Microsoft has acknowledged a VPN bug caused by the updates it launched as part of this month’s Patch Tuesday cycle, including KB5009543.
The organization explains on the Windows Health Dashboard page that devices with IPSEC connections configured to use a vendor ID might be unable to connect to VPN.
“After installing KB5009543, IP Security (IPSEC) connections that have a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected,” the organization said.
The workaround and also the full fix
At this time, however, Microsoft says it’s still investigating the problem, also it expects a complete fix to be part of an upcoming update. No ETA continues to be offered, though, so users are recommended to stick having a workaround that’s by no means very convenient.
Microsoft states that customers who must use this VPN connection option are suggested to disable the vendor ID check on the server. Obviously, this isn’t something which users themselves can do however the server admins, and what’s worse is that this feature is sometimes even missing from some VPN servers.
“To mitigate the problem for many VPNs, you can disable Vendor ID inside the server-side settings. Note: Not all VPN servers can disable Vendor ID from getting used. Next steps: We’re presently investigating and will offer an update within an upcoming release,” Microsoft explained.
Needless to say, people who need this VPN option may also take away the latest updates, even though this means they’ll be missing on some critical security improvements which were part of the release.