Tuesday, December 3, 2024
HomeUncategorizedAttention all Windows Users! The Microsoft April Security Update Could Break Your...

Attention all Windows Users! The Microsoft April Security Update Could Break Your VPN

Published on

SIEM as a Service

In a recent development that has caught the attention of IT administrators and users alike, Microsoft has acknowledged a significant issue affecting VPN connections on Windows devices.

This problem has emerged following the installation of the April 2024 security update, impacting a broad range of Windows operating systems across both client and server platforms.

The root cause appears to be related to the updates, which inadvertently introduced a bug that disrupts the ability to successfully establish or maintain VPN connections.

- Advertisement - SIEM as a Service
Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Microsoft has marked this issue as critical due to its widespread impact on enterprises and individual users who rely on VPNs for secure remote access.

Affected Windows Versions

The issue has been identified in several versions of the Windows operating system, including:

  • Windows 11, versions 23H2, 22H2, and 21H2
  • Windows 10, version 22H2
  • Windows Server 2022

Windows Servers, Including:

  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008

Users of these versions may experience failures or disruptions in their VPN connections, a critical tool for secure and remote access to networks.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Microsoft’s Response and Workarounds

Microsoft is actively working on a resolution to address the VPN connectivity issues. In the interim, IT administrators are directed to a specific workaround documented in the Windows release health section within the Microsoft 365 admin centre.

This temporary solution aims to mitigate the impact on affected clients and servers while a permanent fix is in development.

Since no workaround is available until the next update, you can downgrade the update. If you want to remove the LCU, follow the steps below.

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

Additionally, Microsoft encourages those needing immediate assistance to reach out through business support, ensuring that affected organizations can maintain their operations with minimal disruption.

As the tech giant scrambles to resolve this unexpected complication, the tech community and businesses reliant on VPN connections for their daily operations are keenly awaiting a permanent fix.

Microsoft has committed to providing updates as they work towards a resolution, ensuring transparency and support for their user base during this challenging time.

“We are working on a resolution and will provide an update in an upcoming release,” Microsoft said.

This incident highlights the intricate balance between enhancing security through updates and maintaining the stability of essential services like VPN connections.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to...

Security Risk Advisors Announces Launch of VECTR Enterprise Edition

Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition, a premium version...

4 Leading Methods of Increasing Business Efficiency 

The more efficient your core business operations, the more motivated and productive your employees...