Microsoft moves to patch this potentially serious security flaw

A new out-of-band update is now available for download

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas fixed a bug plaguing multiple versions of Windows and Windows Server that’s triggeringSSL/TLShandshake failures.

Those experiencing the flaw see a SEC_E_ILLEGAL_MESSAGE notification pop up in applications that try to connect to servers.

“We address an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures,” Microsoft said in anannouncement.

Multiple versions affected

The affected versions includeWindows 1122H2;Windows 1121H2;Windows 1021H2; Windows 10 21H1; Windows 10 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB;Windows 8.1; andWindows 7SP1.

Forservers, affected versions include Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; and Windows Server 2008 R2 SP1.

This is an out-of-band update, meaning it won’t be automatically deployed via Windows Update, Windows Update for Business, or Windows Server Update Services (WSUS).

Instead, users interested in picking the update up need to head over to theMicrosoft Update Catalogand manually add them either into the Microsoft Endpoint Configuration Manager, or Windows Server Update Services (WSUS).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

These are the best dedicated server hosting providers out there

Windows 10 failing to launch into apps? This hotfix should sort it>Microsoft pushes out emergency fix for Windows Server mess

Microsoft is no stranger to out-of-band updates. Last time we had such an update was in May 2022, when the company fixed a problem that prevented applications downloaded from the Windows Store from properly running onendpoints.

However,BleepingComputerdiscovered that after installing the patch, the Cluster Service might fail to start. In this case, this happens because an update to the PnP class drivers used by the service removed a Cluster Network Driver.

The fix is still in the works for Windows 10 2016 LTSB, Windows Server 2016, and Windows 10 2015 LTSB.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call