Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Windows IT Technology

Microsoft Says April Windows Updates Break VPN Connections (bleepingcomputer.com) 101

Microsoft has confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms. From a report: The company explains on the Windows health dashboard that "Windows devices might face VPN connection failures after installing the April 2024 security update or the April 2024 non-security preview update."

"We are investigating user reports, and we will provide more information in the coming days," Redmond added. The list of affected Windows versions includes Windows 11, Windows 10, and Windows Server 2008 and later.

This discussion has been archived. No new comments can be posted.

Microsoft Says April Windows Updates Break VPN Connections

Comments Filter:
  • I guess no one here uses Windows
    • Re:No Posts (Score:5, Funny)

      by sjames ( 1099 ) on Wednesday May 01, 2024 @03:53PM (#64440036) Homepage Journal

      I haven't had any problems with windows since I applied those stickers that keep the birds from slamming into them.

    • I turned off automatic updates long ago when MS tried to "update" my PC with needless feature updates that added ground breaking things like Cortana—I mean CoPilot—ads, the revolutionary Edge browser, and moving all my settings to sub, sub, sub menus.
      • Re: (Score:2, Insightful)

        Comment removed based on user account deletion
        • Re:No Posts (Score:5, Informative)

          by Opportunist ( 166417 ) on Wednesday May 01, 2024 @05:28PM (#64440330)

          My key problem with this is that I know WHERE my program is in the program menu, but I don't know what it's called. Care to tell me how to search for a program you don't know the exact name of?

          And frankly, with more and more programs coming up with more and more esoteric names...

          • Comment removed based on user account deletion
            • Re:No Posts (Score:4, Interesting)

              by Miles_O'Toole ( 5152533 ) on Wednesday May 01, 2024 @06:16PM (#64440454)

              "You're not the first person I've heard with this complaint on /., which I find richly ironic, given the large number of people here who are comfortable with both Linux and its various shells."

              It never crossed your mind that when a number of technologically literate people point to the same thing and say it's a problem, it may in fact be a problem? So instead of proceeding on that basis, you ridicule them and dismiss their complaint with a sneer. Why can't I help but be reminded of the proliferation in workplaces across the world of middle management jackoff artists who are responsible for billions of dollars in lost productivity every year because they would rather pretend a problem doesn't exist than actually solve it? I have little doubt that when you hear people say, "Look at the two a-holes on that elephant", instead of noticing the two guys in clown suits riding the elephant, you go and look under its tail.

              • by ufgrat ( 6245202 )

                When I was a kid, I knew everyone's phone number. Now that cell phones remember everything for us, we've forgotten how to remember.

                • There's some truth in that. But think about whether you'd have trouble if your friends and relatives changed their phone number every three or four years.

            • by MeNeXT ( 200840 )

              Outlook email setup where the username is not the email address.

              Trust me you can't do it with outlook nor in settings.

            • Not disagreeing with you on the Search thing but not knowing names and programs is quite normal. Even outside the IT context. Do you know the exact shade, shape, and color of all the buttons in every car you drive? No, you know the general location, the general look and feel, and general usage.

              Same with important programs. The program name, load time, its location, etc aren't the important part. It's using it to do the task at hand. Everything else is just wait time that your brain doesn't allocate much re

              • Comment removed based on user account deletion
                • I been involved in 5-6 digit count of PCs going from XP=>W7=>W10=>W11. There were plenty of changes between these UIs. The only thing IT guys complained about was users asking UI questions. UX guys also complained that they needlessly needed to update so many screenshots for the user guides.

                  And even search. W7 search was poor to say the least. W10 was a change. And W11 is yet another change with its capacity to look at Online resources. Now more and delayed results slow down and again waste peo

                • I'll make it a bit more simple for you. In order to "search" for an app I have to take my hand off of the mouse so that I can type. Then I have to move it back in the process of which you have to find and adjust the mouse pointer. Versus wiggle and click with just the mouse using one hand.

                  During the day, trying to be productive, I usually use search. At night, well...one hand one mouse, the other on a beer. YMMV :)

              • by ufgrat ( 6245202 )

                Not disagreeing with you on the Search thing but not knowing names and programs is quite normal. Even outside the IT context. Do you know the exact shade, shape, and color of all the buttons in every car you drive?

                In general yes. More importantly, I know what each button does, and what to call it.

                The fact that you don't know the name of software you depend on daily is frankly shocking. It tells me you're just not paying attention.

