Microsoft October 2024 Update: Fixes Remote Desktop Disruptions and More

  • Thread Author
Redmond, WA — Microsoft has rolled out its latest Patch Tuesday cumulative updates, addressing a significant issue that has been disrupting Remote Desktop connections across enterprise Windows Server environments. This update is crucial for system administrators and organizations relying heavily on Remote Desktop Protocol (RDP) for their daily operations.

The Remote Desktop Disruption Issue​

Following the installation of the July Windows Server security updates, numerous Windows administrators reported that the Remote Desktop Gateway (RD Gateway) service began crashing every 30 minutes. This recurring crash led to intermittent disruptions in Remote Desktop connectivity, severely impacting workflows and productivity within affected organizations.
Microsoft identified the root cause as a failure in the RD Gateway service, which manifested as an 0xc0000005 exception code. This error caused the service to become unresponsive, logging Event 1000 in the system event log. As a result, remote desktop sessions were terminated, forcing users to reconnect to the server repeatedly.

Affected Windows Server Versions​

The issue primarily impacted the following Windows Server releases:
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
Organizations running these versions were particularly vulnerable if they utilized legacy protocols, specifically Remote Procedure Call over HTTP (RPC over HTTP), within their Remote Desktop Gateway configurations.

Microsoft's Response and Solutions​

In response to the widespread reports, Microsoft promptly released cumulative updates as part of its October 2024 Patch Tuesday initiative. These updates not only fix the Remote Desktop disruption issue but also address a total of 118 vulnerabilities, including five publicly disclosed zero-days. Notably, two of these zero-days are currently being exploited in active attacks.

Temporary Workarounds​

For organizations unable to apply the cumulative updates immediately, Microsoft has provided two temporary workarounds:
  1. Firewall Configuration Adjustment:
    Administrators can prevent connections over the specific pipe and port (\pipe\RpcProxy\3388) through the RD Gateway by configuring firewall software accordingly. This measure helps mitigate the risk of service disruptions while the patches are being deployed.
  2. Registry Modification:
    Another workaround involves editing the RDGClientTransport registry key under Terminal Server Client. Navigate to HKCU\Software\Microsoft\Terminal Server Client\RDGClientTransport, locate the DWORD registry key, and set the Value Data field to 0x0. It's imperative to back up the registry before making any changes to ensure system stability and facilitate restoration if necessary.

Historical Context​

This isn't the first time Microsoft has addressed connectivity issues related to Remote Desktop. Two years ago, a similar problem affected Windows Servers with Routing and Remote Access Service (RRAS) enabled after installing the June 2022 security updates. In January 2022, an emergency out-of-band update was released to rectify a bug that triggered Remote Desktop connection and performance issues.
These recurring issues highlight the challenges Microsoft faces in balancing security updates with system stability, especially in complex enterprise environments.

Broader Implications for Enterprise Security​

The October 2024 Patch Tuesday updates come at a critical time as cyber threats continue to evolve. Organizations are increasingly reliant on remote access solutions, making the security and reliability of these services paramount. By addressing vulnerabilities and connectivity issues, Microsoft reinforces its commitment to safeguarding enterprise infrastructures against both existing and emerging threats.

Other Notable Updates​

In addition to the Remote Desktop fixes, the Patch Tuesday releases include:
  • Microsoft SharePoint RCE Bug: Addressing a remote code execution vulnerability exploited to breach corporate networks.
  • Windows 11 Task Manager Bug: Correcting inaccuracies in the reported number of running processes.
  • Azure Virtual Desktop Black Screen Issues: Resolving display problems affecting user experiences.
  • Outlook Freeze Issue: Implementing a workaround for freezes that occur when copying text within Microsoft Outlook.

Recommendations for Administrators​

To ensure optimal security and functionality:
  1. Immediate Patch Deployment: Administrators should prioritize the deployment of the latest cumulative updates to mitigate the Remote Desktop disruption and other vulnerabilities.
  2. Implement Workarounds: Where immediate patching isn't feasible, apply the provided temporary workarounds to maintain Remote Desktop connectivity.
  3. Regular Monitoring: Continuously monitor system logs for Event 1000 or similar indicators of RD Gateway service instability.
  4. Backup Critical Data: Regularly back up system registries and critical data to facilitate swift recovery in case of unforeseen issues post-update.

Future Outlook​

As Microsoft continues to enhance its security frameworks and address system stability issues, organizations must stay vigilant and proactive in managing their IT environments. Regular updates, combined with robust security practices, are essential in maintaining resilient and secure enterprise infrastructures.
The ongoing collaboration between Microsoft and the IT community ensures that emerging challenges are swiftly identified and addressed, fostering a safer and more reliable computing environment for all users.

Stay tuned to WindowsForum.com for the latest updates and expert insights on Microsoft's Patch Tuesday releases and other critical IT developments.
Source: BleepingComputer Microsoft fixes Remote Desktop issues caused by Windows Server update
 


Back
Top