Feeds

Uh oh! Here comes the first bug in the Windows 8.1 Update

Fortunately, it only affects Windows Server Update Services customers

Intelligent flash storage arrays

Microsoft has suspended distribution of April's Windows 8.1 Update to some enterprise customers after a bug was discovered that could bork affected machines' ability to receive future updates.

The issue affects businesses that distribute software updates via Windows Server Update Services (WSUS) 3.0 Service Pack 2, which shipped with Windows Server 2008 R2 but can also be used with earlier versions of Windows Server.

After installing the Windows 8.1 Update, affected PCs will try to contact their WSUS servers using the TLS 1.2 secure communications protocol. But because TLS 1.2 support is not enabled on WSUS 3.0 SP2 by default – that version defaults to the older SSL protocol – in many cases these attempts will fail, and the PCs will no longer be able to receive future software updates.

This unfortunate side effect is delivered in Windows update KB2919355, the 707MB code chunk that makes up the majority of the Windows 8.1 Update set of patches.

Systems admins have a couple of workarounds available to resolve the problem, at least temporarily. First, if they're running WSUS 3.0 SP2 on Windows Server 2008 R2, they can enable TLS 1.2 support via some Registry tweaks. A Microsoft Knowledge Base article explains how.

Earlier versions of Windows Server, however, lack support for TLS 1.2. In these cases, the only way to re-enable software updates is to disable HTTPS in WSUS 3.0 SP2 and ship updates to PCs unencrypted.

Redmond says – with some small irony – that it's working on a software update that will restore proper behavior for all supported versions of WSUS, though it hasn't said when to expect that update to arrive.

Until then, Microsoft will no longer be distributing update KB2919355 to WSUS servers, and the only way for customers in WSUS environments to get the Windows 8.1 Update will be to download it from the Windows Update Catalog or from MSDN. ®

Beginner's guide to SSL certificates

More from The Register

next story
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.