            • It's not critical to my daily workflow. That's the problem. Case in point, the snapshot program. I need it whenever I find something worth reporting and need to do a screenshot. What's its name? I know it's in the "graphics" program submenu, and I remember the color of its icon, but what was its name? Somethingshot. But what was that something, because search for "shot" sure won't produce what I'm looking for. What colorful name did their marketing department come up that really made a lot of sense in the m

            • I can't speak for the parent, but knowing the name of the program isn't the problem for me. It is knowing the name of the setting or option. I may remember where to find it in the control panel, but if I have to find it by searching I may not know the exact name. It might be something I set once when I set up Windows, and now I only remember 'that setting that does X'. It was in the display settings, but they moved my cheese and I can't find it. That said, in general I agree with you and love the 'type what
        • Searching works great on my Linux machines, but I find that the windows search is garbage. You can install a program, see it in the start menu, and then search for it and not find it.

          • Can't speak for Linux but Windows Search is garbage for settings. For example, for a long time, Windows would "forget" that I have 5.1 speakers after a few sleep cycles and default to stereo. Where is that set? In Sound in Playback tab in the legacy Control Panel. Using Windows Search it does not provide a clear answer. Even if someone types "Sound" hoping to get the Control Panel setting, the closest option presented is "Change System Sounds" which at least brings a user to the correct Control Panel but th
        • Re:No Posts (Score:5, Informative)

          by Kernel Kurtz ( 182424 ) on Wednesday May 01, 2024 @06:11PM (#64440440)
          Keyword searches and logical menu hierarchies are not mutually exclusive. You don't have to make menu navigation worse so you can search.
          • Keyword searches and logical menu hierarchies are not mutually exclusive. You don't have to make menu navigation worse so you can search.

            That entirely depends on if the manager of the programmer can walk and chew bubble gum at the same time. Hyper focus leads to great specific results but absolutely terrible general results.

        • You know the idea behind every version of Windows since 7, every version of MacOS since Spotlight was introduced (circa 2005) and every halfway decent Linux distribution is that you SEARCH for things rather than navigate menus, right? Click the start menu and start typing what you want. The vast majority of the time Windows will get you there before you've finished typing the entire word.

          1) You do know that search does not have results for every setting, right? 2) You do know that it makes things MORE difficult by having people SEARCH by typing for a setting right?

          Out of all the complaints -- many legitimate -- about changes to Windows over the years, this is by far the lamest. It's like beaming up to the Starship Enterprise and bitching that SOP is to tell the computer to navigate to Earth at Warp 6 rather than entering the precise coordinates into a keypad, f

          WTF are you talking about? In no way is the newest version of Windows the equivalent of the Starship Enterprise. That's a huge flaw in your logic. These changes do not make Windows more advanced. That is a rather idiotic take.

          followed by the precise fuel intermix ratio to achieve the desired speed, blah, blah, blah, all because you're unwilling to take the few days required to retrain your muscle memory to do things differently.

          Again you assume that search actually finds the new setting.

        • by Anonymous Coward
          Why would I want to type the name of something when I'm already using the mouse to point where it used to be?
          Just put it back where it was so I can click on it again.
        • Search isn't "discoverable". You have to know what you want and what it's called.

        • by noodler ( 724788 )

          The vast majority of the time Windows will get you there before you've finished typing the entire word.

          ... not before presenting you with 20 unrelated web results.
          I mean, it worked ok in windows 7, but then they decided you were too dumb to know if you want to search local files. Since then it has been a broken feature that never gets me faster to anything.

          It's like beaming up to the Starship Enterprise

          Now you expose yourself as a tool.,., Windows is not in any way comparable to the enterprise. The federation wouldn't have made it to mars if their ships were anything like windows..,
          "Captain, there are Klingons on the starship bow!"
          "Scotty, engage thruste

        • by swm ( 171547 )

          you SEARCH for things rather than navigate menus

          The problem with this is that the primary way that humans find things is by going to the place where we remember them being. There is ~60M years of evolution behind our spatial memory. We're REALLY good at it.

          Text-based searches, not so much...

        • I disabled the cloud search through the registry. That also disabled the local search in the search bar at the same time, unfortunately. Now I have to do a Google search if I don't remember where the settings are buried. It's really schizophrenic when half are in the control panel view, and the other half in the Metro settings app.
          Search still works inside each of those, but I often just don't know which one to search in the first place. Sigh.

