Windows 10 users and administrators are reporting issues establishing L2TP VPN connections after installing recent Windows 10 cumulative updates KB5009543 and Windows 11 KB5009566.
Yesterday, Microsoft released Windows updates to address vulnerabilities and security bugs as part of the January 2022 Patch Tuesday.
These updates include KB5009566 for Windows 11 and KB5009543 for Windows 10 2004, 20H1, and 21H1.
Updates break L2TP connections
After installing the updates yesterday, Windows users find that their L2TP VPN connections are dropped when they try to connect using the Windows VPN client.
When they try to connect to a VPN device, an error is displayed saying: “Unable to connect to VPN. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer, ”as shown below.
The event log will also record entries with error code 789, indicating that the connection to the VPN has failed.
The bug does not affect all VPN devices and appears to only affect users using the built-in Windows VPN client to establish the connection.
A security researcher known as Ronny on Twitter told BleepingComputer that the bug affects their Ubiquiti site-to-site VPN connections for those using the Windows VPN client.
Many Windows administrators too report On Reddit the bug also affects connections to SonicWall, Cisco Meraki, and WatchGuard firewalls, with the latter’s client also affected by the bug.
With many users still working remotely, administrators were forced to remove updates KB5009566 and KB5009543, which immediately fixes L2TP VPN connections on restart.
Windows users can remove updates KB5009566 and KB5009543 using the following commands from an elevated command prompt.
Windows 10: wusa /uninstall /kb:5009543 Windows 11: wusa /uninstall /kb:5009566
However, because Microsoft is consolidating all security updates into a single cumulative update for Windows, removing the update will remove all fixes for the vulnerabilities that were fixed during Patch Tuesday in January.
Therefore, Windows administrators should weigh the risks of unpatched vulnerabilities against disruption caused by the inability to connect to VPN connections.
The cause of the bug is unclear, but Microsoft’s January patch fixed many vulnerabilities in Windows Internet Key Exchange (IKE) protocol (CVE-2022-21843, CVE-2022-21890, CVE-2022-21883, CVE-2022-21889, CVE-2022-21848, and CVE-2022-21849) and in Windows Remote Access Connection Manager (CVE-2022-21914 and CVE-2022-21885) that could be causing the problems.
Unfortunately, there is currently no known solution or workaround for L2TP VPN connection issues.
BleepingComputer has contacted Microsoft regarding the bug but has not yet received a response.
- Microsoft September 2021 Patch Tuesday fixes 2 zero-days, 60 flaws
- Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
- Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws
- New Windows Server Updates Cause DC Boot Loops, Break Hyper-V
- Zoom security issues: Everything that’s gone wrong (so far)