fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Recent Windows Server Updates Break VPN, RDP, RRAS Connections

Recent Windows Server Updates Break VPN, RDP, RRAS Connections

This month’s Windows Server updates are causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled.

RRAS is a Windows service that offers additional TCP connectivity and routing features, including remote access or site-to-site connectivity with the help of virtual private network (VPN) or dial-up connections.

Last week, Microsoft released the Windows Server 2019 2012 R2 KB5014746, the Windows Server 2019 KB5014692, the Windows Server 20H2 KB5014699, and the Windows Server 2022 KB5014678 updates as part of the June 2022 Patch Tuesday.

Also Read: A beginner’s guide to the Singapore PDPA

However, after deploying these recent updates, Windows admins have reported experiencing multiple issues that could only be resolved after completely uninstalling the updates.

One of the more severe problems is the servers freezing for several minutes after a client connects to the RRAS server with SSTP.

Windows Remote Desktop and VPN connectivity issues

The vast majority of reports related to these problems coming in since Patch Tuesday have a common theme: losing Remote Desktop and VPN connectivity to servers with Routing and Remote Access Service (RRAS) enabled where the June Windows Server Updates have been installed.

“What I saw after the June updates were installed was that no TCP connections established from either the client-side or the server-side would ever get up and running. I couldn’t do a basic RDP session into the server either (even where a VPN isn’t needed because I’m connecting from a management PC within the same trusted subnet),” one admin told BleepingComputer.

“Furthermore, no remote VPN/RRAS clients could connect to the server (which was the reason why the server was configured for NAT routing in the first place).”

“SSTP failed entirely [..] as well as RDP. RDP also failed to our IKE RRAS servers even though IKE connections continued to work (still not quite sure how),” another one said.

“We ended up using the GCP console interface to get into those servers, to get the RRAS (Routing and Remote Access service) setup not to start so that after a reboot we could remote in and revert the patches.”

Multiple other admins [123456] have also reported on Reddit and in comments to BleepingComputer stories that they’re having issues with LLTP/SSTP VPN clients and RDP failing to connect after deploying the June Windows Server updates.

Also Read: Transfer Limitation Obligation: What every organization should know

“Problem goes away after rolling back. Problem occurred a second time after this patch was reinstalled. Rolling back fixed the issue, again. We experienced this problem from two different RRAS servers from two different locations -single domain,” one of them explained.

While it is not clear what is causing these issues, Microsoft fixed a ‘Windows Network Address Translation (NAT) Denial of Service Vulnerability’ tracked as CVE-2022-30152 that may have introduced bugs into RRAS connectivity.

How to fix

Unfortunately, since Microsoft is yet to acknowledge these connectivity problems and provide a fix, the only way to address these issues on affected servers is to uninstall the corresponding cumulative update for your Windows Server version.

Admins can do this by using one of the following commands:

Windows Server 2012 R2: wusa /uninstall /kb:KB5014746
Windows Server 2019: wusa /uninstall /kb:KB5014692
Windows Server 20H2: wusa /uninstall /kb:KB5014699
Windows Server 2022: wusa /uninstall /kb:KB5014678

However, given that Microsoft bundles all security fixes within a single update, removing this month’s cumulative update may fix the bugs but will also remove all security patches for vulnerabilities addressed during the June Patch Tuesday.

Therefore, before uninstalling these updates, you should ensure that it is absolutely necessary and that reviving RDP or VPN connectivity on your servers is worth the increased security risks.

As we previously reported, Microsoft is also working on addressing another known issue affecting both client and server platforms, causing connectivity issues when using Wi-Fi hotspots after installing the June Windows updates.

Furthermore, this month’s Windows updates may also cause backup issues on Windows Server systems, with some apps failing to backup data using Volume Shadow Copy Service (VSS).

Microsoft didn’t reply to a request for comment when BleepingComputer reached out earlier today.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us