        • by sjames ( 1099 )

          The only intermix ratio is 1:1.

        • Because how someone else does it isn't the way I do it, fuck their way straight to hell and laugh at them when it's taken away from them.

          You must be real fun at parties....
  • by jmccue ( 834797 ) on Wednesday May 01, 2024 @03:52PM (#64440030) Homepage

    For over 15 years, my workstation at work has been RHEL, we can choose Windows, RHEL, Ubuntu and MAC OS.

    With RHEL I have went through minor and major upgrades and never had an issue with anything, nevermind VPN settings. How does an OS Patch breaks this ?

    This will make the Work from Home crowd very happy due to the inability to VPN into work systems :) Once again Microsoft proves how incompetent it is.

    • M$ cannot decide where it wants TUN/TAP driver features and keeps shuffling them. This isn't even the first VPN-breakage they've shipped.
    • For over 15 years, my workstation at work has been RHEL, we can choose Windows, RHEL, Ubuntu and MAC OS.

      With RHEL I have went through minor and major upgrades and never had an issue with anything,

      LIAR. LOL.

    • by msk ( 6205 )

      You did an in-place "upgrade" from RHEL 6 to RHEL 7?

      • by jmccue ( 834797 )
        I do not really remember, I did what the Company offered. But I am pretty sure I booted off a USB image provided by my company.
    • With RHEL I have went through minor and major upgrades and never had an issue with anything, nevermind VPN settings. How does an OS Patch breaks this ?

      Telemetry that won't be fooled by a VPN... which of course, broke the VPN.

    • Yes, I'm sure the WFH crowd will be very happy to be forced to go to the office. Lol.

      I wish I had as much luck with Linux upgrades. Every Ubuntu upgrade I have done since 16.04 has been a disaster. Each ended in a full reinstall. I cannot say the same with Windows. It usually takes a year or two for the OS to slow down to a crawl and require reinstallation.
      I'm currently using Ubuntu 22.04 on my NAS. Not in a huge rush to upgrade to 22.04. I would be more comfortable if there was a reliable way to image and

      • Every Ubuntu upgrade I have done since 16.04 has been a disaster. Each ended in a full reinstall.

        The only time that has happened to me is when the /usr or /var partitions ran out of disk space during the upgrade. Even then, it could be potentially fixed without a reinstall.

        I will say that Ubuntu and many other distros have bad default partition layouts. They tend to either pull a Windows with everything (user data / OS files) on one partition or, they split the OS partition from /home. The latter may have worked way back when, but the modern Linux installation tends to put a bunch of user data in /u

        • by madbrain ( 11432 )

          I have seen numerous upgrade issues that were unrelated to partitioning or the file system type. Things as simple as my Samba configuration couldn't be automatically migrated, and required manual intervention. I recall that happened for nearly every Ubuntu upgrade. I don't recall all the other problems. I do recall that it was easier starting over than trying to fix them all one at a time. Many OSS developers do not particularly care about preserving compatibility, unfortunately, and that can leave a mess t

  • by PubJeezy ( 10299395 ) on Wednesday May 01, 2024 @03:55PM (#64440054)
    It's not your computer, it's theirs. You're just managing it for 'em.

    You're not allowed to break stuff that people have already paid for. This wasn't a breach, there wasn't a team of Russian boogie-men...this was Microsoft deciding that their users didn't deserve a particular functionality. YUCK.

    Microsoft isn't a tech company, they're a cartel and deserving of the largest RICO prosecution in the history of our country. I said it before but I'll say it again...YUCK.
    • My guess is that whatever's causing this isn't doing it directly. If so, nobody in what MS pretends is its quality assurance department saw any reason to test VPNs to see if there are any side effects. Just another example of MS's carelessness. I'm glad, though, that I haven't allowed any form of Windows on any of my computers for almost twenty years.
      • by nightflameauto ( 6607976 ) on Wednesday May 01, 2024 @04:40PM (#64440204)

        My guess is that whatever's causing this isn't doing it directly. If so, nobody in what MS pretends is its quality assurance department saw any reason to test VPNs to see if there are any side effects. Just another example of MS's carelessness. I'm glad, though, that I haven't allowed any form of Windows on any of my computers for almost twenty years.

        MS's QA for windows seems like it amounts to: It boots on the test system. Let the customers find the bugs.

