Microsoft confirms recent Windows security update breaks VPNs, no fix yet

Windows 10 Settings
(Image credit: Shutterstock)

Bad news for those of us quick to click the "update" button: Microsoft has confirmed that the suite of April security updates for Windows has broken the functionality of VPN services on the operating system in its release health dashboard.

Microsoft describes the issue as "Windows devices might face VPN connection failures" on the new updates — the wording makes it unclear whether the bug effects all users or only some. Microsoft has not given any updates on when the bug will be fixed or what the reason for it is, but we can rest assured it will solve the problem "in an upcoming release." The bug affects security updates extended to Windows 10 and 11 releases and various Windows Server releases, as seen below:

  • Client: Windows 11, version 23H2; Windows 11, version 22H2, Windows 11, version 21H2, Windows 10, version 22H2, Windows 10, version 21H2. 
  • Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008.

There is no official fix yet issued by Microsoft. Microsoft recommends using the "Get help" app in Windows for personal-use PCs — and, for enterprise devices, it suggests the "Support for businesses" link.

For an immediate workaround, one course of action is to rollback to your previous release of Windows by uninstalling recent updates. To do this, open the Settings program (Windows key + I). Open Windows Update > Update history and scroll down to "Uninstall updates." You'll want to look for the most recent update, titled "KB5036893." We can't recommend this whole-heartedly, as stepping back will make you lose out on the security fixes and improvements found in the April security updates — but if you're willing to trade some safety for VPN usage, be our guest. 

Assuming your computer is able to use VPNs after rolling back the update, you may be interested in today's coupons for NordVPN. And if you're fed up with Windows' tendency to break VPNs in updates (April 2023 and January 2022 both saw updates that messed with VPN speeds — though not to the same degree as the current bug), you may be interested in switching your operating system. Thanks in large part to Valve's meddling with SteamOS, these three Linux distros are all beating Windows 11 in gaming performance and make great stepping stones into the world of Linux.

Dallin Grimm
Contributing Writer

Dallin Grimm is a contributing writer for Tom's Hardware. He has been building and breaking computers since 2017, serving as the resident youngster at Tom's. From APUs to RGB, Dallin has a handle on all the latest tech news. 

  • JamesJones44
    I guess that is one way to ensure people come into the office.
    Reply
  • brandonjclark
    JamesJones44 said:
    I guess that is one way to ensure people come into the office.
    Zero-Trust security means no device is automatically trusted.

    There are many enterprises which require VPN even when internal to an office.
    Reply
  • JamesJones44
    brandonjclark said:
    Zero-Trust security means no device is automatically trusted.

    There are many enterprises which require VPN even when internal to an office.
    This can be done with device filtering at the network layer and/or required provisioning software installed (MDM for example). None of the fortune 500 companies I've ever worked at required logging into VPN on site, they simply didn't allow a device to connect to the network if it was unregistered. Several of the companies I worked for wouldn't allow an unregistered device to work with VPN either.
    Reply
  • Alvar "Miles" Udell
    Bad news for those of us quick to click the "update" button

    Of which there shouldn't be any except for those on the insider channel. Everyone else should be using the Pro version and delay updates for 30 days and upgrades for at least 90. For corporate users, IT should issue their own updates only after vetting them.
    Reply
  • RaiderB0t
    Its clearly a case of "might be some but certainly not all" as I can see the patch KB503693 installed on my corporate Win11 lappy. I am currently connected at home via VPN right now without any issues, so unless there is some problem, there is no need to go remove it. If its an enterprise device you probably wouldn't have perm's to remove it anyway. My .02cnts
    Reply