Tuesday, 18 January 2022

Microsoft pushes out emergency fix for Windows Server mess

Microsoft is addressing the problems caused by the January 2021 Patch Tuesday updates - with more updates. 

The company has issued an emergency out-of-band (OOB) update to address bugs that forced domain controllers to reboot endlessly, broke Hyper-V, and rendered ReFS volumes inaccessible while showing them as RAW file systems.

"This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount,” Microsoft explained in the update catalog. 

Patches breaking things

All of the patches, issued for different versions of the Windows OS, can be found in the Microsoft Update Catalog. Some can also be obtained through Windows Update, but being labeled as optional, Windows admins need to manually check for updates if they want to take this route.

The updates listed below, however, can only be obtained through the Update Catalog: 

Issuing patches for Windows has been nothing short of a roller coaster recently. Earlier in January 201, a patch issued for Windows 10 and Windows 11 broke the software’s built-in VPN tool, preventing it from establishing a connection. 

The only way to rid the system of the bug is to uninstall the patch altogether, which also meant exposing the systems to known vulnerability issues. One such issue was recently found (and fixed in that same patch) in the HTTP Protocol Stack. The flaw allows a malicious actor to execute arbitrary code, remotely, without much user interaction. 

There’s yet no malware abusing this flaw out there, but being extremely dangerous, it’s only a matter of time before one is discovered. To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice. 

Windows admins will need to carefully weigh the benefits and the downsides of installing, as well as uninstalling, these patches, until Microsoft sorts all of the problems that have piled up in recent times. 

Via: BleepingComputer

https://ift.tt/3Kppd2u

No comments:

Post a Comment