        I can't imagine, with all the issues on nearly every single patch, that it's anything more than that. I mean, I get there's a huge number of these systems in the wild, and you can't test every single thing, but some of these issues aren't hardware specific at all, and you can't convince me they couldn't set up a VPN connection in QA after the first couple times they pulled this stunt.

        It's probably just that Microsoft has the business world by the balls, and nobody seems interested in turning that tide no matter how egregiously they behave.

        • by Bert64 ( 520050 )

          Does it say what kind of VPNs are affected? MS has some built in VPN functionality, but then third party clients can do all kinds of random things including loading their own kernel drivers and trying to transparently hijack traffic rather than creating a logical routed interface etc.
          VPN clients that operate this way can be quite fragile so it's not surprising to see them break after updates, the same thing can happen on other platforms too.

          • The difference is that Microsoft requires all of those special kernel drivers to go through Microsoft's own approval process (API checks must pass before being granted the mandatory driver signatures) before they can even be installed on client machines. I.e. Microsoft has direct knowledge of what APIs third party VPN providers are using on Microsoft's platform as well as having possession of the drivers themselves to check changes against.

            It's trivial for Microsoft to implement checking for these kinds
            • The difference is that Microsoft requires all of those special kernel drivers to go through Microsoft's own approval process (API checks must pass before being granted the mandatory driver signatures) before they can even be installed on client machines. I.e. Microsoft has direct knowledge of what APIs third party VPN providers are using on Microsoft's platform as well as having possession of the drivers themselves to check changes against. It's trivial for Microsoft to implement checking for these kinds of bugs, yet they don't. Despite Microsoft certified compatibility being one of the benefits they touted as absolutely necessary for future Windows releases when they unveiled that their signed driver requirement was becoming mandatory.....

              It's a control mechanism really. It gives them absolute authority over what will run on their systems without flat-out Appling themselves into making public statements that amount to, "It's our system. Do what we tell you." They can break anything they want, and the consequences, they hope, will float to whatever software vendor has the broken userland.

    • Its worded like they have no clue why its going on though.

      Imagine paying for support and they mess with a subsystem without them knowing what they messed with.

      Windows 11's been a bit of a mess though in all aspects. Halfway through its life they just made some older usb drivers just not work anymore, ie an update was not just an update but a throughout change in something yet they claim its hard to make the taskbar movable.

  • Again? (Score:5, Interesting)

    by fuzzyfuzzyfungus ( 1223518 ) on Wednesday May 01, 2024 @03:57PM (#64440060) Journal
    It was less than a year ago that KB5026372 was breaking VPN connections; and now they've broken them again?
  • by Murdoch5 ( 1563847 ) on Wednesday May 01, 2024 @03:57PM (#64440062) Homepage
    If the VPNs work before the April update, and break after, what did Microsoft change in the Network Subsystem? There's a small chance this was a true accident, but knowing how violating and abusive Microsoft policy is toward digital molestation, can you trust them?

    Microsoft has turned Windows into a joke. No professional can honestly run Windows, and at the same time claim they care about getting work done. The statement: “Windows is for people who pretend to do work, Linux is for people who have to do work.”, keeps, constantly, ringing true.
    • by Xenx ( 2211586 ) on Wednesday May 01, 2024 @04:12PM (#64440106)
      Hanlon's razor

      This affects Microsoft's business customers as well, and they're more likely to actually be inconvenienced by it. This is not the kind of thing MS would have done intentionally. Is it a sign that they did a poor job of testing? Probably. Looking at what is in the update, it does at least touch on networking.
      • A poor job of testing expresses a lot of intent, especially for a company that pre-downloaded Win10 upgrades and stealthily installed them while you weren't looking... or even while you were in the middle of doing some work. I've seen updates get installed and forcibly reboot the machine while people were in the middle of playing games.

        Where Silicon Valley is concerned, I stopped believing in Hanlon's Razor a long time ago.

        • by Xenx ( 2211586 )

          A poor job of testing expresses a lot of intent

          No, it doesn't. As for the rest of what you said, not relevant within the context of what I said. It's only really relevant to home users, which to MS are a different class.

    • I can only guess a developer submitted incomplete and early code. See that update was meant for a future release where MS works better by extorting Nord VPN, Surfshark, and other VPN companies for kickbacks--I mean optimizations
    • by gweihir ( 88907 )

      Microsoft has turned Windows into a joke.

      Indeed, they have. Why exactly are they getting away with that?

