The latest Windows 11 update may break your VPN connection

The only solution is to uninstall the patch

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoft’s monthly update toWindows 10andWindows 11, which came as part of the most recent Patch Tuesday, appears to be preventing the software’s built-inVPNtool from establishing a connection, effectively rendering it useless.

Microsoft is yet to confirm the problem, which has already shared multiple times on Reddit. Besides the Windows VPN, it seems the problem also affects a couple ofthird-party VPNs, with SonicWall, Cisco Meraki, and WatchGuard Firewalls all seeing issues.

A security researcher toldBleepingComputerthat the bug affects the Ubiquity Client-to-Site VPN connections for those using the Windows VPN client, as well.

Choosing a lesser evil

The two problematic updates are KB5009543 for Windows 10, and KB5009566 forWindows 11. At the moment, the only way to fix the problem is to remove the patches which, as the publication explains, can be done through the command prompt, with the following commands:

Windows 10: wusa /uninstall /kb:5009543

Windows 11: wusa /uninstall /kb:5009566

The problem with this approach is that Microsoft bundles all of its fixes, so removing this patch will not only allow Windows admins to re-establish their L2TP VPN connections, but will also expose them to multiple known security vulnerabilities.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

And withremote workingstill being necessary for the majority of companies, they’ll have a tough time choosing a lesser evil betweenprivacyand vulnerability exposure.

One of the flaws addressed through Patch Tuesday was a wormable Windows 11 flaw, found in the HTTP Protocol Stack. There’s yet no malware abusing this flaw out there, but Microsoft said it allows the attacker to execute arbitrary code, remotely, without much user interaction, making it extremely dangerous.

To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice.

The vulnerability is tracked as CVE-2022-21907. Besides this one, a total of six zero-days, and almost 100 different flaws, were addressed in the patch.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set