Microsoft was forced to pull the patches for multiple versions of Windows Server, after they ended up breaking broke multiple key features.
The January Windows Server cumulative updates that addressed numerous critical bugs, security vulnerabilities and different flaws, have had to be recalled as they introduced bugs that forced domain controllers to reboot endlessly, broke Hyper-V, rendered ReFS volumes inaccessible while showing them as RAW file systems.
The updates in question are KB5009624 (Windows Server 2012 R2), KB5009557 (Windows Server 2019), and KB5009555 (Windows Server 2022). The updates are still available from the Microsoft Catalog, although installing at this point is not recommended.
Microsoft has had plenty of trouble with patches this month. Earlier this week, it was reported that the company’s monthly Patch Tuesday update for Windows 10 and Windows 11 broke the software’s built-in VPN tool, preventing it from establishing a connection.
The problem has been widely shared on Reddit, among Windows administrators, which claim the issue affects a couple of third-party VPNs, with SonicWall, Cisco Meraki, and WatchGuard Firewalls all seeing issues.
The two problematic updates are KB5009543 for Windows 10, and KB5009566 for Windows 11. At the moment, the only way to fix the problem is to remove the patches through the command prompt, with the following commands:
Windows 10: wusa /uninstall /kb:5009543
Windows 11: wusa /uninstall /kb:5009566
The bug with the patch created a major dilemma for Windows admins, as it fixed a major, wormable flaw, on Windows 11. Found in the HTTP Protocol Stack, the flaw allows a malicious actor to execute arbitrary code, remotely, without much user interaction.
There’s yet no malware abusing this flaw out there, but being extremely dangerous, it’s only a matter of time before one is discovered. To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice.