New Home windows KB5009543, KB5009566 updates break L2TP VPN connections

Home windows 10 end users and administrators report troubles producing L2TP VPN connections right after putting in the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates.

Yesterday, Microsoft released Windows updates to correct protection vulnerabilities and bugs as aspect of the January 2022 Patch Tuesday.

These updates include KB5009566 for Home windows 11 and KB5009543 for Windows 10 2004, 20H1, and 21H1.

Updates split L2TP connections

Immediately after putting in yesterday’s updates, Home windows customers uncover their L2TP VPN connections damaged when trying to hook up employing the Home windows VPN shopper.

When making an attempt to link to a VPN product, they are shown an mistake stating, “Cannot join to VPN. The L2TP relationship attempt unsuccessful mainly because the protection layer encountered a processing mistake in the course of initial negotiations with the distant personal computer,” as shown under.

Windows error when connecting to an LT2P VPN
Home windows error when connecting to an LT2P VPN

The Event Log will also log entries with error code 789, stating that the connection to the VPN unsuccessful.

Windows event log for failed L2TP VPN connection
Home windows occasion log for failed L2TP VPN link

The bug is not affecting all VPN gadgets and appears only to be influencing customers using the built-in Windows VPN customer to make the relationship.

A protection researcher known as Ronny on Twitter advised BleepingComputer that the bug affects their Ubiquiti Shopper-to-Web-site VPN connections for people making use of the Home windows VPN consumer.

Many Home windows admins also report on Reddit that the bug also has an effect on connections to SonicWall, Cisco Meraki, and WatchGuard Firewalls, with the latter’s shopper also affected by the bug.

With lots of people continue to performing remotely, admins have been forced to take away the KB5009566 and KB5009543 updates, which right away fixes the L2TP VPN connections on reboot.

Windows consumers can take out the KB5009566 and KB5009543 updates employing the adhering to instructions from an Elevated Command Prompt.

Home windows 10: wusa /uninstall /kb:5009543
Home windows 11: wusa /uninstall /kb:5009566

Nevertheless, as Microsoft bundles all security updates in a solitary Windows cumulative update, eradicating the update will eliminate all fixes for vulnerabilities patched through the January Patch Tuesday. 

Hence, Windows admins will need to weigh the hazards of unpatched vulnerabilities versus the disruption induced by the incapability to hook up to VPN connections.

It is not distinct what brought about the bug, but Microsoft’s January Patch Tuesday fastened quite a few vulnerabilities in the Home windows World wide web Important Trade (IKE) protocol (CVE-2022-21843CVE-2022-21890CVE-2022-21883CVE-2022-21889CVE-2022-21848, and CVE-2022-21849) and in the Home windows Distant Entry Connection Manager (CVE-2022-21914 and CVE-2022-21885) that could be causing the complications.

Microsoft confirms bug, presents mitigation

Microsoft verified on Thursday that “Certain IPSEC connections could are unsuccessful” and that they will resolve the challenge in an approaching release of Windows.

“Right after installing KB5009543, IP Stability (IPSEC) connections which contain a Seller ID could possibly fail. VPN connections applying Layer 2 Tunneling Protocol (L2TP) or IP stability Online Crucial Exchange (IPSEC IKE) could possibly also be afflicted.”

Microsoft states that it may perhaps be possible to mitigate the bug by disabling the ‘Vendor ID,’ if achievable, on the VPN server.

“To mitigate the issue for some VPNs, you can disable Seller ID inside the server-facet settings. Note: Not all VPN servers have the solution to disable Vendor ID from remaining employed,” Microsoft describes in a new known update difficulty.

Update 1/13/22: Added update with more details from Microsoft.

Related posts