Microsoft has released several out-of-band updates to address features of Windows 11, Windows 10 and Windows Server broken by the January 2022 Patch Tuesday update.
Microsoft released the separate fixes on Tuesday via the Microsoft Update Catalog for direct download, and via Windows Update as an optional update.
The Windows Update on January 11 was intended to address 96 security flaws but also brought a load of pain for users and admins.
In release notes for the out-of-band fixes, Microsoft admits the January 2022 security updates broke some VPN connections, caused some Windows Servers domain control controllers to restart unexpectedly, and prevented virtual machines in Microsoft’s Hyper-V from starting. On top of this, users discovered a windows Resilient File System (ReFS) issue blocked access to volumes stored on removable media, including external USB drives.
The issues affected the Windows 10 21H2 update (KB5009566), Windows 11 update (KB5009566), and Windows Server 2022 update (KB5009555), as well as the security updates for older versions of Windows and Windows Server.
Microsoft has released fixes in the out-of-band updates KB5010795 for Windows 11, KB5010796 for Windows Server 2022, KB5010793 for Windows 10 21H2, 21H1 20H2 and 20H1, as detailed in its Windows release health dashboard.
Updates are also available for all versions through to Windows 7 Service Pack 1 and Windows Server 2008 Service Pack 2. These are cumulative updates, meaning previous updates don’t need to be installed before installing it.
The VPN issue affected Windows 11 through to Windows 10 Enterprise 2015 LTSB and stemmed from IP Security (IPSEC) connections which contain a Vendor ID failing. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected, according to Microsoft.
The issue causing Windows Server domain controllers (DCs) to restart affected Windows Server 2022 through to Windows Server 2012. Windows Server 2016 and later was more likely to be affected when DCs are using Shadow Principals in Enhanced Security Admin Environment (ESAE) or environments with Privileged Identity Management (PIM), according to Microsoft.
Hyper-V VMs were failing to start on devices with Unified Extensible Firmware Interface (UEFI) enabled on Windows 8.1, and Windows Server 2012 R2 and Windows Server 2012.
The ReFS issue caused removable volumes formatted with ReFS to fail to mount or for it to mount as RAW. Its likely cause was that the ReFS file system isn’t supported on removable media, including external USB drives, according to Microsoft. Also, the fix appears to be more complicated than just installing the out-of-band patch.
Microsoft recommends uninstalling the January 11 update and following several steps to recover data from a ReFS partition before installing the out-of-band update. The recovery steps include ensuring data contained on the affected removable media is moved to a ReFS volume on a different fixed device or to a NTFS volume.
“After data is recovered from the ReFS partition on the removable media, install the January 17, 2022 Windows out-of-band update that is applicable for your Windows operating system,” Microsoft says.
The issues that surfaced after Microsoft’s first Patch Tuesday for 2022 aren’t likely to inspire confidence amongst Windows admins who’ve long been skeptical about the quality of Microsoft’s updates and whether it does sufficient testing before their release.
As Ask Woody’s influential IT admin blogger Susan Bradley recently argued in 2020, Microsoft’s decision to roll up patches in a big bundle on the second Tuesday of every month requires admins to place a great deal of trust in the company. That trust is eroded if applying the updates results in a lag on productivity from buggy patches.