Microsoft has temporarily suspended distribution of Windows 8.1 Update, after it was found that it can cause some updated PCs to actually stop looking for future updates.
The irony is, of course, that Windows 8.1 Update is a mandatory update, which – as I described yesterday on the Lumension Optimal Security blog – is required if you want to receive future security updates.
Let me try to explain that again, as it can be hard to get your head around.
You know that Windows 8.1 update that you must install to get future updates? The one that if you choose not to install, you won’t get any future updates? Well, it turns out that if you install that update you might actually not get any future updates.
Like I said, oh dear. Kinda embarrassing.
According to a blog post from Microsoft, the problem occurs for enterprises rather than consumers, where updates are grabbed from Windows Server Update Services (WSUS) servers.
Ars Technica describes the problem as follows:
The problem occurs when clients connect to WSUS with HTTPS enabled, but without TLS 1.2. Windows 8.1 machines with the KB 2919355 update installed will no longer be able to receive future updates from those servers. Microsoft describes it primarily as an issue for WSUS 3.0 Service Pack 2, also known as WSUS 3.2, when run on Windows Server 2003, 2003 R2, 2008, and 2008 R2; this version does not have HTTPS or TLS 1.2 enabled by default, but HTTPS is part of the recommended configuration.
WSUS 4 on Windows Server 2012 and 2012 R2 is also technically affected, as the bug is client-side, but Windows Server enables TLS 1.2 by default, so issues are unlikely to arise in practice.
Microsoft says it plans to issue an update “as soon as possible” that will fix the issue, and restore the correct behaviour. Until that time, the firm says, it is delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.
Enterprise customers are advised to suspend deployment of the update until Microsoft fixes the issue.
Read Microsoft’s blog post for further information, where workarounds are also described.