Microsoft has released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2022 Patch Tuesday.
"Microsoft is releasing Out-of-band (OOB) updates today, January 18, 2022, for some versions of Windows," the company said.
"This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount."
All OOB updates released today are available for download on the Microsoft Update Catalog, and some of them can also be installed directly through Windows Update as optional updates.
You will have to manually check for updates if you want to install the emergency fixes through Windows Update because they are optional updates and will not install automatically.
The following updates can only be downloaded and installed via the Microsoft Update Catalog:
Updates for these Windows versions are also available through Windows Update as an optional update:
- Windows 11, version 21H1 (original release): KB5010795
- Windows Server 2022: KB5010796
- Windows 10, version 21H2: KB5010793
- Windows 10, version 21H1: KB5010793
- Windows 10, version 20H2, Windows Server, version 20H2: KB5010793
- Windows 10, version 20H1, Windows Server, version 20H1: KB5010793
- Windows 10, version 1909, Windows Server, version 1909: KB5010792
- Windows Server 2019: KB5010791 (Released on 1/18/22)
- Windows 10, version 1607, Windows Server 2016: KB5010790
- Windows 10, version 1507: KB5010789
- Windows 7 SP1: KB5010798
- Windows Server 2008 SP2: KB5010799
January Windows updates issues and fixes
As BleepingComputer reported after this month's Patch Tuesday, the latest Windows Server updates were causing a series of severe issues for administrators.
According to admin reports, Windows domain controllers were being plagued by spontaneous reboots, Hyper-V was no longer starting on Windows servers, and Windows Resilient File System (ReFS) volumes were no longer accessible after deploying the January 2022 updates.
Windows 10 users and administrators also reported problems with L2TP VPN connections after installing the recent Windows 10 and Windows 11 cumulative updates and seeing "Can't connect to VPN." errors.
Those who cannot immediately install today's out-of-band updates can remove the KB5009624, KB5009557, KB5009555, KB5009566, and KB5009543 updates causing these issues from an Elevated Command Prompt with the following commands:
Windows Server 2012 R2: wusa /uninstall /kb:5009624
Windows Server 2019: wusa /uninstall /kb:5009557
Windows Server 2022: wusa /uninstall /kb:5009555
Windows 10: wusa /uninstall /kb:5009543
Windows 11: wusa /uninstall /kb:5009566
However, since Microsoft also bundles all the security updates with these Windows cumulative updates, removing them will also remove all fixes for vulnerabilities patched during the January 2022 Patch Tuesday.
Windows admins and users need to consider the risks of unpatched vulnerabilities impacting their systems versus the disruption caused by the issues stemming from this month's Windows updates.
Comments
h_b_s - 2 years ago
How's disbanding the QA teams working out for you there, Microsoft? More problems than ever? We're not even seeing fatal bugs on niche features here with just a few users. Hyper-V, Domain Controllers, VPN connections, network printing, these are all core systems your development teams are screwing over, but could have been caught with a veteran QA team. It's not like you're hurting for money. Seriously, you're not even getting the patches right either. It's like the college interns have taken over the place.
INTREPID-FL - 2 years ago
This patch is worthless. If you're experiencing the boot loop issue, you've already uninstalled the cumulative update - this patch is useless. If you haven't installed the cumulative update to prevent a dead server - this patch is useless. So, I guess we need to wait for the February cumulative update and skip January? Nice.
kaducoelho - 2 years ago
I have not installed the updates released in the microsoft tuesday patch on my 2016 DCs. Should I only install the OOB update KB5010790 released today?
Or this update can only be applied on servers with the tuesday patch updates with problems?
What is the process for those who have not installed any 2022-01 updates on Windows Server 2016 servers?
SAndrewsRTS - 2 years ago
I just got done importing these into WSUS for MECM. Like all cumulative updates, they supersede the ones released last Tuesday. There is no Windows Server 2019 KB available yet. Hopefully these actually address the issues.
lighthabit - 2 years ago
Run unsecured or don't run at all. Well, since this is a production environment, not running at all is not an option. Well done!
andreasoc - 2 years ago
thanks!!!
the previous solution to uninstall the KB5009624 update was not enough the reboot kept the same every 2 hours or so .. hopefully fine with this.
PieterP - 2 years ago
Srv 2019 OOB patch is missing to replace buggy update KB5009557 ?
It also looks like they didn't change the status of the buggy updates to superseded, so are we required to release the buggy updates as well before we can install these OOB patches?
andreasoc - 2 years ago
after apply the new patch all work fine, not restart (Windows Server 2012 R2)
lisavaas - 2 years ago
You're off by a year, should read January 2022 Patch Tuesday: "Microsoft has released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2021 Patch Tuesday."
Lawrence Abrams - 2 years ago
Fixed..thanks
curtHendzell - 2 years ago
FWIW, the server uninstall commands should not have "KB" after the /kb:
Windows Server 2012 R2: wusa /uninstall /kb:5009624
Windows Server 2019: wusa /uninstall /kb:5009557
Windows Server 2022: wusa /uninstall /kb:5009555
Lawrence Abrams - 2 years ago
Fixed. Thanks!
