1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • The latest Windows Server update is breaking a bunch of VPN setup

    From TechnologyDaily@1337:1/100 to All on Tue Jun 21 17:00:04 2022
    The latest Windows Server update is breaking a bunch of VPN setups

    Date:
    Tue, 21 Jun 2022 15:38:33 +0000

    Description:
    There's a way to fix the problem, but it will reintroduce a couple of old vulnerabilities.

    FULL STORY ======================================================================

    Microsofts latest updates for Windows Server seem to have broken more things than theyve fixed, and the only way to resolve the newly introduced issues is to uninstall the patches completely.

    Earlier this month, the Redmond software giant released four updates for different Windows Server versions: KB5014746, KB5014692, KB5014699, and KB5014678.

    Admins that installed these updates, soon started reporting a wide range of issues, BleepingComputer found, including issues with VPN and RDP
    connectivity on endpoints with Routing and Remote Access Service (RRAS) enabled. One of the issues was quite severe, the publication further wrote,
    as it resulted in servers freezing for a couple of minutes, after a client connects to the RRAS server with SSTP.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Fixing the issue

    "What I saw after the June updates were installed was that no TCP connections established from either the client-side or the server-side would ever get up and running. I couldn't do a basic RDP session into the server either (even where a VPN isn't needed because I'm connecting from a management PC within the same trusted subnet)," one admin told BleepingComputer.

    He also said remote VPN/RRAS clients could not connect to the server, and
    that SSTP, as well as RDP, failed entirely. "We ended up using the GCP
    console interface to get into those servers, to get the RRAS (Routing and Remote Access service) setup not to start so that after a reboot we could remote in and revert the patches," the admin concluded. Read more

    Windows Update hijacked to infect PCs with malware


    Windows 11 update breaks Wi-Fi hotspot feature for some PCs


    How to uninstall a Windows 10 update

    Numerous other admins confirmed that the only way to get rid of the problem
    is to roll the update back.

    Microsoft has not yet acknowledged the issue, so its hard to determine what causes these problems. BleepingComputer speculates Microsoft recently fixed a Windows Network Address Translation (NAT) Denial of Service Vulnerability, tracked as CVE-2022-30152, which could have bricked RRAS connectivity.

    Until Microsoft fixes the issue, the only thing admins can do is uninstall
    the cumulative patches which is hardly a solution given that other fixes that were bundled in these KBs will be reintroduced, as well.

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/the-latest-windows-server-update-is-breaking-a- bunch-of-vpn-setups/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)