      • Simple, no one cares, and far too many people think the cost of change is unacceptably massive. Think about the time impact of moving from Windows + Tools / Applications to Debian or Fedora + Tools / Applications. How much time would that change take, including the time to get up to speed to where a normal Windows user would be. 1 hour, maybe upwards of 4 hours?

        Most tools / applications are cloud based, files are now stored in the cloud, or on external storage. Linux works with the vast majority of
        • by gweihir ( 88907 )

          Yep, makes sense.

          I'll keep going back to: “Windows is for people who pretend to do work, and Linux is for people who have to do work.”

          Fully agree to that.

    • the update breaking VPNs - don't know about others, but for at least one I had to fix- the issue was .net getting updated- older version removed... which the VPNs were relying on. The event logs had a direct link to the re-install version... took a minute to fix and no reboots needed.

      amazing to read all the clueless conspiracies and guesses... people really do need some professional therapy and medication.

      • Okay, but there was no need to trash libraries, and a company of Microsoft's size, with the testing protocol they'd have in place, that was an intentional move. This gets back to why did they want to break the Networking Subsystem, because intentionally preventing VPN's from running, is a break in the networking.
  • by nightflameauto ( 6607976 ) on Wednesday May 01, 2024 @04:09PM (#64440094)

    The biggest disappointment here is that this didn't get auto-rolled during the heights of the pandemic. That may have been enough to finally get some C suites to wonder if maybe Microsoft Windows wasn't actually the right choice for people that needed to be able to get work done.

    I can't imagine breaking something so fundamental and doing nothing more than putting out a statement that amounts to, "Yeah, thanks. We'll look into it. Meh." But hey, that's Microsoft.

  • by belg4mit ( 152620 ) on Wednesday May 01, 2024 @04:40PM (#64440206) Homepage

    I was suddenly getting Error 619 after applying this patch set today. sfc /scanow found some corruption, and I was able to connect to our VPN after a reboot.

  • Cannot work? Lose data? Get hacked? All part of the service with Microsoft.

  • I've been having weird problems with a number of websites refusing to load pages, it also seems Cloudflare CAPTCHAs are sometimes affected, they never load.
    • If you're using Chrome or Edge, it may be due to the latest update breaking many TLS connections [bleepingcomputer.com] rather than the MS patch. The latest Chrome update released with their new post-quantum secure TLS encryption mechanism enabled by default, and it simply doesn't work with many configurations of middleware and firewalls, so seeing pages refuse to load would be expected. It can be disabled (details in the article) but the vendors whose routers and servers it's not compatible with will need to be updated in the ne
      • It's worst in Firefox, no loading pages at all. In Chrome I had to keep trying over and over, eventually I'd get there.
  • Tech tip (Score:2, Redundant)

    by dicobalt ( 1536225 )
    If you want other people to do the testing you can defer Windows Updates in the Group Policy Editor. There are individual settings for Quality Updates (up to 30 days) as well as Feature Updates (up to 365 days). There are also corresponding registry entries as well.
  • I just googled windows updates breaks vpn, seems like the last couple years at leasr have similar news articles.

  • by NoWayNoShapeNoForm ( 7060585 ) on Wednesday May 01, 2024 @07:40PM (#64440600)
    One of the problems with Microsoft products is that they have too many problems to list here.
  • I think I spelled that right. I've been MS free for two years ever since a security update hosed all my printers (the old Brother workhorse, the NEW Brother printer I bought because I thought the old one was broken, and the cheapo POS color printer I bought for the occasional photo). I'm no Mac fanboy, and yes I've had the occasional glitch with my M1 Mini, but nothing like I experienced with Windows.
  • Yet another reason to be thankful I run GNU/Linux. This is doubly appalling: (a) how could they fail to detect this in pre-release tests? Perhaps they never have employees try out updates at home, or simulate typical usage? (b) automatic updates are a terrible idea. I decide when to update, and I wait if I'm concerned about a new feature or my current situation is one in which it would be especially problematic for something to break.
  • ...until NordVPN won't run!

  • by bobbutts ( 927504 ) <bobbutts@gmail.com> on Thursday May 02, 2024 @09:05AM (#64442054)
    My pixel stopped supporting IPSec after a system update. Had to switch to Wireguard. Using an OS built in VPN option seems problematic now since they are regularly removed from the OS without warning. Fortunately wireguard seems to work well on all the OS I have tried it on and solves the bandwidth limitations I've had with other protocols as a bonus.
  • Even with the latest Windows 10 updates.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...