Microsoft releases patch for patch that broke VPNs, Hyper-V VMs and more

Microsoft has released several out-of-band updates to address Windows 11, Windows 10, and Windows Server features broken by the January 2022 Patch Tuesday update.

Microsoft released the separate patches on Tuesday through the Microsoft Update Catalog for direct download and through Windows Update as an optional update.

The January 11 Windows Update was intended to fix 96 security flaws, but also brought a lot of pain to users and administrators.

SEE: Windows 11: Here’s how to get Microsoft’s free operating system update

In the out-of-band patch release notes, Microsoft admits that the January 2022 security updates interrupted some VPN connections, caused some Windows Server domain controllers to restart unexpectedly, and prevented virtual machines from starting in Hyper -V from Microsoft. In addition to this, users have discovered that a Windows Resilient File System (ReFS) issue is blocking access to volumes stored on removable media, including external USB drives.

The issues affected Windows 10 21H2 Update (KB5009566), Windows 11 Update (KB5009566), and Windows Server 2022 Update (KB5009555), as well as security updates for older versions of Windows and Windows Server.

Microsoft has released fixes in out-of-band updates KB5010795 for Windows 11, KB5010796 for Windows Server 2022, KB5010793 for Windows 10 21H2, 21H1 20H2, and 20H1, as detailed in its Windows Release Health Dashboard.

Updates are also available for all versions up to Windows 7 Service Pack 1 and Windows Server 2008 Service Pack 2. These are cumulative updates, which means that previous updates have not need to be installed before installing them.

The VPN issue affected Windows 11 through Windows 10 Enterprise 2015 LTSB and stemmed from IP Security (IPSEC) connections that contain a failed Vendor ID. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP Security Internet Key Exchange (IPSEC IKE) could also be affected, according to Microsoft.

The issue causing Windows Server domain controllers (DCs) to restart affected Windows Server 2022 through Windows Server 2012. Windows Server 2016 and later were more likely to be affected when DCs used hidden principals in the server environment enhanced security administration (ESAE) or environments with Privileged Identity Management (PIM), according to Microsoft.

Hyper-V virtual machines failed to boot on devices with Unified Extensible Firmware Interface (UEFI) enabled on Windows 8.1, and Windows Server 2012 R2 and Windows Server 2012.

The ReFS issue caused removable volumes formatted with ReFS to fail to mount or to mount them as RAW. Its probable cause was that the ReFS file system is not supported on removable media, including external USB drives, according to Microsoft. Also, the patch seems to be more complicated than just installing the patch out of band.

Microsoft recommends uninstalling the January 11 update and taking several steps to recover data from a ReFS partition before installing the out-of-band update. The recovery steps consist of ensuring that the data contained on the affected removable media is moved to a ReFS volume on another fixed device or to an NTFS volume.

“Once the data has been recovered from the ReFS partition to the removable media, install the January 17, 2022 Windows Out of Band Update that applies to your Windows operating system,” Microsoft says.

The issues that surfaced after Microsoft’s first Patch Tuesday for 2022 aren’t likely to inspire confidence in Windows administrators who have long been skeptical of the quality of Microsoft’s updates and whether it’s performing. enough testing before they are released.

As Ask Woody’s influential IT admin blogger Susan Bradley recently argued in 2020, Microsoft’s decision to roll out patches in a big package on the second Tuesday of every month forces admins to place a lot of trust in the business. This trust is eroded if applying updates results in delayed productivity from buggy fixes.