Microsoft’s latest updates for Windows Server seem to have broken more things than they’ve fixed, and the only way to resolve the newly introduced issues is to uninstall the patches completely.
Earlier this month, the Redmond software giant released four updates for different Windows Server versions: KB5014746, KB5014692, KB5014699, and KB5014678.
Admins that installed these updates, soon started reporting a “wide range” of issues, BleepingComputer found, including issues with VPN and RDP connectivity on endpoints with Routing and Remote Access Service (RRAS) enabled. One of the issues was quite severe, the publication further wrote, as it resulted in servers freezing for a couple of minutes, after a client connects to the RRAS server with SSTP.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
Fixing the issue
“What I saw after the June updates were installed was that no TCP connections established from either the client-side or the server-side would ever get up and running. I couldn’t do a basic RDP session into the server either (even where a VPN isn’t needed because I’m connecting from a management PC within the same trusted subnet),” one admin told BleepingComputer.
He also said remote VPN/RRAS clients could not connect to the server, and that SSTP, as well as RDP, failed “entirely.” “We ended up using the GCP console interface to get into those servers, to get the RRAS (Routing and Remote Access service) setup not to start so that after a reboot we could remote in and revert the patches,” the admin concluded.
Numerous other admins confirmed that the only way to get rid of the problem is to roll the update back.
Microsoft has not yet acknowledged the issue, so it’s hard to determine what causes these problems. BleepingComputer speculates Microsoft recently fixed a “Windows Network Address Translation (NAT) Denial of Service Vulnerability”, tracked as CVE-2022-30152, which could have bricked RRAS connectivity.
Until Microsoft fixes the issue, the only thing admins can do is uninstall the cumulative patches which is hardly a solution given that other fixes that were bundled in these KBs will be reintroduced, as well.
Via: BleepingComputer