IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Windows Server admins agree to forgo broken patches

Many administrators have agreed to wait until February's round of patches to avoid operational disruption caused by broken fixes

Microsoft has released an emergency out-of-band (OOB) update full to address an array of issues found in last week's Windows Server patch, but IT administrators are in agreement that they will not apply them.

Last week's Patch Tuesday fixed a host of issues across Microsoft products, including a number of zero-day vulnerabilities, but Windows Server administrators have complained that some of the patches released have created even more problems.

Because of the issues introduced by the most recent cumulative patches, IT administrators discussing the issues on Reddit are mostly in agreement that forgoing the patches and waiting for the next cumulative update in February is the best course of action to minimise operational disruption and complexity.

The patches issued last week have been breaking a number of key components in business environments and the solution many administrators have turned to is to uninstall the updates entirely. 

Four main flaws

The latest out-of-band update from Microsoft issued this week aims to address the issues faced by businesses running Windows Servers but in some cases, it first requires administrators to install the broken patch from last week.

The issues businesses are currently facing include domain controllers unexpectedly restarting and entering boot loops every few minutes. The issue is thought to affect all supported Windows Server versions and the failure in the LSASS.exe process means Windows cannot run correctly.

Microsoft Hyper-V is also affected by the patches, with enterprise virtual machines (VMs) failing to start on some Windows Servers. In addition, ReFS-formatted removable media is failing to mount post-patch, which has caused issues for administrators thinking their external drives were corrupted. Numerous reports of experts formatting their drives after applying last week's patches, only to realise it was in vain, have appeared on social media, too. 

To cap off a bug-laden release of patches, some L2TP VPN connections are also failing across Windows 11, Windows 10, and certain Windows Server versions. 

Microsoft has issued fixes the all of the aforementioned issues and aside from the ReFS-formatted media issues, they are cumulative updates which means they do not require administrators to install the broken patch from last week first. 

The updates are available in the Microsoft Update Catalogue which also has instructions on how to install the updates manually into Windows Server Update Service (WSUS).

A risky response?

Despite most of the updates being cumulative, IT admins are seemingly still in agreement that they will be waiting until February, or until a fully safe wave of patches arrives, to fix the Windows Server issues.

One user said: "I'll be waiting on the cumulative... I'm not reinstalling a broken patch I just removed from a bunch of servers to then have to immediately apply a fix to said patch."

Another user said installing the out-of-band update made matters worse: "[We] received the bad updates this morning, and Exchange wouldn't see the Active Directory (AD) environment anymore. I saw the optional OOB update and installed that - [it] actually made the problem worse. I removed all of the updates and AD was back to being seen and Exchange was finally working."

Weighing in on the matter, outside experts have said the idea of forgoing updates is one that shouldn't be taken lightly and the risks of leaving environments open to known vulnerabilities need to be considered on balance with the potential disruption the updates themselves could cause an organisation.

"This is very much a question of risk management and risk assessment," said Andy Norton, European cyber risk officer at Armis to IT Pro. "Clearly the risk from installing the patch is one of disruption to the organisation. If you balance that with the risk from a cyber attack stemming from the issues that are not addressed by failing to patch, you then have both sides of the equation and are able to make a decision. 

Related Resource

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Whitepaper cover with solid red vertical line, and the title and Diligent logoFree Download

"There were six zero-day flaws addressed in the January patch, however, none of these zero-days are actively being exploited currently, and so it may appear that the consensus is to delay the patching process as it is riskier than being exposed to the zero days."

Alan Calder, CEO at GRC International Group, added:  "If it were my business, and a sysadmin said they thought it might be ok to continue with critical vulnerabilities unpatched until Patch Tuesday in February, we would have had a very blunt conversation about taking cyber security seriously."

In a statement given to IT Pro, Microsoft said: "We recommend customers install updates released on January 17."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022