Microsoft has announced that the cumulative updates released this month during Patch Tuesday address a significant issue affecting Windows servers, particularly in relation to Remote Desktop connections within enterprise networks. This problem emerged following the installation of the July Windows Server security updates, which led to disruptions in the RD Gateway service, causing it to crash every 30 minutes.
Details of the Issue
Initially confirmed by Microsoft after numerous reports from Windows administrators, the issue is identified as a TSGateway service termination problem. This malfunction triggers an 0xc0000005 exception code when the service becomes unresponsive, which is logged as Event 1000 in the system event log. Microsoft noted that the use of legacy protocols, specifically Remote Procedure Call over HTTP, could exacerbate the situation, leading to interruptions in Remote Desktop connectivity across organizations.
The disruptions may occur intermittently, with logon sessions being lost approximately every 30 minutes, necessitating users to reconnect to the server. The affected Windows Server releases and their corresponding security updates include:
- Windows Server 2022 (KB5040437)
- Windows Server 2019 (KB5040430)
- Windows Server 2016 (KB5040434)
- Windows Server 2012 R2 (KB5040456)
- Windows Server 2012 (KB5040485)
Temporary Workarounds
For organizations unable to implement this month’s cumulative updates immediately, Microsoft has provided two temporary workarounds. The first involves blocking connections over the pipe and port pipeRpcProxy3388 through the RD Gateway using firewall software. The second workaround requires administrators to modify the RDGClientTransport registry key under Terminal Server Client. This can be done by navigating to HKCUSoftwareMicrosoftTerminal Server ClientRDGClientTransport, locating the ‘DWORD’ registry key, and setting the ‘Value Data’ field to 0x0.
It is crucial for administrators to back up the registry before making any changes to ensure a swift restoration if any issues arise during the process.
Historical Context
This is not the first time Microsoft has addressed similar connectivity issues. Two years ago, the company resolved a comparable problem that affected RDP and VPN connections following the June 2022 security updates on Windows Servers with Routing and Remote Access Service (RRAS) enabled. Additionally, in January 2022, an emergency out-of-band update was released to rectify a Windows Server bug that triggered Remote Desktop connection and performance challenges.
In conjunction with these updates, Microsoft has also rolled out the October 2024 Patch Tuesday security updates, which address a total of 118 vulnerabilities, including five publicly disclosed zero-days, two of which are currently being exploited in ongoing attacks.
