New Windows KB5009543, KB5009566 updates break L2TP VPN connections

Windows 10 people and administrators report issues building L2TP VPN connections following setting up the current Home windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates.

Yesterday, Microsoft released Home windows updates to deal with security vulnerabilities and bugs as part of the January 2022 Patch Tuesday.

These updates include KB5009566 for Home windows 11 and KB5009543 for Home windows 10 2004, 20H1, and 21H1.

Updates split L2TP connections

Following setting up yesterday’s updates, Windows people obtain their L2TP VPN connections broken when trying to hook up using the Windows VPN client.

When making an attempt to hook up to a VPN machine, they are proven an mistake stating, “Can’t join to VPN. The L2TP relationship endeavor failed for the reason that the safety layer encountered a processing error in the course of first negotiations with the remote laptop,” as demonstrated under.

The Party Log will also log entries with error code 789, stating that the connection to the VPN failed.

The bug is not affecting all VPN equipment and would seem only to be affecting consumers applying the constructed-in Windows VPN client to make the connection.

A security researcher recognized as Ronny on Twitter instructed BleepingComputer that the bug impacts their Ubiquiti Customer-to-Web site VPN connections for individuals applying the Home windows VPN customer.

Numerous Windows admins also report on Reddit that the bug also affects connections to SonicWall, Cisco Meraki, and WatchGuard Firewalls, with the latter’s consumer also afflicted by the bug.

With lots of users nevertheless doing work remotely, admins have been compelled to get rid of the KB5009566 and KB5009543 updates, which straight away fixes the L2TP VPN connections on reboot.

Windows users can eliminate the KB5009566 and KB5009543 updates employing the adhering to instructions from an Elevated Command Prompt.

Windows 10: wusa /uninstall /kb:5009543
Home windows 11: wusa /uninstall /kb:5009566

Nonetheless, as Microsoft bundles all protection updates in a one Windows cumulative update, taking away the update will remove all fixes for vulnerabilities patched for the duration of the January Patch Tuesday. 

Thus, Windows admins need to weigh the dangers of unpatched vulnerabilities versus the disruption prompted by the incapability to join to VPN connections.

It is not crystal clear what induced the bug, but Microsoft’s January Patch Tuesday fastened many vulnerabilities in the Home windows World-wide-web Essential Exchange (IKE) protocol (CVE-2022-21843, CVE-2022-21890, CVE-2022-21883, CVE-2022-21889, CVE-2022-21848, and CVE-2022-21849) and in the Windows Distant Entry Link Supervisor (CVE-2022-21914 and CVE-2022-21885) that could be producing the complications.

Microsoft confirms bug, delivers mitigation

Microsoft verified on Thursday that “Sure IPSEC connections may well are unsuccessful” and that they will take care of the difficulty in an future launch of Windows.

“Immediately after installing KB5009543, IP Stability (IPSEC) connections which contain a Vendor ID may possibly fail. VPN connections applying Layer 2 Tunneling Protocol (L2TP) or IP safety Online Important Exchange (IPSEC IKE) may well also be influenced.”

Microsoft states that it may perhaps be attainable to mitigate the bug by disabling the ‘Vendor ID,’ if attainable, on the VPN server.

“To mitigate the situation for some VPNs, you can disable Seller ID in the server-side options. Be aware: Not all VPN servers have the selection to disable Seller ID from being employed,” Microsoft describes in a new acknowledged update challenge.

Update 1/13/22: Included update with extra details from Microsoft.