Microsoft’s monthly update for Windows 10 and Windows 11, which arrived as part of the most recent Patch Tuesday, blocks the software’s built-in VPN tool from establishing a connection, effectively rendering it useless.
Microsoft is yet to confirm the issue, which has already been shared several times on Reddit. In addition to Windows VPNs, it seems that the problem also affects some third-party VPNs, with SonicWall, Cisco Meraki, and WatchGuard firewalls all seeing issues.
A security researcher told bleeding computer That bug affects Ubiquity client-to-site VPN connections, even for those using the Windows VPN client.
choose the lesser evil
KB5009543 for Windows 10 and KB5009566 for Windows 11 are the two problematic updates. At the moment, the only way to fix the problem is to remove the patch, which, as the publication points out, can be done via Command Prompt with the following command:
Windows 10: wusa /uninstalled/kb:5009543
Windows 11: WUSA /Uninstalled/KB:5009566
The problem with this approach is that Microsoft bundles all of its fixes, so removing this patch will not only allow Windows administrators to reestablish their L2TP VPN connection, but they will also be exposed to several known security vulnerabilities. have to do it.
And with remote work still necessary for most companies, they’ll have a hard time choosing the lesser evil between privacy and vulnerability risk.
One of the flaws addressed via Patch Tuesday was a nasty Windows 11 flaw found in the HTTP protocol stack. There’s no malware out there exploiting this flaw yet, but Microsoft said it allows an attacker to execute arbitrary code remotely, without much user interaction, making it extremely dangerous.
To protect vulnerable devices, disabling the HTTP Trailer support feature will suffice.
The vulnerability is tracked as CVE-2022-21907. In addition, a total of six zero-days and nearly 100 different flaws were addressed in the patch.
- You might also want to check out our list of the best proxies right now
Via: Bleeping Computer