 0x800700a1 and the message “ERROR_BAD_PATHNAME. The specified path is invalid.” The failure occurs immediately after launching WUSA with a network‑hosted .msu file, before the extraction phase begins. In some cases, specifying the full UNC path in the command line (e.g., wusa.exe \\\\server\\share\\updates\\windows11.0-kb5039212-x64.msu) leads to an instant crash, while double‑clicking the file from File Explorer produces the same error.
The problem exclusively affects installations from network shares—local copies of the same .msu file install without issue. Notably, the error does not appear when using DISM (Deployment Image Servicing and Management) to apply the update, pointing to a flaw specifically within WUSA’s path‑handling logic.
Which systems and updates were affected?
Microsoft confirmed that the bug impacts a subset of updates published after May 28, 2025, for three operating systems:
- Windows 11, version 24H2 (all editions)
- Windows 11, version 25H2 (all editions)
- Windows Server 2025 (all editions, including Server Core)
The faulty updates span various classifications—cumulative updates, .NET Framework updates, and dynamic updates—but not all packages built after that date are affected. The common factor appears to be the presence of a multi‑component servicing stack update that inadvertently altered how WUSA validates file paths for remote sources.
Root cause: parsing network paths with multiple file transclusions
The term “multi‑file network shares” in this context refers not to SMB Multichannel, but to the way .msu packages contain several internal files that must be accessed during installation. When the .msu is stored on a network share, WUSA attempts to open the package and its constituent streams using the full UNC path. A flaw in the updated path‑canonicalization code—likely a mishandling of double‑backslash prefixes, long folder names, or special characters—triggered a false “invalid path” error.
Engineers suspect the issue arose from a security hardening change intended to prevent directory traversal attacks. The new validation logic was overly aggressive when confronted with network paths, especially those using SMB 3.x with kernel‑mode file transclusion features. As a result, even valid UNC paths were rejected, leaving administrators unable to install critical patches via network repositories.
Official fix and how to deploy it
Microsoft addressed the bug through an out‑of‑band servicing stack update released in early June 2025. This SSU replaces the flawed version of wusa.exe and its supporting libraries without requiring a restart. The update is available through the following channels:
- Windows Update and Microsoft Update – offered as an optional quality update; categorized under “Servicing Stack Updates.”
- Microsoft Update Catalog – searchable by the KB number assigned to the fix (check the Windows release health dashboard for the exact KB).
- WSUS and Configuration Manager – automatically approved if servicing stack updates are synchronized.
To apply the fix, administrators simply need to install the SSU on affected machines. After installation, WUSA will correctly handle UNC paths, enabling normal deployment of the previously failing .msu packages. Note that the SSU itself must be installed locally; it cannot be installed from a network share if the system is already affected. Microsoft recommends using the Microsoft Update Catalog directly on the target machine or pushing the update via a management tool that uses the local system’s update agent.
Verification and checking the fix
After deploying the SSU, you can verify the resolution by checking the file version of C:\\Windows\\System32\\wusa.exe. The fixed version is 10.0.26100.1500 or later. Alternatively, attempt to install a known‑affected .msu from a network share. A successful installation without the ERROR_BAD_PATHNAME confirms the fix.
Command to check wusa.exe version:
wmic datafile where name=\"c:\\\\windows\\\\system32\\\\wusa.exe\" get version
For remote verification across a fleet, PowerShell can query the version:
Get-Item -Path \"\\\\$computer\\C$\\Windows\\System32\\wusa.exe\" | Select-Object VersionInfo
Workarounds for unpatched systems
Before the official fix was available, several workarounds helped administrators proceed with patching:
- Copy the .msu locally – The simplest method: transfer the update file to a local drive (e.g.,
C:\\Temp) and run wusa.exe from there. This avoids the network path entirely. - Use DISM instead – DISM’s
/Add-Packageswitch can install .msu files from network shares without triggering the bug:
cmd dism /online /add-package /packagepath:\"\\\\server\\share\\update.msu\" - Map a network drive – Some administrators reported success by mapping the share to a drive letter (e.g.,
Z:) and installing from that mapped drive, as WUSA processes the path differently. - Extract the .cab and use DISM – Extract the .cab from the .msu (using
expand.exe) and install it with DISM, circumventing WUSA altogether.
These workarounds remain viable for systems that cannot immediately receive the SSU.
Broader impact on patch management
The ERROR_BAD_PATHNAME bug shone a light on the dependency many organizations place on network‑share‑based update deployment. Large enterprises often cache hundreds of gigabytes of update files on central file servers to reduce internet egress and ensure speed. When a tool as fundamental as WUSA breaks, it disrupts maintenance windows and can delay critical security patches.
Microsoft’s relatively quick resolution (roughly two weeks after the first reports surfaced in the community) demonstrates the importance of feedback through the Windows Release Health dashboard and tech forums. The incident also underscored the value of having alternative installation methods, such as DISM, in any administrator’s toolbox.
Looking ahead
With the servicing stack update now widely available, organizations should integrate its deployment into their baseline update strategy to prevent recurrence. The incident is a reminder that even mature tools can regress, and that testing against network‑based scenarios should be part of any change‑management process.
Microsoft has not indicated whether the flawed component will be rolled back in future cumulative updates for Windows 11 24H2 and 25H2. However, given that the SSU is a prerequisite for installing the affected updates, systems that remain unpatched will continue to experience failures when using WUSA from network shares. Administrators are strongly advised to apply the SSU or use DISM as a stopgap until all affected machines are updated.