Update Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5009543) & Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2 (KB5008876) reported causing issues with VPN connectivity to L2TP protocol.
What that means:
This means that most applications that are using this protocol will stop working too. Many users will not be able to use the VPN to connect at work and that will escalate fast to the IT Department.
Who is affected:
Computers that are patched with the updates above and using the Windows VPN Client for sure are affected. Also, Vendors that were already reported affected are SonicWall VPN, Meraki VPN with many more to come as the issue seems to be connected to the IPSEC protocol in Windows itself, so anyone that is using the Windows client will be affected too. Keep in mind that the problem is still on feedback phase so it is very possible other OS like Windows 11 to be affected.
What to do if you already facing the issue:
Remove the KB that is causing the issue. From an elevated PowerShell run:
wusa /uninstall /kb:5009543
wusa /uninstall /kb:5008876
What to do if you have Windows 10 PCs but aren’t yet patched – not affected:
This update should be excluded from your WSUS Server, RMM, or GPO. Also, will be a good idea for environments that leave the users the option to manually update their computers to inform them not to do till an official fix is released from Microsoft.
What we are always consulting companies is to NEVER follow a patch policy that patches systems the next day of the release date if it is not some Serious Critical Vulnerability update as they are prone to get affected from serious downtime and business disruption.
Update 13/01/2022:
It seems that the updates KB5009624,KB5009595,KB5009546,KB5009557 are also making domain controller suddenly rebooting and breaking Hyper-V. We suggest to hold a little your updating plans for this month as it might have more Easter Eggs to discover. Microsoft not yet commented to the issue.
If the above sounds confusing, very technical, or just time consuming for you current capacity, we are here to help Contact us by Clicking Here. We are helping businesses to stabilizing and optimizing their environments. We also offer monitoring as a service if you just want us to keep an eye and alert you if something has indications of the will stop working soon. Here is an article related to monitoring