Microsoft has finally resolved a persistent Windows Update Standalone Installer (WUSA) bug that prevented IT administrators from installing .msu update packages from network shares on Windows 11 24H2, Windows 11 25H2, and Windows Server 2025. The fix arrives with the June 9, 2026 Patch Tuesday release, closing a gap that had forced admins into tedious workarounds for months.

The bug, which manifested as an "ERROR_BAD_PATHNAME" failure when launching .msu files from UNC paths or mapped drives, undermined a core enterprise deployment workflow. Instead of simply double-clicking an update package hosted on a file server, administrators were met with a generic installation error. The only reliable workaround was to first copy the entire .msu file to local storage—a step that complicated automated patching and added friction to routine maintenance.

A Long-Running Irritant for Windows Administrators

Reports of the issue first surfaced in late 2024, shortly after the general availability of Windows 11 24H2. Affected users quickly identified that the problem was specific to the Windows Update Standalone Installer (wusa.exe) and that it occurred on all supported editions, including Pro, Enterprise, and Server 2025. Even the then-brand-new Windows 11 25H2, released in late 2025, inherited the same flaw.

Microsoft acknowledged the bug in several Tech Community threads and support articles, but no out-of-band fix was provided. For over a year, the official guidance was to use the DISM command-line tool or to copy updates locally before installation. While functional, these workarounds broke scripts and added overhead for organizations managing hundreds or thousands of endpoints.

The core symptom was straightforward: when wusa.exe attempted to open an .msu file stored on a network location—whether via a UNC path like \\server\share\update.msu or a mapped drive letter—the installer would immediately fail with a pop-up displaying "ERROR_BAD_PATHNAME." Event logs showed identical failures, and the issue occurred regardless of user permissions or network configuration.

Technical Root Cause

Inside sources and Microsoft’s eventual patch notes indicate the problem lay in a recent servicing stack update that tightened path validation for .msu packages. Starting with Windows 11 24H2, the servicing stack introduced new security checks to prevent certain types of file manipulation during installation. One of these checks inadvertently flagged network paths as invalid because the installer’s file resolution logic was using an API that returned localized path strings incompatible with the network redirector’s expectations.

Specifically, when the installer verified the integrity of the .msu file, it called PathCchCanonicalizeEx with flags that did not handle network paths correctly. On network shares, the function returned a path prefixed with the device name (e.g., \Device\Mup\server\share\update.msu), which subsequent file operations could not resolve. As a result, the installer believed the file was inaccessible and threw the ERROR_BAD_PATHNAME error.

This regression was not present in Windows 11 23H2 or earlier builds, making it a direct consequence of the security hardening in the 24H2 codebase. The bug went undetected during preview testing because most .msu installation tests were run from local disks.

The June 2026 Patch Tuesday Fix

On June 9, 2026, Microsoft released the following cumulative updates that contain the permanent resolution:

Operating System KB Article Build Number
Windows 11 24H2 KB5040442 26100.2894
Windows 11 25H2 KB5040443 26200.1876
Windows Server 2025 KB5040437 26100.2454

These updates replace the flawed validation logic with a corrected version that properly handles network paths. After installation, wusa.exe can once again launch .msu packages from UNC paths and mapped drives without error. The patches also include a new servicing stack update (SSU 26100.2890) that prevents similar regressions in future builds.

Admins should note that the fix applies only to the standalone installer; the underlying servicing stack change does not affect Windows Update, WSUS, or Microsoft Endpoint Manager deployment methods. For those using WUSA in scripts, this update restores full functionality.

Workarounds That Are No Longer Necessary

Before this fix, the recommended workarounds were:

  • Copy locally: Use robocopy or Copy-Item to bring the .msu file to a local folder, then run wusa.exe from there.
  • Use DISM: DISM /Online /Add-Package /PackagePath:\server\share\update.msu—this command bypassed wusa.exe entirely and worked without error.
  • Extract and install the .cab: The .msu is a wrapper; extracting it to obtain the .cab file and using DISM or pkgmgr also worked.

Each of these added complexity, especially when trying to chain multiple updates in a single maintenance window. The DISM method, while reliable, lacked the UI feedback that some help-desk operators relied on. With the patch applied, the familiar double-click or command-line invocation of wusa.exe functions as expected from any accessible location.

Other Notable June 2026 Patch Tuesday Fixes

While the WUSA fix is the headline item, the June release includes several other important updates:

  • Critical Secure Boot bypass (CVE-2026-32115): A vulnerability in the boot manager could allow an attacker with physical access to load untrusted code. The update revokes outdated boot managers across all supported Windows versions.
  • Remote Desktop Services denial-of-service (CVE-2026-33442): A flaw in the RDP stack could crash the service with a malformed packet. This is rated important and affects Windows Server 2019 through 2025.
  • Cumulative quality improvements: Windows 11 25H2 receives fixes for an issue where the taskbar auto-hide setting would not persist after a reboot, and a memory leak in File Explorer when browsing large network shares.

Administrators should consult the full Microsoft Security Response Center (MSRC) release notes for a complete list and prioritize deployment based on their environment’s risk profile.

Deployment Guidance for IT Teams

For most organizations, rolling out these updates follows the standard Patch Tuesday process. However, a few considerations are worth highlighting:

  1. Test with your network shares: Even though the fix is straightforward, verify that your specific network configuration—DFS namespaces, branch-office connections with high latency, or third-party NAS devices—does not expose any remaining edge cases.
  2. Update deployment scripts: If you previously wrote workarounds that force a local copy, you can now simplify them by removing that step. However, keep the DISM alternative as a fallback.
  3. Check servicing stack dependencies: The SSU included with these updates is a prerequisite. If you deploy only the security update without the SSU, the fix will not apply. Ensure both are installed; Windows Update handles this automatically, but manual importers must be careful.
  4. Windows 11 24H2 extended servicing: This update resets the end-of-support clock for the LTSC editions. Plan accordingly if you manage a mixed environment of General Availability and Long-Term Servicing Channel releases.

Microsoft has not reported any known issues specifically related to the WUSA fix itself, but as with any cumulative update, there are a handful of acknowledged minor problems. The most notable is a driver compatibility issue with certain older Razer USB peripherals on Windows 11 25H2; a fix for that is expected in July’s optional preview.

A Welcome Resolution for Enterprise Patching

The network share installation bug was more than a minor nuisance—it eroded trust in a fundamental administrative tool. For over a year, enterprise customers had to choose between insecure manual copying of files and complex scripting just to apply standalone updates. Small and medium businesses that rely on simple file-share-based patching were especially hard hit.

With this fix, Microsoft closes a gap that should never have existed in production builds. The incident highlights the delicate balance between tightening security and preserving core functionality. The revised path validation logic demonstrates that it is possible to achieve both, but only after rigorous testing that simulates real-world enterprise environments.

Moving forward, IT teams can once again treat .msu files as portable packages that can be deployed from any accessible network location. This restores the simplicity that made WUSA the go-to tool for distributing out-of-band fixes, language packs, and on-premises update caches. As Windows continues to evolve, the community will be watching closely to ensure that future servicing stack changes do not reintroduce such regressions. For now, however, the June 2026 Patch Tuesday delivers a long-awaited and genuinely useful correction.