Windows Server

​Microsoft says this month’s Patch Tuesday cumulative updates fix a known issue that causes Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July Windows Server security updates.

Redmond first confirmed this known issue following many reports from Windows admins that the RD Gateway service kept crashing every 30 minutes after installing the July updates.

Admins can track this as a TSGateway service termination issue, which triggers an 0xc0000005 exception code When it becomes unresponsive and gets logged as Event 1000 in the system event log.

“Windows Servers might affect Remote Desktop Connectivity across an organization if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted,” Microsoft said at the time.

“This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need to reconnect to the server.”

The list of impacted Windows Server releases and the security updates that trigger it includes:

  • Windows Server 2022 (KB5040437)
  • Windows Server 2019 (KB5040430)
  • Windows Server 2016 (KB5040434)
  • Windows Server 2012 R2 (KB5040456
  • Windows Server 2012 (KB5040485)

Redmond also provides affected organizations that cannot immediately install this month’s cumulative updates with two temporary workarounds.

The first requires disallowing connections over pipe and port pipeRpcProxy3388 through the RD Gateway using firewall software.

For the second, admins must edit the RDGClientTransport registry key under Terminal Server Client by going to HKCUSoftwareMicrosoftTerminal Server ClientRDGClientTransport. Next, find the ‘DWORD’ registry key and set the ‘Value Data’ field to ‘0x0’.

It’s also important to note that you should make a registry backup before editing it to ensure you can quickly restore it if anything goes wrong.

Two years ago, Microsoft fixed a similar known issue causing RDP and VPN connectivity problems after installing the June 2022 security updates on Windows Servers with Routing and Remote Access Service (RRAS) enabled.

In January 2022, it released an emergency out-of-band update to fix a Windows Server bug triggering Remote Desktop connection and performance issues.

Today, Microsoft released the October 2024 Patch Tuesday security updates to address 118 vulnerabilities, including five publicly disclosed zero-days, two of which are exploited in ongoing attacks.

Source: www.bleepingcomputer.com