Feeds

Uh oh! Here comes the first bug in the Windows 8.1 Update

Fortunately, it only affects Windows Server Update Services customers

Seven Steps to Software Security

Microsoft has suspended distribution of April's Windows 8.1 Update to some enterprise customers after a bug was discovered that could bork affected machines' ability to receive future updates.

The issue affects businesses that distribute software updates via Windows Server Update Services (WSUS) 3.0 Service Pack 2, which shipped with Windows Server 2008 R2 but can also be used with earlier versions of Windows Server.

After installing the Windows 8.1 Update, affected PCs will try to contact their WSUS servers using the TLS 1.2 secure communications protocol. But because TLS 1.2 support is not enabled on WSUS 3.0 SP2 by default – that version defaults to the older SSL protocol – in many cases these attempts will fail, and the PCs will no longer be able to receive future software updates.

This unfortunate side effect is delivered in Windows update KB2919355, the 707MB code chunk that makes up the majority of the Windows 8.1 Update set of patches.

Systems admins have a couple of workarounds available to resolve the problem, at least temporarily. First, if they're running WSUS 3.0 SP2 on Windows Server 2008 R2, they can enable TLS 1.2 support via some Registry tweaks. A Microsoft Knowledge Base article explains how.

Earlier versions of Windows Server, however, lack support for TLS 1.2. In these cases, the only way to re-enable software updates is to disable HTTPS in WSUS 3.0 SP2 and ship updates to PCs unencrypted.

Redmond says – with some small irony – that it's working on a software update that will restore proper behavior for all supported versions of WSUS, though it hasn't said when to expect that update to arrive.

Until then, Microsoft will no longer be distributing update KB2919355 to WSUS servers, and the only way for customers in WSUS environments to get the Windows 8.1 Update will be to download it from the Windows Update Catalog or from MSDN. ®

Mobile application security vulnerability report

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.