Windows 8.1 Update required for all future updates can actually STOP all future updates!

Windows 8.1 Update problemOh dear.

Microsoft has temporarily suspended distribution of Windows 8.1 Update, after it was found that it can cause some updated PCs to actually stop looking for future updates.

The irony is, of course, that Windows 8.1 Update is a mandatory update, which – as I described yesterday – is required if you want to receive future security updates.

Let me try to explain that again, as it can be hard to get your head around.

Sign up to our free newsletter.
Security news, advice, and tips.

You know that Windows 8.1 update that you must install to get future updates? The one that if you choose not to install, you won’t get any future updates? Well, it turns out that if you install that update you might actually not get any future updates.

Like I said, oh dear. Kinda embarrassing.

According to a blog post from Microsoft, the problem occurs for enterprises rather than consumers, where updates are grabbed from Windows Server Update Services (WSUS) servers.

Ars Technica describes the problem as follows:

The problem occurs when clients connect to WSUS with HTTPS enabled, but without TLS 1.2. Windows 8.1 machines with the KB 2919355 update installed will no longer be able to receive future updates from those servers. Microsoft describes it primarily as an issue for WSUS 3.0 Service Pack 2, also known as WSUS 3.2, when run on Windows Server 2003, 2003 R2, 2008, and 2008 R2; this version does not have HTTPS or TLS 1.2 enabled by default, but HTTPS is part of the recommended configuration.

WSUS 4 on Windows Server 2012 and 2012 R2 is also technically affected, as the bug is client-side, but Windows Server enables TLS 1.2 by default, so issues are unlikely to arise in practice.

Microsoft says it plans to issue an update “as soon as possible” that will fix the issue, and restore the correct behaviour. Until that time, the firm says, it is delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.

Enterprise customers are advised to suspend deployment of the update until Microsoft fixes the issue.

Read Microsoft’s blog post for further information, where workarounds are also described.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.