Microsoft’s latest Windows update breaks VPNs, and there’s no fix
What Microsoft actually said:
Windows devices might face VPN connection failures after installing the April 2024 security update, or KB5036893.
We are working on a resolution and will provide an update in an upcoming release
I'm so fed up with everyone trying to make a quick buck on our constant struggle to stay safe.
The reality is that it broke "something* in certain lpt2/ipsec connections using certain authentication protocols, although they haven't yet specified which particular connection technologies are affected.
However this does not mean that a blanket affect of ALL VPN connection not working is an issue.
So far we are unaffected on clients using ipsec and PAP protocol authentication, nor connections using Anyconnect (aka Cisco Secure Connect).
I have also not seen any affect on private VPN clients such as PIA or Nord on machines that have this update.
I suspect what broke was clients using MSChap, Microsoft's own protocol for authentication for VPN clients.
Source: an admin with 200+ client machines with VPN connections that are not impacted after installing this update.
Yeah, you're not wrong that the article kinda sets itself up for the "lookit our recommended VPNs" pitch.
There's no way Microsoft would purposefully disable VPNs from working. I can guarantee that they require VPNs for thousands of roles in the company, let alone breaking it for government agencies that require VPNs, etc.
It is good to know that a specific update can break something ahead of time, though. Then at least you can avoid it.
My workplace requires VPN for Web sites that are authenticated, require 2FA and are encrypted. It's infuriatingly stupid. I feel like someone higher up got sold a useless contract by a good VPN salesperson.
Looks like their policy to prefer cheap labor they hire from Asia rather than paying local U.S. developers a living wage is starting to bite them in the ass.
Games. I have a Steam Deck so yea I get that Proton works really well now but it's still not perfect. And also I write software for customers that use Windows so ¯\(ツ)/¯