Windows 8.1 Update required for all future updates can actually STOP all future updates!

Windows 8.1 Update problem Oh dear.

Microsoft has temporarily suspended distribution of Windows 8.1 Update, after it was found that it can cause some updated PCs to actually stop looking for future updates.

The irony is, of course, that Windows 8.1 Update is a mandatory update, which – as I described yesterday – is required if you want to receive future security updates.

Let me try to explain that again, as it can be hard to get your head around.

Sign up to our free newsletter.
Security news, advice, and tips.

You know that Windows 8.1 update that you must install to get future updates? The one that if you choose not to install, you won’t get any future updates? Well, it turns out that if you install that update you might actually not get any future updates.

Like I said, oh dear. Kinda embarrassing.

According to a blog post from Microsoft, the problem occurs for enterprises rather than consumers, where updates are grabbed from Windows Server Update Services (WSUS) servers.

Ars Technica describes the problem as follows:

The problem occurs when clients connect to WSUS with HTTPS enabled, but without TLS 1.2. Windows 8.1 machines with the KB 2919355 update installed will no longer be able to receive future updates from those servers. Microsoft describes it primarily as an issue for WSUS 3.0 Service Pack 2, also known as WSUS 3.2, when run on Windows Server 2003, 2003 R2, 2008, and 2008 R2; this version does not have HTTPS or TLS 1.2 enabled by default, but HTTPS is part of the recommended configuration.

WSUS 4 on Windows Server 2012 and 2012 R2 is also technically affected, as the bug is client-side, but Windows Server enables TLS 1.2 by default, so issues are unlikely to arise in practice.

Microsoft says it plans to issue an update “as soon as possible” that will fix the issue, and restore the correct behaviour. Until that time, the firm says, it is delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.

Enterprise customers are advised to suspend deployment of the update until Microsoft fixes the issue.

Read Microsoft’s blog post for further information, where workarounds are also described.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.