Microsoft’s monthly update to Windows 10 and Windows 11, which came as part of the most recent Patch Tuesday, appears to be preventing the software’s built-in VPN tool from establishing a connection, effectively rendering it useless.
Microsoft is yet to confirm the problem, which has already been shared multiple times on Reddit. Besides the Windows VPN, it seems the problem also affects a couple of third-party VPNs, with SonicWall, Cisco Meraki, and WatchGuard Firewalls all seeing issues.
A security researcher told BleepingComputer that the bug affects the Ubiquity Client-to-Site VPN connections for those using the Windows VPN client, as well.
The only solution is to uninstall the patch
Choosing a lesser evil
The two problematic updates are KB5009543 for Windows 10, and KB5009566 for Windows 11. At the moment, the only way to fix the problem is to remove the patches which, as the publication explains, can be done through the command prompt, with the following commands:
Windows 10: wusa /uninstall /kb:5009543
Windows 11: wusa /uninstall /kb:5009566
The problem with this approach is that Microsoft bundles all of its fixes, so removing this patch will not only allow Windows admins to re-establish their L2TP VPN connections, but will also expose them to multiple known security vulnerabilities.
And with remote working still being necessary for the majority of companies, they’ll have a tough time choosing a lesser evil between privacy and vulnerability exposure.
One of the flaws addressed through Patch Tuesday was a wormable Windows 11 flaw, found in the HTTP Protocol Stack. There’s yet no malware abusing this flaw out there, but Microsoft said it allows the attacker to execute arbitrary code, remotely, without much user interaction, making it extremely dangerous.
To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice.
The vulnerability is tracked as CVE-2022-21907. Besides this one, a total of six zero-days, and almost 100 different flaws, were addressed in the patch.