Bug prompts Microsoft to halt update’s delivery through WSUS, the standard enterprise update service
Microsoft on Tuesday suspended serving Windows 8.1 Update to businesses that rely on WSUS (Windows Server Update Services), saying that a bug would prevent devices from recognizing future updates.
WSUS is Microsoft’s standard corporate update service and is used by IT staffs to manage the distribution of bug fixes, security patches and other updates to Windows devices on a company’s network.
“There is a known issue which causes some PCs updated with the Windows 8.1 Update to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2,” Microsoft wrote on its WSUS blog.
Microsoft released Windows 8.1 Update on Tuesday. The refresh was a follow-on to last October’s Windows 8.1, which in turn was a major update to 2012′s Windows 8.
The problem affected WSUS 3.2 running on Windows Server 2003 SP2, Windows Server 2003 R2 SP2, Windows Server 2008 SP2, and Windows Server 2008 R2 SP1 when HTTPS and SSL (Secure Sockets Layer) were enabled but TLS 1.2 was not.
Until the Redmond, Wash., company comes up with a fix, customers that have already deployed Windows 8.1 Update can apply workarounds — enable TLS 1.2 or disable HTTPS — that will let PCs recognize future WSUS-delivered updates.
It’s unclear how many businesses were affected, and Microsoft did not provide an estimate. But neither HTTPS nor TLS 1.2 are enabled by default on WSUS.
Even so, Microsoft halted Windows 8.1 Update’s rollout via WSUS.
“Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update scanning against all supported WSUS configurations,” Microsoft said. “Until that time, we are temporarily suspending the distribution of the Windows 8.1 Update to WSUS servers.”
Microsoft has stumbled over updates numerous times in the past 12 months. Last September, Microsoft shipped several flawed updates, including one that emptied Outlook 2013′s folder pane and others that repeatedly demanded customers install them even after they had been deployed. In the months before that, Microsoft yanked an Exchange security update, admitting it had not properly tested the patches, and urged Windows 7 users to uninstall an update that crippled PCs with the infamous “Blue Screen of Death.”
Microsoft did not hint at a timetable for fixing the bug, but discouraged customers who rely on WSUS from manually deploying Windows 8.1 Update, which is also available from Windows Update, MSDN (Microsoft Developers Network) and the Microsoft download center.
“We recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue,” Microsoft said.