HoodedOne - 2 years ago
Hey everyone, this affected us as well. However a KB not mentioned to this point is what caused the "Virtual machine could not start because the hypervisor is not running" error we were experiencing.
On Server 2012 Standard (old dog slated for replacement), we needed to uninstall: KB5009619
Relevant Microsoft Post:
https://support.microsoft.com/en-us/topic/kb5010797-out-of-band-update-for-windows-server-2012-january-17-2022-1f14f497-8404-404d-8d78-0c962c9e486d
"This update resolves the following issues:
Virtual machines (VMs) located on a server that has Unified Extensible Firmware Interface (UEFI) enabled fail to start after installing the January 11, 2022 Windows update."
Microsoft Catalog with the fixed out-of-band update:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5010797
We uninstalled KB5009619, rebooted, and verified the VMs would launch again (they did). Then we installed KB5010797 from the catalog, rebooted, and again tested and confirmed the VMs will still launch with KB5010797 installed.
Lawrence Abrams - 2 years ago
Microsoft just released the Windows Server 2019 KB5010791 OOB update. Article updated with the link.
noelprg4 - 2 years ago
KB5010791 can also be applied/installed onto Windows 10 LTSC 2019 v1809 as well - MS Update Catalog says so
BikerSco - 2 years ago
Any idea why there isn't an update for Windows 11 Pro 21H2. Do I need to roll back my Windows 11 version to get this patch to work so I can use my VPN? I tried the windows 11 patch listed and it says its not for my version of windows.
I also continue to have the VPN issue today even after removing the update that caused it two days ago and it was working nt today it isnt and it says the kb isnt installed.
Supply-PWC - 2 years ago
Last week, we too were plagued by reboot issues on our 2012R2 Domain Controllers caused by KB5009624 for Server 2012 R2 and KB5009595 for Server 2012 R2. We had to take the servers offline and uninstall the patches in order to resolve the endless reboots.
I know there is a new OOB to fix these issues: https://support.microsoft.com/en-us/topic/kb5010794-out-of-band-update-for-windows-8-1-and-windows-server-2012-r2-january-17-2022-a92500fb-f227-400e-b70e-f7dd50386fd3.
OOB patches normally supersede the older patches.
However, when I install KB5010794 on a 2012 R2 server, the problematic patches, KB5009624 and KB5009595, still show up as required in Windows Update after a reboot. With that said, does KB5010794 truly supersede the faulty patches? If so, why do the faulty patches still show up as required patches?
NJJoe - 2 years ago
Good question. I have several 2012R2 servers still in the field, and until this is settled, I'm just not doing any updates. I suspect this will shake out in the next weeks, but the reboot risk far exceeds and possible new security risk.
Supply-PWC - 2 years ago
I think Microsoft wants you to install the faulty patches then install the OOB patch. That's what people are telling me at this forum: https://docs.microsoft.com/en-us/answers/questions/700165/kb5010797-installation.html?childToView=701846. Insane solution as obviously the faulty patches break the server. Don't understand why Microsoft just didn't release a cumulative patch that fixes and replaces the faulty 2012R2 patches like they normally would do.
NJJoe - 2 years ago
Exactly! As admins, when a possible buggy patch is released, we either pause or skip it. Then, it should be pulled and a subsequent integrated / cumulative patch should be released. As least this is what we've seen with all of the Win10 'print nightmare' patches of 2021.
Supply-PWC - 2 years ago
I think the other server versions, 2016, 2019 and 2022 all get cumulative updates that replace the original faulty updates. So I think it is just 2012R2 servers that get this "bizzaro world" fix.
DerAdler - 2 years ago
Wait; whether these series of severe issues were caused by the latest Windows Server updates, why in the hell are the following included in the catalog list?
Windows 7 SP1: KB5010798
Windows Server 2008 SP2: KB5010799
Support for Windows7 SP1 e Windows Server 2008 SP2 ended 2 years ago and no new updates have been released since then! (excluding the ESU program)
DFlood - 2 years ago
Anyone have trouble on 8.1 or 10/21h2 + relevant OOB patch with VPN userid/passwords? Specifically if you clear the stored ones it won't prompt for new ones but just says "the userid/password was wrong". It started properly prompting when I uninstalled the OOB patch to get me back to December...
SleepyDude - 2 years ago
Hi,
Anyone else have problems printing to Virtual PDF printers and local printers after the KB5009595/KB5009624 on Windows 8.1 and Server 2012 R2?
I didn't test but the OOB patch have the same spooler core files 6.3.9600.20239 so I guess this isn't fixed!
kly - 2 years ago
KB5009624 broke printing for us on Server 2012 R2. Any print jobs that are sent from our application to another print server (we have hundreds of raspberry pis running cups) stopped printing. Just for the heck of it, we set up a network connection from Server 2012 to a printer and that works fine. It's just when it sends print jobs to another print server it doesn't work. Uninstalled KB5009624 and all printing works fine again.
SleepyDude - 2 years ago
Hi,
Just confirmed that KB5010395/KB5010419 from February 8 fixed the local printing problem for Windows Server 2012 R2 and possibly also on Windows 8.1.
Printing to a virtual PDF printer is working again.