Saturday, September 7, 2024
HomeUncategorizedAttention all Windows Users! The Microsoft April Security Update Could Break Your...

Attention all Windows Users! The Microsoft April Security Update Could Break Your VPN

Published on

In a recent development that has caught the attention of IT administrators and users alike, Microsoft has acknowledged a significant issue affecting VPN connections on Windows devices.

This problem has emerged following the installation of the April 2024 security update, impacting a broad range of Windows operating systems across both client and server platforms.

The root cause appears to be related to the updates, which inadvertently introduced a bug that disrupts the ability to successfully establish or maintain VPN connections.

- Advertisement - EHA
Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Microsoft has marked this issue as critical due to its widespread impact on enterprises and individual users who rely on VPNs for secure remote access.

Affected Windows Versions

The issue has been identified in several versions of the Windows operating system, including:

  • Windows 11, versions 23H2, 22H2, and 21H2
  • Windows 10, version 22H2
  • Windows Server 2022

Windows Servers, Including:

  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008

Users of these versions may experience failures or disruptions in their VPN connections, a critical tool for secure and remote access to networks.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Microsoft’s Response and Workarounds

Microsoft is actively working on a resolution to address the VPN connectivity issues. In the interim, IT administrators are directed to a specific workaround documented in the Windows release health section within the Microsoft 365 admin centre.

This temporary solution aims to mitigate the impact on affected clients and servers while a permanent fix is in development.

Since no workaround is available until the next update, you can downgrade the update. If you want to remove the LCU, follow the steps below.

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

Additionally, Microsoft encourages those needing immediate assistance to reach out through business support, ensuring that affected organizations can maintain their operations with minimal disruption.

As the tech giant scrambles to resolve this unexpected complication, the tech community and businesses reliant on VPN connections for their daily operations are keenly awaiting a permanent fix.

Microsoft has committed to providing updates as they work towards a resolution, ensuring transparency and support for their user base during this challenging time.

“We are working on a resolution and will provide an update in an upcoming release,” Microsoft said.

This incident highlights the intricate balance between enhancing security through updates and maintaining the stability of essential services like VPN connections.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to...

Security Risk Advisors Announces Launch of VECTR Enterprise Edition

Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition, a premium version...

4 Leading Methods of Increasing Business Efficiency 

The more efficient your core business operations, the more motivated and productive your employees...